CN106161035B - CFL personal privacy protection mode implementation method - Google Patents
CFL personal privacy protection mode implementation method Download PDFInfo
- Publication number
- CN106161035B CN106161035B CN201610394146.8A CN201610394146A CN106161035B CN 106161035 B CN106161035 B CN 106161035B CN 201610394146 A CN201610394146 A CN 201610394146A CN 106161035 B CN106161035 B CN 106161035B
- Authority
- CN
- China
- Prior art keywords
- cfl
- user
- sign
- certificates constructing
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Credit Cards Or The Like (AREA)
Abstract
" CFL personal privacy protection mode implementation method " of the invention, belongs to field of information security technology, is related to key authentication system.CFL personal privacy protection mode implementation method of the present invention is generated for user 5 the public and private key marking algorithm of odd-job, CFL certificates constructing algorithm, CFL certification authentication algorithm Algorithm constitutions, and is given the specific embodiment of this 5 algorithms by the mark random number k generating algorithm that the public and private key generators set generating algorithm of mark at CFL certificates constructing center, CFL certificates constructing center are in user certificate identification signature, CFL certificates constructing center.CFL personal privacy protection mode implementation method is demonstrated with good information security property.
Description
Technical field
The invention belongs to field of information security technology, are related to key authentication system.
Background technique
Based on national commercial cipher algorithm SM2、SM3And SM4CFL identifying algorithm in, to the CFL certificate of user into
Row CFL signature verification, process are as follows:
If identity private key generators set required for CFL signature verification and mark public key generators set are as follows:
Identity private key generators set IDSKG (Identity Secret Key Generation): CFL certificates constructing center
For user certificate signature main system key be
IDSKG={ sk0, sk1..., skL-1,
Wherein each element generates at random, and different two-by-two, and L is the total number of element in IDSKG.
It identifies public key generators set IDPKG (Identity Public Key Generation): CFL certificates constructing center
The corresponding public key sequence of main system key is classified as
IDPKG={ pk0, pk1..., pkL-1,
Wherein pkiIt is private key sk in public key algorithmiCorresponding public key, i=0 ..., L-1.
The identity private key generating function of CFL are as follows:
IDSK=F (IDSKG, S)=skS(0)⊙skS(1)⊙…⊙skS(i-1),
Wherein " ⊙ " isIn addition, n SM2The period of middle elliptic curve basic point, IDSK are CFL certificates constructings
Center is the signature private key that the CFL certificate signature of user generates,
S=(S (0), S (1) ..., S (t-1)),
S=θ (h), θ are that mode, h=H (ID)=(h are selected in CFL control0, h1..., hi-1), ID is the mark of user, H CFL
Hash function in certificates constructing signature process, S (i) choose identity private key and generate member when (i=0,1 ..., t-1) is the i-th bat
The position of element, also known as S (i), i=0,1 ... are concentrated, t-1 is that CFL control selects the control of mode θ to select sequence, therefore CFL identity private key
Generating function is again writeable are as follows:
IDSK=F (IDSKG, S)=F (IDSKG, θ (h))=F (IDSKG, θ (H (ID))).
The mark public key generating function of CFL are as follows:
IDPK=F ' (IDPKG, S)=pkS(0)⊙′pkS(1)⊙′…⊙′pkS(i-1),
Wherein " ⊙ ' " is SM2The addition of middle point group, IDPK are the signature verification public keys of CFL certification authentication.
The mark public key generating function of CFL is again writeable are as follows:
IDPK=F ' (IDPKG, S)=F ' (IDPKG, θ (h))=F ' (IDPKG, θ (H (ID))).
CFL certificates constructing and CFL certification authentication algorithm are as follows:
(1) the CFL certificates constructing algorithm at CFL certificates constructing center
1) user is autonomously generated the public and private key of work.
2) self information and work public key are sent to CFL certificates constructing center by user.
3) CFL certificates constructing center calculates h=H (ID) according to user identifier ID.
4) mode θ (h)=S is selected in CFL certificates constructing center calculation CFL control.
5) CFL certificates constructing center calculates CFL identity private key generating function using identity private key generators set IDSKG
IDSK=F (IDSKG, S)=F (IDSKG, θ (h))=F (IDSKG, θ (H (ID)))
=skS(0)⊙skS(1)⊙…⊙skS(i-1).
Generate the identity private key IDSK of user.
6) CFL certificates constructing center signs to user identifier using the identity private key of user, user identifier and label
Name constitutes the CFL certificate of user.
(2) verification algorithm of the authentication to user's CFL certificate
1) CFL certificate is sent to authentication by user.
2) authentication calculates h=H (ID) according to user identifier ID.
3) authentication calculates CFL control and selects mode θ (h)=S.
4) authentication calculates CFL and identifies public key generating function
IDPK=F ' (IDPKG, S)=F ' (IDPKG, θ (h))=F ' (IDPKG, θ (H (ID)))
=pkS(0)⊙′pkS(1)⊙′…⊙′pkS(i-1).
Generate the mark public key IDPK of user.
5) authentication verifies user's CFL certificate signature using mark public key IDPK.
In order to which theory is preferably applied for practicing, The present invention gives based on national commercial cipher algorithm SM2, SM3,
The CFL personal privacy protection mode implementation method of SM4, and give the safety of CFL personal privacy protection mode implementation method
Analysis.
Ukey represents the secure hardware of user, including U-shield, cipher card, safety chip card, mobile phone safe core in the present invention
Piece, bluetooth users end secure hardware product.
Summary of the invention
CFL personal privacy protection mode implementation method of the present invention is by following five Algorithm constitutions:
The public and private key generators set generating algorithm of mark at algorithm 1:CFL personal privacy protection mode CFL certificates constructing center;
The personal privacy protection mode CFL certificates constructing center algorithm 2:CFL be user certificate identification signature in mark with
Machine number k generating algorithm;
Odd-job public affairs private key identifies are generated for user in algorithm 3:CFL personal privacy protection mode CFL certificates constructing center
Algorithm;
Algorithm 4:CFL personal privacy protection mode CFL certificates constructing algorithm;
Algorithm 5:CFL personal privacy protection mode CFL certification authentication algorithm.
Specific embodiment
CFL personal privacy protection mode implementation method of the present invention is by following 5 Algorithm constitutions, the specific implementation of each algorithm
Mode are as follows:
The public and private key generators set generating algorithm of mark at algorithm 1:CFL personal privacy protection mode CFL certificates constructing center
1) CFL certificates constructing center generates identity private key generators set using randomizer at random:
IDSKG={ sk0, sk1..., skL-1}
Wherein element independently generates, and two neither etc., is detected by randomness, and exclusive for CFL certificates constructing center.
2) CFL certificates constructing center is based on identity private key generators set and generates corresponding mark public key generators set:
IDPKG={ pk0, pk1..., pkL-1,
Wherein pkiIt is private key sk in public key algorithmiCorresponding public key, i=0 ..., L-1.
3) CFL certificates constructing center publishes mark public key generators set.
The personal privacy protection mode CFL certificates constructing center algorithm 2:CFL be user certificate identification signature in mark with
Machine number k generating algorithm
1) CFL certificates constructing center is using the mark generating random number metaset in randomizer generation signature algorithm
IDRG={ r0, r1..., rL-1, wherein element independently generates, and two neither etc., is detected by randomness, and raw for CFL certificate
At center, institute is exclusive.
2) CFL certificates constructing center generates the generating function of the mark random number k in signature algorithm according to the mark of user
Are as follows:
K=IDR=F (IDRG, S)=F (IDRG, θ (h))=F (IDRG, θ (H (ID)))=rS(0)⊙rS(1)⊙…⊙
rS(i-1).
3) when being identified signature for user, the random number in signature algorithm is used based on use at CFL certificates constructing center
Mark random number k=IDR that the mark at family generates.
Odd-job public affairs private key identifies are generated for user in algorithm 3:CFL personal privacy protection mode CFL certificates constructing center
Algorithm
1) CFL certificates constructing center is based on Ukey correlated identities ID, calculates SM3(ID)=h.
2) 256 bit h are divided into 128 bit of front and back, i.e. h=h by CFL certificates constructing center0||h1。
3) CFL certificates constructing center calculationWherein BK0, BK1For
CFL certificates constructing center is about SM4Two group keys of encryption and decryption.BK0, BK1By the randomizer at CFL certificates constructing center
It independently generates, is detected by randomness, and is exclusive for CFL certificates constructing center.
4) CFL certificates constructing center willOdd-job private key as user U.The casual labour of user
Making public key is RAPK1=RASK1·P mod E.Wherein P is SM2Basic point.
Algorithm 4:CFL personal privacy protection mode CFL certificates constructing algorithm
1) CFL certificates constructing center is first each agent window and oneself public and private key of allocation work and CFL certificate.
2) CFL certificates constructing center is according to the identification code ID of each UkeyUkey, according to algorithm 3, generate facing for each Ukey
When work public private key pair RASK1, RAPK1。
3) CFL certificates constructing center utilizes SM2, with the work private key of oneself to IDUkey||RAPK1It signs, must sign
Value is SIGN, wherein the random number IDR in signature1By IDUkey||RAPK1It is generated through algorithm 2.
4) CFL certificates constructing center is by odd-job public private key pair RASK1, RAPK1, signature value SIGN Ukey is written, and match
Issue each agent window.
5) user gets write-in odd-job public private key pair and signature value by identity card, identity checks to agent window
The Ukey of SIGN.
6) user utilizes the computer of oneself, logs in CFL certificates constructing center, relative application software is downloaded, in Ukey
Signature value, utilize SM2, verified with the work public key at CFL certificates constructing center, after being verified, user utilizes Ukey
In randomizer be autonomously generated oneself work public private key pair RAPK, RASK, and pass through randomness and detect.
7) user fills in the Information ID of oneself1, user fills in or acquires the Proprietary Information ID of oneself2, such as finger print information,
Iris, password, utilize SM2, with the work private key RASK of oneself to ID1||ID2| | RASK signs, and obtains signature value SIGN1,
User utilizes SM2, then with odd-job private key RASK1To IDUkey||ID1||ID2| | RAPK signs, and obtains signature value SIGN ',
User is using the work public key at CFL certificates constructing center to IDUkey||ID1||ID2| | RAPK is encrypted, and ciphertext is transmitted to CFL
Certificates constructing center, then by SIGN1, SIGN ' is transmitted to CFL certificates constructing center.
8) ID is decrypted to obtain using the work private key of oneself in CFL certificates constructing centerUkey||ID1||ID2| | RAPK passes through
IDUkeyCalculate to obtain RASK1, RAPK1, SIGN ' is verified, the work public key RAPK of user is recycled to verify SIGN1。
9) CFL certificates constructing center is that user adds time of issuing licence, issuing unit, certificate serial number, certificate limited period letter
Cease ID3, calculate θ (SM3(ID1||ID2||ID3)), it is generated as the random number IDR of user certificate signature2, that is, calculate
K=IDR2=F (IDRG, θ (SM3(ID1||ID2||ID3))),
Signature public private key pair IDSK, the IDPK for generating user, that is, calculate
IDSK=F (IDSKG, θ (SM3(ID1||ID2||ID3))),
IDPK=F ' (IDPKG, θ (SM3(ID1||ID2||ID3))),
CFL certificates constructing center utilizes SM2, with random number IDR2, identity private key IDSK, to ID1||ID2||ID3||RAPK
Generate signature SIGN2。
10) CFL certificates constructing center is by ID1, SIGN1, ID3, SIGN2Encryption, which is carried out, with RAPK issues user.User side will
ID1, SIGN1, ID3, SIGN2Ciphertext write-in Ukey after, decrypted in Ukey with RASK.
11) user is by CU=ID1||ID2||SIGN1||ID3||RAPK||SIGN2As CFL certificate, by HUFU2=ID1||
SIGN1||ID3||RAPK||SIGN2As CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 2.By HUFU1=ID2As CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 1.
12) user deletes the interim public private key pair RASK in Ukey1, RAPK1。
Algorithm 5:CFL personal privacy protection mode CFL certification authentication algorithm
1) oneself CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 2 and tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 1 are synthesized the CFL certificate C of oneself by userU。
2) certificate of oneself is added timestamp information ID when applying by user4, and calculate SM3(ID1||ID2||ID3||
RAPK||ID4), user utilizes SM2, signature SIGN is generated to it with the work private key of oneself3, claimFor the dynamic CFL certificate of user.And use application service
The work public key of device is by ID1||ID2||ID3||RAPK||ID4Application server is issued in encryption.Simultaneously by SIGN1, SIGN2,
SIGN3Issue application server.
3) application server using oneself work private key decrypt user ID1||ID2||ID3||RAPK2||ID4。
4) signature verification three times is carried out to user's dynamic CFL certificate in application service.
5) certificate of oneself is added timestamp information ID when applying by application server4, and calculate the information of oneself
Hash value SM3(ID1||ID2||ID3||RAPK||ID4), ID2It can be the related Proprietary Information of application server, application service
Device generates signature SIGN to it3, generate the dynamic CFL certificate of application server
Application server is by the Information ID of oneself1||ID2||ID3||RAPK||ID4It is issued with the work public key encryption of user
User, while the SIGN that will sign three times1, SIGN2, SIGN3Issue user.
6) user can obtain the dynamic CFL certificate of application server with the work private key decryption of oneself
7) user's application server dynamic CFL certificate carries out signature verification three times.
If the public and private key of signature verification and the public and private key of encryption and decryption that user needs are two pairs, user is autonomously generated two pairs of public affairs
Private key to and apply two CFL certificates, wherein one be used for encryption and decryption, another be used for signature verification.
The analysis of CFL personal privacy protection mode safety
The 1 personal privacy protection mode CFL certificates constructing center CFL of proposition be user certificate identification signature in mark with
Machine number k generating algorithm has restorability.
It proves by the process of algorithm 2 it is found that mark random number k is the function of mark, only it is to be understood that user identifier, CFL card
Inteilectual can calculate mark random number k=IDR at center.Therefore proposition is set up.
The public and private key mark of odd-job that 2 CFL personal privacy protection mode CFL certificates constructing center of proposition is generated for user
Knowing algorithm has restorability.
It proves by the process of algorithm 3 it is found that the odd-job public private key pair that CFL certificates constructing center is generated for user is
User's Ukey identification code IDUkeyFunction, therefore only it is to be understood that IDUkey, CFL certificates constructing center can calculate facing for user
When work public private key pair.Therefore proposition is set up.
3 CFL personal privacy protection mode of proposition is the irrecoverable provable security of key.
Prove due in CFL user certificate all parameters and the public and private key of odd-job be all based on CFL certificates constructing
The cryptographic parameter at center is provided by public key cryptography transformation either block cipher, does not divulge any private key letter directly
Breath, therefore theoretically, the attack pattern of attacker is all converted to for corresponding difficult math question, i.e., atomic primitive problem is attacked
It hits.Therefore proposition is set up.
Proposition 4 is assuming that SM3In the case where random oracle, CFL personal privacy protection mode is that EUF-CMA (is adapted to
Property selection message attack under with existence unforgeable) safety.
It proves to assume the pseudo- signature that S ' is attacker, then:
For legal signature,Therefore:
Therefore proposition is set up.
The signature identity private key of 5 CFL personal privacy protection mode CFL certificate of proposition is close, user the work of a people one
Public key is that a people one is close for attacker.
It proves because the signature identity private key of CFL certificate is the function of user identifier, the work public key of user is to being user
What Autonomy generated, therefore it is apparent from proposition establishment.
The signature private key generators set at 6 CFL personal privacy protection mode CFL certificates constructing center of proposition compares PKI, IBC
With high security.
Prove there are L due to the signature private key generators set at CFL certificates constructing center, that is to say, that its trusted root number
It is L times of PKI, IBC, therefore when L is larger, proposition is set up.
7 CFL personal privacy protection mode of proposition contains dynamic authentication, tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China authentication property.
Prove that the proposition is set up known to the process of algorithm 4,5.
8 CFL personal privacy protection mode of proposition is suitble to personal privacy protection.
Prove that the public and private key of work of the user of CFL personal privacy protection mode independently generates, in certificates constructing mistake
It is that Zero Knowledge interacts, therefore its work private key is safe in journey and use process, so proposition is set up.
Claims (1)
1. a kind of CFL personal privacy protection mode implementation method, characterized by comprising: CFL personal privacy protection mode is realized
Method is by following five Algorithm constitutions:
1. the public and private key generators set generating algorithm of mark at CFL personal privacy protection mode CFL certificates constructing center
1) CFL certificates constructing center generates identity private key generators set using randomizer at random:
IDSKG={ sk0, sk1..., skL-1}
Wherein element independently generates, and two neither etc., is detected by randomness, and exclusive for CFL certificates constructing center;
2) CFL certificates constructing center is based on identity private key generators set and generates corresponding mark public key generators set:
IDPKG={ pk0, pk1..., pkL-1,
Wherein pkiIt is private key sk in public key algorithmiCorresponding public key, i=0 ..., L-1;
3) CFL certificates constructing center publishes mark public key generators set;
2. the personal privacy protection mode CFL certificates constructing center CFL is that the mark random number k in user certificate identification signature generates
Algorithm
1) it is IDRG that CFL certificates constructing center, which generates the mark generating random number metaset in signature algorithm using randomizer,
={ r0, r1..., rL-1, wherein element independently generates, and two neither etc., is detected by randomness, and in CFL certificates constructing
Heart institute is exclusive;
2) CFL certificates constructing center generates the generating function of the mark random number k in signature algorithm according to the mark of user are as follows:
K=IDR=F (IDRG, S)=F (IDRG, θ (h))=F (IDRG, θ (H (ID)))=rS(0)⊙rS(1)⊙…⊙rS(t-1);
3) when being identified signature for user, the random number in signature algorithm is used based on user's at CFL certificates constructing center
Identify the mark random number k=IDR generated;
3. the public and private key marking algorithm of odd-job is generated for user in CFL personal privacy protection mode CFL certificates constructing center
1) CFL certificates constructing center is based on Ukey correlated identities ID, calculates SM3(ID)=h;
2) 256 bit h are divided into 128 bit of front and back, i.e. h=h by CFL certificates constructing center0||h1;
3) CFL certificates constructing center calculationWherein BK0, BK1For CFL card
Inteilectual is at center about SM4Two group keys of encryption and decryption;BK0, BK1It is independently raw by the randomizer at CFL certificates constructing center
At being detected by randomness, and exclusive for CFL certificates constructing center;
4) CFL certificates constructing center willOdd-job private key as user U;The odd-job of user is public
Key is RAPK1=RASK1·P mod E;Wherein P is SM2Basic point;
4. CFL personal privacy protection mode CFL certificates constructing algorithm
1) CFL certificates constructing center is first each agent window and oneself public and private key of allocation work and CFL certificate;
2) CFL certificates constructing center is according to the identification code ID of each UkeyUkey, according to algorithm 3, generate the casual labour of each Ukey
Make public private key pair RASK1, RAPK1;
3) CFL certificates constructing center utilizes SM2, with the work private key of oneself to IDUkey||RAPK1It signs, obtaining signature value is
SIGN, wherein the random number IDR in signature1By IDUkey||RAPK1It is generated through algorithm 2;
4) CFL certificates constructing center is by odd-job public private key pair RASK1, RAPK1, signature value SIGN Ukey is written, and with issuing
Each agent window;
5) user gets write-in odd-job public private key pair and signature value SIGN by identity card, identity checks to agent window
Ukey;
6) user utilizes the computer of oneself, logs in CFL certificates constructing center, relative application software is downloaded, to the label in Ukey
Name value, utilizes SM2, verified with the work public key at CFL certificates constructing center, after being verified, user is using in Ukey
Randomizer is autonomously generated work public private key pair RAPK, the RASK of oneself, and is detected by randomness;
7) user fills in the Information ID of oneself1, user fills in or acquires the Proprietary Information ID of oneself2, utilize SM2, with the work of oneself
Make private key RASK to ID1||ID2| | RAPK signs, and obtains signature value SIGN1, user utilize SM2, then with odd-job private key
RASK1To IDUkey||ID1||ID2| | RAPK signs, and obtains signature value SIGN ', and user utilizes the work at CFL certificates constructing center
Make public key to IDUkey||ID1||ID2| | RAPK is encrypted, and ciphertext is transmitted to CFL certificates constructing center, then by SIGN1,
SIGN ' is transmitted to CFL certificates constructing center;
8) ID is decrypted to obtain using the work private key of oneself in CFL certificates constructing centerUkey||ID1||ID2| | RAPK passes through IDUkeyMeter
Calculate to obtain RASK1, RAPK1, SIGN ' is verified, the work public key RAPK of user is recycled to verify SIGN1;
9) CFL certificates constructing center is that user adds issue licence time, issuing unit, certificate serial number, validity period of certificate Information ID3,
Calculate θ (SM3(ID1||ID2||ID3)), it is generated as the random number IDR of user certificate signature2, that is, calculate
IDR2=F (IDRG, θ (SM3(ID1||ID2||ID3))),
Signature public private key pair IDSK, the IDPK for generating user, that is, calculate
IDSK=F (IDSKG, θ (SM3(ID1||ID2||ID3))),
IDPK=F ' (IDPKG, θ (SM3(ID1||ID2||ID3))),
CFL certificates constructing center utilizes SM2, with random number IDR2, identity private key IDSK, to ID1||ID2||ID3| | RAPK is generated
Sign SIGN2;
10) CFL certificates constructing center is by ID1, SIGN1, ID3, SIGN2Encryption, which is carried out, with RAPK issues user;User side is by ID1,
SIGN1, ID3, SIGN2Ciphertext write-in Ukey after, decrypted in Ukey with RASK;
11) user is by CU=ID1||ID2||SIGN1||ID3||RAPK||SIGN2As CFL certificate, by HUFU2=ID1||
SIGN1||ID3||RAPK||SIGN2As CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 2;By HUFU1=ID2As CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 1;
12) user deletes the interim public private key pair RASK in Ukey1, RAPK1;
5. CFL personal privacy protection mode CFL certification authentication algorithm
1) oneself CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 2 and tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 1 are synthesized the CFL certificate C of oneself by userU;
2) certificate of oneself is added timestamp information ID when applying by user4, and calculate SM3(ID1||ID2||ID3||RAPK||
ID4), user utilizes SM2, signature SIGN is generated to it with the work private key of oneself3, claimFor the dynamic CFL certificate of user;And use application service
The work public key of device is by ID1||ID2||ID3||RAPK||ID4Application server is issued in encryption;Simultaneously by SIGN1, SIGN2,
SIGN3Issue application server;
3) application server using oneself work private key decrypt user ID1||ID2||ID3||RAPK2||ID4;
4) signature verification three times is carried out to user's dynamic CFL certificate in application service;
5) certificate of oneself is added timestamp information ID when applying by application server4, and calculate the hash value of the information of oneself
SM3(ID1||ID2||ID3||RAPK||ID4), ID2It can be the related Proprietary Information of application server, application server is to it
Generate signature SIGN3, generate the dynamic CFL certificate of application server
Application server is by the Information ID of oneself1||ID2||ID3||RAPK||ID4User is issued with the work public key encryption of user,
To sign SIGN three times simultaneously1, SIGN2, SIGN3Issue user;
6) user can obtain the dynamic CFL certificate of application server with the work private key decryption of oneself
7) user's application server dynamic CFL certificate carries out signature verification three times.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610394146.8A CN106161035B (en) | 2016-06-07 | 2016-06-07 | CFL personal privacy protection mode implementation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610394146.8A CN106161035B (en) | 2016-06-07 | 2016-06-07 | CFL personal privacy protection mode implementation method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106161035A CN106161035A (en) | 2016-11-23 |
CN106161035B true CN106161035B (en) | 2019-06-04 |
Family
ID=57353193
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610394146.8A Active CN106161035B (en) | 2016-06-07 | 2016-06-07 | CFL personal privacy protection mode implementation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106161035B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106682490B (en) * | 2016-12-02 | 2019-09-20 | 青岛博文广成信息安全技术有限公司 | CFL artificial immunity computer model building method |
CN106779684A (en) * | 2016-12-02 | 2017-05-31 | 北京博文广成信息安全技术有限公司 | The soft black box safe electronic method of mobile payment of CFL based on Quick Response Code |
CN106789010B (en) * | 2016-12-19 | 2020-01-21 | 青岛博文广成信息安全技术有限公司 | CFL decentralized application method |
CN106789071B (en) * | 2016-12-26 | 2020-06-30 | 青岛博文广成信息安全技术有限公司 | CFL application center-removing internal personnel prevention method |
CN108737099B (en) * | 2017-04-20 | 2021-04-30 | 青岛博文广成信息安全技术有限公司 | Tiger-symbol key authentication technical method |
CN113691365B (en) * | 2020-05-16 | 2024-04-26 | 成都天瑞芯安科技有限公司 | Cloud private key generation and use method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1463117A (en) * | 2003-05-22 | 2003-12-24 | 中国科学院计算技术研究所 | Safety communication method between communication system of networking computer and user oriented network layer |
CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
CN103260157A (en) * | 2012-05-07 | 2013-08-21 | 中国交通通信信息中心 | User management system based on satellite communication services and application method thereof |
CN104639329A (en) * | 2015-02-02 | 2015-05-20 | 浙江大学 | Method for mutual authentication of user identities based on elliptic curve passwords |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110296171A1 (en) * | 2010-05-28 | 2011-12-01 | Christina Fu | Key recovery mechanism |
-
2016
- 2016-06-07 CN CN201610394146.8A patent/CN106161035B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1463117A (en) * | 2003-05-22 | 2003-12-24 | 中国科学院计算技术研究所 | Safety communication method between communication system of networking computer and user oriented network layer |
CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
CN103260157A (en) * | 2012-05-07 | 2013-08-21 | 中国交通通信信息中心 | User management system based on satellite communication services and application method thereof |
CN104639329A (en) * | 2015-02-02 | 2015-05-20 | 浙江大学 | Method for mutual authentication of user identities based on elliptic curve passwords |
Also Published As
Publication number | Publication date |
---|---|
CN106161035A (en) | 2016-11-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106161035B (en) | CFL personal privacy protection mode implementation method | |
CN106059775B (en) | CFL manages mode implementation method concentratedly | |
CN102170357B (en) | Combined secret key dynamic security management system | |
WO2019052286A1 (en) | User identity verification method, apparatus and system based on blockchain | |
RU2018103183A (en) | MUTUAL AUTHENTICATION OF CONFIDENTIAL COMMUNICATION | |
CN110969431B (en) | Secure hosting method, device and system for private key of blockchain digital coin | |
CN109600233A (en) | Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method | |
CN107124274A (en) | Digital signature method and device based on SM2 | |
JP2009517910A (en) | Physical shared secrets and peripheral proofs using PUFS | |
CN106130716A (en) | Cipher key exchange system based on authentication information and method | |
CN110351272A (en) | A kind of general anti-quantum two-way authentication cryptographic key negotiation method (LAKA) | |
CN111612961B (en) | Electronic voting method for encrypting voter vote information | |
CN102291396B (en) | Anonymous authentication algorithm for remote authentication between credible platforms | |
CN116388995A (en) | Lightweight smart grid authentication method based on PUF | |
CN101567033B (en) | Biological authentication method for resisting privacy disclosure | |
CN111416712A (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN113886778A (en) | Dynamic self-ownership identity generation method capable of monitoring | |
CN104618113A (en) | Method for authenticating identity of mobile terminal and constructing safety channel | |
CN108933659B (en) | Identity verification system and method for smart power grid | |
CN105376221A (en) | Game message encryption mechanism based on dynamic password, and game system | |
CN101094060A (en) | Authorization method for point-to-point network | |
JP7250960B2 (en) | User authentication and signature device using user biometrics, and method thereof | |
KR20230087435A (en) | Method for generating key in crypto system using biometric information | |
JP2004328293A (en) | Electronic ticket, electronic ticket system, authentication system, and information processing system | |
KR100505335B1 (en) | Quantum signature method using arbitrator |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 266200 Shandong city of Qingdao province Jimo city streets aoshanwei bluevale Business Center No. 2 Building 4 layer Applicant after: Qingdao Bowen Guangcheng information Safe Technology Ltd Address before: 100039, Beijing, Fengtai District Dacheng Li Xiu park, building 13 on the east side of the building Applicant before: Beijing Bowen Guangcheng Information Safety Technology Co., Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |