CN106161035B - CFL personal privacy protection mode implementation method - Google Patents

CFL personal privacy protection mode implementation method Download PDF

Info

Publication number
CN106161035B
CN106161035B CN201610394146.8A CN201610394146A CN106161035B CN 106161035 B CN106161035 B CN 106161035B CN 201610394146 A CN201610394146 A CN 201610394146A CN 106161035 B CN106161035 B CN 106161035B
Authority
CN
China
Prior art keywords
cfl
user
sign
certificates constructing
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610394146.8A
Other languages
Chinese (zh)
Other versions
CN106161035A (en
Inventor
范修斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Bowen Guangcheng Information Safe Technology Ltd
Original Assignee
Qingdao Bowen Guangcheng Information Safe Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Bowen Guangcheng Information Safe Technology Ltd filed Critical Qingdao Bowen Guangcheng Information Safe Technology Ltd
Priority to CN201610394146.8A priority Critical patent/CN106161035B/en
Publication of CN106161035A publication Critical patent/CN106161035A/en
Application granted granted Critical
Publication of CN106161035B publication Critical patent/CN106161035B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

" CFL personal privacy protection mode implementation method " of the invention, belongs to field of information security technology, is related to key authentication system.CFL personal privacy protection mode implementation method of the present invention is generated for user 5 the public and private key marking algorithm of odd-job, CFL certificates constructing algorithm, CFL certification authentication algorithm Algorithm constitutions, and is given the specific embodiment of this 5 algorithms by the mark random number k generating algorithm that the public and private key generators set generating algorithm of mark at CFL certificates constructing center, CFL certificates constructing center are in user certificate identification signature, CFL certificates constructing center.CFL personal privacy protection mode implementation method is demonstrated with good information security property.

Description

CFL personal privacy protection mode implementation method
Technical field
The invention belongs to field of information security technology, are related to key authentication system.
Background technique
Based on national commercial cipher algorithm SM2、SM3And SM4CFL identifying algorithm in, to the CFL certificate of user into Row CFL signature verification, process are as follows:
If identity private key generators set required for CFL signature verification and mark public key generators set are as follows:
Identity private key generators set IDSKG (Identity Secret Key Generation): CFL certificates constructing center For user certificate signature main system key be
IDSKG={ sk0, sk1..., skL-1,
Wherein each element generates at random, and different two-by-two, and L is the total number of element in IDSKG.
It identifies public key generators set IDPKG (Identity Public Key Generation): CFL certificates constructing center The corresponding public key sequence of main system key is classified as
IDPKG={ pk0, pk1..., pkL-1,
Wherein pkiIt is private key sk in public key algorithmiCorresponding public key, i=0 ..., L-1.
The identity private key generating function of CFL are as follows:
IDSK=F (IDSKG, S)=skS(0)⊙skS(1)⊙…⊙skS(i-1),
Wherein " ⊙ " isIn addition, n SM2The period of middle elliptic curve basic point, IDSK are CFL certificates constructings Center is the signature private key that the CFL certificate signature of user generates,
S=(S (0), S (1) ..., S (t-1)),
S=θ (h), θ are that mode, h=H (ID)=(h are selected in CFL control0, h1..., hi-1), ID is the mark of user, H CFL Hash function in certificates constructing signature process, S (i) choose identity private key and generate member when (i=0,1 ..., t-1) is the i-th bat The position of element, also known as S (i), i=0,1 ... are concentrated, t-1 is that CFL control selects the control of mode θ to select sequence, therefore CFL identity private key Generating function is again writeable are as follows:
IDSK=F (IDSKG, S)=F (IDSKG, θ (h))=F (IDSKG, θ (H (ID))).
The mark public key generating function of CFL are as follows:
IDPK=F ' (IDPKG, S)=pkS(0)⊙′pkS(1)⊙′…⊙′pkS(i-1),
Wherein " ⊙ ' " is SM2The addition of middle point group, IDPK are the signature verification public keys of CFL certification authentication.
The mark public key generating function of CFL is again writeable are as follows:
IDPK=F ' (IDPKG, S)=F ' (IDPKG, θ (h))=F ' (IDPKG, θ (H (ID))).
CFL certificates constructing and CFL certification authentication algorithm are as follows:
(1) the CFL certificates constructing algorithm at CFL certificates constructing center
1) user is autonomously generated the public and private key of work.
2) self information and work public key are sent to CFL certificates constructing center by user.
3) CFL certificates constructing center calculates h=H (ID) according to user identifier ID.
4) mode θ (h)=S is selected in CFL certificates constructing center calculation CFL control.
5) CFL certificates constructing center calculates CFL identity private key generating function using identity private key generators set IDSKG
IDSK=F (IDSKG, S)=F (IDSKG, θ (h))=F (IDSKG, θ (H (ID)))
=skS(0)⊙skS(1)⊙…⊙skS(i-1).
Generate the identity private key IDSK of user.
6) CFL certificates constructing center signs to user identifier using the identity private key of user, user identifier and label Name constitutes the CFL certificate of user.
(2) verification algorithm of the authentication to user's CFL certificate
1) CFL certificate is sent to authentication by user.
2) authentication calculates h=H (ID) according to user identifier ID.
3) authentication calculates CFL control and selects mode θ (h)=S.
4) authentication calculates CFL and identifies public key generating function
IDPK=F ' (IDPKG, S)=F ' (IDPKG, θ (h))=F ' (IDPKG, θ (H (ID)))
=pkS(0)⊙′pkS(1)⊙′…⊙′pkS(i-1).
Generate the mark public key IDPK of user.
5) authentication verifies user's CFL certificate signature using mark public key IDPK.
In order to which theory is preferably applied for practicing, The present invention gives based on national commercial cipher algorithm SM2, SM3, The CFL personal privacy protection mode implementation method of SM4, and give the safety of CFL personal privacy protection mode implementation method Analysis.
Ukey represents the secure hardware of user, including U-shield, cipher card, safety chip card, mobile phone safe core in the present invention Piece, bluetooth users end secure hardware product.
Summary of the invention
CFL personal privacy protection mode implementation method of the present invention is by following five Algorithm constitutions:
The public and private key generators set generating algorithm of mark at algorithm 1:CFL personal privacy protection mode CFL certificates constructing center;
The personal privacy protection mode CFL certificates constructing center algorithm 2:CFL be user certificate identification signature in mark with Machine number k generating algorithm;
Odd-job public affairs private key identifies are generated for user in algorithm 3:CFL personal privacy protection mode CFL certificates constructing center Algorithm;
Algorithm 4:CFL personal privacy protection mode CFL certificates constructing algorithm;
Algorithm 5:CFL personal privacy protection mode CFL certification authentication algorithm.
Specific embodiment
CFL personal privacy protection mode implementation method of the present invention is by following 5 Algorithm constitutions, the specific implementation of each algorithm Mode are as follows:
The public and private key generators set generating algorithm of mark at algorithm 1:CFL personal privacy protection mode CFL certificates constructing center
1) CFL certificates constructing center generates identity private key generators set using randomizer at random:
IDSKG={ sk0, sk1..., skL-1}
Wherein element independently generates, and two neither etc., is detected by randomness, and exclusive for CFL certificates constructing center.
2) CFL certificates constructing center is based on identity private key generators set and generates corresponding mark public key generators set:
IDPKG={ pk0, pk1..., pkL-1,
Wherein pkiIt is private key sk in public key algorithmiCorresponding public key, i=0 ..., L-1.
3) CFL certificates constructing center publishes mark public key generators set.
The personal privacy protection mode CFL certificates constructing center algorithm 2:CFL be user certificate identification signature in mark with Machine number k generating algorithm
1) CFL certificates constructing center is using the mark generating random number metaset in randomizer generation signature algorithm IDRG={ r0, r1..., rL-1, wherein element independently generates, and two neither etc., is detected by randomness, and raw for CFL certificate At center, institute is exclusive.
2) CFL certificates constructing center generates the generating function of the mark random number k in signature algorithm according to the mark of user Are as follows:
K=IDR=F (IDRG, S)=F (IDRG, θ (h))=F (IDRG, θ (H (ID)))=rS(0)⊙rS(1)⊙…⊙ rS(i-1).
3) when being identified signature for user, the random number in signature algorithm is used based on use at CFL certificates constructing center Mark random number k=IDR that the mark at family generates.
Odd-job public affairs private key identifies are generated for user in algorithm 3:CFL personal privacy protection mode CFL certificates constructing center Algorithm
1) CFL certificates constructing center is based on Ukey correlated identities ID, calculates SM3(ID)=h.
2) 256 bit h are divided into 128 bit of front and back, i.e. h=h by CFL certificates constructing center0||h1
3) CFL certificates constructing center calculationWherein BK0, BK1For CFL certificates constructing center is about SM4Two group keys of encryption and decryption.BK0, BK1By the randomizer at CFL certificates constructing center It independently generates, is detected by randomness, and is exclusive for CFL certificates constructing center.
4) CFL certificates constructing center willOdd-job private key as user U.The casual labour of user Making public key is RAPK1=RASK1·P mod E.Wherein P is SM2Basic point.
Algorithm 4:CFL personal privacy protection mode CFL certificates constructing algorithm
1) CFL certificates constructing center is first each agent window and oneself public and private key of allocation work and CFL certificate.
2) CFL certificates constructing center is according to the identification code ID of each UkeyUkey, according to algorithm 3, generate facing for each Ukey When work public private key pair RASK1, RAPK1
3) CFL certificates constructing center utilizes SM2, with the work private key of oneself to IDUkey||RAPK1It signs, must sign Value is SIGN, wherein the random number IDR in signature1By IDUkey||RAPK1It is generated through algorithm 2.
4) CFL certificates constructing center is by odd-job public private key pair RASK1, RAPK1, signature value SIGN Ukey is written, and match Issue each agent window.
5) user gets write-in odd-job public private key pair and signature value by identity card, identity checks to agent window The Ukey of SIGN.
6) user utilizes the computer of oneself, logs in CFL certificates constructing center, relative application software is downloaded, in Ukey Signature value, utilize SM2, verified with the work public key at CFL certificates constructing center, after being verified, user utilizes Ukey In randomizer be autonomously generated oneself work public private key pair RAPK, RASK, and pass through randomness and detect.
7) user fills in the Information ID of oneself1, user fills in or acquires the Proprietary Information ID of oneself2, such as finger print information, Iris, password, utilize SM2, with the work private key RASK of oneself to ID1||ID2| | RASK signs, and obtains signature value SIGN1, User utilizes SM2, then with odd-job private key RASK1To IDUkey||ID1||ID2| | RAPK signs, and obtains signature value SIGN ', User is using the work public key at CFL certificates constructing center to IDUkey||ID1||ID2| | RAPK is encrypted, and ciphertext is transmitted to CFL Certificates constructing center, then by SIGN1, SIGN ' is transmitted to CFL certificates constructing center.
8) ID is decrypted to obtain using the work private key of oneself in CFL certificates constructing centerUkey||ID1||ID2| | RAPK passes through IDUkeyCalculate to obtain RASK1, RAPK1, SIGN ' is verified, the work public key RAPK of user is recycled to verify SIGN1
9) CFL certificates constructing center is that user adds time of issuing licence, issuing unit, certificate serial number, certificate limited period letter Cease ID3, calculate θ (SM3(ID1||ID2||ID3)), it is generated as the random number IDR of user certificate signature2, that is, calculate
K=IDR2=F (IDRG, θ (SM3(ID1||ID2||ID3))),
Signature public private key pair IDSK, the IDPK for generating user, that is, calculate
IDSK=F (IDSKG, θ (SM3(ID1||ID2||ID3))),
IDPK=F ' (IDPKG, θ (SM3(ID1||ID2||ID3))),
CFL certificates constructing center utilizes SM2, with random number IDR2, identity private key IDSK, to ID1||ID2||ID3||RAPK Generate signature SIGN2
10) CFL certificates constructing center is by ID1, SIGN1, ID3, SIGN2Encryption, which is carried out, with RAPK issues user.User side will ID1, SIGN1, ID3, SIGN2Ciphertext write-in Ukey after, decrypted in Ukey with RASK.
11) user is by CU=ID1||ID2||SIGN1||ID3||RAPK||SIGN2As CFL certificate, by HUFU2=ID1|| SIGN1||ID3||RAPK||SIGN2As CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 2.By HUFU1=ID2As CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 1.
12) user deletes the interim public private key pair RASK in Ukey1, RAPK1
Algorithm 5:CFL personal privacy protection mode CFL certification authentication algorithm
1) oneself CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 2 and tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 1 are synthesized the CFL certificate C of oneself by userU
2) certificate of oneself is added timestamp information ID when applying by user4, and calculate SM3(ID1||ID2||ID3|| RAPK||ID4), user utilizes SM2, signature SIGN is generated to it with the work private key of oneself3, claimFor the dynamic CFL certificate of user.And use application service The work public key of device is by ID1||ID2||ID3||RAPK||ID4Application server is issued in encryption.Simultaneously by SIGN1, SIGN2, SIGN3Issue application server.
3) application server using oneself work private key decrypt user ID1||ID2||ID3||RAPK2||ID4
4) signature verification three times is carried out to user's dynamic CFL certificate in application service.
5) certificate of oneself is added timestamp information ID when applying by application server4, and calculate the information of oneself Hash value SM3(ID1||ID2||ID3||RAPK||ID4), ID2It can be the related Proprietary Information of application server, application service Device generates signature SIGN to it3, generate the dynamic CFL certificate of application server
Application server is by the Information ID of oneself1||ID2||ID3||RAPK||ID4It is issued with the work public key encryption of user User, while the SIGN that will sign three times1, SIGN2, SIGN3Issue user.
6) user can obtain the dynamic CFL certificate of application server with the work private key decryption of oneself
7) user's application server dynamic CFL certificate carries out signature verification three times.
If the public and private key of signature verification and the public and private key of encryption and decryption that user needs are two pairs, user is autonomously generated two pairs of public affairs Private key to and apply two CFL certificates, wherein one be used for encryption and decryption, another be used for signature verification.
The analysis of CFL personal privacy protection mode safety
The 1 personal privacy protection mode CFL certificates constructing center CFL of proposition be user certificate identification signature in mark with Machine number k generating algorithm has restorability.
It proves by the process of algorithm 2 it is found that mark random number k is the function of mark, only it is to be understood that user identifier, CFL card Inteilectual can calculate mark random number k=IDR at center.Therefore proposition is set up.
The public and private key mark of odd-job that 2 CFL personal privacy protection mode CFL certificates constructing center of proposition is generated for user Knowing algorithm has restorability.
It proves by the process of algorithm 3 it is found that the odd-job public private key pair that CFL certificates constructing center is generated for user is User's Ukey identification code IDUkeyFunction, therefore only it is to be understood that IDUkey, CFL certificates constructing center can calculate facing for user When work public private key pair.Therefore proposition is set up.
3 CFL personal privacy protection mode of proposition is the irrecoverable provable security of key.
Prove due in CFL user certificate all parameters and the public and private key of odd-job be all based on CFL certificates constructing The cryptographic parameter at center is provided by public key cryptography transformation either block cipher, does not divulge any private key letter directly Breath, therefore theoretically, the attack pattern of attacker is all converted to for corresponding difficult math question, i.e., atomic primitive problem is attacked It hits.Therefore proposition is set up.
Proposition 4 is assuming that SM3In the case where random oracle, CFL personal privacy protection mode is that EUF-CMA (is adapted to Property selection message attack under with existence unforgeable) safety.
It proves to assume the pseudo- signature that S ' is attacker, then:
For legal signature,Therefore:
Therefore proposition is set up.
The signature identity private key of 5 CFL personal privacy protection mode CFL certificate of proposition is close, user the work of a people one Public key is that a people one is close for attacker.
It proves because the signature identity private key of CFL certificate is the function of user identifier, the work public key of user is to being user What Autonomy generated, therefore it is apparent from proposition establishment.
The signature private key generators set at 6 CFL personal privacy protection mode CFL certificates constructing center of proposition compares PKI, IBC With high security.
Prove there are L due to the signature private key generators set at CFL certificates constructing center, that is to say, that its trusted root number It is L times of PKI, IBC, therefore when L is larger, proposition is set up.
7 CFL personal privacy protection mode of proposition contains dynamic authentication, tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China authentication property.
Prove that the proposition is set up known to the process of algorithm 4,5.
8 CFL personal privacy protection mode of proposition is suitble to personal privacy protection.
Prove that the public and private key of work of the user of CFL personal privacy protection mode independently generates, in certificates constructing mistake It is that Zero Knowledge interacts, therefore its work private key is safe in journey and use process, so proposition is set up.

Claims (1)

1. a kind of CFL personal privacy protection mode implementation method, characterized by comprising: CFL personal privacy protection mode is realized Method is by following five Algorithm constitutions:
1. the public and private key generators set generating algorithm of mark at CFL personal privacy protection mode CFL certificates constructing center
1) CFL certificates constructing center generates identity private key generators set using randomizer at random:
IDSKG={ sk0, sk1..., skL-1}
Wherein element independently generates, and two neither etc., is detected by randomness, and exclusive for CFL certificates constructing center;
2) CFL certificates constructing center is based on identity private key generators set and generates corresponding mark public key generators set:
IDPKG={ pk0, pk1..., pkL-1,
Wherein pkiIt is private key sk in public key algorithmiCorresponding public key, i=0 ..., L-1;
3) CFL certificates constructing center publishes mark public key generators set;
2. the personal privacy protection mode CFL certificates constructing center CFL is that the mark random number k in user certificate identification signature generates Algorithm
1) it is IDRG that CFL certificates constructing center, which generates the mark generating random number metaset in signature algorithm using randomizer, ={ r0, r1..., rL-1, wherein element independently generates, and two neither etc., is detected by randomness, and in CFL certificates constructing Heart institute is exclusive;
2) CFL certificates constructing center generates the generating function of the mark random number k in signature algorithm according to the mark of user are as follows:
K=IDR=F (IDRG, S)=F (IDRG, θ (h))=F (IDRG, θ (H (ID)))=rS(0)⊙rS(1)⊙…⊙rS(t-1)
3) when being identified signature for user, the random number in signature algorithm is used based on user's at CFL certificates constructing center Identify the mark random number k=IDR generated;
3. the public and private key marking algorithm of odd-job is generated for user in CFL personal privacy protection mode CFL certificates constructing center
1) CFL certificates constructing center is based on Ukey correlated identities ID, calculates SM3(ID)=h;
2) 256 bit h are divided into 128 bit of front and back, i.e. h=h by CFL certificates constructing center0||h1
3) CFL certificates constructing center calculationWherein BK0, BK1For CFL card Inteilectual is at center about SM4Two group keys of encryption and decryption;BK0, BK1It is independently raw by the randomizer at CFL certificates constructing center At being detected by randomness, and exclusive for CFL certificates constructing center;
4) CFL certificates constructing center willOdd-job private key as user U;The odd-job of user is public Key is RAPK1=RASK1·P mod E;Wherein P is SM2Basic point;
4. CFL personal privacy protection mode CFL certificates constructing algorithm
1) CFL certificates constructing center is first each agent window and oneself public and private key of allocation work and CFL certificate;
2) CFL certificates constructing center is according to the identification code ID of each UkeyUkey, according to algorithm 3, generate the casual labour of each Ukey Make public private key pair RASK1, RAPK1
3) CFL certificates constructing center utilizes SM2, with the work private key of oneself to IDUkey||RAPK1It signs, obtaining signature value is SIGN, wherein the random number IDR in signature1By IDUkey||RAPK1It is generated through algorithm 2;
4) CFL certificates constructing center is by odd-job public private key pair RASK1, RAPK1, signature value SIGN Ukey is written, and with issuing Each agent window;
5) user gets write-in odd-job public private key pair and signature value SIGN by identity card, identity checks to agent window Ukey;
6) user utilizes the computer of oneself, logs in CFL certificates constructing center, relative application software is downloaded, to the label in Ukey Name value, utilizes SM2, verified with the work public key at CFL certificates constructing center, after being verified, user is using in Ukey Randomizer is autonomously generated work public private key pair RAPK, the RASK of oneself, and is detected by randomness;
7) user fills in the Information ID of oneself1, user fills in or acquires the Proprietary Information ID of oneself2, utilize SM2, with the work of oneself Make private key RASK to ID1||ID2| | RAPK signs, and obtains signature value SIGN1, user utilize SM2, then with odd-job private key RASK1To IDUkey||ID1||ID2| | RAPK signs, and obtains signature value SIGN ', and user utilizes the work at CFL certificates constructing center Make public key to IDUkey||ID1||ID2| | RAPK is encrypted, and ciphertext is transmitted to CFL certificates constructing center, then by SIGN1, SIGN ' is transmitted to CFL certificates constructing center;
8) ID is decrypted to obtain using the work private key of oneself in CFL certificates constructing centerUkey||ID1||ID2| | RAPK passes through IDUkeyMeter Calculate to obtain RASK1, RAPK1, SIGN ' is verified, the work public key RAPK of user is recycled to verify SIGN1
9) CFL certificates constructing center is that user adds issue licence time, issuing unit, certificate serial number, validity period of certificate Information ID3, Calculate θ (SM3(ID1||ID2||ID3)), it is generated as the random number IDR of user certificate signature2, that is, calculate
IDR2=F (IDRG, θ (SM3(ID1||ID2||ID3))),
Signature public private key pair IDSK, the IDPK for generating user, that is, calculate
IDSK=F (IDSKG, θ (SM3(ID1||ID2||ID3))),
IDPK=F ' (IDPKG, θ (SM3(ID1||ID2||ID3))),
CFL certificates constructing center utilizes SM2, with random number IDR2, identity private key IDSK, to ID1||ID2||ID3| | RAPK is generated Sign SIGN2
10) CFL certificates constructing center is by ID1, SIGN1, ID3, SIGN2Encryption, which is carried out, with RAPK issues user;User side is by ID1, SIGN1, ID3, SIGN2Ciphertext write-in Ukey after, decrypted in Ukey with RASK;
11) user is by CU=ID1||ID2||SIGN1||ID3||RAPK||SIGN2As CFL certificate, by HUFU2=ID1|| SIGN1||ID3||RAPK||SIGN2As CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 2;By HUFU1=ID2As CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 1;
12) user deletes the interim public private key pair RASK in Ukey1, RAPK1
5. CFL personal privacy protection mode CFL certification authentication algorithm
1) oneself CFL certificate tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 2 and tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China 1 are synthesized the CFL certificate C of oneself by userU
2) certificate of oneself is added timestamp information ID when applying by user4, and calculate SM3(ID1||ID2||ID3||RAPK|| ID4), user utilizes SM2, signature SIGN is generated to it with the work private key of oneself3, claimFor the dynamic CFL certificate of user;And use application service The work public key of device is by ID1||ID2||ID3||RAPK||ID4Application server is issued in encryption;Simultaneously by SIGN1, SIGN2, SIGN3Issue application server;
3) application server using oneself work private key decrypt user ID1||ID2||ID3||RAPK2||ID4
4) signature verification three times is carried out to user's dynamic CFL certificate in application service;
5) certificate of oneself is added timestamp information ID when applying by application server4, and calculate the hash value of the information of oneself SM3(ID1||ID2||ID3||RAPK||ID4), ID2It can be the related Proprietary Information of application server, application server is to it Generate signature SIGN3, generate the dynamic CFL certificate of application server
Application server is by the Information ID of oneself1||ID2||ID3||RAPK||ID4User is issued with the work public key encryption of user, To sign SIGN three times simultaneously1, SIGN2, SIGN3Issue user;
6) user can obtain the dynamic CFL certificate of application server with the work private key decryption of oneself
7) user's application server dynamic CFL certificate carries out signature verification three times.
CN201610394146.8A 2016-06-07 2016-06-07 CFL personal privacy protection mode implementation method Active CN106161035B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610394146.8A CN106161035B (en) 2016-06-07 2016-06-07 CFL personal privacy protection mode implementation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610394146.8A CN106161035B (en) 2016-06-07 2016-06-07 CFL personal privacy protection mode implementation method

Publications (2)

Publication Number Publication Date
CN106161035A CN106161035A (en) 2016-11-23
CN106161035B true CN106161035B (en) 2019-06-04

Family

ID=57353193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610394146.8A Active CN106161035B (en) 2016-06-07 2016-06-07 CFL personal privacy protection mode implementation method

Country Status (1)

Country Link
CN (1) CN106161035B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106682490B (en) * 2016-12-02 2019-09-20 青岛博文广成信息安全技术有限公司 CFL artificial immunity computer model building method
CN106779684A (en) * 2016-12-02 2017-05-31 北京博文广成信息安全技术有限公司 The soft black box safe electronic method of mobile payment of CFL based on Quick Response Code
CN106789010B (en) * 2016-12-19 2020-01-21 青岛博文广成信息安全技术有限公司 CFL decentralized application method
CN106789071B (en) * 2016-12-26 2020-06-30 青岛博文广成信息安全技术有限公司 CFL application center-removing internal personnel prevention method
CN108737099B (en) * 2017-04-20 2021-04-30 青岛博文广成信息安全技术有限公司 Tiger-symbol key authentication technical method
CN113691365B (en) * 2020-05-16 2024-04-26 成都天瑞芯安科技有限公司 Cloud private key generation and use method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1463117A (en) * 2003-05-22 2003-12-24 中国科学院计算技术研究所 Safety communication method between communication system of networking computer and user oriented network layer
CN101340285A (en) * 2007-07-05 2009-01-07 杭州中正生物认证技术有限公司 Method and system for identity authentication by finger print USBkey
CN103260157A (en) * 2012-05-07 2013-08-21 中国交通通信信息中心 User management system based on satellite communication services and application method thereof
CN104639329A (en) * 2015-02-02 2015-05-20 浙江大学 Method for mutual authentication of user identities based on elliptic curve passwords

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110296171A1 (en) * 2010-05-28 2011-12-01 Christina Fu Key recovery mechanism

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1463117A (en) * 2003-05-22 2003-12-24 中国科学院计算技术研究所 Safety communication method between communication system of networking computer and user oriented network layer
CN101340285A (en) * 2007-07-05 2009-01-07 杭州中正生物认证技术有限公司 Method and system for identity authentication by finger print USBkey
CN103260157A (en) * 2012-05-07 2013-08-21 中国交通通信信息中心 User management system based on satellite communication services and application method thereof
CN104639329A (en) * 2015-02-02 2015-05-20 浙江大学 Method for mutual authentication of user identities based on elliptic curve passwords

Also Published As

Publication number Publication date
CN106161035A (en) 2016-11-23

Similar Documents

Publication Publication Date Title
CN106161035B (en) CFL personal privacy protection mode implementation method
CN106059775B (en) CFL manages mode implementation method concentratedly
CN102170357B (en) Combined secret key dynamic security management system
WO2019052286A1 (en) User identity verification method, apparatus and system based on blockchain
RU2018103183A (en) MUTUAL AUTHENTICATION OF CONFIDENTIAL COMMUNICATION
CN110969431B (en) Secure hosting method, device and system for private key of blockchain digital coin
CN109600233A (en) Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method
CN107124274A (en) Digital signature method and device based on SM2
JP2009517910A (en) Physical shared secrets and peripheral proofs using PUFS
CN106130716A (en) Cipher key exchange system based on authentication information and method
CN110351272A (en) A kind of general anti-quantum two-way authentication cryptographic key negotiation method (LAKA)
CN111612961B (en) Electronic voting method for encrypting voter vote information
CN102291396B (en) Anonymous authentication algorithm for remote authentication between credible platforms
CN116388995A (en) Lightweight smart grid authentication method based on PUF
CN101567033B (en) Biological authentication method for resisting privacy disclosure
CN111416712A (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN113886778A (en) Dynamic self-ownership identity generation method capable of monitoring
CN104618113A (en) Method for authenticating identity of mobile terminal and constructing safety channel
CN108933659B (en) Identity verification system and method for smart power grid
CN105376221A (en) Game message encryption mechanism based on dynamic password, and game system
CN101094060A (en) Authorization method for point-to-point network
JP7250960B2 (en) User authentication and signature device using user biometrics, and method thereof
KR20230087435A (en) Method for generating key in crypto system using biometric information
JP2004328293A (en) Electronic ticket, electronic ticket system, authentication system, and information processing system
KR100505335B1 (en) Quantum signature method using arbitrator

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 266200 Shandong city of Qingdao province Jimo city streets aoshanwei bluevale Business Center No. 2 Building 4 layer

Applicant after: Qingdao Bowen Guangcheng information Safe Technology Ltd

Address before: 100039, Beijing, Fengtai District Dacheng Li Xiu park, building 13 on the east side of the building

Applicant before: Beijing Bowen Guangcheng Information Safety Technology Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant