CN107425973B - Public key modification method and device - Google Patents
Public key modification method and device Download PDFInfo
- Publication number
- CN107425973B CN107425973B CN201710313053.2A CN201710313053A CN107425973B CN 107425973 B CN107425973 B CN 107425973B CN 201710313053 A CN201710313053 A CN 201710313053A CN 107425973 B CN107425973 B CN 107425973B
- Authority
- CN
- China
- Prior art keywords
- public key
- user terminal
- user
- updated
- timestamp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000002715 modification method Methods 0.000 title claims abstract description 13
- 238000000034 method Methods 0.000 claims abstract description 16
- 238000012795 verification Methods 0.000 claims abstract description 15
- 230000004048 modification Effects 0.000 claims abstract description 14
- 238000012986 modification Methods 0.000 claims abstract description 14
- 238000004891 communication Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention provides a public key modification method and a public key modification device. The method comprises the following steps: a node in a peer-to-peer network receives application information sent by a user terminal; verifying at least one signature information; and if the verification is passed, the node records the user name of the user terminal, the updated public key and the timestamp of the updated public key. The embodiment of the invention receives the application information sent by the user terminal through the node, the application information comprises a user name of the user terminal, an updated public key, a timestamp of the updated public key and at least one piece of signature information, the signature information is obtained by signing the user name of the user terminal, the updated public key and the timestamp of the updated public key by other user terminals which have a relationship with the user terminal, when a hacker or an attacker modifies the public key on the behalf of the user terminal, the public key of the user terminal cannot be modified because the signature information of other user terminals which are associated with the user terminal cannot be obtained, thereby improving the safety of modifying the public key.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a public key modification method and device.
Background
Public key encryption, also called asymmetric key encryption (public key encryption), belongs to the second-level discipline of network security in communication technology, and refers to an encryption method composed of a corresponding pair of unique keys (i.e., a public key and a private key). The key issuing and managing method solves the problems of key issuing and management, and is the core of the current commercial passwords. In the public key cryptosystem, a private key is not disclosed, and a public key is disclosed.
The Public Key and the Private Key are a Key pair (i.e., a Public Key and a Private Key) obtained by an algorithm, the Public Key is a Public part of the Key pair, and the Private Key is an unpublished part. The public key is typically used to encrypt session keys, verify digital signatures, or encrypt data that can be decrypted with a corresponding private key. The key pair derived by such an algorithm can be guaranteed to be unique worldwide. When using this key pair, if one of the keys is used to encrypt a piece of data, the other key must be used to decrypt the piece of data. For example, encrypting data with a public key necessitates decryption with the private key, and if encrypting with the private key, also must decrypt with the public key, otherwise decryption will not succeed.
The public key is generally recorded in a distributed account book, and is recorded by a user with the accounting right and broadcasted to other users. The private key is stored by the user, the user may be stored in a mobile medium or a personal computer, and if the mobile medium is lost, the networked computer may be hacked, so if the private key of a certain user is revealed for some reason, it is a very serious security accident, and therefore the public key of the user needs to be modified, but the security of the public key modification method provided in the prior art is low.
Disclosure of Invention
The embodiment of the invention provides a public key modification method and a public key modification device, which are used for improving the safety of modifying a public key.
One aspect of the embodiments of the present invention is to provide a public key modification method, including:
a node in a peer-to-peer network receives application information sent by a user terminal, wherein the application information comprises a user name of the user terminal, an updated public key, a timestamp of the updated public key and at least one piece of signature information, and the at least one piece of signature information is obtained by signing the user name of the user terminal, the updated public key and the timestamp of the updated public key by other user terminals which have a relationship with the user terminal;
the node verifying the at least one signature information;
and if the verification is passed, the node records the user name of the user terminal, the updated public key and the timestamp of the updated public key.
Another aspect of the embodiments of the present invention is to provide a public key modification apparatus, including:
the system comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving application information sent by a user terminal, the application information comprises a user name of the user terminal, an updated public key, a timestamp of the updated public key and at least one piece of signature information, and the at least one piece of signature information is obtained by signing the user name of the user terminal, the updated public key and the timestamp of the updated public key by other user terminals which have a relationship with the user terminal;
the verification module is used for verifying the at least one signature message;
and the recording module is used for recording the user name of the user terminal, the updated public key and the timestamp of the updated public key when the verification is passed.
The public key modification method and device provided by the embodiment of the invention receive the application information sent by the user terminal through the node, the application information comprises the user name of the user terminal, the updated public key, the timestamp of the updated public key and at least one piece of signature information, the signature information is the information obtained by signing the user name of the user terminal, the updated public key and the timestamp of the updated public key by other user terminals which have a relationship with the user terminal, the node may verify the application information based on the at least one signature information, and when a hacker or attacker modifies the public key on behalf of the user terminal, because the signature information of other user terminals associated with the user terminal cannot be obtained, the nodes in the peer-to-peer network cannot verify the application information sent by the hacker or attacker, i.e. a hacker or attacker cannot modify the public key of the user terminal, thereby improving the security of modifying the public key.
Drawings
Fig. 1 is a flowchart of a public key modification method according to an embodiment of the present invention;
fig. 2 is a structural diagram of a public key modification apparatus according to an embodiment of the present invention;
fig. 3 is a block diagram of a public key modification apparatus according to another embodiment of the present invention.
Detailed Description
Fig. 1 is a flowchart of a public key modification method according to an embodiment of the present invention. The embodiment of the invention provides a public key modification method, which comprises the following steps:
step S101, a node in the peer-to-peer network receives registration information sent by the user terminal, wherein the registration information comprises a user name of the user terminal, an original public key, a timestamp of the original public key and user names of other user terminals.
When a user terminal a joins a Peer-to-Peer network (Peer-to-Peer, P2P) for the first time, a pair of its own private Key-a11 and public Key-a1 is generated, where the public Key-a1 may be used as the original public Key of the user terminal a, and a subsequent user terminal a may modify its own public Key. The user terminal a sends registration information to a node in the peer-to-peer network, where the registration information includes the user name of the user terminal a, such as a, the original public Key, such as Key-a1, the timestamp of the original public Key, such as 2016-03-1313: 22:24, and the user names of other user terminals associated with the user terminal a, such as user terminal B and user terminal C, such as B and C, which is only an illustrative example, and the present embodiment does not limit the number of other user terminals associated with the user terminal a and the specific user terminal. The specific format of the registration information is shown in table 1:
TABLE 1
| User name | Public key | Time stamp | Other users |
| A | Key-A1 | 2016-03-13 13:22:24 | B,C |
Step S102, the node receives application information sent by a user terminal, wherein the application information comprises a user name of the user terminal, an updated public key, a timestamp of the updated public key and at least one piece of signature information, and the at least one piece of signature information is obtained after other user terminals which have a relationship with the user terminal sign the user name of the user terminal, the updated public key and the timestamp of the updated public key.
If the medium of the private key stored by the user a is lost or the user a considers that the computer of the user a is invaded, the private key of the user a may be acquired by a hacker, the user a may initiate an application for modifying the public key a of the user a to the P2P network through the user terminal a, specifically, the user a sends application information to a node in the P2P network through the user terminal a, and the specific format of the application information is shown in table 2:
TABLE 2
| User name | Public key | Time stamp | Signature of user B | Signature of user C |
| A | Key-A2 | 2017-02-23 13:22:24 | Signature information-B | Signature information-C |
As shown in table 2, the user a modifies the public Key of the user a from Key-a1 to Key-a2 through the user terminal a, and the application information includes the user name a of the user terminal a, the updated public Key-a2, the timestamp 2017-02-2313:22:24 of the updated public Key, the signature of the user B, i.e., signature information-B, and the signature of the user C, i.e., signature information-C, wherein the generation process of the signature information-B is as follows: the user terminal A sends the user name A, the updated public Key Key-A2 and the timestamp 2017-02-2313:22:24 of the updated public Key of the user terminal A to the user terminal B, the user terminal B encrypts the user name A, the updated public Key Key-A2 and the timestamp 2017-02-2313:22:24 of the user terminal A by using a private Key of the user terminal B to obtain signature information-B integrally, the user terminal B sends the signature information-B to the user terminal A, and the user terminal A puts the signature information-B into application information shown in the table 2 and issues the application information to a peer-to-peer network; similarly, the generation process of the signature information-C and the signature information-B is consistent in principle, and is not described herein again.
Step S103, the node verifies the at least one signature message.
And the node determines the user names of other user terminals which have the association relation with the user terminal. And the node acquires the public keys of the other user terminals according to the user names of the other user terminals.
After the node in the peer-to-peer network receives the application information shown in table 2, according to the registration information sent by the user terminal a in step S101 shown in table 1, it determines that the user names of other user terminals having a relationship with the user terminal a are B and C, the node obtains the public Key of the user terminal B, e.g., Key-B, and the public Key of the user terminal C, e.g., Key-C, based on the user name B of the user terminal B and the user name C of the user terminal C, wherein, when the user terminal B and the user terminal C join the peer-to-peer network for the first time, a pair of own private key and public key is generated, and publishes its own username and public key to the peer-to-peer network in the format shown in table 1, and, therefore, the nodes in the peer-to-peer network can respectively obtain the public Key of the user terminal B, such as Key-B, and the public Key of the user terminal C, such as Key-C, according to the registration information historically published by the user terminal B and the user terminal C.
And the node decrypts the at least one signature message by adopting the public key of the other user terminal to obtain the decrypted message. Since the signature information-B is obtained by the user terminal B by encrypting the user name A, the updated public Key Key-A2 and the timestamp 2017-02-2313:22:24 of the updated public Key of the user terminal A by using the private Key of the user terminal B, the nodes in the peer-to-peer network can decrypt the signature information-B by using the public Key of the user terminal B, such as Key-B, to obtain decrypted information.
And step S104, if the verification is passed, the node records the user name of the user terminal, the updated public key and the timestamp of the updated public key.
And the decrypted information is consistent with the user name of the user terminal, the updated public key and the timestamp of the updated public key. If the node decrypts the signature information-B by using the public Key of the user terminal B, such as Key-B, to obtain the decrypted information which is consistent with the user name A, the updated public Key Key-A2 and the timestamp 2017-02-2313:22:24 of the user terminal A, which are published by the user terminal A and shown in the table 2, the node indicates that the user terminal B has confirmed the application information of the user terminal A; similarly, if the node decrypts the signature information-C by using the public Key of the user terminal C, for example, Key-C, and then obtains the decrypted information, which is consistent with the user name a of the user terminal a, the updated public Key-a2, and the timestamp 2017-02-2313:22:24 of the updated public Key, which are published by the user terminal a and shown in table 2, it indicates that the user terminal C has confirmed the application information of the user terminal a.
When the node decrypts the signature information-B by using the public Key of the user terminal B, such as Key-B, to obtain the decrypted information which is consistent with the user name A, the updated public Key Key-A2 and the timestamp 2017-02-2313:22:24 of the user terminal A as shown in the table 2 and published by the user terminal A, and decrypts the signature information-C by using the public Key of the user terminal C, such as Key-C, to obtain the decrypted information which is consistent with the user name A, the updated public Key Key-A2 and the timestamp 2017-02-2313:22:24 of the user terminal A as shown in the table 2 and published by the user terminal A, the node determines that the application information of the user terminal A is verified, records the user name A, the updated public Key Key-A2 and the timestamp 2017-02-2313:22:24 of the updated public Key, at the same time, the original public Key, e.g., Key-A1, is replaced with the updated public Key, Key-A2, and the timestamp of the original public Key, e.g., 2016-03-1313: 22:24, is replaced with the timestamp of the updated public Key, 2017-02-2313:22: 24. In addition, the node can also broadcast the user name A of the user terminal A, the updated public Key Key-A2 and the timestamp 2017-02-2313:22:24 of the updated public Key to other nodes in the peer-to-peer network, so that other nodes also replace the original public Key, such as Key-A1, with the updated public Key Key-A2 and replace the timestamp, such as 2016-03-1313: 22:24, of the original public Key with the timestamp 2017-02-2313:22:24 of the updated public Key, thereby realizing the mechanism of modifying the own public Key by the user terminal.
In addition, if the node decrypts the signature information-B by using the public Key of the user terminal B, for example, Key-B, to obtain the decrypted information inconsistent with the user name a of the user terminal a, the updated public Key-a2, and the timestamp 2017-02-2313:22:24 of the updated public Key, which are published by the user terminal a and shown in table 2, or the node decrypts the signature information-C by using the public Key of the user terminal C, for example, Key-C, to obtain the decrypted information inconsistent with the user name a of the user terminal a, the updated public Key-a2, and the timestamp 2017-02-2313:22:24 of the updated public Key, which are published by the user terminal a and shown in table 2, which are published by the user terminal a, the node verifies and identifies the application information published by the user terminal a and discards the application information shown in table 2.
The embodiment of the invention receives the application information sent by the user terminal through the node, the application information comprises the user name of the user terminal, the updated public key, the timestamp of the updated public key and at least one piece of signature information, the signature information is obtained by signing the user name of the user terminal, the updated public key and the timestamp of the updated public key by other user terminals which have a relationship with the user terminal, the node may verify the application information based on the at least one signature information, and when a hacker or attacker modifies the public key on behalf of the user terminal, because the signature information of other user terminals associated with the user terminal cannot be obtained, the nodes in the peer-to-peer network cannot verify the application information sent by the hacker or attacker, i.e. a hacker or attacker cannot modify the public key of the user terminal, thereby improving the security of modifying the public key.
Fig. 2 is a structural diagram of a public key modification apparatus according to an embodiment of the present invention. The public key modification apparatus provided in the embodiment of the present invention may execute the processing procedure provided in the embodiment of the public key modification method, as shown in fig. 2, where 20 includes: the system comprises a receiving module 21, a verifying module 22 and a recording module 23, wherein the receiving module 21 is configured to receive application information sent by a user terminal, the application information includes a user name of the user terminal, an updated public key, a timestamp of the updated public key, and at least one piece of signature information, and the at least one piece of signature information is information obtained by signing, by other user terminals related to the user terminal, the user name of the user terminal, the updated public key, and the timestamp of the updated public key; the verification module 22 is used for verifying the at least one signature message; the recording module 23 is configured to record the user name of the user terminal, the updated public key, and the timestamp of the updated public key when the verification passes.
The embodiment of the invention receives the application information sent by the user terminal through the node, the application information comprises the user name of the user terminal, the updated public key, the timestamp of the updated public key and at least one piece of signature information, the signature information is obtained by signing the user name of the user terminal, the updated public key and the timestamp of the updated public key by other user terminals which have a relationship with the user terminal, the node may verify the application information based on the at least one signature information, and when a hacker or attacker modifies the public key on behalf of the user terminal, because the signature information of other user terminals associated with the user terminal cannot be obtained, the nodes in the peer-to-peer network cannot verify the application information sent by the hacker or attacker, i.e. a hacker or attacker cannot modify the public key of the user terminal, thereby improving the security of modifying the public key.
Fig. 3 is a block diagram of a public key modification apparatus according to another embodiment of the present invention. On the basis of the foregoing embodiment, the receiving module 21 is further configured to receive registration information sent by the user terminal, where the registration information includes a user name of the user terminal, an original public key, a timestamp of the original public key, and user names of the other user terminals.
The verification module 22 is specifically configured to decrypt the at least one signature information by using the public key of the other user terminal, so as to obtain decrypted information. The verification pass comprises: and the decrypted information is consistent with the user name of the user terminal, the updated public key and the timestamp of the updated public key.
In addition, the public key modification apparatus 20 further includes: a determining module 24 and an obtaining module 25, wherein the determining module 24 is configured to determine user names of other user terminals having an association with the user terminal; the obtaining module 25 is configured to obtain the public key of the other user terminal according to the user name of the other user terminal.
The public key modification apparatus provided in the embodiment of the present invention may be specifically configured to execute the method embodiment provided in fig. 1, and specific functions are not described herein again.
The embodiment of the invention receives the application information sent by the user terminal through the node, the application information comprises the user name of the user terminal, the updated public key, the timestamp of the updated public key and at least one piece of signature information, the signature information is obtained by signing the user name of the user terminal, the updated public key and the timestamp of the updated public key by other user terminals which have a relationship with the user terminal, the node may verify the application information based on the at least one signature information, and when a hacker or attacker modifies the public key on behalf of the user terminal, because the signature information of other user terminals associated with the user terminal cannot be obtained, the nodes in the peer-to-peer network cannot verify the application information sent by the hacker or attacker, i.e. a hacker or attacker cannot modify the public key of the user terminal, thereby improving the security of modifying the public key.
In summary, the embodiment of the present invention receives, by a node, application information sent by a user terminal, where the application information includes a user name of the user terminal, an updated public key, a timestamp of the updated public key, and at least one piece of signature information, and the signature information is obtained by signing, by another user terminal having a relationship with the user terminal, the user name of the user terminal, the updated public key, and the timestamp of the updated public key, the node may verify the application information based on the at least one signature information, and when a hacker or attacker modifies the public key on behalf of the user terminal, because the signature information of other user terminals associated with the user terminal cannot be obtained, the nodes in the peer-to-peer network cannot verify the application information sent by the hacker or attacker, i.e. a hacker or attacker cannot modify the public key of the user terminal, thereby improving the security of modifying the public key.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (6)
1. A public key modification method, comprising:
a node in a peer-to-peer network receives application information sent by a user terminal, wherein the application information comprises a user name of the user terminal, an updated public key, a timestamp of the updated public key and at least one piece of signature information, and the at least one piece of signature information is obtained by signing the user name of the user terminal, the updated public key and the timestamp of the updated public key by other user terminals which have a relationship with the user terminal;
the node verifying the at least one signature information;
if the verification is passed, the node records the user name of the user terminal, the updated public key and the timestamp of the updated public key;
the node verifying the at least one signature message, comprising:
the node decrypts the at least one signature information by adopting the public key of the other user terminal to obtain decrypted information;
the verification pass comprises:
and the decrypted information is consistent with the user name of the user terminal, the updated public key and the timestamp of the updated public key.
2. The method of claim 1, wherein before the node in the peer-to-peer network receives the application information sent by the user terminal, the method further comprises:
and the node receives registration information sent by the user terminal, wherein the registration information comprises a user name of the user terminal, an original public key, a timestamp of the original public key and user names of other user terminals.
3. The method according to claim 2, wherein before the node decrypts the at least one signature information by using the public key of the other user terminal, the method further comprises:
the node determines user names of other user terminals which have a relationship with the user terminal;
and the node acquires the public keys of the other user terminals according to the user names of the other user terminals.
4. A public key modification apparatus, comprising:
the system comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving application information sent by a user terminal, the application information comprises a user name of the user terminal, an updated public key, a timestamp of the updated public key and at least one piece of signature information, and the at least one piece of signature information is obtained by signing the user name of the user terminal, the updated public key and the timestamp of the updated public key by other user terminals which have a relationship with the user terminal;
the verification module is used for verifying the at least one signature message;
the recording module is used for recording the user name of the user terminal, the updated public key and the timestamp of the updated public key when the verification is passed;
the verification module is specifically configured to decrypt the at least one signature information by using the public key of the other user terminal to obtain decrypted information;
the verification pass comprises:
and the decrypted information is consistent with the user name of the user terminal, the updated public key and the timestamp of the updated public key.
5. The public key modification apparatus according to claim 4, wherein the receiving module is further configured to receive registration information sent by the user terminal, where the registration information includes a user name of the user terminal, an original public key, a timestamp of the original public key, and user names of the other user terminals.
6. The public key modification apparatus according to claim 5, further comprising:
the determining module is used for determining user names of other user terminals which have a relationship with the user terminal;
and the obtaining module is used for obtaining the public keys of the other user terminals according to the user names of the other user terminals.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710313053.2A CN107425973B (en) | 2017-05-05 | 2017-05-05 | Public key modification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710313053.2A CN107425973B (en) | 2017-05-05 | 2017-05-05 | Public key modification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107425973A CN107425973A (en) | 2017-12-01 |
| CN107425973B true CN107425973B (en) | 2020-03-31 |
Family
ID=60425423
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710313053.2A Active CN107425973B (en) | 2017-05-05 | 2017-05-05 | Public key modification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107425973B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109271189A (en) * | 2018-09-26 | 2019-01-25 | 郑州云海信息技术有限公司 | A kind of processing method and relevant apparatus of embedded system firmware |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102122332A (en) * | 2011-02-16 | 2011-07-13 | 北京天地融科技有限公司 | Method and system for managing password of electronic signing tool |
| CN102469453A (en) * | 2010-11-12 | 2012-05-23 | 国民技术股份有限公司 | Security certificate method and system |
| CN104821941A (en) * | 2015-04-21 | 2015-08-05 | 南京邮电大学 | Smart card password authentication and password changing method |
| CN105530246A (en) * | 2015-12-04 | 2016-04-27 | 华为技术有限公司 | Method, device and system for managing virtual machine |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050120106A1 (en) * | 2003-12-02 | 2005-06-02 | Nokia, Inc. | System and method for distributing software updates to a network appliance |
-
2017
- 2017-05-05 CN CN201710313053.2A patent/CN107425973B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102469453A (en) * | 2010-11-12 | 2012-05-23 | 国民技术股份有限公司 | Security certificate method and system |
| CN102122332A (en) * | 2011-02-16 | 2011-07-13 | 北京天地融科技有限公司 | Method and system for managing password of electronic signing tool |
| CN104821941A (en) * | 2015-04-21 | 2015-08-05 | 南京邮电大学 | Smart card password authentication and password changing method |
| CN105530246A (en) * | 2015-12-04 | 2016-04-27 | 华为技术有限公司 | Method, device and system for managing virtual machine |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107425973A (en) | 2017-12-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230231702A1 (en) | ECDHE Key Exchange for Mutual Authentication Using a Key Server | |
| CN106664202B (en) | Method, system and computer readable medium for providing encryption on multiple devices | |
| US10003582B2 (en) | Technologies for synchronizing and restoring reference templates | |
| CN110022217B (en) | Advertisement media service data credible storage system based on block chain | |
| US20190394175A1 (en) | Systems and methods for permissioned blockchain infrastructure with fine-grained access control and confidentiality-preserving publish/subscribe messaging | |
| CN108933667B (en) | Management method and management system of public key certificate based on block chain | |
| EP2954448B1 (en) | Provisioning sensitive data into third party network-enabled devices | |
| CN111130770B (en) | Information certification method and system based on blockchain, user terminal, electronic equipment and storage medium | |
| KR101985179B1 (en) | Blockchain based id as a service | |
| US8315395B2 (en) | Nearly-stateless key escrow service | |
| CN113556363B (en) | Data sharing method and system based on decentralized and distributed proxy re-encryption | |
| US20110276490A1 (en) | Security service level agreements with publicly verifiable proofs of compliance | |
| CN102427442A (en) | Combining request-dependent metadata with media content | |
| CN106941404B (en) | Key protection method and device | |
| CN110351276B (en) | Data processing method, device and computer readable storage medium | |
| CN110351364B (en) | Data storage method, device and computer readable storage medium | |
| US8732481B2 (en) | Object with identity based encryption | |
| CN113868684B (en) | Signature method, device, server, medium and signature system | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| WO2021036511A1 (en) | Method for data encryption, storage and reading, terminal device, and storage medium | |
| CN109948370A (en) | A kind of method for processing business based on block chain, device and electronic equipment | |
| CN115906181A (en) | Encrypted file right confirming method, device and system based on block chain attribute | |
| CN110138558B (en) | Transmission method and device of session key and computer-readable storage medium | |
| Zwattendorfer et al. | A federated cloud identity broker-model for enhanced privacy via proxy re-encryption | |
| US20230146229A1 (en) | Entity, gateway device, information processing device, information processing system, and information processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |