WO2020237879A1 - Method and apparatus for revoking group-signed digital certificate, storage medium, and electronic device - Google Patents

Method and apparatus for revoking group-signed digital certificate, storage medium, and electronic device Download PDF

Info

Publication number
WO2020237879A1
WO2020237879A1 PCT/CN2019/103431 CN2019103431W WO2020237879A1 WO 2020237879 A1 WO2020237879 A1 WO 2020237879A1 CN 2019103431 W CN2019103431 W CN 2019103431W WO 2020237879 A1 WO2020237879 A1 WO 2020237879A1
Authority
WO
WIPO (PCT)
Prior art keywords
group signature
digital certificate
target
identification information
revocation
Prior art date
Application number
PCT/CN2019/103431
Other languages
French (fr)
Chinese (zh)
Inventor
何伟林
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020237879A1 publication Critical patent/WO2020237879A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Definitions

  • the inventor of the present application realizes that since the group signature digital certificate hides the group member who issued the group signature digital certificate, it cannot be revoked by traditional verification of the signature of the group member who issued the group signature digital certificate.
  • the identification information may be stored in the extended field of the group signature digital certificate to generate the target group signature digital certificate. It is also possible to mark the group signature digital certificate through the identification information, and determine the marked group signature digital certificate as the target group signature digital certificate. It should be noted that after the target group signature digital certificate is generated, the target group signature digital certificate is associated with the target random number and then published.
  • the revocation group signature is decrypted by the group public key to obtain the target digest, and then the first hash operation is performed on the published target random number to obtain The digest to be compared, and finally, the target digest is matched with the digest to be compared; if it matches, it is determined that the revocation group signature has passed verification; if it does not match, it is determined that the revocation group signature has not passed verification.
  • the revocation of the signature digital certificate of the target group is legal.
  • the first obtaining module 501 is configured to respond to the target group signature digital certificate revocation request, and obtain the target random number corresponding to the target group signature digital certificate;
  • the second computing module may include:
  • the second operation unit is configured to perform a second sub-hash operation on the target random number to obtain second identification information
  • an electronic device capable of implementing the above method is also provided.
  • the electronic device 600 is represented in the form of a general-purpose computing device.
  • the components of the electronic device 600 may include but are not limited to: the aforementioned at least one processing unit 610, the aforementioned at least one storage unit 620, a bus 630 connecting different system components (including the storage unit 620 and the processing unit 610), and a display unit 640.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present application relates to the technical field of computers, and in particular to a method and an apparatus for revoking a group-signed digital certificate, a storage medium, and an electronic device. The method comprises: acquiring, in response to a request for revoking a target group-signed digital certificate, a target random number corresponding to the target group-signed digital certificate; performing a first hash operation on the target random number to acquire a target digest; group-signing the target digest by running a group signature algorithm by means of a private key of a group member revoking the target group-signed digital certificate, so as to acquire a revocation group signature for revoking the target group-signed digital certificate; and publishing the target random number and the revocation group signature to revoke the target group-signed digital certificate. The present application provides a method for revoking a target group-signed digital certificate, and in the method, a group member of the revoked target group-signed digital certificate is hidden. In addition, the method is simple, and is easy to implement.

Description

群签名数字证书吊销方法及装置、存储介质、电子设备Group signature digital certificate revocation method and device, storage medium and electronic equipment 技术领域Technical field
本申请要求2019年05月27日递交、发明名称为“群签名数字证书吊销方法及装置、存储介质、电子设备”的中国专利申请201910447511.0的优先权,在此通过引用将其全部内容合并于此。This application claims the priority of the Chinese patent application 201910447511.0 filed on May 27, 2019 with the title of "Group Signature Digital Certificate Revocation Method and Device, Storage Media, and Electronic Equipment", and the entire contents of which are incorporated herein by reference. .
本申请涉及计算机技术领域,尤其涉及一种群签名数字证书吊销方法及装置。This application relates to the field of computer technology, in particular to a method and device for revocation of a group signature digital certificate.
背景技术Background technique
随着电子技术与网络技术的不断发展,人们对网络的依赖性越来越强,特别是通信技术已经成为人们生活中不可或缺的一部分,网络与信息安全也随着技术的发展而日益受到广泛的关注。在群签名体制中,群成员构成一个群,每个群成员有不同的私钥,私钥和群中唯一的群公钥相对应。群中任何一个群成员都可以代表这个群颁发群签名数字证书,验证者可以利用群公钥来验证群签名数字证书,但无法确定颁发群签名数字证书的群成员的身份。With the continuous development of electronic technology and network technology, people are becoming more and more dependent on the network. In particular, communication technology has become an indispensable part of people’s lives. Network and information security have also become increasingly affected by the development of technology. Widespread concern. In the group signature system, group members form a group, and each group member has a different private key, which corresponds to the only group public key in the group. Any group member in the group can issue a group signature digital certificate on behalf of the group, and the verifier can use the group public key to verify the group signature digital certificate, but the identity of the group member issuing the group signature digital certificate cannot be determined.
技术问题technical problem
本申请的发明人意识到,由于群签名数字证书隐藏了颁发该群签名数字证书的群成员,因此,不能通过传统的验证颁发群签名数字证书的群成员的签名来进行吊销。The inventor of the present application realizes that since the group signature digital certificate hides the group member who issued the group signature digital certificate, it cannot be revoked by traditional verification of the signature of the group member who issued the group signature digital certificate.
综上,提供一种可匿名对群签名数字证书进行吊销的方法已经成为一亟待解决的问题。In summary, providing a method for anonymously revoking group signature digital certificates has become an urgent problem to be solved.
需要说明的是,在上述背景技术部分公开的信息仅用于加强对本公开的背景的理解,因此可以包括不构成对本领域普通技术人员已知的现有技术的信息。It should be noted that the information disclosed in the above background section is only used to strengthen the understanding of the background of the present disclosure, and therefore may include information that does not constitute the prior art known to those of ordinary skill in the art.
技术解决方案Technical solutions
为了解决上述技术问题,本申请的一个目的在于提供一种群签名数字证书吊销方法及装置。In order to solve the above technical problems, an object of this application is to provide a method and device for revocation of a group signature digital certificate.
其中,本申请所采用的技术方案为:Among them, the technical solutions adopted in this application are:
一方面,一种群签名数字证书吊销方法,应用于区块链,包括:响应目标群签名数字证书吊销请求,获取与所述目标群签名数字证书对应的目标随机数;对所述目标随机数做第一哈希运算,以得到目标摘要;通过吊销所述目标群签名数字证书的群成员的私钥运行群签名算法对所述目标摘要进行群签名,以得到吊销所述目标群签名数字证书的吊销群签名;将所述目标随机数与所述吊销群签名进行公布,以吊销所述目标群签名数字证书。On the one hand, a group signature digital certificate revocation method, applied to a blockchain, includes: responding to a target group signature digital certificate revocation request, obtaining a target random number corresponding to the target group signature digital certificate; The first hash operation to obtain the target digest; the group signature algorithm is run by revoking the private key of the group member of the target group signature digital certificate to group the target digest to obtain the target group signature digital certificate revoked Revocation of the group signature; publishing the target random number and the revocation group signature to revoke the target group signature digital certificate.
另一方面,一种群签名数字证书吊销装置,应用于区块链,包括:第一获取模块,用于响应目标群签名数字证书吊销请求,获取与所述目标群签名数字证书对应的目标随机数;第一运算模块,用于对所述目标随机数做第一哈希运算,以得到目标摘要;签名模块,用于通过吊销所述目标群签名数字证书的群成员的私钥运行群签名算法对所述目标摘要进行群签名,以得到吊销所述目标群签名数字证书的吊销群签名;公布吊销模块,用于将所述目标随机数与所述吊销群签名进行公布,以吊销所述目标群签名数字证书。On the other hand, a group signature digital certificate revocation device, applied to a blockchain, includes: a first obtaining module, configured to respond to a target group signature digital certificate revocation request, and obtain a target random number corresponding to the target group signature digital certificate The first operation module is used to perform the first hash operation on the target random number to obtain the target digest; the signature module is used to run the group signature algorithm by revoking the private key of the group member of the target group signature digital certificate Perform a group signature on the target summary to obtain a revocation group signature that revokes the target group signature digital certificate; a publishing revocation module is used to publish the target random number and the revocation group signature to revoke the target Group signature digital certificate.
另一方面,一种电子设备,包括:处理器;以及存储器,用于存储所述处理器的可执行指令;其中,所述处理器配置为经由执行所述可执行指令来执行上述中任意一项所述的群签名数字证书吊销方法。In another aspect, an electronic device includes: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to execute any one of the above by executing the executable instructions The group signature digital certificate revocation method described in item.
另一方面,一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述中任意一项所述的群签名数字证书吊销方法。On the other hand, a computer-readable storage medium has a computer program stored thereon, and when the computer program is executed by a processor, it implements the group signature digital certificate revocation method described in any one of the above.
有益效果Beneficial effect
在上述技术方案中,通过对与目标群签名数字证书对应的目标随机数进行第一哈希运算,以得到目标摘要,并通过吊销目标群签名数字证书的群成员的私钥运行群签名算法对目标摘要进行群签名,以得到吊销群签名,以及将吊销群签名和目标随机数进行公布,以实现目标群签名数字证书的吊销。由于通过吊销目标群签名数字证书的群成员的私钥运行群签名算法对由与目标群签名数字证书对应的目标随机数生成的目标摘要进行群签名,以得到吊销群签名,实现了目标群签名数字证书的匿名吊销,提供了一种隐藏了吊销目标群签名数字证书的群成员的目标群签名数字证书吊销方式,且方式简单易于执行。In the above technical solution, the first hash operation is performed on the target random number corresponding to the target group signature digital certificate to obtain the target digest, and the group signature algorithm pair is run by revoking the private key of the group member of the target group signature digital certificate The target digest is group-signed to obtain the revocation group signature, and the revocation group signature and the target random number are announced to realize the revocation of the target group's signature digital certificate. Since the group signature algorithm is executed by revoking the private key of the group member of the target group signature digital certificate, the target digest generated by the target random number corresponding to the target group signature digital certificate is group-signed to obtain the revoked group signature, and the target group signature is realized The anonymous revocation of the digital certificate provides a method for revocation of the target group signature digital certificate that hides the group members who revoke the target group signature digital certificate, and the method is simple and easy to implement.
应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本申请。It should be understood that the above general description and the following detailed description are only exemplary and explanatory, and cannot limit the application.
附图说明Description of the drawings
此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本申请的实施例,并于说明书一起用于解释本申请的原理。The drawings herein are incorporated into the specification and constitute a part of the specification, show embodiments that conform to the application, and are used together with the specification to explain the principle of the application.
图1为本公开一示例性实施例中提供的群签名数字证书吊销方法的流程图;FIG. 1 is a flowchart of a method for revocation of a group signature digital certificate provided in an exemplary embodiment of the present disclosure;
图2为本公开一示例性实施例中提供的生成目标群签名数字证书的流程图;FIG. 2 is a flowchart of generating a target group signature digital certificate provided in an exemplary embodiment of the present disclosure;
图3为本公开一示例性实施例中提供的验证目标群签名数字证书吊销的合法性的流程图一;FIG. 3 is the first flowchart of verifying the legality of the revocation of the digital certificate signed by the target group provided in an exemplary embodiment of the present disclosure;
图4为本公开一示例性实施例中提供的验证目标群签名数字证书吊销的合法性的流程图二;4 is a second flowchart of verifying the legality of the revocation of a digital certificate signed by a target group provided in an exemplary embodiment of the present disclosure;
图5为本公开一示例性实施例中提供的群签名数字证书吊销装置的框图;Fig. 5 is a block diagram of a group signature digital certificate revocation device provided in an exemplary embodiment of the present disclosure;
图6为本公开一示例性实施例中的电子设备的模块示意图;FIG. 6 is a schematic diagram of modules of an electronic device in an exemplary embodiment of the present disclosure;
图7为本公开一示例性实施例中的程序产品示意图。Fig. 7 is a schematic diagram of a program product in an exemplary embodiment of the present disclosure.
通过上述附图,已示出本申请明确的实施例,后文中将有更详细的描述,这些附图和文字描述并不是为了通过任何方式限制本申请构思的范围,而是通过参考特定实施例为本领域技术人员说明本申请的概念。Through the above drawings, the specific embodiments of the application have been shown, and there will be more detailed descriptions in the following. These drawings and text descriptions are not intended to limit the scope of the concept of the application in any way, but by referring to specific embodiments. The concept of this application is explained to those skilled in the art.
本发明的实施方式Embodiments of the invention
这里将详细地对示例性实施例执行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本申请相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本申请的一些方面相一致的装置和方法的例子。Here, an exemplary embodiment will be described in detail, and examples thereof are shown in the accompanying drawings. When the following description refers to the drawings, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements. The implementation manners described in the following exemplary embodiments do not represent all implementation manners consistent with the present application. On the contrary, they are only examples of devices and methods consistent with some aspects of the application as detailed in the appended claims.
现在将参考附图更全面地描述示例实施方式。然而,示例实施方式能够以多种形式实施,且不应被理解为限于在此阐述的范例;相反,提供这些实施方式使得本公开将更加全面和完整,并将示例实施方式的构思全面地传达给本领域的技术人员。所描述的特征、结构或特性可以以任何合适的方式结合在一个或更多实施方式中。Example embodiments will now be described more fully with reference to the accompanying drawings. However, the example embodiments can be implemented in various forms, and should not be construed as being limited to the examples set forth herein; on the contrary, the provision of these embodiments makes the present disclosure more comprehensive and complete, and fully conveys the concept of the example embodiments To those skilled in the art. The described features, structures or characteristics may be combined in one or more embodiments in any suitable way.
本公开的示例性实施例首先提供了一种文本情感识别方法,其中文本一般指文字形式的信息,本实施例中也可以将语音信息通过特定工具转化为文本后进行情感识别;情感识别可以是对文本所传达的情感状态的分类判断,例如文本情感为正面或负面、褒义或贬义等。The exemplary embodiments of the present disclosure first provide a method for text emotion recognition, where text generally refers to information in text form. In this embodiment, voice information can also be converted into text by a specific tool for emotion recognition; emotion recognition can be The classification and judgment of the emotional state conveyed by the text, such as whether the text emotion is positive or negative, commendatory or derogatory, etc.
本示例性实施例中首先公开了一种群签名数字证书吊销方法,应用于区块链,所述区块链可以部署在多个服务器中,参照图1所示,所述群签名数字证书吊销方法可以包括以下步骤: This exemplary embodiment first discloses a method for revocation of a group signature digital certificate, which is applied to a blockchain, and the blockchain can be deployed in multiple servers. As shown in FIG. 1, the method for revocation of a group signature digital certificate is It can include the following steps:
步骤S110、响应目标群签名数字证书吊销请求,获取与所述目标群签名数字证书对应的目标随机数;Step S110: In response to the target group signature digital certificate revocation request, obtain the target random number corresponding to the target group signature digital certificate;
步骤S120、对所述目标随机数做第一哈希运算,以得到目标摘要;Step S120: Perform a first hash operation on the target random number to obtain a target summary;
步骤S130、通过吊销所述目标群签名数字证书的群成员的私钥运行群签名算法对所述目标摘要进行群签名,以得到吊销所述目标群签名数字证书的吊销群签名;Step S130: Run a group signature algorithm to group the target digest by revoking the private key of the group member of the target group signature digital certificate, so as to obtain a revoked group signature that revokes the target group signature digital certificate;
步骤S140、将所述目标随机数与所述吊销群签名进行公布,以吊销所述目标群签名数字证书。Step S140: Publish the target random number and the revocation group signature to revoke the target group signature digital certificate.
根据本示例性实施例中的群签名数字证书吊销方法,由于通过吊销目标群签名数字证书的群成员的私钥运行群签名算法对由与目标群签名数字证书对应的目标随机数生成的目标摘要进行群签名,以得到吊销群签名,实现了目标群签名数字证书的匿名吊销,提供了一种隐藏了吊销目标群签名数字证书的群成员的目标群签名数字证书吊销方式,且方式简单易于执行。According to the group signature digital certificate revocation method in this exemplary embodiment, since the group signature algorithm is executed by revoking the private key of the group member of the target group signature digital certificate, the target digest generated by the target random number corresponding to the target group signature digital certificate Perform group signature to obtain the revoked group signature, realize the anonymous revocation of the target group signature digital certificate, and provide a method for the target group signature digital certificate revocation that hides the group members who revoke the target group signature digital certificate, and the method is simple and easy to implement .
下面,将参照图1,对本示例性实施例中的群签名数字证书吊销方法作进一步说明。Hereinafter, referring to FIG. 1, the method for revoking the group signature digital certificate in this exemplary embodiment will be further explained.
在步骤S110中,响应目标群签名数字证书吊销请求,获取与所述目标群签名数字证书对应的目标随机数。In step S110, in response to the target group signature digital certificate revocation request, a target random number corresponding to the target group signature digital certificate is obtained.
在本申请实施例中,首先根据图2,对生成目标群签名数字证书的过程进行说明,如图2所示,生成目标群签名数字证书的过程可以包括以下步骤:In the embodiment of the present application, first, the process of generating the target group signature digital certificate is described according to FIG. 2. As shown in FIG. 2, the process of generating the target group signature digital certificate may include the following steps:
步骤S210、响应目标群签名数字证书生成请求,生成群签名数字证书。Step S210: In response to the target group signature digital certificate generation request, a group signature digital certificate is generated.
在本申请实施例中,区块链调用智能合约,以运行群构建算法,生成群公钥以及群管理员私钥。各群成员通过向群管理员注册得到自己的私钥。在一群成员向用户颁发目标群签名数字证书时,区块链通过该群成员的CA(电子商务认证授权机)生成群签名数字证书。In the embodiment of this application, the blockchain calls the smart contract to run the group construction algorithm to generate the group public key and the group administrator's private key. Each group member obtains his own private key by registering with the group administrator. When a group of members issue the target group signature digital certificate to the user, the blockchain generates the group signature digital certificate through the group member's CA (e-commerce certification authority).
步骤S220、获取所述目标随机数,并对所述目标随机数进行第二哈希运算,以得到标识信息。Step S220: Obtain the target random number, and perform a second hash operation on the target random number to obtain identification information.
在本申请实施例中,区块链获取一目标随机数,所述目标随机数的具体内容可以自行设置,本示例性实施例对此不做特殊限定。所述第二哈希运算的具体类型可以由开发人员自行设置,本示例性实施例对此不做特殊限定。例如,所述第二哈希运算可以为SHA256或者SM3等,本示例性实施例对此不做特殊限定。将对所述目标随机数进行第二哈希运算后得到的数据确定为标识信息。In the embodiment of the present application, the blockchain obtains a target random number, and the specific content of the target random number can be set by oneself, which is not particularly limited in this exemplary embodiment. The specific type of the second hash operation can be set by the developer himself, which is not specifically limited in this exemplary embodiment. For example, the second hash operation may be SHA256 or SM3, which is not particularly limited in this exemplary embodiment. The data obtained after the second hash operation is performed on the target random number is determined as identification information.
步骤S230、根据所述标识信息和所述群签名数字证书生成所述目标群签名数字证书。Step S230: Generate the target group signature digital certificate according to the identification information and the group signature digital certificate.
在本申请实施例中,可以将标识信息保存在群签名数字证书的扩展域中,以生成目标群签名数字证书。还可以通过标识信息对群签名数字证书进行标记,并将标记后的群签名数字证书确定为目标群签名数字证书。需要说明的是,在生成目标群签名数字证书后,将所述目标群签名数字证书和目标随机数关联之后进行公布。In this embodiment of the application, the identification information may be stored in the extended field of the group signature digital certificate to generate the target group signature digital certificate. It is also possible to mark the group signature digital certificate through the identification information, and determine the marked group signature digital certificate as the target group signature digital certificate. It should be noted that after the target group signature digital certificate is generated, the target group signature digital certificate is associated with the target random number and then published.
基于此,在区块链接收到目标群签名数字证书吊销请求时,响应该目标群签名数字证书吊销请求,获取公布的与目标群签名数字证书对应的目标随机数。Based on this, when the block link receives the target group signature digital certificate revocation request, it responds to the target group signature digital certificate revocation request, and obtains the published target random number corresponding to the target group signature digital certificate.
在步骤S120中,对所述目标随机数做第一哈希运算,以得到目标摘要。In step S120, a first hash operation is performed on the target random number to obtain a target digest.
在本申请实施例中,所述第一哈希运算的具体类型可以自行设置,本示例性实施例对此不做特殊限定。将对目标随机数做第一哈希运算之后得到的数据确定为目标摘要。In the embodiment of the present application, the specific type of the first hash operation can be set by itself, which is not particularly limited in this exemplary embodiment. The data obtained after the first hash operation on the target random number is determined as the target digest.
在步骤S130中,通过吊销所述目标群签名数字证书的群成员的私钥运行群签名算法对所述目标摘要进行群签名,以得到吊销所述目标群签名数字证书的吊销群签名。In step S130, run a group signature algorithm to group the target digest by revoking the private key of the group member of the target group signature digital certificate to obtain a revoked group signature that revokes the target group signature digital certificate.
在本申请实施例中,获取吊销目标群签名数字证书的群成员的私钥,并通过该私钥调用并运行群签名算法对目标摘要进行群签名,以得到吊销目标群签名数字证书的吊销群签名。In this embodiment of the application, the private key of the group member who revokes the target group signature digital certificate is obtained, and the group signature algorithm is invoked and run through the private key to sign the target digest to obtain the revoked group of the target group signature digital certificate. signature.
值得注意的是,通过群成员的私钥执行群签名算法以得到群签名,此处不是群成员自己的签名。每个群成员的私钥都不一样,群成员仅仅只是根据自己的私钥调用群签名算法,最终的签名不是群成员自己的签名,而是所有群成员的签名,即群签名。该群签名可以用群公钥解密,而通过私钥运行群签名算法以执行吊销的群成员的身份则可隐藏。It is worth noting that the group signature algorithm is executed through the private key of the group member to obtain the group signature, which is not the group member's own signature. The private key of each group member is different. The group member just calls the group signature algorithm according to their private key. The final signature is not the group member's own signature, but the signature of all group members, that is, the group signature. The group signature can be decrypted with the group public key, and the identity of the group member who runs the group signature algorithm through the private key to perform the revocation can be hidden.
在步骤S140中,将所述目标随机数与所述吊销群签名进行公布,以吊销所述目标群签名数字证书。在本申请实施例中,将目标随机数和吊销群签名关联之后进行公布,以完成对目标群签名数字证书的吊销。In step S140, the target random number and the revocation group signature are published to revoke the target group signature digital certificate. In this embodiment of the application, the target random number and the revocation group signature are associated and then published to complete the revocation of the target group signature digital certificate.
进一步的,为了验证目标群签名数字证书吊销的合法性,如图3所示,该方法还可以包括:Further, in order to verify the legality of the revocation of the digital certificate signed by the target group, as shown in FIG. 3, the method may further include:
步骤S310、响应所述目标群签名数字证书吊销的合法性验证请求,获取公布的所述吊销群签名和所述目标随机数。在本申请实施例中,公布的所述目标随机数为与吊销群签名关联的目标随机数。Step S310: In response to the legality verification request for the revocation of the target group signature digital certificate, obtain the published revocation group signature and the target random number. In this embodiment of the application, the published target random number is the target random number associated with the revocation group signature.
步骤S320、通过群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证。Step S320: Verify the revocation group signature through the group public key, the revocation group signature, and the published target random number.
在本申请实施例中,首先,通过群公钥对所述吊销群签名进行解密,以得到所述目标摘要,然后,对公布的所述目标随机数进行所述第一哈希运算,以得到待比对摘要,最后,将所述目标摘要与所述待比对摘要进行匹配;若匹配,则确定所述吊销群签名通过验证;若不匹配,则确定所述吊销群签名未通过验证。In the embodiment of this application, first, the revocation group signature is decrypted by the group public key to obtain the target digest, and then the first hash operation is performed on the published target random number to obtain The digest to be compared, and finally, the target digest is matched with the digest to be compared; if it matches, it is determined that the revocation group signature has passed verification; if it does not match, it is determined that the revocation group signature has not passed verification.
步骤S330、若所述吊销群签名验证通过,则对公布的所述目标随机数进行所述第二哈希运算,以得到待比对标识信息。在本申请实施例中,若吊销群签名验证通过,则对公布的目标随机数进行第二哈希运算,并将得到的结果确定为待比对标识信息。Step S330: If the revocation group signature verification is passed, perform the second hash operation on the published target random number to obtain the identification information to be compared. In the embodiment of the present application, if the revocation group signature verification is passed, a second hash operation is performed on the published target random number, and the obtained result is determined as the identification information to be compared.
步骤S340、判断所述目标群签名数字证书中的标识信息是否与所述待比对标识信息相同。在本申请实施例中,将目标群签名数字证书中的标识信息与待比对标识信息进行匹配,并根据匹配结果判断目标群签名数字证书中的标识信息是否与待比对标识信息相同,若目标群签名数字证书中的标识信息与待比对标识信息匹配,则目标群签名数字证书中的标识信息与待比对标识信息相同,若目标群签名数字证书中的标识信息与待比对标识信息不匹配,则目标群签名数字证书中的标识信息与待比对标识信息不相同。Step S340: Determine whether the identification information in the target group signature digital certificate is the same as the identification information to be compared. In this embodiment of the application, the identification information in the target group signature digital certificate is matched with the identification information to be compared, and based on the matching result, it is determined whether the identification information in the target group signature digital certificate is the same as the identification information to be compared. The identification information in the target group signature digital certificate matches the identification information to be compared, then the identification information in the target group signature digital certificate is the same as the identification information to be compared. If the identification information in the target group signature digital certificate matches the identification information to be compared If the information does not match, the identification information in the target group signature digital certificate is different from the identification information to be compared.
步骤S350、若相同,则确定所述目标群签名数字证书的吊销是合法的。在本申请实施例中,若群签名数字证书中的标识信息与待比对标识信息相同,则确定目标群签名数字证书的吊销是合法的。In step S350, if they are the same, it is determined that the revocation of the target group signature digital certificate is legal. In this embodiment of the application, if the identification information in the group signature digital certificate is the same as the identification information to be compared, it is determined that the revocation of the target group signature digital certificate is legal.
由上可知,由于在对目标群签名数字证书吊销的合法性验证的过程的中,通过群公钥对吊销群签名进行验证,并通过对公布的目标随机数进行第二哈希运算,以得到待比对标识信息,以及根据待比对标识信息与目标群签名数字证书中的标识信息验证目标群签名数字证书吊销的合法性,在实现了对目标群签名数字证书吊销的合法性的验证的基础上,也隐藏了吊销目标群签名数字证书的群成员,即验证群成员在验证的过程中,无法验证出吊销目标群签名数字证书的群成员。It can be seen from the above that in the process of verifying the legality of the revocation of the digital certificate of the target group signature, the group public key is used to verify the revocation group signature, and the second hash operation is performed on the published target random number to obtain The identification information to be compared, and the verification of the validity of the revocation of the signature digital certificate of the target group based on the identification information to be compared and the identification information in the signature digital certificate of the target group are implemented to verify the validity of the revocation of the signature digital certificate of the target group On this basis, the group members who revoke the signature digital certificate of the target group are also hidden, that is, the verification group members cannot verify the group members who revoke the signature digital certificate of the target group during the verification process.
进一步的,为了保证目标群签名数字证书的吊销操作的安全性和合法性,所述获取所述目标随机数,并对所述目标随机数进行第二哈希运算,以得到标识信息可以包括:获取所述目标随机数,并对所述目标随机数进行第一子哈希运算,以得到第一标识信息;对所述目标随机数进行第二子哈希运算,以得到第二标识信息。需要说明的是,第一子哈希运算与第二子哈希运算的类型不同。基于此,所述根据所述标识信息和所述群签名数字证书生成所述目标群签名数字证书可以包括:根据所述第一标识信息和所述第二标识信息以及所述群签名数字证书生成所述目标群签名数字证书。在本申请实施例中,可以将第一标识信息和第二标识信息保存在群签名数字证书的扩展域中,以生成目标群签名数字证书。还可以通过第一标识信息和第二标识信息对群签名数字证书进行标记,并将标记后的群签名数字证书确定为目标群签名数字证书。需要说明的是,在生成目标群签名数字证书后,将所述目标群签名数字证书和目标随机数关联之后进行公布。Further, in order to ensure the security and legitimacy of the revocation operation of the target group signature digital certificate, the obtaining the target random number and performing a second hash operation on the target random number to obtain identification information may include: Obtain the target random number, and perform a first sub-hash operation on the target random number to obtain first identification information; perform a second sub-hash operation on the target random number to obtain second identification information. It should be noted that the type of the first sub-hash operation and the second sub-hash operation are different. Based on this, the generating the target group signature digital certificate according to the identification information and the group signature digital certificate may include: generating according to the first identification information, the second identification information, and the group signature digital certificate The target group signs a digital certificate. In the embodiment of the present application, the first identification information and the second identification information may be stored in the extended field of the group signature digital certificate to generate the target group signature digital certificate. It is also possible to mark the group signature digital certificate through the first identification information and the second identification information, and determine the marked group signature digital certificate as the target group signature digital certificate. It should be noted that after the target group signature digital certificate is generated, the target group signature digital certificate is associated with the target random number and then published.
由上可知,通过对目标随机数分别做第一哈希子运算和第二哈希子运算,以得到第一标识信息和第二标识信息,并根据第一标识信息和第二标识信息以及群签名数字证书生成目标群前面数字证书,由于采用了两种不同的哈希运算,大大的增加了破译第一标识信息和第二标识信息的难度,从而保证目标群签名数字证书的吊销操作的安全性和合法性。It can be seen from the above that the first hash operation and the second hash operation are respectively performed on the target random number to obtain the first identification information and the second identification information, and according to the first identification information, the second identification information and the group signature digital The digital certificate in front of the certificate generation target group uses two different hash calculations, which greatly increases the difficulty of deciphering the first identification information and the second identification information, thereby ensuring the safety and security of the revocation operation of the target group’s signature digital certificate. legality.
基于此,如图4所示,验证目标群签名数字证书吊销的合法性的过程可以包括以下步骤:Based on this, as shown in Figure 4, the process of verifying the legality of the revocation of the digital certificate signed by the target group may include the following steps:
步骤S410、响应所述目标群签名数字证书吊销的合法性验证请求,获取公布的所述吊销群签名和所述目标随机数。由于该步骤已经在上文中进行了说明,因此此处不在赘述。Step S410: In response to the legality verification request for the revocation of the target group signature digital certificate, obtain the published revocation group signature and the target random number. Since this step has been explained above, it will not be repeated here.
步骤S420、通过所述群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证。由于该步骤已经在上文中进行了说明,因此此处不在赘述。Step S420: Verify the revocation group signature through the group public key, the revocation group signature, and the published target random number. Since this step has been explained above, it will not be repeated here.
步骤S430、若所述吊销群签名验证通过,则对公布的所述目标随机数进行所述第一子哈希运算,以得到第一待比对标识信息,并对公布的所述目标随机数进行所述第二子哈希运算,以得到第二待比对标识信息。第一子哈希运算和第二子哈希运算的类型不同。Step S430: If the revocation group signature verification is passed, perform the first sub-hash operation on the published target random number to obtain the first identification information to be compared, and compare the published target random number Perform the second sub-hash operation to obtain the second identification information to be compared. The first sub-hash operation and the second sub-hash operation have different types.
步骤S440、判断所述目标群签名数字证书中的第一标识信息是否与所述第一待比对标识信息相同,且所述目标群签名数字证书中的第二标识信息是否与所述第二待比对标识信息相同。在本申请实施例中,将目标群签名数字证书中的第一标识信息与第一待比对标识信息进行匹配,来判断目标群签名数字证书中的第一标识信息是否与第一待比对标识信息相同。通过将目标群签名数字中的第二标识信息与第二待比对标识信息进行匹配,来判断目标群签名数字证书中的第二标识信息是否与第二待比对标识信息相同。Step S440: Determine whether the first identification information in the target group signature digital certificate is the same as the first identification information to be compared, and whether the second identification information in the target group signature digital certificate is the same as the second identification information. The identification information to be compared is the same. In this embodiment of the application, the first identification information in the target group signature digital certificate is matched with the first identification information to be compared to determine whether the first identification information in the target group signature digital certificate is compared with the first to be compared The identification information is the same. By matching the second identification information in the target group signature digital with the second identification information to be compared, it is determined whether the second identification information in the digital certificate of the target group signature is the same as the second identification information to be compared.
步骤S450、若均相同,则确定所述目标群签名数字证书的吊销是合法的。In step S450, if they are the same, it is determined that the revocation of the target group signature digital certificate is legal.
在本申请实施例中,若目标群签名数字证书中的第一标识信息与第一待对比标识信息相同,且目标群签名数字证书中的第二标识信息与第二待比对标识信息相同,则确定目标群签名数字证书的吊销是合法的。In this embodiment of the application, if the first identification information in the target group signature digital certificate is the same as the first identification information to be compared, and the second identification information in the target group signature digital certificate is the same as the second identification information to be compared, It is determined that the revocation of the signature digital certificate of the target group is legal.
综上所述,由于通过吊销目标群签名数字证书的群成员的私钥运行群签名算法对由与目标群签名数字证书对应的目标随机数生成的目标摘要进行群签名,以得到吊销群签名,即隐藏了吊销目标群签名数字证书的群成员,实现了目标群签名数字证书的匿名吊销,提供了一种隐藏了吊销目标群签名数字证书的群成员的目标群签名数字证书吊销方式,且方式简单易于执行。To sum up, because the group signature algorithm is run by revoking the private key of the group member of the target group signature digital certificate to group the target digest generated by the target random number corresponding to the target group signature digital certificate to obtain the revoked group signature, That is, it hides the group members who revoke the signature digital certificate of the target group, realizes the anonymous revocation of the signature digital certificate of the target group, and provides a method of hiding the group members who revoke the signature digital certificate of the target group. Simple and easy to implement.
需要说明的是,尽管在附图中以特定顺序描述了本公开中方法的各个步骤,但是,这并非要求或者暗示必须按照该特定顺序来执行这些步骤,或是必须执行全部所示的步骤才能实现期望的结果。附加的或备选的,可以省略某些步骤,将多个步骤合并为一个步骤执行,以及/或者将一个步骤分解为多个步骤执行等。It should be noted that although the various steps of the method in the present disclosure are described in a specific order in the drawings, this does not require or imply that these steps must be performed in the specific order, or that all the steps shown must be performed to Achieve the desired result. Additionally or alternatively, some steps may be omitted, multiple steps may be combined into one step for execution, and/or one step may be decomposed into multiple steps for execution, etc.
在本公开的示例性实施例中,还提供了一种群签名数字证书吊销装置,如图5所示,所述群签名数字证书吊销装置500可以包括:第一获取模块501、第一运算模块502、签名模块503、公布吊销模块504,其中:In the exemplary embodiment of the present disclosure, a group signature digital certificate revocation device is also provided. As shown in FIG. 5, the group signature digital certificate revocation device 500 may include: a first acquisition module 501, a first calculation module 502 , Signature module 503, release revocation module 504, where:
第一获取模块501,用于响应目标群签名数字证书吊销请求,获取与所述目标群签名数字证书对应的目标随机数;The first obtaining module 501 is configured to respond to the target group signature digital certificate revocation request, and obtain the target random number corresponding to the target group signature digital certificate;
第一运算模块502,用于对所述目标随机数做第一哈希运算,以得到目标摘要;The first operation module 502 is configured to perform a first hash operation on the target random number to obtain a target summary;
签名模块503,用于通过吊销所述目标群签名数字证书的群成员的私钥运行群签名算法对所述目标摘要进行群签名,以得到吊销所述目标群签名数字证书的吊销群签名;The signature module 503 is configured to run a group signature algorithm to group the target digest by revoking the private key of the group member of the target group signature digital certificate to obtain a revocation group signature that revokes the target group signature digital certificate;
公布吊销模块504,用于将所述目标随机数与所述吊销群签名进行公布,以吊销所述目标群签名数字证书。The publication revocation module 504 is configured to publish the target random number and the revocation group signature to revoke the target group signature digital certificate.
在本公开一示例性实施例中,所述装置500还可以包括:In an exemplary embodiment of the present disclosure, the device 500 may further include:
第一生成模块,用于响应目标群签名数字证书生成请求,生成群签名数字证书;The first generation module is used to respond to the target group signature digital certificate generation request and generate the group signature digital certificate;
第二运算模块,用于获取所述目标随机数,并对所述目标随机数进行第二哈希运算,以得到标识信息;The second operation module is used to obtain the target random number and perform a second hash operation on the target random number to obtain identification information;
第二生成模块,用于根据所述标识信息和所述群签名数字证书生成所述目标群签名数字证书。The second generation module is configured to generate the target group signature digital certificate according to the identification information and the group signature digital certificate.
在本公开一示例性实施例中,所述装置500还可以包括:In an exemplary embodiment of the present disclosure, the device 500 may further include:
第二获取模块,用于响应所述目标群签名数字证书吊销的合法性验证请求,获取公布的所述吊销群签名和所述目标随机数;The second obtaining module is configured to respond to the legality verification request for the revocation of the target group signature digital certificate, and obtain the published revocation group signature and the target random number;
第一验证模块,用于通过群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证;The first verification module is configured to verify the revocation group signature through the group public key, the revocation group signature, and the published target random number;
第三运算模块,用于若所述吊销群签名验证通过,则对公布的所述目标随机数进行所述第二哈希运算,以得到待比对标识信息;The third operation module is configured to perform the second hash operation on the published target random number if the revocation group signature verification is passed to obtain the identification information to be compared;
第一判断模块,用于判断所述目标群签名数字证书中的标识信息是否与所述待比对标识信息相同;The first judgment module is used to judge whether the identification information in the target group signature digital certificate is the same as the identification information to be compared;
第一确定模块,用于若相同,则确定所述目标群签名数字证书的吊销是合法的。The first determining module is used for determining that the revocation of the target group signature digital certificate is legal if they are the same.
在本公开一示例性实施例中,所述第二运算模块可以包括:In an exemplary embodiment of the present disclosure, the second computing module may include:
第一运算单元,用于获取所述目标随机数,并对所述目标随机数进行第一子哈希运算,以得到第一标识信息;The first operation unit is configured to obtain the target random number and perform a first sub-hash operation on the target random number to obtain first identification information;
第二运算单元,用于对所述目标随机数进行第二子哈希运算,以得到第二标识信息;The second operation unit is configured to perform a second sub-hash operation on the target random number to obtain second identification information;
所述第二生成模块,具体用于根据所述第一标识信息和所述第二标识信息以及所述群签名数字证书生成所述目标群签名数字证书。The second generation module is specifically configured to generate the target group signature digital certificate according to the first identification information, the second identification information, and the group signature digital certificate.
在本公开一示例性实施例中,所述装置500还可以包括:In an exemplary embodiment of the present disclosure, the device 500 may further include:
第三获取模块,用于响应所述目标群签名数字证书吊销的合法性验证请求,获取公布的所述吊销群签名和所述目标随机数;The third obtaining module is configured to respond to the legality verification request for the revocation of the target group signature digital certificate, and obtain the published revocation group signature and the target random number;
第二验证模块,用于通过所述群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证;The second verification module is configured to verify the revocation group signature through the group public key, the revocation group signature, and the published target random number;
第四运算模块,用于若所述吊销群签名验证通过,则对公布的所述目标随机数进行所述第一子哈希运算,以得到第一待比对标识信息,并对公布的所述目标随机数进行所述第二子哈希运算,以得到第二待比对标识信息;The fourth operation module is configured to perform the first sub-hash operation on the published target random number if the revocation group signature verification is passed to obtain the first identification information to be compared, and compare the published Performing the second sub-hashing operation on the target random number to obtain second identification information to be compared;
第二判断模块,用于判断所述目标群签名数字证书中的第一标识信息是否与所述第一待比对标识信息相同,且所述目标群签名数字证书中的第二标识信息是否与所述第二待比对标识信息相同;The second judgment module is configured to judge whether the first identification information in the target group signature digital certificate is the same as the first identification information to be compared, and whether the second identification information in the target group signature digital certificate is the same as The second identification information to be compared is the same;
第二确定模块,用于若均相同,则确定所述目标群签名数字证书的吊销是合法的。The second determining module is used for determining that the revocation of the target group signature digital certificate is legal if they are the same.
在本公开一示例性实施例中,所述第二验证模块和所述第一验证模块均可以包括:In an exemplary embodiment of the present disclosure, both the second verification module and the first verification module may include:
解密单元,用于通过群公钥对所述吊销群签名进行解密,以得到所述目标摘要;A decryption unit, configured to decrypt the revocation group signature by using the group public key to obtain the target digest;
运算单元,用于公布的对所述目标随机数进行所述第一哈希运算,以得到待比对摘要;An arithmetic unit, configured to perform the first hash operation on the target random number to obtain a summary to be compared;
匹配单元,用于将所述目标摘要与所述待比对摘要进行匹配;A matching unit, configured to match the target abstract with the abstract to be compared;
第一确定单元,用于若匹配,则确定所述吊销群签名通过验证;The first determining unit is configured to determine that the revocation group signature passes verification if it matches;
第二确定单元,用于若不匹配,则确定所述吊销群签名未通过验证。The second determining unit is configured to determine that the revocation group signature fails the verification if there is no match.
上述中各群签名数字证书吊销装置模块的具体细节已经在对应的群签名数字证书吊销方法中进行了详细的描述,因此此处不再赘述。The specific details of each of the above-mentioned group signature digital certificate revocation device modules have been described in detail in the corresponding group signature digital certificate revocation method, so it will not be repeated here.
应当注意,尽管在上文详细描述中提及了用于执行的设备的若干模块或者单元,但是这种划分并非强制性的。实际上,根据本公开的实施方式,上文描述的两个或更多模块或者单元的特征和功能可以在一个模块或者单元中具体化。反之,上文描述的一个模块或者单元的特征和功能可以进一步划分为由多个模块或者单元来具体化。It should be noted that although several modules or units of the device for execution are mentioned in the above detailed description, this division is not mandatory. In fact, according to the embodiments of the present disclosure, the features and functions of two or more modules or units described above may be embodied in one module or unit. Conversely, the features and functions of a module or unit described above can be further divided into multiple modules or units to be embodied.
在本公开的示例性实施例中,还提供了一种能够实现上述方法的电子设备。In an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
所属技术领域的技术人员能够理解,本发明的各个方面可以实现为系统、方法或程序产品。因此,本发明的各个方面可以具体实现为以下形式,即:完全的硬件实施方式、完全的软件实施方式(包括固件、微代码等),或硬件和软件方面结合的实施方式,这里可以统称为“电路”、“模块”或“系统”。Those skilled in the art can understand that various aspects of the present invention can be implemented as a system, a method, or a program product. Therefore, various aspects of the present invention can be specifically implemented in the following forms, namely: complete hardware implementation, complete software implementation (including firmware, microcode, etc.), or a combination of hardware and software implementations, which can be collectively referred to herein as "Circuit", "Module" or "System".
下面参照图6来描述根据本发明的这种实施方式的电子设备600。图6显示的电子设备600仅仅是一个示例,不应对本发明实施例的功能和使用范围带来任何限制。The electronic device 600 according to this embodiment of the present invention will be described below with reference to FIG. 6. The electronic device 600 shown in FIG. 6 is only an example, and should not bring any limitation to the function and application scope of the embodiment of the present invention.
如图6所示,电子设备600以通用计算设备的形式表现。电子设备600的组件可以包括但不限于:上述至少一个处理单元610、上述至少一个存储单元620、连接不同系统组件(包括存储单元620和处理单元610)的总线630、显示单元640。As shown in FIG. 6, the electronic device 600 is represented in the form of a general-purpose computing device. The components of the electronic device 600 may include but are not limited to: the aforementioned at least one processing unit 610, the aforementioned at least one storage unit 620, a bus 630 connecting different system components (including the storage unit 620 and the processing unit 610), and a display unit 640.
其中,所述存储单元存储有程序代码,所述程序代码可以被所述处理单元610执行,使得所述处理单元610执行本说明书上述“示例性方法”部分中描述的根据本发明各种示例性实施方式的步骤。例如,所述处理单元610可以执行如图1中所示的步骤S110、响应目标群签名数字证书吊销请求,获取与所述目标群签名数字证书对应的目标随机数;步骤S120、对所述目标随机数做第一哈希运算,以得到目标摘要;步骤S130、通过吊销所述目标群签名数字证书的群成员的私钥运行群签名算法对所述目标摘要进行群签名,以得到吊销所述目标群签名数字证书的吊销群签名;步骤S140、将所述目标随机数与所述吊销群签名进行公布,以吊销所述目标群签名数字证书。Wherein, the storage unit stores program code, and the program code can be executed by the processing unit 610, so that the processing unit 610 executes the various exemplary methods described in the "exemplary method" section of this specification. Implementation steps. For example, the processing unit 610 may perform step S110 as shown in FIG. 1, responding to the target group signature digital certificate revocation request, and obtain the target random number corresponding to the target group signature digital certificate; step S120: Perform the first hash operation on the random number to obtain the target digest; step S130, run the group signature algorithm by revoking the private key of the group member of the target group signature digital certificate to group the target digest to obtain the revocation The revocation group signature of the target group signature digital certificate; step S140, the target random number and the revocation group signature are published to revoke the target group signature digital certificate.
存储单元620可以包括易失性存储单元形式的可读介质,例如随机存取存储单元(RAM)6201和/或高速缓存存储单元6202,还可以进一步包括只读存储单元(ROM)6203。The storage unit 620 may include a readable medium in the form of a volatile storage unit, such as a random access storage unit (RAM) 6201 and/or a cache storage unit 6202, and may further include a read-only storage unit (ROM) 6203.
存储单元620还可以包括具有一组(至少一个)程序模块6205的程序/实用工具6204,这样的程序模块6205包括但不限于:操作系统、一个或者多个应用程序、其它程序模块以及程序数据,这些示例中的每一个或某种组合中可能包括网络环境的实现。The storage unit 620 may also include a program/utility tool 6204 having a set of (at least one) program module 6205. Such program module 6205 includes but is not limited to: an operating system, one or more application programs, other program modules, and program data, Each of these examples or some combination may include the implementation of a network environment.
总线630可以为表示几类总线结构中的一种或多种,包括存储单元总线或者存储单元控制器、外围总线、图形加速端口、处理单元或者使用多种总线结构中的任意总线结构的局域总线。The bus 630 may represent one or more of several types of bus structures, including a storage unit bus or a storage unit controller, a peripheral bus, a graphics acceleration port, a processing unit, or a local area using any bus structure among multiple bus structures. bus.
电子设备600也可以与一个或多个外部设备670(例如键盘、指向设备、蓝牙设备等)通信,还可与一个或者多个使得用户能与该电子设备600交互的设备通信,和/或与使得该电子设备600能与一个或多个其它计算设备进行通信的任何设备(例如路由器、调制解调器等等)通信。这种通信可以通过输入/输出(I/O)接口650进行。并且,电子设备600还可以通过网络适配器660与一个或者多个网络(例如局域网(LAN),广域网(WAN)和/或公共网络,例如因特网)通信。如图所示,网络适配器660通过总线630与电子设备600的其它模块通信。应当明白,尽管图中未示出,可以结合电子设备600使用其它硬件和/或软件模块,包括但不限于:微代码、设备驱动器、冗余处理单元、外部磁盘驱动阵列、RAID系统、磁带驱动器以及数据备份存储系统等。The electronic device 600 may also communicate with one or more external devices 670 (such as keyboards, pointing devices, Bluetooth devices, etc.), and may also communicate with one or more devices that enable users to interact with the electronic device 600, and/or communicate with Any device (eg, router, modem, etc.) that enables the electronic device 600 to communicate with one or more other computing devices. This communication can be performed through an input/output (I/O) interface 650. In addition, the electronic device 600 may also communicate with one or more networks (for example, a local area network (LAN), a wide area network (WAN), and/or a public network, such as the Internet) through the network adapter 660. As shown in the figure, the network adapter 660 communicates with other modules of the electronic device 600 through the bus 630. It should be understood that although not shown in the figure, other hardware and/or software modules can be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives And data backup storage system, etc.
通过以上的实施方式的描述,本领域的技术人员易于理解,这里描述的示例实施方式可以通过软件实现,也可以通过软件结合必要的硬件的方式来实现。因此,根据本公开实施方式的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中或网络上,包括若干指令以使得一台计算设备(可以是个人计算机、服务器、终端装置、或者网络设备等)执行根据本公开实施方式的方法。Through the description of the foregoing embodiments, those skilled in the art can easily understand that the exemplary embodiments described herein can be implemented by software, or can be implemented by combining software with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, U disk, mobile hard disk, etc.) or on the network , Including several instructions to make a computing device (which may be a personal computer, server, terminal device, or network device, etc.) execute the method according to the embodiments of the present disclosure.
在本公开的示例性实施例中,还提供了一种计算机可读存储介质,其上存储有能够实现本说明书上述方法的程序产品。在一些可能的实施方式中,本发明的各个方面还可以实现为一种程序产品的形式,其包括程序代码,当所述程序产品在终端设备上运行时,所述程序代码用于使所述终端设备执行本说明书上述“示例性方法”部分中描述的根据本发明各种示例性实施方式的步骤。In the exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium on which is stored a program product capable of implementing the above method in this specification. In some possible implementation manners, various aspects of the present invention may also be implemented in the form of a program product, which includes program code, and when the program product runs on a terminal device, the program code is used to make the The terminal device executes the steps according to various exemplary embodiments of the present invention described in the above "Exemplary Method" section of this specification.
参考7所示,描述了根据本发明的实施方式的用于实现上述方法的程序产品700,其可以采用便携式紧凑盘只读存储器(CD-ROM)并包括程序代码,并可以在终端设备,例如个人电脑上运行。然而,本发明的程序产品不限于此,在本文件中,可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。As shown in reference 7, a program product 700 for implementing the above method according to an embodiment of the present invention is described. It can adopt a portable compact disk read-only memory (CD-ROM) and include program code, and can be installed in a terminal device, such as Run on a personal computer. However, the program product of the present invention is not limited thereto. In this document, the readable storage medium can be any tangible medium that contains or stores a program, and the program can be used by or in combination with an instruction execution system, device, or device.
所述程序产品可以采用一个或多个可读介质的任意组合。可读介质可以是可读信号介质或者可读存储介质。可读存储介质例如可以为但不限于电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。可读存储介质的更具体的例子(非穷举的列表)包括:具有一个或多个导线的电连接、便携式盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。The program product can use any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or a combination of any of the above. More specific examples (non-exhaustive list) of readable storage media include: electrical connections with one or more wires, portable disks, hard disks, random access memory (RAM), read only memory (ROM), erasable Type programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
计算机可读信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了可读程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。可读信号介质还可以是可读存储介质以外的任何可读介质,该可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。The computer-readable signal medium may include a data signal propagated in baseband or as a part of a carrier wave, and readable program code is carried therein. This propagated data signal can take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing. The readable signal medium may also be any readable medium other than a readable storage medium, and the readable medium may send, propagate, or transmit a program for use by or in combination with the instruction execution system, apparatus, or device.
可读介质上包含的程序代码可以用任何适当的介质传输,包括但不限于无线、有线、光缆、RF等等,或者上述的任意合适的组合。The program code contained on the readable medium can be transmitted by any suitable medium, including but not limited to wireless, wired, optical cable, RF, etc., or any suitable combination of the foregoing.
可以以一种或多种程序设计语言的任意组合来编写用于执行本发明操作的程序代码,所述程序设计语言包括面向对象的程序设计语言—诸如Java、C++等,还包括常规的过程式程序设计语言—诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算设备上执行、部分地在用户设备上执行、作为一个独立的软件包执行、部分在用户计算设备上部分在远程计算设备上执行、或者完全在远程计算设备或服务器上执行。在涉及远程计算设备的情形中,远程计算设备可以通过任意种类的网络,包括局域网(LAN)或广域网(WAN),连接到用户计算设备,或者,可以连接到外部计算设备(例如利用因特网服务提供商来通过因特网连接)。The program code used to perform the operations of the present invention can be written in any combination of one or more programming languages. The programming languages include object-oriented programming languages—such as Java, C++, etc., as well as conventional procedural styles. Programming language-such as "C" language or similar programming language. The program code can be executed entirely on the user's computing device, partly on the user's device, executed as an independent software package, partly on the user's computing device and partly executed on the remote computing device, or entirely on the remote computing device or server Executed on. In the case of a remote computing device, the remote computing device can be connected to a user computing device through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computing device (for example, using Internet service providers). Business to connect via the Internet).
此外,上述附图仅是根据本发明示例性实施例的方法所包括的处理的示意性说明,而不是限制目的。易于理解,上述附图所示的处理并不表明或限制这些处理的时间顺序。另外,也易于理解,这些处理可以是例如在多个模块中同步或异步执行的。In addition, the above-mentioned drawings are merely schematic illustrations of the processing included in the method according to the exemplary embodiment of the present invention, and are not intended for limitation. It is easy to understand that the processing shown in the above drawings does not indicate or limit the time sequence of these processings. In addition, it is easy to understand that these processes can be executed synchronously or asynchronously in multiple modules, for example.
本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本公开的其他实施例。本申请旨在涵盖本公开的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本公开的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本公开的真正范围和精神由权利要求指出。Those skilled in the art will easily think of other embodiments of the present disclosure after considering the specification and practicing the invention disclosed herein. This application is intended to cover any variations, uses, or adaptive changes of the present disclosure, which follow the general principles of the present disclosure and include common knowledge or conventional technical means in the technical field not disclosed in the present disclosure . The description and embodiments are only regarded as exemplary, and the true scope and spirit of the present disclosure are pointed out by the claims.
应当理解的是,本公开并不局限于上面已经描述并在附图中示出的精确结构,并且可以在不脱离其范围进行各种修改和改变。本公开的范围仅由所附的权利要求来限。It should be understood that the present disclosure is not limited to the precise structure that has been described above and shown in the drawings, and various modifications and changes can be made without departing from its scope. The scope of the present disclosure is only limited by the appended claims.

Claims (20)

  1. 一种群签名数字证书吊销方法,应用于区块链,其特征在于,包括:A group signature digital certificate revocation method, applied to blockchain, is characterized in that it includes:
    响应目标群签名数字证书吊销请求,获取与所述目标群签名数字证书对应的目标随机数;Respond to the target group signature digital certificate revocation request, and obtain the target random number corresponding to the target group signature digital certificate;
    对所述目标随机数做第一哈希运算,以得到目标摘要;Perform a first hash operation on the target random number to obtain a target summary;
    通过吊销所述目标群签名数字证书的群成员的私钥运行群签名算法对所述目标摘要进行群签名,以得到吊销所述目标群签名数字证书的吊销群签名;Run a group signature algorithm to group the target digest by revoking the private key of the group member of the target group signature digital certificate, so as to obtain the revoked group signature that revokes the target group signature digital certificate;
    将所述目标随机数与所述吊销群签名进行公布,以吊销所述目标群签名数字证书。Publish the target random number and the revocation group signature to revoke the target group signature digital certificate.
  2. 根据权利要求1所述的群签名数字证书吊销方法,其特征在于,所述方法还包括:The method for revocation of a group signature digital certificate according to claim 1, wherein the method further comprises:
    响应目标群签名数字证书生成请求,生成群签名数字证书;In response to the target group signature digital certificate generation request, generate a group signature digital certificate;
    获取所述目标随机数,并对所述目标随机数进行第二哈希运算,以得到标识信息;Acquiring the target random number, and performing a second hash operation on the target random number to obtain identification information;
    根据所述标识信息和所述群签名数字证书生成所述目标群签名数字证书。The target group signature digital certificate is generated according to the identification information and the group signature digital certificate.
  3. 根据权利要求2所述的群签名数字证书吊销方法,其特征在于,所述方法还包括:The method for revocation of a group signature digital certificate according to claim 2, wherein the method further comprises:
    响应所述目标群签名数字证书吊销的合法性验证请求,获取公布的所述吊销群签名和所述目标随机数;Responding to the legality verification request for the revocation of the target group signature digital certificate, obtaining the published revocation group signature and the target random number;
    通过群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证;Verifying the revocation group signature through the group public key, the revocation group signature, and the published target random number;
    若所述吊销群签名验证通过,则对公布的所述目标随机数进行所述第二哈希运算,以得到待比对标识信息;If the verification of the revocation group signature passes, the second hash operation is performed on the published target random number to obtain the identification information to be compared;
    判断所述目标群签名数字证书中的标识信息是否与所述待比对标识信息相同;Judging whether the identification information in the target group signature digital certificate is the same as the identification information to be compared;
    若相同,则确定所述目标群签名数字证书的吊销是合法的。If they are the same, it is determined that the revocation of the signature digital certificate of the target group is legal.
  4. 根据权利要求2所述的群签名数字证书吊销方法,其特征在于,所述获取所述目标随机数,并对所述目标随机数进行第二哈希运算,以得到标识信息包括:The method for revocation of a group signature digital certificate according to claim 2, wherein said acquiring said target random number and performing a second hash operation on said target random number to obtain identification information comprises:
    获取所述目标随机数,并对所述目标随机数进行第一子哈希运算,以得到第一标识信息;Acquiring the target random number, and performing a first sub-hash operation on the target random number to obtain first identification information;
    对所述目标随机数进行第二子哈希运算,以得到第二标识信息;Performing a second sub-hash operation on the target random number to obtain second identification information;
    所述根据所述标识信息和所述群签名数字证书生成所述目标群签名数字证书包括:The generating the target group signature digital certificate according to the identification information and the group signature digital certificate includes:
    根据所述第一标识信息和所述第二标识信息以及所述群签名数字证书生成所述目标群签名数字证书。The target group signature digital certificate is generated according to the first identification information, the second identification information and the group signature digital certificate.
  5. 根据权利要求4所述的群签名数字证书吊销方法,其特征在于,所述方法还包括:The method for revocation of a group signature digital certificate according to claim 4, wherein the method further comprises:
    响应所述目标群签名数字证书吊销的合法性验证请求,获取公布的所述吊销群签名和所述目标随机数;Responding to the legality verification request for the revocation of the target group signature digital certificate, obtaining the published revocation group signature and the target random number;
    通过群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证;Verifying the revocation group signature through the group public key, the revocation group signature, and the published target random number;
    若所述吊销群签名验证通过,则对公布的所述目标随机数进行所述第一子哈希运算,以得到第一待比对标识信息,并对公布的所述目标随机数进行所述第二子哈希运算,以得到第二待比对标识信息;If the revocation group signature verification is passed, the first sub-hash operation is performed on the published target random number to obtain the first identification information to be compared, and the published target random number is performed The second sub-hash operation to obtain the second identification information to be compared;
    判断所述目标群签名数字证书中的第一标识信息是否与所述第一待比对标识信息相同,且所述目标群签名数字证书中的第二标识信息是否与所述第二待比对标识信息相同;Determine whether the first identification information in the target group signature digital certificate is the same as the first identification information to be compared, and whether the second identification information in the target group signature digital certificate is compared with the second identification information The identification information is the same;
    若均相同,则确定所述目标群签名数字证书的吊销是合法的。If they are all the same, it is determined that the revocation of the signature digital certificate of the target group is legal.
  6. 根据权利要求3或5所述的群签名数字证书吊销方法,其特征在于,所述通过群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证包括:The method for revocation of a group signature digital certificate according to claim 3 or 5, wherein the verifying the revocation group signature through the group public key, the revocation group signature, and the published target random number comprises:
    通过群公钥对所述吊销群签名进行解密,以得到所述目标摘要;Decrypt the revocation group signature by the group public key to obtain the target digest;
    对公布的所述目标随机数进行所述第一哈希运算,以得到待比对摘要;Performing the first hash operation on the published target random number to obtain a summary to be compared;
    将所述目标摘要与所述待比对摘要进行匹配;Matching the target abstract with the abstract to be compared;
    若匹配,则确定所述吊销群签名通过验证;If it matches, it is determined that the revocation group signature passes verification;
    若不匹配,则确定所述吊销群签名未通过验证。If it does not match, it is determined that the revocation group signature fails the verification.
  7. 根据权利要求4所述的群签名数字证书吊销方法,其特征在于,所述根据所述第一标识信息和所述第二标识信息以及所述群签名数字证书生成所述目标群签名数字证书包括:The group signature digital certificate revocation method according to claim 4, wherein the generating the target group signature digital certificate according to the first identification information, the second identification information and the group signature digital certificate comprises :
    对第一标识信息和第二标识信息对群签名数字证书进行标记;Mark the group signature digital certificate with the first identification information and the second identification information;
    将标记后的群签名数字证书确定为目标群签名数字证书。The marked group signature digital certificate is determined as the target group signature digital certificate.
  8. 根据权利要求4所述的群签名数字证书吊销方法,其特征在于,所述群签名数字证书包括有扩展域,所述根据所述第一标识信息和所述第二标识信息以及所述群签名数字证书生成所述目标群签名数字证书包括:The method for revocation of a group signature digital certificate according to claim 4, wherein the group signature digital certificate includes an extension field, and the group signature is based on the first identification information, the second identification information, and the group signature. The digital certificate generating the target group signature digital certificate includes:
    将所述第一标识信息和所述第二标识信息保存在群签名数字证书的扩展域中,以生成目标群签名数字证书。The first identification information and the second identification information are stored in the extended field of the group signature digital certificate to generate the target group signature digital certificate.
  9. 根据权利要求4所述的群签名数字证书吊销方法,其特征在于,在所述根据所述第一标识信息和所述第二标识信息以及所述群签名数字证书生成所述目标群签名数字证书之后,所述方法还包括:The group signature digital certificate revocation method of claim 4, wherein the target group signature digital certificate is generated according to the first identification information, the second identification information, and the group signature digital certificate After that, the method further includes:
    将所述目标群签名数字证书和目标随机数关联之后进行公布。The target group signature digital certificate is associated with the target random number and then published.
  10. 一种群签名数字证书吊销装置,应用于区块链,其特征在于,包括:A group signature digital certificate revocation device, applied to a blockchain, is characterized in that it includes:
    第一获取模块,用于响应目标群签名数字证书吊销请求,获取与所述目标群签名数字证书对应的目标随机数;The first obtaining module is configured to respond to the target group signature digital certificate revocation request, and obtain the target random number corresponding to the target group signature digital certificate;
    第一运算模块,用于对所述目标随机数做第一哈希运算,以得到目标摘要;The first operation module is configured to perform a first hash operation on the target random number to obtain a target summary;
    签名模块,用于通过吊销所述目标群签名数字证书的群成员的私钥运行群签名算法对所述目标摘要进行群签名,以得到吊销所述目标群签名数字证书的吊销群签名;The signature module is configured to run a group signature algorithm to group the target digest by revoking the private key of the group member who revokes the target group signature digital certificate to obtain a revoked group signature that revokes the target group signature digital certificate;
    公布吊销模块,用于将所述目标随机数与所述吊销群签名进行公布,以吊销所述目标群签名数字证书。The publishing and revocation module is used for publishing the target random number and the revocation group signature to revoke the target group signature digital certificate.
  11. 一种群签名数字证书吊销电子设备,其特征在于,包括处理器及存储器,所述存储器上存储有计算机可读指令,所述计算机可读指令被所述处理器执行时,所述处理器用于执行以下处理:A group-signature digital certificate revocation electronic device, which is characterized by comprising a processor and a memory, and computer-readable instructions are stored on the memory. When the computer-readable instructions are executed by the processor, the processor is used for The following processing:
    响应目标群签名数字证书吊销请求,获取与所述目标群签名数字证书对应的目标随机数;Respond to the target group signature digital certificate revocation request, and obtain the target random number corresponding to the target group signature digital certificate;
    对所述目标随机数做第一哈希运算,以得到目标摘要;Perform a first hash operation on the target random number to obtain a target summary;
    通过吊销所述目标群签名数字证书的群成员的私钥运行群签名算法对所述目标摘要进行群签名,以得到吊销所述目标群签名数字证书的吊销群签名;Run a group signature algorithm to group the target digest by revoking the private key of the group member of the target group signing digital certificate, so as to obtain a revoked group signature that revokes the target group signing digital certificate;
    将所述目标随机数与所述吊销群签名进行公布,以吊销所述目标群签名数字证书。Publish the target random number and the revocation group signature to revoke the target group signature digital certificate.
  12. 根据权利要求11所述的电子设备,其特征在于,所述计算机可读指令被所述处理器执行时,所述处理器还用于执行以下处理:The electronic device according to claim 11, wherein when the computer-readable instruction is executed by the processor, the processor is further configured to perform the following processing:
    响应目标群签名数字证书生成请求,生成群签名数字证书;In response to the target group signature digital certificate generation request, generate a group signature digital certificate;
    获取所述目标随机数,并对所述目标随机数进行第二哈希运算,以得到标识信息;Acquiring the target random number, and performing a second hash operation on the target random number to obtain identification information;
    根据所述标识信息和所述群签名数字证书生成所述目标群签名数字证书。The target group signature digital certificate is generated according to the identification information and the group signature digital certificate.
  13. 根据权利要求11所述的电子设备,其特征在于,所述计算机可读指令被所述处理器执行时,所述处理器还用于执行以下处理:The electronic device according to claim 11, wherein when the computer-readable instruction is executed by the processor, the processor is further configured to perform the following processing:
    响应所述目标群签名数字证书吊销的合法性验证请求,获取公布的所述吊销群签名和所述目标随机数;Responding to the legality verification request for the revocation of the target group signature digital certificate, obtaining the published revocation group signature and the target random number;
    通过群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证;Verifying the revocation group signature through the group public key, the revocation group signature, and the published target random number;
    若所述吊销群签名验证通过,则对公布的所述目标随机数进行所述第二哈希运算,以得到待比对标识信息;If the verification of the revocation group signature passes, the second hash operation is performed on the published target random number to obtain the identification information to be compared;
    判断所述目标群签名数字证书中的标识信息是否与所述待比对标识信息相同;Judging whether the identification information in the target group signature digital certificate is the same as the identification information to be compared;
    若相同,则确定所述目标群签名数字证书的吊销是合法的。If they are the same, it is determined that the revocation of the signature digital certificate of the target group is legal.
  14. 根据权利要求12所述的电子设备,其特征在于,所述获取所述目标随机数,并对所述目标随机数进行第二哈希运算,以得到标识信息包括:The electronic device according to claim 12, wherein said acquiring said target random number and performing a second hash operation on said target random number to obtain identification information comprises:
    获取所述目标随机数,并对所述目标随机数进行第一子哈希运算,以得到第一标识信息;Acquiring the target random number, and performing a first sub-hash operation on the target random number to obtain first identification information;
    对所述目标随机数进行第二子哈希运算,以得到第二标识信息;Performing a second sub-hash operation on the target random number to obtain second identification information;
    所述根据所述标识信息和所述群签名数字证书生成所述目标群签名数字证书包括:The generating the target group signature digital certificate according to the identification information and the group signature digital certificate includes:
    根据所述第一标识信息和所述第二标识信息以及所述群签名数字证书生成所述目标群签名数字证书。The target group signature digital certificate is generated according to the first identification information, the second identification information and the group signature digital certificate.
  15. 根据权利要求14所述的电子设备,其特征在于,所述计算机可读指令被所述处理器执行时,所述处理器还用于执行以下处理:The electronic device according to claim 14, wherein when the computer-readable instructions are executed by the processor, the processor is further configured to perform the following processing:
    响应所述目标群签名数字证书吊销的合法性验证请求,获取公布的所述吊销群签名和所述目标随机数;Responding to the legality verification request for the revocation of the target group signature digital certificate, obtaining the published revocation group signature and the target random number;
    通过群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证;Verifying the revocation group signature through the group public key, the revocation group signature, and the published target random number;
    若所述吊销群签名验证通过,则对公布的所述目标随机数进行所述第一子哈希运算,以得到第一待比对标识信息,并对公布的所述目标随机数进行所述第二子哈希运算,以得到第二待比对标识信息;If the revocation group signature verification is passed, the first sub-hash operation is performed on the published target random number to obtain the first identification information to be compared, and the published target random number is performed The second sub-hash operation to obtain the second identification information to be compared;
    判断所述目标群签名数字证书中的第一标识信息是否与所述第一待比对标识信息相同,且所述目标群签名数字证书中的第二标识信息是否与所述第二待比对标识信息相同;Determine whether the first identification information in the target group signature digital certificate is the same as the first identification information to be compared, and whether the second identification information in the target group signature digital certificate is compared with the second identification information The identification information is the same;
    若均相同,则确定所述目标群签名数字证书的吊销是合法的。If they are all the same, it is determined that the revocation of the signature digital certificate of the target group is legal.
  16. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时,使得所述处理器用于实现以下步骤:A computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, the processor is used to implement the following steps:
    获取样本文本集,所述样本文本集包括多个样本文本以及各所述样本文本对应的情感分类标签;Acquiring a sample text set, the sample text set including a plurality of sample texts and emotion classification labels corresponding to each of the sample texts;
    根据所述样本文本集中的情感分类标签的数量分布对初始代价进行修正计算,获得修正代价;Correcting the initial cost according to the number distribution of the sentiment classification tags in the sample text set to obtain the corrected cost;
    通过所述样本文本集与所述修正代价训练一提升算法学习模型,得到文本情感识别模型;Training a lifting algorithm learning model through the sample text set and the correction cost to obtain a text emotion recognition model;
    通过所述文本情感识别模型对待识别文本进行识别,得到所述待识别文本的情感识别结果。The text to be recognized is recognized by the text emotion recognition model, and the emotion recognition result of the text to be recognized is obtained.
  17. 根据权利要求16所述的计算机可读存储介质,其特征在于,所述计算机程序被处理器执行时还使得所述处理器执行如下处理:The computer-readable storage medium according to claim 16, wherein when the computer program is executed by the processor, the processor further causes the processor to perform the following processing:
    响应目标群签名数字证书生成请求,生成群签名数字证书;In response to the target group signature digital certificate generation request, generate a group signature digital certificate;
    获取所述目标随机数,并对所述目标随机数进行第二哈希运算,以得到标识信息;Acquiring the target random number, and performing a second hash operation on the target random number to obtain identification information;
    根据所述标识信息和所述群签名数字证书生成所述目标群签名数字证书。The target group signature digital certificate is generated according to the identification information and the group signature digital certificate.
  18. 根据权利要求17所述的计算机可读存储介质,其特征在于,所述计算机程序被处理器执行时还使得所述处理器执行如下处理:The computer-readable storage medium according to claim 17, wherein when the computer program is executed by the processor, the processor further causes the processor to perform the following processing:
    响应所述目标群签名数字证书吊销的合法性验证请求,获取公布的所述吊销群签名和所述目标随机数;Responding to the legality verification request for the revocation of the target group signature digital certificate, obtaining the published revocation group signature and the target random number;
    通过群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证;Verifying the revocation group signature through the group public key, the revocation group signature, and the published target random number;
    若所述吊销群签名验证通过,则对公布的所述目标随机数进行所述第二哈希运算,以得到待比对标识信息;If the verification of the revocation group signature passes, the second hash operation is performed on the published target random number to obtain the identification information to be compared;
    判断所述目标群签名数字证书中的标识信息是否与所述待比对标识信息相同;Judging whether the identification information in the target group signature digital certificate is the same as the identification information to be compared;
    若相同,则确定所述目标群签名数字证书的吊销是合法的。If they are the same, it is determined that the revocation of the signature digital certificate of the target group is legal.
  19. 根据权利要求17所述的计算机可读存储介质,其特征在于,所述获取所述目标随机数,并对所述目标随机数进行第二哈希运算,以得到标识信息包括:18. The computer-readable storage medium according to claim 17, wherein said acquiring said target random number and performing a second hash operation on said target random number to obtain identification information comprises:
    获取所述目标随机数,并对所述目标随机数进行第一子哈希运算,以得到第一标识信息;Acquiring the target random number, and performing a first sub-hash operation on the target random number to obtain first identification information;
    对所述目标随机数进行第二子哈希运算,以得到第二标识信息;Performing a second sub-hash operation on the target random number to obtain second identification information;
    所述根据所述标识信息和所述群签名数字证书生成所述目标群签名数字证书包括:The generating the target group signature digital certificate according to the identification information and the group signature digital certificate includes:
    根据所述第一标识信息和所述第二标识信息以及所述群签名数字证书生成所述目标群签名数字证书。The target group signature digital certificate is generated according to the first identification information, the second identification information and the group signature digital certificate.
  20. 根据权利要求19所述的计算机可读存储介质,其特征在于,所述计算机程序被处理器执行时还使得所述处理器执行如下处理:The computer-readable storage medium according to claim 19, wherein when the computer program is executed by the processor, the processor further causes the processor to perform the following processing:
    响应所述目标群签名数字证书吊销的合法性验证请求,获取公布的所述吊销群签名和所述目标随机数;Responding to the legality verification request for the revocation of the target group signature digital certificate, obtaining the published revocation group signature and the target random number;
    通过群公钥、所述吊销群签名以及公布的所述目标随机数对所述吊销群签名进行验证;Verifying the revocation group signature through the group public key, the revocation group signature, and the published target random number;
    若所述吊销群签名验证通过,则对公布的所述目标随机数进行所述第一子哈希运算,以得到第一待比对标识信息,并对公布的所述目标随机数进行所述第二子哈希运算,以得到第二待比对标识信息;If the revocation group signature verification is passed, the first sub-hash operation is performed on the published target random number to obtain the first identification information to be compared, and the published target random number is performed The second sub-hash operation to obtain the second identification information to be compared;
    判断所述目标群签名数字证书中的第一标识信息是否与所述第一待比对标识信息相同,且所述目标群签名数字证书中的第二标识信息是否与所述第二待比对标识信息相同;Determine whether the first identification information in the target group signature digital certificate is the same as the first identification information to be compared, and whether the second identification information in the target group signature digital certificate is compared with the second identification information The identification information is the same;
    若均相同,则确定所述目标群签名数字证书的吊销是合法的。If they are the same, it is determined that the revocation of the target group signature digital certificate is legal.
PCT/CN2019/103431 2019-05-27 2019-08-29 Method and apparatus for revoking group-signed digital certificate, storage medium, and electronic device WO2020237879A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910447511.0A CN110351090B (en) 2019-05-27 2019-05-27 Group signature digital certificate revoking method and device, storage medium and electronic equipment
CN201910447511.0 2019-05-27

Publications (1)

Publication Number Publication Date
WO2020237879A1 true WO2020237879A1 (en) 2020-12-03

Family

ID=68174075

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/103431 WO2020237879A1 (en) 2019-05-27 2019-08-29 Method and apparatus for revoking group-signed digital certificate, storage medium, and electronic device

Country Status (2)

Country Link
CN (1) CN110351090B (en)
WO (1) WO2020237879A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114172668B (en) * 2022-02-10 2022-07-05 亿次网联(杭州)科技有限公司 Group member management method and system based on digital certificate

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977110A (en) * 2010-10-09 2011-02-16 北京航空航天大学 Group signature method based on elliptic curve
CN106453222A (en) * 2016-07-15 2017-02-22 海智(天津)大数据服务有限公司 ELA electronic license node network system-based electronic license management method
CN109064169A (en) * 2018-07-13 2018-12-21 杭州复杂美科技有限公司 Method of commerce, equipment and storage medium
CN109344257A (en) * 2018-10-24 2019-02-15 平安科技(深圳)有限公司 Text emotion recognition methods and device, electronic equipment, storage medium
CN109740321A (en) * 2018-12-25 2019-05-10 北京深思数盾科技股份有限公司 Revoke method, encryption equipment and the vendor server of encryption equipment administrator lock

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU6097000A (en) * 1999-07-15 2001-02-05 Frank W Sudia Certificate revocation notification systems
WO2001011843A1 (en) * 1999-08-06 2001-02-15 Sudia Frank W Blocked tree authorization and status systems
FR2940726A1 (en) * 2008-12-30 2010-07-02 France Telecom GROUP SIGNATURE WITH LOCAL REVOCATION CHECK WITH ANONYMAT LIFTING CAPACITY
DE102014204044A1 (en) * 2014-03-05 2015-09-10 Robert Bosch Gmbh Procedure for revoking a group of certificates
WO2017049111A1 (en) * 2015-09-18 2017-03-23 Jung-Min Park Group signatures with probabilistic revocation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977110A (en) * 2010-10-09 2011-02-16 北京航空航天大学 Group signature method based on elliptic curve
CN106453222A (en) * 2016-07-15 2017-02-22 海智(天津)大数据服务有限公司 ELA electronic license node network system-based electronic license management method
CN109064169A (en) * 2018-07-13 2018-12-21 杭州复杂美科技有限公司 Method of commerce, equipment and storage medium
CN109344257A (en) * 2018-10-24 2019-02-15 平安科技(深圳)有限公司 Text emotion recognition methods and device, electronic equipment, storage medium
CN109740321A (en) * 2018-12-25 2019-05-10 北京深思数盾科技股份有限公司 Revoke method, encryption equipment and the vendor server of encryption equipment administrator lock

Also Published As

Publication number Publication date
CN110351090A (en) 2019-10-18
CN110351090B (en) 2021-04-27

Similar Documents

Publication Publication Date Title
US10216923B2 (en) Dynamically updating CAPTCHA challenges
US10103894B2 (en) Creating a digital certificate for a service using a local certificate authority
WO2020258912A1 (en) Blockchain consensus method, device and system
WO2019227336A1 (en) Blockchain-based information processing method and device, and blockchain network
EP3399484B1 (en) Method and server for authenticating and verifying file
WO2021012574A1 (en) Multisignature method, signature center, medium and electronic device
CN110011793A (en) Anti-fake data processing method of tracing to the source, device, equipment and medium
CN113056741A (en) Profile verification based on distributed ledger
JP7235930B2 (en) Methods and apparatus, electronic devices, storage media and computer programs for processing data requests
JP2009147919A (en) Computer implemented method, computer program product, and data processing system (secure digital signature system)
US20230370265A1 (en) Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control
CN109981297A (en) Block chain processing method, device, equipment and storage medium
CN111835526B (en) Method and system for generating anonymous credential
US10404477B1 (en) Synchronization of personal digital certificates
CN109727044A (en) Brand transaction methods, device, equipment and medium based on block chain
WO2019047418A1 (en) Digital signature method, device and system
EP3399485B1 (en) Method and server for authenticating and verifying file
WO2021134898A1 (en) Blockchain transaction data proof supervision method and system, and related device
WO2020237879A1 (en) Method and apparatus for revoking group-signed digital certificate, storage medium, and electronic device
WO2022073336A1 (en) Secure payment method and apparatus, electronic device, and storage medium
US20170373842A1 (en) System and Method for Authenticating Public Artworks and Providing Associated Information
US10587607B2 (en) Information processing apparatus and information processing method for public key scheme based user authentication
CN114844629A (en) Verification method and device of block chain account, computer equipment and storage medium
CN114095179A (en) Credible management method and system of industrial internet based on block chain
CN115941217A (en) Method for secure communication and related product

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19930875

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19930875

Country of ref document: EP

Kind code of ref document: A1