CN101667914A - Method and equipment for managing public key certificate - Google Patents

Method and equipment for managing public key certificate Download PDF

Info

Publication number
CN101667914A
CN101667914A CN200810212915A CN200810212915A CN101667914A CN 101667914 A CN101667914 A CN 101667914A CN 200810212915 A CN200810212915 A CN 200810212915A CN 200810212915 A CN200810212915 A CN 200810212915A CN 101667914 A CN101667914 A CN 101667914A
Authority
CN
China
Prior art keywords
public key
key certificate
node
mod
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200810212915A
Other languages
Chinese (zh)
Other versions
CN101667914B (en
Inventor
苗付友
纪雯
董阔
刘培
张向东
赫卫卿
武斌
刘福丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology of China USTC
Huawei Technologies Co Ltd
Original Assignee
University of Science and Technology of China USTC
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology of China USTC, Huawei Technologies Co Ltd filed Critical University of Science and Technology of China USTC
Priority to CN2008102129153A priority Critical patent/CN101667914B/en
Publication of CN101667914A publication Critical patent/CN101667914A/en
Application granted granted Critical
Publication of CN101667914B publication Critical patent/CN101667914B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method and equipment for managing a public key certificate, which belong to the filed of network information security. The method comprises the following steps: generating anauthenticated core of a first node; generating the public key certificate of the first node according to the authenticated core; and transmitting the public key certificate to a second node. The equipment comprises an authenticated core generating module, a public key certificate generating module and a public key certificate transmitting module. The method and the equipment for managing the public key certificate ensure that a node can completely manage the public key certificate independently and autonomously through authenticated core technology, and get rid of the dependence on a trustedthird party in any form radically; therefore, the node can adapt to an application environment of a completely autonomous mobile ad hoc network effectively; and the management of the public key certificate of the node have complete distributivity and self-organization.

Description

A kind of management method of public key certificate and equipment
Technical field
The present invention relates to filed of network information security, particularly a kind of management method of public key certificate and equipment.
Background technology
Mobile ad hoc network is derivative a kind of network configuration technology from exploitation U.S. Department of Defense seventies in 20th century " battlefield wireless packet data network (PRNET, PacketRadio Network)) " project.Simultaneously, it has also drawn (the SURAN of U.S. Department of Defense's " anti-adaptive network of ruining " respectively, Survivable Adaptive Network) and the networking thought of " Globle Mobile Information Systems " projects such as (GloMo, Global Mobile Information Systems).Mobile ad hoc network is a kind of wireless mobile multi-hop network that does not rely on any static infrastructure, is the necessary complement and the extension of the Internet.Along with the development of wireless communication technology and portable terminal technology, mobile ad hoc network comes into one's own day by day in the application in field such as dual-use, and the research of related fields deepens continuously.
Mobile ad hoc network also has complete distributivity, node autonomy and opening except having mobility, self-organization.Specifically, all nodes all are reciprocity in the mobile ad hoc network, for accomplishing a task, need mutual cooperation between the node, have complete distributivity; The various resources that each node is all fully independently managed and drawn oneself up, the decision factum has the node autonomy; In addition, because the mobility of node, each node can freely add or exit network at any time, is difficult to set up stabilizing effective trusting relationship between node, so mobile ad hoc network also has opening.In the network environment of this distribution, autonomy, opening, if node has independently separate sources, these isolated nodes often are difficult to trust certain third party.In this case, each node all wishes oneself can independently control and manage the various resources of oneself, and does not rely on any type of trusted third party.
Public-key cryptography (abbreviation PKI) technology is a kind of important key cryptosystem, is bringing into play crucial effects in the network information security, is widely used in authentication, digital signature and close will the negotiation.Public key certificate is the important carrier of public-key cryptography.The management of public key certificate comprises generation, distribution, checking to public key certificate usually, upgrades and cancels, and the management of public key certificate is the important foundation that realizes the network information security.Because have only key that effective public key certificate Managed Solution could guarantee that node in the network has oneself easily to (private cipher key/public-key cryptography), realize effective cipher key change with other node, realize the authentication of internodal cipher consistency (key agreement), node and to the digital signature of message, so the management of public key certificate is most important to the safety that realizes network system.The management of public key certificate also is the important foundation technology that realizes the mobile ad hoc network information security.
The management method of current mobile ad hoc network public key certificate roughly is divided into two following big classes:
1. manage based on the distributed public key certificate of threshold password system
Research about the wireless self-networking security mechanism, mostly be to adopt PKI (Public Key Infrastructure at present, public key infrastructure)/CA (Certificate Authority, authentication) mechanism promptly adopts public-key cryptosystem and public key certificate to realize identity discriminating and session key agreement etc.Such scheme often is distributed to the function of CA (CA) among the conventional P KI on n the server node, and (t≤n) individual node provides the function of traditional C A to any t by wherein for other node.
2. the management of self-organizing class public key certificate
This scheme is emphasized that the public key certificate way to manage of node should not rely on any type of trusted third party (as the Distributed C A in the above-mentioned thresholding mode), and should be realized the self-management of certificate by node at the self-organizing characteristic of mobile ad hoc network.The research work of this class scheme mainly concentrates on nearest 2 years, also is the focus and the difficult point of research.
Yet, because mobile ad hoc network is different from traditional fixed network, have characteristics such as above-mentioned complete distributivity, node autonomy and opening, lack the support of fixing online trusted third party.How distribute fully, under the environment that node is autonomous with open, need not fix the support of online trusted third party, with higher efficient realize the node public key certificate generation, distribution, checking, upgrade and cancel, be exactly that the mobile ad hoc network public key certificate is managed problem to be solved.
In realizing process of the present invention, the inventor finds that there is following problem at least in prior art:
There are some Technology Needs to provide service in the prior art, the autonomous characteristic of these technology incompatibility nodes in MANET by trusted third party (TTP, Trusted Third Party); Though some technology do not need to provide service by trusted third party (TTP, Trusted Third Party) in the prior art, must share some essential informations in advance between node, these technology do not realize that the public key certificate management is autonomous completely.
Summary of the invention
In order to make public key certificate management Complete autonomy, the embodiment of the invention provides a kind of method and apparatus of public key certificate management.Described technical scheme is as follows:
A kind of method of public key certificate management, described method comprises:
Generate the authentication nuclear of first node;
According to described authentication nuclear, generate the public key certificate of described first node;
Described public key certificate is sent to Section Point.
A kind of equipment, described equipment comprises:
Authenticate the karyogenesis module, be used to generate the authentication nuclear of first node;
The public key certificate generation module, the authentication that is used for generating according to described authentication karyogenesis module is examined, and generates the public key certificate of described first node;
The public key certificate sending module is used for the public key certificate that described public key certificate generation module generates is sent to Section Point.
The beneficial effect of the technical scheme that the embodiment of the invention provides is:
By the authentication nuclear technology, make node fully self-government carry out the public key certificate management, thoroughly broken away from dependence to any form trusted third party, thereby the mobile ad hoc network applied environment that can effectively adapt to Complete autonomy makes the management of node public key certificate possess distributivity and self-organization completely.
Description of drawings
Fig. 1 is the method flow diagram of a kind of public key certificate management that provides of the embodiment of the invention 1;
Fig. 2 is hash value in the unidirectional hash chain that provides of the embodiment of the invention 1 and the corresponding relation figure of refresh cycle;
Fig. 3 is the schematic diagram of a kind of equipment of providing of the embodiment of the invention 2.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
The embodiment of the invention provides a kind of management method of public key certificate, specifically comprises: the authentication nuclear that generates first node; According to authentication nuclear, generate the public key certificate of first node; Public key certificate is sent to Section Point.
Embodiment 1
Referring to Fig. 1, the embodiment of the invention provides a kind of management method of public key certificate, and each node is examined for himself signing and issuing authentication, thereby further generates the public key certificate (Cert) of oneself; When a node need be with another node communication, need communicate by letter with node V as node N, this node N can send to its public key certificate node V, by the validity of node V check public key certificate; And each node can also upgrade or cancel the public key certificate of oneself where necessary, and need communicate by letter with node V with node N below is example, describes, and detailed process is as follows:
101: obtain (obtain or independently select or independently generate) parameter, this parameter is as follows:
P, q: two big prime numbers, and q| (p-1);
G:1 is to an integer between the p, and g q≡ 1 mod p;
H (.): the unidirectional hash function of collisionless;
NM: the title of node or to the descriptor of node;
(x, y): the core PKI of node is right, wherein x ∈ Z q *, being the core private cipher key, y is corresponding core public-key cryptography, and y=g xMod p;
(x s, y s): authentication nuclear to sign and issue PKI right, x wherein s∈ Z q *, be signature private cipher key, y sBe corresponding signature public-key cryptography, and
(x, y) right as the core PKI, it is right to be used at node local generation deriving PKI.
The above-mentioned process of independently selecting or generate parameter is the initialized process to node N, from above-mentioned initialized process to node N as can be seen, independently finish initialization by node self, need not rely on any trusted third party, need not share any information in advance between node, meet the characteristics such as complete distributivity, dynamic, autonomy of mobile ad hoc network fully, can be used for the node initializing in the mobile ad hoc network.
102: node N signs and issues PKI to (x by authentication nuclear s, y s), the partial parameters signature in the parameter that node N in 101 is independently selected or generates generates the authentication nuclear of node N.
Partial parameters A={y, y s, NM, H (.), p, q, g}.Authentication nuclear (AC, Authenticated Core) to be node need to generate behind the taproot Information Signature to certificate administrative institute one accept as unavoidable the confirmation body, be that node realizes that the self-organizing public key certificate generates, the basis of management.
Node N is to A={y, y s, NM, H (.), p, q, the g} signature, the process that generates authentication nuclear is as follows:
Secret picked at random f ∈ Z q *, according to (1) formula, (2) formula, calculate c, d:
c=g f?mod?p (1)
d=x s+H(A)f?mod?q (2)
Above-mentioned basis (1) formula, (2) formula, the process that calculates c, d is exactly the signature process to the parameter among the A.
Make that AC is the authentication nuclear of node N, AC={A, c, d}.Because f is the random number that secret is chosen, therefore authentication nuclear AC has uniqueness, and in order to prevent that the node identity from being palmed off, node N will authenticate the identify label of nuclear AC as oneself.
For guaranteeing that authentication nuclear AC is not forged, node N after generating authentication nuclear AC immediately with x s, f destroys.
103: after node N generates the authentication nuclear of himself, generate unidirectional hash chain successively, utilize the authentication karyogenesis that generates in 102 PKI of deriving right, and then generate public key certificate.
The detailed process that node N generates its public key certificate is as follows:
At first, generate unidirectional hash chain, unidirectional hash chain is based on an initial value, the sequence of values of a forward-backward correlation that obtains by the unidirectional hash function of continuous recursive call.Suppose that r is an initial value, H (.) is a unidirectional hash function, H i(.) expression is to continuous i the recursive call of H (.), that is:
Figure A20081021291500102
Because H (.) is unidirectional hash function, so do not knowing under the situation of r, by H i(r) ask H I-1(r) (i>1) is infeasible on calculating, and according to this one-way, each hash value of aforementioned calculation has just been constituted a unidirectional hash chain with opposite sequence arrangement:
H n(r), H N-1(r), H N-2(r) ..., H 2(r), H (r) is though the unidirectional hash chain of n ∈ N only utilizes the unidirectional fast hash function of computing, and some and the similar characteristic of public key cryptosyst are arranged.
Node N determines length n, the certificate validity refresh cycle (rp, refurbish period) of unidirectional hash chain, chooses random number t, and (3) formula of utilization is calculated unidirectional hash chain:
H i(t)=H(H i-1(t)),i=1,2,...,n. (3)
Thereby obtain unidirectional hash chain { H n(t), H N-1(t) ..., H (t) }.Random number t wherein can be any one number, also can be a sequence or character string or other.
As shown in Figure 2, hash value H N-iCorresponding to i the validity refresh cycle of public key certificate, that is to say that (t) node N can be by issue H i refresh cycle N-i(t) come the validity of its certificate is refreshed, just pass through H N-i(t) determine whether the public key certificate of node N is effective i refresh cycle.Like this, node N in fact just divides the lifetime of whole public key certificate for the n section, and every segment length is rp.By corresponding hash value the validity of certificate in the corresponding refresh cycle is implemented control, thereby can realize cancelling of public key certificate more reliably.Owing to may not all use its public key certificate in each refresh cycle, so node can just issue corresponding hash value only when using public-key certificate, and the validity of certificate in the current refresh cycle is refreshed; Do not need at ordinary times its public key certificate is carried out any attended operation.Thereby realized certificate management characteristic as required, effectively reduce the expense of public key certificate management.
Secondly, generate the PKI of deriving to (x ', y '), node N picked at random k ∈ Z q *, e=g kMod p, calculate the PKI of deriving to (x ', y ') according to (4) formula, (5) formula:
x’=x+H(AC‖y‖H n(t)‖n‖e)k?mod?q (4)
y’=g x’?mod?p (5)
Wherein AC is the authentication nuclear (also being identify label) of node; X is the core private cipher key, and y is corresponding core public-key cryptography; N is the length of hash chain; T is a random number; (x ', y ') is that the PKI of deriving of node is right, and x ' is the private cipher key of deriving, and y ' is the public-key cryptography of deriving.
Generate the private cipher key x ' that derives by changeless core private cipher key x in the authentication nuclear in the local secret of node, and then generate be used for public key certificate derive PKI to (x ', y '), make that node can be right by the different PKI of deriving of same authentication karyogenesis where necessary, in time realize the renewal of public key certificate.
Then, the oneself who carries out public key certificate signs and issues, and node N utilizes the private key x ' that derives to sign and issue public key certificate for himself, the public-key cryptography of this certificate PKI y ' that derives exactly, and it is as follows specifically to sign and issue process:
Picked at random j ∈ Z q *, according to (6) formula, (7) formula, calculate v, s:
v=g j?mod?p (6)
s=x’+H(T)jmod?q (7)
The moment (st, start time) of enabling of determining public key certificate makes public key certificate information T=(y, H n(t), n, y ', rp, st, AC), then the public key certificate of node N i refresh cycle is:
Cert={H n-i(t),T,y’,e,s,v}
Cert={H N-i(t), T, y ', e, s, the T among the v}, y ', e, parameters such as s and v remained unchanged in the whole lifetime of public key certificate, only need be with corresponding hash value and { T, y ', e, s, v} are attached to together, just can constitute the public key certificate of corresponding different refresh cycles, and need not calculate again.
Moment during the enabling st constantly and can be set at public key certificate and generate of the public key certificate that comprises among the public key certificate information T, also can be set at public key certificate generate after sometime.Node N can generate one or more public key certificate easily in advance under off-line state, so that use in the future.
By unidirectional hash chain, node N has been divided into n validity refresh cycle with the whole lifetime of public key certificate, and the lifetime of public key certificate is exactly the length n of unidirectional hash chain and the product of validity refresh cycle rp.Node N can specify the value of n and rp as required, thereby determines the lifetime of public key certificate.
In addition, node N can generate a plurality of unidirectional hash chains in advance under initialization or off-line state.When public key certificate generates or upgrade, just need not to have calculated unidirectional hash chain, so temporarily from generation or the renewal that can quicken public key certificate.
104: after node N generated its public key certificate t in 103, when node N need be when node V communicates by letter, node N sent to node V with its public key certificate.
In order to make node V obtain the public-key cryptography of oneself, node N is attached to public key certificate in the relevant data (as node N in digital signature applications to the signature of certain message) and sends to node V together, this has demonstrated fully the principle of issue as required, can effectively avoid the message transmission because of adopting broadcast mode issue public key certificate to produce in the network.
Node V verifies public key certificate, when a node V for the first time to the public key certificate of node N (i.e. { H N-i(t), T, y ', e, s, when v}) verifying, whole verification process comprises the steps:
At first, the authentication nuclear AC that comprises in the verification public key certificate confirms the identity of node N, other basic parameter that adopts in the core public-key cryptography y of acquisition node N and the public key certificate.
The authentication that comprises among node V verification public key certificate information T nuclear AC={A, c, d}, A={y wherein, y s, NM, H (.), p, q, g}, judge whether (8) formula is set up:
g d≡y sc H(A)mod?p (8)
C=g wherein fMod p, d=x s+ H (A) f mod q, if (8) formula is set up, illustrate that then the authentication nuclear of node N is AC, the core public-key cryptography is y, other relevant parameters of public key certificate are respectively H (.), p, q and g, illustrate impliedly that also node N holds and the corresponding core private cipher key of y x simultaneously.
Secondly, after the authentication nuclear AC that comprises in the verification public key certificate was correct, whether the public-key cryptography y ' that confirms public key certificate was to (x y) derives and comes, thereby whether explanation y ' is the employed public-key cryptography of public key certificate of node N by the joint core PKI.
Node V judges whether (9) formula, (10) formula are set up:
y , ≡ ye H ( AC | | y | | H n ( t ) | | n | | e ) mod p - - - ( 9 )
g s≡y’v H(T)?mod?p (10)
T=(y, H wherein n(t), n, y ', rp, st, AC).By (4) formula, (5) formula as can be known, illustrate that then the PKI y ' that derives is derived by key x if (9) formula is set up, and x is exactly the core private cipher key of node N, that is to say that y ' is the current public-key cryptography of node N really; If (10) formula is set up and is illustrated that then y ' is the public-key cryptography of public key certificate; If (9) formula, (10) formula are set up simultaneously and illustrated that then public key certificate is exactly the public key certificate of node N, its public-key cryptography is y '.
Then, when the public-key cryptography y ' that confirms public key certificate be by the joint core PKI to (x, y) derive and come after, whether N effective in the current refresh cycle as the public key certificate of public-key cryptography with y ' for the checking node.
Node V calculates current refresh cycle i according to (11) formula:
Judge whether (12) formula is set up:
H i(H n-i(t))=H n(t) (12)
The time deviation of supposing node V and node N is at acceptable scope, t NCurrent time for node N.If (12) formula is set up, illustrate that then the public key certificate of node N is effectively at current refresh cycle i, H wherein n(t) derive from public key certificate information T, H N-i(t) evidence that is node N in order to prove that public key certificate provides in the validity of i refresh cycle, since the one-way of H (.), H N-i(t) can not forge.
If it is mutual once more that node V needs later on node N, node V can carry out buffer memory to the public key certificate of node N so.Mutual once more as node V and node N like this, and when being in mutual same refresh cycle last time, node V just need not verify once more to public key certificate, thereby can reduce the complexity of algorithm; When node V and node N mutual once more, when being in the different refresh cycles, when node V needed once more the validity of verification public key certificate, at this moment node V only need verify whether a lower node N is effectively just passable in the current refresh cycle as the public key certificate of public-key cryptography with y ' again.
Node V verifies according to above-mentioned steps the public key certificate of node N, public key certificate by checking after, node N just can be with node V secure communication.
The public key certificate that node N utilizes the private key x ' that derives to sign and issue for himself with other node communication, can avoid core private cipher key x to expose the attack of preventing malice node to greatest extent because of frequent the use like this.
105: after node N generated its public key certificate in step 103, after the lifetime of the public key certificate of node N finished, node N upgraded its public key certificate.
After the lifetime of the public key certificate of node N finishes, this public key certificate can't use.At this moment, node N can by regenerate new unidirectional hash chain, regenerate new derive PKI to, re-construct new public key certificate, finish renewal to public key certificate, new public key certificate still uses former authentication nuclear AC, detailed process is as follows:
At first, node N determines the length n ' of new unidirectional hash chain, new validity refresh cycle rp ' according to practical application request;
Choose new random number t ', calculate new unidirectional hash chain according to following formula:
H i’(t’)=H(H i’(t’)),i’=1,2,...,n’.
Obtaining new unidirectional hash chain is { H n' (t '), H N '-1(t ') ..., H (t ') };
If node has generated a plurality of unidirectional hash chains in initialization procedure, then need not repeat this process, node can directly be chosen a unworn unidirectional hash chain.
Secondly, regenerate new derivative key to (x ", y "), the interim picked at random k ' ∈ of node N Z q *, e '=g k' mod p, according to (4 ') formula, (5 ') formula calculate new derive PKI to (x ", y "):
x″=x+H(AC‖y‖H n’(t’)‖n’‖e’)k?mod?q (4’)
y″=g x″mod?p (5’)
(x ", y ") is that the new PKI of deriving of node is right, x " is the private cipher key of deriving, y and " is the public-key cryptography of deriving.
Then, the oneself signs and issues new public key certificate, and node N determines that new certificate enables st ' constantly, utilizes the new private key x that derives " for oneself signs and issues public key certificate; the public-key cryptography of this certificate is exactly the new PKI y that derives ", and new public key certificate still adopts former authentication to examine AC.It is as follows specifically to sign and issue process:
Determine the st ' constantly that enables of new public key certificate, make T '=(y, H n' (t '), n ', y ", rp ', st ', AC), picked at random
Figure A20081021291500141
Calculate v ', s ' according to (6 ') formula, (7 ') formula:
v’=g j’mod?p (6’)
s’=x″+H(T’)j’mod?q (7’)
Then node N is at the new public key certificate of i refresh cycle:
Cert’={H n’-i(t’),T’,y″,e’,s’,v’}
106: after node N generated its public key certificate in step 103, node N can carry out validity control and cancel public key certificate.
Node N is by the public key certificate of issue corresponding to the current refresh cycle, make public key certificate effective, and when the private cipher key x ' that suspects the corresponding current refresh cycle of public key certificate is cracked or reveals, in the next refresh cycle, stop to issue public key certificate, public key certificate was lost efficacy, realize existing cancelling public key certificate.Below it is described in detail.
(1) certificate validity control
As previously described, node N is divided into n validity refresh cycle rp with the whole lifetime of its public key certificate, and each refresh cycle is corresponding with a hash value in the unidirectional hash chain.In order to prove the validity of public key certificate in a refresh cycle, in time the issue public key certificate is corresponding to the unidirectional hash value of this refresh cycle for node N, and node V can in time obtain the current validity information of public key certificate by this hash value of checking.
The conventional public-key certificate is by the validity of the term of validity (validity period) show certificate, this term of validity was made up of a from date (notBefore) and a Close Date (notAfter), and the verifier determines by judging whether current time was between these two dates whether certificate is effective.In case certificate generates, its term of validity has also just been determined (certificate all is effective) in the whole term of validity, and certificate is held the validity that node can't dynamically change certificate, unless the node updates certificate, and notify the former certificate of all nodes not re-use by broadcast mode.But because the node mobility of mobile ad hoc network, whole network might be split into some independent parts and can't be interconnected; And because the adding at any time of node and withdrawing from, a node may not receive certificate and hold the message that the former certificate of node notice does not re-use; So certificate is held message that node do not re-use former certificate will notify often difficulty relatively of all nodes.In addition, broadcast mode can produce a large amount of redundancy messages in network, brings bigger burden for whole mobile ad hoc network communication.
Comparatively speaking, the embodiment of the invention can have under the situation of the equal length term of validity (being the lifetime) at public key certificate, with thinner time granularity rp (being the 1/n of the term of validity) validity of public key certificate is implemented dynamically control, make public key certificate effective by the issue public key certificate corresponding to the hash value of current refresh cycle, make the public key certificate inefficacy by stopping to issue corresponding hash value.Do not need to carry out any calculating and issue different hash values, need only with should value with the standing part of public key certificate T, y ', e, s, v} is attached to together and gets final product.The length rp of validity refresh cycle can be selected to determine, can change flexibly as required when public key certificate generates or upgrade by node oneself.Thereby the control of the validity of public key certificate has dynamic, flexibility and high efficiency.
(2) certificate cancels
Learn according to top description certificate validity control, when node N suspects that the private cipher key x ' of its current public key certificate correspondence is cracked or when revealing, even the lifetime of public key certificate does not finish as yet, also can it be cancelled in the next refresh cycle, specific practice is: the unidirectional hash chain by destroying current public key certificate and the initial random number t of this hash chain, thereby stop to issue the corresponding value of all refresh cycles later on, in feasible each refresh cycle afterwards, node V can't obtain the corresponding effectively hash value of this certificate, thereby can't pass through the checking of (12) formula, and then can determine in time that this certificate is revoked.
This non-interactive type certificate revocation mode can solve under the mobile ad hoc network environment when adopting traditional certificate the problem that certificate revocation occurs better.For traditional certificate, when a nodes in MANET N suspects midway that its certificate is cracked and when issuing certificate revocation message, for above-mentioned reasons, checking node V possibly can't receive the broadcast of certificate revocation, can't know just that at this moment certificate is revoked.And checking node V judges from the term of validity of certificate, might think that the certificate that is revoked remains effective.At this moment, if this certificate is cracked, attack node and just can utilize this certificate successfully to palm off node N, and node N has no to discover.
Need to prove, monitor in real time, after the lifetime of public key certificate finishes, in time it is upgraded, generate new public key certificate by 105 pairs of public key certificate of above-mentioned steps; Carry out real-time effectiveness control by 106 pairs of public key certificate of above-mentioned steps, when the private cipher key x ' that suspects public key certificate is cracked or reveals, in time cancel public key certificate; By above-mentioned steps 105 guaranteed in the step 104 when node N need be when node V communicates by letter, what node N sent to node V is effective public key certificate, rather than the invalid public key certificate that finished of lifetime; By above-mentioned steps 106 guaranteed in the step 104 when node N need be when node V communicates by letter, what node N sent to node V is safe public key certificate, rather than private cipher key x ' unsafe public key certificate of being cracked or having revealed; Guaranteed that by above-mentioned steps 105 and step 106 node N communicates by letter safely and efficiently with node V in the step 104.
Technology in the method shown in the embodiment of the invention based on authentication nuclear, make node fully self-government carry out the management of public key certificate, thoroughly broken away from dependence to any form trusted third party, thereby the mobile ad hoc network applied environment that can effectively adapt to Complete autonomy makes the management of node public key certificate possess distributivity and self-organization completely; And the public key certificate as required that distributes autonomous fully management, greatly reduce the communication complexity in the management, the bookkeeping of all public key certificate of node is all finished in this locality according to application need by node, and all these operations all only just are performed when practical application demand is arranged, need not carry out the additional maintenance operation at ordinary times to the public key certificate of node, greatly reduce the communication overhead of public key certificate management, also eliminated the safety problem of the public key certificate management that causes because of interacting message substantially.In addition,, make that the node utilization PKI of deriving is right, realized and the secure communication of other node, avoided the core private cipher key to expose the attack of preventing malice node to greatest extent because of frequent the use based on the technology of the PKI of deriving; And generate the private cipher key of deriving in the local secret of node by changeless core private cipher key in the authentication nuclear, and then it is right to generate the PKI of deriving that is used for public key certificate, make that node can be right by the different PKI of deriving of same authentication karyogenesis where necessary, in time realize the renewal of public key certificate.Further, the validity of node public key certificate is implemented control, thereby can realize more reliably the cancelling of public key certificate strengthened the fail safe of public key certificate Managed Solution by unidirectional hash chain.
Embodiment 2
Referring to Fig. 3, the embodiment of the invention also provides a kind of equipment, and this equipment comprises:
Authenticate karyogenesis module 301, be used to generate the authentication nuclear of first node;
Public key certificate generation module 302 is used for examining according to the authentication that authentication karyogenesis module 301 generates, and generates the public key certificate of first node;
Public key certificate sending module 303 is used for the public key certificate that public key certificate generation module 302 generates is sent to Section Point.
Wherein, authentication karyogenesis module 301 specifically comprises:
Parameter processing unit is used to obtain parameter, and parameter comprises:
P, q: two big prime numbers, and satisfy q| (p-1);
G:1 is to an integer between the p, and g q≡ 1 mod p;
H (.): the unidirectional hash function of collisionless;
NM: the title of first node or to the descriptor of first node;
(x, y): the core PKI of first node is right, wherein x ∈ Z q *, being the core private cipher key, y is corresponding core public-key cryptography, and y=g xMod p;
(x s, y s): authentication nuclear to sign and issue PKI right, x wherein s∈ Z q *, be signature private cipher key, y sBe corresponding signature public-key cryptography, and
Figure A20081021291500171
Choose the unit, after being used for the parameter processing unit selection or generating parameter, picked at random f ∈ Z q *
Computing unit is after being used to choose the unit and selecting f, according to c=g fMod p, d=x s+ H (A) f mod q calculates c, d;
Authentication karyogenesis unit after being used for computing unit and obtaining c, d, makes that AC is an authentication nuclear, AC={A, and c, d}, the authentication nuclear that generates first node is AC={A, c, d} is with the identify label of AC as first node.
Further, authentication karyogenesis module 301 also comprises:
Destroy the unit, after being used to authenticate the karyogenesis unit and generating authentication nuclear AC, with x s, f destroys.
Wherein, public key certificate generation module 302 specifically comprises:
Unidirectional hash chain generation unit is used for determining length n, the validity refresh cycle rp of public key certificate of unidirectional hash chain choosing random number t, according to H i(t)=H (H I-1(t)), i=1,2 ..., n., calculating unidirectional hash chain is { H n(t), H N-1(t) ..., H (t) };
Derive PKI to generation unit, be used for picked at random k ∈ Z q *, e=g kMod p is according to x '=x+H (AC ‖ y ‖ H n(t) ‖ n ‖ e) k mod q, y '=g x' mod p, calculate the PKI of deriving to (x ', y '), wherein, x ' is the private cipher key of deriving, y ' is the public-key cryptography of deriving;
The public key certificate generation unit is used for picked at random j ∈ Z q *, according to v=g jMod p, s=x '+H (T) j mod q calculates v, s, determines the st constantly that enables of public key certificate, makes public key certificate information T=(y, H n(t), n, y ', rp, st, AC), generating the public key certificate of first node i refresh cycle is Cert={H N-i(t), T, y ', e, s, v}.
Further, this equipment also comprises:
Public key certificate receiver module 304 is used to receive the public key certificate that public key certificate sending module 303 sends to Section Point;
Public key certificate authentication module 305 is used for the public key certificate that verification public key certificate receiver module 304 receives;
Wherein, public key certificate authentication module 305 specifically comprises:
The card unit is veritified in authentication, is used to verify g d≡ y sc H (A)Whether mod p sets up, if set up, then the authentication of first node nuclear is AC, and the core public-key cryptography is y, and other relevant parameters of public key certificate are respectively H (.), p, q and g;
The public-key cryptography authentication unit is used for authentication and veritifies card unit checking g d≡ y sc H (A)After mod p sets up, checking g s≡ y ' v H (T)Whether mod p sets up, if two formulas are all set up, then public key certificate is exactly the public key certificate of first node, and the public-key cryptography of public key certificate is y ';
The validation verification unit is used for the checking of public-key cryptography authentication unit
Figure A20081021291500182
g s≡ y ' v H (T)After mod p sets up, according to Calculate current refresh cycle i, checking H i(H N-i(t))=H nWhether (t) set up, if set up, then the public key certificate of first node is effective at current refresh cycle i.
Further, this equipment also comprises:
Public key certificate update module 306 is used for after the lifetime of the public key certificate that public key certificate generation module 302 generates finishes public key certificate being upgraded;
Wherein, public key certificate update module 306 specifically comprises:
New unidirectional hash chain generation unit is used for determining length n ', the new validity refresh cycle rp ' of new unidirectional hash chain choosing new random number t ', according to H i(t ')=H (H i' (t ')), i '=1,2 ..., n '., calculating new unidirectional hash chain is { H n' (t '), H N '-1(t ') ..., H (t ') };
Newly derive PKI to generation unit, be used for picked at random k ' ∈ Z q *, e '=g k' mod p, "=x+H (the AC ‖ y ‖ H according to x n' (t ') ‖ n ' ‖ e ') k ' mod q, y "=g x" mod p calculates the new PKI of deriving to (x ", y "), wherein, x " is the new private cipher key of deriving, y " is the new public-key cryptography of deriving;
New public key certificate generation unit is used for picked at random j ' ∈ Z q *, according to v '=g j' mod p, s '=x "+H (T ') j ' mod q, calculate v ', s ', determine the new st ' constantly that enables, make new public key certificate information T '=(y, H n' (t '), n ', y ", rp ', st ', AC), generating the new public key certificate of first node i refresh cycle is Cert '={ H N '-i(t '), T ', y ", e ', s ', v ' }.
Further, this equipment also comprises:
Public key certificate validity control module 307, be used to issue public key certificate corresponding to the current refresh cycle, the public key certificate that described public key certificate generation module 302 is generated is effective, and when the private cipher key x ' that suspects the corresponding described current refresh cycle of public key certificate is cracked or reveals, in the next refresh cycle, stop to issue the public key certificate corresponding to the next refresh cycle, the public key certificate that described public key certificate generation module 302 is generated lost efficacy.
Technology in the device shown in the embodiment of the invention based on authentication nuclear, make node fully self-government carry out the management of public key certificate, thoroughly broken away from dependence to any form trusted third party, thereby the mobile ad hoc network applied environment that can effectively adapt to Complete autonomy makes the management of node public key certificate possess distributivity and self-organization completely; And the public key certificate as required that distributes autonomous fully management, greatly reduce the communication complexity in the management, the bookkeeping of all public key certificate of node is all finished in this locality according to application need by node, and all these operations all only just are performed when practical application demand is arranged, need not carry out the additional maintenance operation at ordinary times to the public key certificate of node, greatly reduce the communication overhead of public key certificate management, also eliminated the safety problem of the public key certificate management that causes because of interacting message substantially.In addition,, make that the node utilization PKI of deriving is right, realized and the secure communication of other node, avoided the core private cipher key to expose the attack of preventing malice node to greatest extent because of frequent the use based on the technology of the PKI of deriving; And generate the private cipher key of deriving in the local secret of node by changeless core private cipher key in the authentication nuclear, and then it is right to generate the PKI of deriving that is used for public key certificate, make that node can be right by the different PKI of deriving of same authentication karyogenesis where necessary, in time realize the renewal of public key certificate.Further, the validity of node public key certificate is implemented control, thereby can realize more reliably the cancelling of public key certificate strengthened the fail safe of public key certificate Managed Solution by unidirectional hash chain.
All or part of content in the technical scheme that above embodiment provides can realize that its software program is stored in the storage medium that can read by software programming, storage medium for example: the hard disk in the computer, CD or floppy disk.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (14)

1. the management method of a public key certificate is characterized in that, described method comprises:
Generate the authentication nuclear of first node;
According to described authentication nuclear, generate the public key certificate of described first node;
Described public key certificate is sent to Section Point.
2. the management method of public key certificate according to claim 1 is characterized in that, the authentication nuclear of described generation first node specifically comprises:
Obtain parameter, described parameter comprises:
P, q: two big prime numbers, and satisfy q| (p-1);
G:1 is to an integer between the p, and g q≡ 1 mod p;
H (.): the unidirectional hash function of collisionless;
NM: the title of described first node or to the descriptor of described first node;
(x, y): the core PKI of described first node is right, wherein x ∈ Z q *, being the core private cipher key, y is corresponding core public-key cryptography, and y=g xMod p;
(x s, y s): described authentication nuclear to sign and issue PKI right, x wherein s∈ Z q *, be signature private cipher key, y sBe corresponding signature public-key cryptography, and
Picked at random f ∈ Z q *
According to c=g fMod p, d=x s+ H (A) f mod q calculates c, d;
Make that AC is a described authentication nuclear, described AC={A, c, d}, the authentication nuclear that then generates described first node is described AC={A, c, d}.
3. the management method of public key certificate according to claim 2 is characterized in that, the authentication nuclear of the described first node of described generation is described AC={A, c, and behind the d}, described first node is with described x s, described f destroys.
4. the management method of public key certificate according to claim 1 is characterized in that, the public key certificate of the described first node of described generation specifically comprises:
Determine the validity refresh cycle rp of the length n of unidirectional hash chain, described public key certificate, choose random number t, according to H i(t)=H (H I-1(t)), i=1,2 ...., calculating described unidirectional hash chain is { H n(t), H N-1(t) ..., H (t) }; Picked at random k ∈ Z q *, e=g kMod p is according to x '=x+H (AC||y||H n(t) || n||e) k mod q, y '=g X 'Mod p calculates the PKI of deriving to (x ', y '), and wherein, x ' is the private cipher key of deriving, and y ' is the public-key cryptography of deriving;
Picked at random j ∈ Z q *, according to v=g jMod p, s=x '+H (T) j mod q calculates v, s, determines the st constantly that enables of described public key certificate, makes public key certificate information T=(y, H n(t), n, y ', rp, st AC), then generates the public key certificate of described first node i refresh cycle and is:
Cert={H n-i(t),T,y’,e,s,v}。
5. the management method of public key certificate according to claim 1 is characterized in that, described described public key certificate is sent to after the Section Point, also comprises:
Described Section Point receives described public key certificate;
Described Section Point is verified described public key certificate;
Described Section Point verifies that the process of described public key certificate is specially:
Described Section Point checking g d≡ y sc H (A)Whether mod p sets up, if set up, then the authentication of described first node nuclear is AC, and the core public-key cryptography is y, and other relevant parameters of described public key certificate are respectively H (.), p, q and g;
Described Section Point checking g d≡ y sc H (A)After mod p sets up, described Section Point checking
Figure A2008102129150003C1
g s≡ y ' v H (T)Whether mod p sets up, if two formulas are all set up, then described public key certificate is exactly the public key certificate of described first node, and the public-key cryptography of described public key certificate is y ';
Described Section Point is tested
Figure A2008102129150003C2
g s≡ y ' v H (T)After mod p sets up, described Section Point basis
Figure A2008102129150003C3
Calculate current refresh cycle i, described node verification H i(H N-i(t))=H nWhether (t) set up, if set up, then the public key certificate of described first node is effective at current refresh cycle i.
6. the management method of public key certificate according to claim 1 is characterized in that, after the public key certificate of the described first node of described generation, also comprises:
After the lifetime of the public key certificate of described first node finished, described first node upgraded described public key certificate, generates new public key certificate;
Described described public key certificate is upgraded, the process that generates new public key certificate is specially:
Determine the length n ' of new unidirectional hash chain, new validity refresh cycle rp ', choose new random number t ', according to H i(t ')=H (H i(t ')), i '=1,2 ..., n ', calculating new unidirectional hash chain is { H N '(t '), H N '-1(t ') ..., H (t ') };
Picked at random k ' ∈ Z q *, e '=g K 'Mod p, the "=x+H (AC||y||H according to x N '(t ') || n ' || e ') k ' mod q, y "=g X "Mod p calculates the new PKI of deriving to (x ", y "), wherein, x " is the new private cipher key of deriving, y " is the new public-key cryptography of deriving;
Picked at random j ' ∈ Z q *, according to v '=g J 'Mod p, s '=x " and+H (T ') j ' mod q, calculate v ', s ', determine the new st ' constantly that enables, make new public key certificate information T '=(y, H N '(t '), n ', y ", rp ', st ', AC), the new public key certificate of then described first node i refresh cycle is:
Cert’={H n’-i(t’),T’,y″,e’,s’,v’}。
7. the management method of public key certificate according to claim 1 is characterized in that, after the public key certificate of the described first node of described generation, also comprises:
Described first node issue is corresponding to the public key certificate of current refresh cycle, make described public key certificate effective, and when the private cipher key x ' that suspects the corresponding described current refresh cycle of public key certificate is cracked or reveals, in the next refresh cycle, stop to issue described public key certificate, described public key certificate was lost efficacy.
8. an equipment is characterized in that, described equipment comprises:
Authenticate the karyogenesis module, be used to generate the authentication nuclear of first node;
The public key certificate generation module, the authentication that is used for generating according to described authentication karyogenesis module is examined, and generates the public key certificate of described first node;
The public key certificate sending module is used for the public key certificate that described public key certificate generation module generates is sent to Section Point.
9. equipment according to claim 8 is characterized in that, described authentication karyogenesis module specifically comprises:
Parameter processing unit is used to obtain parameter, and described parameter comprises:
P, q: two big prime numbers, and satisfy q| (p-1);
G:1 is to an integer between the p, and g q≡ 1 mod p;
H (.): the unidirectional hash function of collisionless;
NM: the title of described first node or to the descriptor of described first node;
(x, y): the core PKI of described first node is right, wherein x ∈ Z q *, being the core private cipher key, y is corresponding core public-key cryptography, and y=g xMod p;
(x s, y s): described authentication nuclear to sign and issue PKI right, x wherein s∈ Z q *, be signature private cipher key, y sBe corresponding signature public-key cryptography, and
Figure A2008102129150004C1
Choose the unit, after being used for described parameter processing unit selection or generating parameter, picked at random f ∈ Z q *
Computing unit, be used for described choose the unit and select f after, according to c=g fMod p, d=x s+ H (A) f mod q calculates c, d;
Authentication karyogenesis unit after being used for described computing unit and obtaining c, d, makes that AC is described authentication nuclear, described AC={A, and c, d}, the authentication nuclear that generates described first node is described AC={A, c, d} is with the identify label of described AC as described first node.
10. equipment according to claim 9 is characterized in that, described authentication karyogenesis module also comprises:
Destroy the unit, after being used for described authentication karyogenesis unit and generating described authentication nuclear AC, with described x s, described f destroys.
11. equipment according to claim 8 is characterized in that, described public key certificate generation module specifically comprises:
Unidirectional hash chain generation unit is used for determining length n, the validity refresh cycle rp of described public key certificate of unidirectional hash chain choosing random number t, according to H i(t)=H (H I-1(t)), i=1,2 .., n., calculating described unidirectional hash chain is { H n(t), H N-1(t) ..., H (t) };
Derive PKI to generation unit, be used for picked at random k ∈ Z q *, e=g kMod p is according to x '=x+H (AC||y||H n(t) || n||e) k mod q, y '=g X 'Mod p calculates the PKI of deriving to (x ', y '), and wherein, x ' is the private cipher key of deriving, and y ' is the public-key cryptography of deriving;
The public key certificate generation unit is used for picked at random j ∈ Z q *, according to v=g jMod p, s=x '+H (T) j mod q calculates v, s, determines the st constantly that enables of described public key certificate, makes public key certificate information T=(y, H n(t), n, y ', rp, st, AC), generating the public key certificate of described first node i refresh cycle is Cert={H N-i(t), T, y ', e, s, v}.
12. equipment according to claim 8 is characterized in that, described equipment also comprises:
The public key certificate receiver module is used to receive the public key certificate that described public key certificate sending module sends to described Section Point;
The public key certificate authentication module is used to the public key certificate of verifying that described public key certificate receiver module receives;
Described public key certificate authentication module specifically comprises:
The card unit is veritified in authentication, is used to verify g d≡ y sc H (A)Whether mod p sets up, if set up, then the authentication of described first node nuclear is AC, and the core public-key cryptography is y, and other relevant parameters of described public key certificate are respectively H (.), p, q and g;
The public-key cryptography authentication unit is used for described authentication and veritifies card unit checking g d≡ y sc H (A)After mod p sets up, checking
Figure A2008102129150005C1
g s≡ y ' v H (T)Whether mod p sets up, if two formulas are all set up, then described public key certificate is exactly the public key certificate of described first node, and the public-key cryptography of described public key certificate is y ';
The validation verification unit is used for described public-key cryptography authentication unit checking
Figure A2008102129150006C1
g s≡ y ' v H (T)After mod p sets up, according to
Figure A2008102129150006C2
Calculate current refresh cycle i, checking H i(H N-i(t))=H nWhether (t) set up, if set up, then the public key certificate of described first node is effective at current refresh cycle i.
13. equipment according to claim 8 is characterized in that, described equipment also comprises:
The public key certificate update module is used for after the lifetime of the public key certificate that described public key certificate generation module generates finishes described public key certificate being upgraded;
Described public key certificate update module specifically comprises:
New unidirectional hash chain generation unit is used for determining length n ', the new validity refresh cycle rp ' of new unidirectional hash chain choosing new random number t ', according to Hi ' (t ')=H (H I '(t ')), i '=1,2 ..., n '., calculating new unidirectional hash chain is { H N '(t '), H N '-1(t ') ..., H (t ') };
Newly derive PKI to generation unit, be used for picked at random k ' ∈ Z q *, e '=g K 'Mod p, the "=x+H (AC||y||H according to x N '(t ') || n ' || e ') k ' mod q, y "=g X "Mod p calculates the new PKI of deriving to (x ", y "), wherein, x " is the new private cipher key of deriving, y " is the new public-key cryptography of deriving;
New public key certificate generation unit is used for picked at random j ' ∈ Z q *, according to v '=g J 'Mod p, s '=x " and+H (T ') j ' mod q, calculate v ', s ', determine the new st ' constantly that enables, make new public key certificate information T '=(y, H N '(t '), n ', y ", rp ', st ', AC), generating the new public key certificate of described first node i refresh cycle is Cert '={ H N '-i(t '), T ', y ", e ', s ', v ' }.
14. equipment according to claim 8 is characterized in that, described equipment also comprises:
Public key certificate validity control module, be used to issue public key certificate corresponding to the current refresh cycle, the public key certificate that described public key certificate generation module is generated is effective, and when the private cipher key x ' that suspects the corresponding described current refresh cycle of public key certificate is cracked or reveals, in the next refresh cycle, stop to issue the public key certificate corresponding to the next refresh cycle, the public key certificate that described public key certificate generation module is generated lost efficacy.
CN2008102129153A 2008-09-05 2008-09-05 Method and equipment for managing public key certificate Expired - Fee Related CN101667914B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008102129153A CN101667914B (en) 2008-09-05 2008-09-05 Method and equipment for managing public key certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008102129153A CN101667914B (en) 2008-09-05 2008-09-05 Method and equipment for managing public key certificate

Publications (2)

Publication Number Publication Date
CN101667914A true CN101667914A (en) 2010-03-10
CN101667914B CN101667914B (en) 2012-05-23

Family

ID=41804369

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008102129153A Expired - Fee Related CN101667914B (en) 2008-09-05 2008-09-05 Method and equipment for managing public key certificate

Country Status (1)

Country Link
CN (1) CN101667914B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101860455A (en) * 2010-06-28 2010-10-13 华中科技大学 Method for construction of network trust topology based on reliable loop
CN103138923A (en) * 2011-11-24 2013-06-05 中国移动通信集团公司 Method, device and system for internodal authentication
CN105812131A (en) * 2014-12-30 2016-07-27 浙江高鸿电子技术有限公司 Vehicle node certificate updating method based on Vehicle to X (V2X) network
CN106059747A (en) * 2016-08-09 2016-10-26 成都蓝海贝信息技术有限公司 Reusable public key certificate scheme based on public key infrastructure
CN114050899A (en) * 2022-01-11 2022-02-15 深圳市永达电子信息股份有限公司 Full life cycle monitoring method and system based on certificate distribution

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100346249C (en) * 2004-12-31 2007-10-31 联想(北京)有限公司 Method for generating digital certificate and applying the generated digital certificate
CN1819513A (en) * 2006-03-23 2006-08-16 北京易恒信认证科技有限公司 CPK ID certificate and generating method thereof

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101860455A (en) * 2010-06-28 2010-10-13 华中科技大学 Method for construction of network trust topology based on reliable loop
CN103138923A (en) * 2011-11-24 2013-06-05 中国移动通信集团公司 Method, device and system for internodal authentication
CN103138923B (en) * 2011-11-24 2016-06-22 中国移动通信集团公司 A kind of internodal authentication, Apparatus and system
CN105812131A (en) * 2014-12-30 2016-07-27 浙江高鸿电子技术有限公司 Vehicle node certificate updating method based on Vehicle to X (V2X) network
CN105812131B (en) * 2014-12-30 2019-12-20 大唐高鸿信息通信研究院(义乌)有限公司 Vehicle-mounted node certificate updating method based on vehicle-mounted short-distance communication network
CN106059747A (en) * 2016-08-09 2016-10-26 成都蓝海贝信息技术有限公司 Reusable public key certificate scheme based on public key infrastructure
CN114050899A (en) * 2022-01-11 2022-02-15 深圳市永达电子信息股份有限公司 Full life cycle monitoring method and system based on certificate distribution

Also Published As

Publication number Publication date
CN101667914B (en) 2012-05-23

Similar Documents

Publication Publication Date Title
CN114730420A (en) System and method for generating signatures
CN109963282B (en) Privacy protection access control method in IP-supported wireless sensor network
Zhang et al. Efficient and privacy-preserving blockchain-based multifactor device authentication protocol for cross-domain IIoT
CN105308897A (en) A method and apparatus for anonymous and trustworthy authentication in pervasive social networking
CN112187450B (en) Method, device, equipment and storage medium for key management communication
CN107294696B (en) Method for distributing full homomorphic keys for Leveled
CN112396421B (en) Identity authentication system and method based on blockchain pass
CN111698238A (en) Management method, system and storage medium for terminal layer equipment key of power internet of things
CN108337092B (en) Method and system for performing collective authentication in a communication network
CN101895388B (en) Distributed dynamic keys management method and device
CN103634788A (en) Certificateless multi-proxy signcryption method with forward secrecy
Feng et al. Anonymous authentication on trust in pervasive social networking based on group signature
CN101667914B (en) Method and equipment for managing public key certificate
CN110557248A (en) Secret key updating method and system for resisting quantum computation signcryption based on certificateless cryptography
Chaudhry Comments on “a secure, privacy-preserving, and lightweight authentication scheme for VANETs”
Ayub et al. Secure consumer-centric demand response management in resilient smart grid as industry 5.0 application with blockchain-based authentication
CN116204914A (en) Trusted privacy computing method, device, equipment and storage medium
Dwivedi et al. Design of blockchain and ECC-based robust and efficient batch authentication protocol for vehicular ad-hoc networks
CN109067774B (en) Security access system based on trust token and security access method thereof
CN113472734B (en) Identity authentication method and device
Liou et al. T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs
CN115913521A (en) Method for identity authentication based on quantum key
JP2003256374A (en) Empirical authentication system, device, program and method
Yang et al. Design of Key Management Protocols for Internet of Things.
CN111245611A (en) Anti-quantum computing identity authentication method and system based on secret sharing and wearable equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120523

Termination date: 20150905

EXPY Termination of patent right or utility model