CN107612870A - Delegable method, server, terminal and the internet of things equipment of internet of things equipment - Google Patents

Delegable method, server, terminal and the internet of things equipment of internet of things equipment Download PDF

Info

Publication number
CN107612870A
CN107612870A CN201610543643.XA CN201610543643A CN107612870A CN 107612870 A CN107612870 A CN 107612870A CN 201610543643 A CN201610543643 A CN 201610543643A CN 107612870 A CN107612870 A CN 107612870A
Authority
CN
China
Prior art keywords
owner
succedaneum
user
authority
proxy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610543643.XA
Other languages
Chinese (zh)
Other versions
CN107612870B (en
Inventor
宋宇波
肖斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Research Institute HKUST
Shenzhen Research Institute HKPU
Original Assignee
Shenzhen Research Institute HKUST
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Research Institute HKUST filed Critical Shenzhen Research Institute HKUST
Priority to CN201610543643.XA priority Critical patent/CN107612870B/en
Publication of CN107612870A publication Critical patent/CN107612870A/en
Application granted granted Critical
Publication of CN107612870B publication Critical patent/CN107612870B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present invention is applied to technical field of network security, there is provided delegable method, server, terminal and the internet of things equipment of a kind of internet of things equipment, methods described include:Server initiation common parameter, define the private key and public key of owner, succedaneum and user;Owner's terminal obtains delegation certification according to the entrusted information, the private key of owner, the public key of succedaneum and common parameter, and sends it to succedaneum's terminal;The validity of delegation certification described in succedaneum's terminal authentication;And according to the local authority, the private key of owner, the private key of succedaneum and the authorized voucher of common parameter, and send it to user terminal;The internet of things equipment receives and verifies the authorized certificate of user's input, when the authorized certificate is effective, then discharges the local authority to the user according to the authorized certificate.The present invention realizes the rights management when being shared use to internet of things equipment, and protects the privacy information of owner.

Description

Delegable method, server, terminal and the internet of things equipment of internet of things equipment
Technical field
The invention belongs to technical field of network security, more particularly to a kind of delegable method of internet of things equipment, service Device, terminal and internet of things equipment.
Background technology
With the development of mobile communication technology, people can access network by smart machine whenever and wherever possible, and with connecting Other smart machines being connected on network are communicated.User or equipment can be handed over by the equipment needed for web search and therewith Data are changed, to provide the service needed for user.
For urban facilities and public service, user both can be user, can also turn into supplier.User can be right The personal facility and resource of oneself, such as automobile, parking stall, house, place etc. are shared outside, so as to help government more effectively reasonable Ground management and use urban facilities and personal resource, improve the efficiency of management kimonos in each fields such as traffic, medical treatment, education, tourism Business quality, promotes the harmonious development in city.In such open city environment of internet of things shared, internet of things equipment be possible to by Repeatedly share uses, therefore the right to use for sharing equipment can be delivered to different users (such as friend and friend from owner Friend), the safety for sharing equipment access right is transmitted however, prior art can not be realized, can not be hidden to the identity of owner etc. Personal letter breath is effectively protected.
The content of the invention
In consideration of it, the embodiment of the present invention provides a kind of delegable method, server, terminal and the Internet of Things of internet of things equipment Net equipment, to realize the rights management to internet of things equipment when being shared use, and the privacy information of protection owner.
First aspect, there is provided a kind of delegable method of internet of things equipment, methods described include:
Server initiation common parameter, and generate private key and public key, the private key of succedaneum and public key and use of owner The private key and public key at family;
Owner's terminal obtains entrusted information, and according to the entrusted information, the private key of owner, the public key of succedaneum and public affairs Parameter obtains delegation certification altogether, the delegation certification is sent to succedaneum's terminal, to authorize commission to the succedaneum Authority;
Succedaneum's terminal verifies the validity of the delegation certification after the delegation certification is received, to obtain The scope of authority that the owner authorizes;
When carrying out the use mandate of internet of things equipment, succedaneum's terminal chooses local authority corresponding to user, and According to the local authority, the private key of owner, the private key of succedaneum and the authorized voucher of common parameter, by it is described authorize with Card is sent to user terminal, to authorize access right to the user;
The internet of things equipment receives the local authority and authorized certificate of user's input, and verifies the authorized certificate Validity, when the authorized certificate is effective, then the local authority is discharged to the user according to the authorized certificate.
Second aspect, there is provided a kind of server, the server include:
Initialization module, for choosing the first circulation group G of two q ranks1With second circulation group G2, wherein, q is Big prime, And in first circulation group G1With second circulation group G2On discrete logarithm problem be difficult to resolve, define first circulation group G1Generation First P and Q, define bilinear map e:G1×G1→G2, define Hash functions H:{0,1}*×G1→Zq
Definition module, for defining the private key X of ownerOwner, succedaneum private key XProxy, user private key XUser, then thing Main public key YOwner=XOwnerP, the public key Y of succedaneumProxy=XProxyP, the public key Y of userUser=XUserP。
The third aspect, there is provided a kind of terminal, the terminal include:
Definition module, for defining entrusted information set w, wherein,MiRepresent and ownership, succedaneum The related information of identity, scope of authority or the term of validity;
Module is built, for building eap-message digest set w according to entrusted information set w and the Hash functionH, with And according to the eap-message digest set wHThe first multinomial m (X) is built, wherein,
Computing module, for choosing n rank random number polynomial r (X), according to the first multinomial m (X), first circulation group G1Generation member P and Q calculate intermediate parameters C, wherein, C=m (XOwner)P+r(XOwner)Q;
Certificates constructing module is entrusted, for the private key X using ownerOwnerTo the intermediate parameters C, succedaneum's identity IDProxyAnd the public key Y of succedaneumProxySigned, generation commission certificate CertOwner, wherein, CertOwner=S (C | | IDProxy||YProxy,XOwner);
Delegation certification sending module, for by the public key Y of the ownerOwner, random number polynomial value r (XOwner), commission letter Cease set w, intermediate parameters C and commission certificate CertOwnerSent as delegation certification to succedaneum's terminal, with to described Succedaneum authorizes scope of authority.
Fourth aspect, there is provided a kind of terminal, the terminal include:
First structure module, for after the delegation certification is received, according to entrusted information set w and Hash function structure Build eap-message digest set wH, and according to the eap-message digest set wHThe first multinomial m (X) is built, wherein,
Authentication module, for the public key Y according to the first multinomial m (X), ownerOwnerAnd first circulation group G1's Generate first P and Q checking equation C=m (YOwner)P+r(YOwner) whether Q set up, if so, then entrust certificate CertOwnerIt is to have Effect, obtain the scope of authority that the owner authorizes;
First computing module, for when being authorized, selecting local authority M corresponding to userl, according to Hash function meters Calculate the local authority MlMessage digest value hMAnd message digest value h is calculated according to n rank random number polynomial r (X)MIt is random Polynomial value rM, wherein, hM=H (Ml), rM=r (hM);
Second structure module, for choosing random number g, the second multinomial φ (X) and the 3rd is built according to the random number g MultinomialWherein, the second multinomial3rd multinomial(X- G) can be divided exactly by m (X)-m (g);
Second computing module, for according to the second multinomial φ (X), the 3rd multinomialWith first circulation group G1 Generation member P and Q, calculate local permission grant voucher WM, wherein,
Certificate of authority generation module, for the private key X using succedaneumProxyTo the local permission grant voucher WM, with Machine polynomial value rMAnd the public key Y of ownerOwnerSigned, generation certificate of authority CertProxy, wherein, CertProxy=S (WM ||rM||YOwner,XProxy)
Authorized certificate sending module, for by intermediate parameters C, local permission grant voucher WM, random number polynomial value rMAnd Entrust certificate CertOwner, certificate of authority CertProxySent as authorized certificate to the user terminal, to be awarded to the user Give access right.
5th aspect, there is provided a kind of internet of things equipment, the internet of things equipment include:
First authentication module, for receiving the local authority M of user's inputlAnd authorized certificate, the authorized certificate include Intermediate parameters C, local permission grant voucher WM, random number polynomial value rMAnd commission certificate CertOwner, the certificate of authority CertProxy, use the public key Y of ownerOwnerTo entrusting certificate CertOwnerValidity verified, and using succedaneum Public key YProxyTo certificate of authority CertProxyValidity verified;
Second authentication module, if for the commission certificate CertOwnerWith the certificate of authority CertProxyEffectively, then Verify equation e (C, P)=e (WM,YOwner-hMP)·e(rMQ, P) whether set up, according to the authorized certificate to institute if setting up State user and discharge access right;
Wherein, the e represents bilinear map, and e:G1×G1→G2, the G1Represent first circulation group, the G2Represent Second circulation group, the P and Q represent first circulation group G1Generation member, the hMRepresent the office calculated according to Hash functions Portion authority MlMessage digest value hM
By the embodiment of the present invention, the rights management when being shared use to internet of things equipment is realized, owner can be with Agency by agreement person is authorized, and succedaneum can represent owner and authorize access right to internet of things equipment to other users, and It is related that the identity information, scope of authority and the term of validity with owner etc. need not be related to during user interacts to internet of things equipment Information, so as to serve the effect of Anonymous authorization, be effectively protected the privacy information of owner.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the composition frame chart of the delegable system of internet of things equipment provided in an embodiment of the present invention;
Fig. 2 is the implementation process figure of the delegable method of internet of things equipment provided in an embodiment of the present invention;
Fig. 3 be internet of things equipment provided in an embodiment of the present invention delegable method in step S201 implementation process Figure;
Fig. 4 be internet of things equipment provided in an embodiment of the present invention delegable method in step S202 implementation process Figure;
Fig. 5 be internet of things equipment provided in an embodiment of the present invention delegable method in step S204 implementation process Figure;
Fig. 6 is the composition structure chart of server provided in an embodiment of the present invention;
Fig. 7 is the composition structure chart of terminal provided in an embodiment of the present invention;
Fig. 8 is the composition structure chart for the terminal that another embodiment of the present invention provides;
Fig. 9 is the composition structure chart of internet of things equipment provided in an embodiment of the present invention.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
Fig. 1 shows the composition frame chart of the delegable system of internet of things equipment provided in an embodiment of the present invention.
In embodiments of the present invention, the delegable system of the internet of things equipment includes server 1, owner's terminal 2, generation Reason person's terminal 3, user terminal 4 and at least one internet of things equipment 5.
The server 1 is used as certificate agency, for initializing common parameter, and the private key of generation owner and public key, The private key and public key of succedaneum and the private key and public key of user.By offline mode, by the private key and public key of the owner It is sent to owner's terminal 2, the private key of the succedaneum and public key is sent to succedaneum's terminal 3 and by user's Private key and public key are sent to the user terminal 4.
Owner's terminal 2 is corresponding with owner, the terminal used for owner side, including but not limited to smart mobile phone, flat board The smart machines such as computer.In embodiments of the present invention, owner's terminal 2 is used to obtain entrusted information, and according to the commission Information, the private key of owner, the public key of succedaneum and common parameter obtain delegation certification, and the delegation certification is sent to described Succedaneum's terminal, to authorize scope of authority to the succedaneum.Wherein, the delegation certification be owner agency by agreement person to other User authorizes the authority credentials using the internet of things equipment 5, mandate ability transmission that will be to internet of things equipment access right To succedaneum.
Succedaneum's terminal 3 is corresponding with succedaneum, the terminal used for succedaneum side, including but not limited to intelligent hand The smart machines such as machine, tablet personal computer.In embodiments of the present invention, succedaneum's terminal 3 be used for receive it is described commission with After card, the validity of the delegation certification is verified, to obtain the scope of authority that the owner authorizes;Carrying out internet of things equipment During using authorizing, then local authority corresponding to user is chosen, and according to the private of the local authority, the private key of owner, succedaneum Key and the authorized voucher of common parameter, the authorized certificate is sent to user terminal, to authorize use to the user Authority.Wherein, the authorized certificate be succedaneum represent owner authorize other users using the internet of things equipment 5 authority with Card, will pass to user to the access right of internet of things equipment.
The user terminal 4 is corresponding with user, the terminal used for user side, including but not limited to smart mobile phone, flat board The smart machines such as computer.In embodiments of the present invention, the user terminal 4 be used for Receiving Agent person terminal 3 send mandate with Card, and show the authorized certificate to user.
When user needs to use internet of things equipment 5, then obtained perhaps by inputting the local authority and authorized certificate Can.Now, the authorized certificate that the internet of things equipment 5 is inputted by receiving user, and verify having for the authorized certificate Effect property, when the authorized certificate is effective, then access right is discharged to the user according to the authorized certificate;Otherwise, if awarding Weigh voucher it is invalid when, then authorization failure.
Exemplarily, can pass through between owner's terminal 2, succedaneum's terminal 3 and user terminal 4 and server 1 Internet connection communication, Bluetooth technology connection communication can be passed through between the user terminal 4 and the internet of things equipment 5.When So, above-mentioned connected mode is only the preferred exemplary of the present invention, in actual applications, other modes can also be used to realize and connected Connect letter.
Fig. 2 shows the implementation process of the delegable method of internet of things equipment provided in an embodiment of the present invention.
In embodiments of the present invention, methods described is applied to the commission of the internet of things equipment described in above-mentioned Fig. 1 embodiments Authoring system.
Refering to Fig. 2, methods described includes:
In step s 201, server initiation common parameter, and generate the private key and public key, the private key of succedaneum of owner With public key and the private key and public key of user.
Herein, the common parameter is initial parameter necessary to system operation, is designated as Params.Implement in the present invention In example, the Params={ G1,G2, q, P, e, H }, wherein, the G1And G2Q rank cyclic groups are represented, the P represents cyclic group G1 Generation member, the e represents bilinear map, and the H represents the Hash functions of safety.
As the preferred exemplary of the present invention, Fig. 3 shows the commission of internet of things equipment provided in an embodiment of the present invention Step S201 specific implementation flow in authorization method.Refering to Fig. 3, the step S201 includes:
In step S301, server chooses the first circulation group G of two q ranks1With second circulation group G2, wherein, q is big Prime number, and in first circulation group G1With second circulation group G2On discrete logarithm problem be difficult to resolve, define first circulation group G1's First P and Q are generated, defines bilinear map e:G1×G1→G2, define Hash functions H:{0,1}*×G1→Zq
In step s 302, the private key X of owner is definedOwner, succedaneum private key XProxy, user private key XUser, then thing Main public key YOwner=XOwnerP, the public key Y of succedaneumProxy=XProxyP, the public key Y of userUser=XUserP。
In embodiments of the present invention, server 1 complete to the private key and public key of owner, the private key of succedaneum and public key with And after the initialization of the public key and private key of user, by offline mode, the private key of the owner and public key are sent respectively Succedaneum's terminal 3 and the private key by user are sent to owner's terminal 2, by the private key of the succedaneum and public key The user terminal 4 is sent to public key.The group ZqRepresent Hash functions { 0,1 }*×G1Result.
In step S202, owner's terminal obtains entrusted information, and according to the entrusted information, the private key of owner, agency The public key and common parameter of person obtains delegation certification, and the delegation certification is sent to succedaneum's terminal, with to described Succedaneum authorizes scope of authority.
Herein, the entrusted information be with the identity information of owner, the identity information of succedaneum, scope of authority and effectively The information of phase correlation.What scope of authority represented that owner distributes to succedaneum can the scope of authority.
As the preferred exemplary of the present invention, Fig. 4 shows the anonymity of internet of things equipment provided in an embodiment of the present invention Step S202 specific implementation flow in authorization portions principal method.Refering to Fig. 4, the step S202 includes:
In step S401, owner terminal definitions entrusted information set w, wherein,MiRepresent and owner's body The related information of part, succedaneum's identity, scope of authority or the term of validity.
In step S402, eap-message digest set is built according to entrusted information set w and the Hash function wH, and according to the eap-message digest set wHThe first multinomial m (X) is built, wherein,
In step S403, n rank random number polynomial r (X) are chosen, according to the first multinomial m (X), first circulation group G1The first P and Q of generation, the private key X of ownerOwnerIntermediate parameters C is calculated, wherein, C=m (XOwner)P+r(XOwner)Q。
In step s 404, the private key X of owner is utilizedOwnerTo the intermediate parameters C, succedaneum's identity IDProxyAnd generation The public key Y of reason personProxySigned, generation commission certificate CertOwner, wherein, CertOwner=S (C | | IDProxy‖YProxy, XOwner)。
In step S405, by the public key Y of the ownerOwner, random number polynomial value r (XOwner), entrusted information set w, Intermediate parameters C and commission certificate CertOwnerSent as delegation certification to succedaneum's terminal, to be awarded to the succedaneum Give scope of authority.
In step S203, succedaneum's terminal verifies the delegation certification after the delegation certification is received Validity, to obtain the scope of authority that the owner authorizes.
In embodiments of the present invention, succedaneum's terminal 3 is after the delegation certification is received, according to entrusted information set w With Hash functions structure eap-message digest set wH, wherein,Then, according to the eap-message digest set wHStructure The first multinomial m (X) is built, whereinSuccedaneum's terminal 3 is according to the first multinomial m (X), the public key Y of ownerOwnerAnd first circulation group G1Generation member P and Q checking equation C=m (YOwner)P+r(YOwner) Q is No establishment;If so, then entrust certificate CertOwnerIt is effective, obtains the scope of authority that the owner authorizes.Succedaneum can be with Represent the access right that owner authorizes Physical Network equipment described in user.
In step S204, when carrying out the use mandate of internet of things equipment, it is corresponding that succedaneum's terminal chooses user Local authority, and according to the local authority, the private key of owner, the private key of succedaneum and common parameter it is authorized with Card, the authorized certificate is sent to user terminal, to authorize access right to the user.
In embodiments of the present invention, after scope of authority is got, the user that succedaneum can be directed to different degree of beliefs awards Different access rights is given, it is achieved thereby that the part mandate to user.
As the preferred exemplary of the present invention, Fig. 5 shows the commission of internet of things equipment provided in an embodiment of the present invention Step S204 specific implementation flow in authorization method.Refering to Fig. 5, the step S204 includes:
In step S501, when being authorized, local authority M corresponding to succedaneum's terminal selection userl, according to Hash functions calculate the local authority MlMessage digest value hMAnd eap-message digest is calculated according to n rank random number polynomial r (X) Value hMRandom number polynomial value rM, wherein, hM=H (Ml), rM=r (hM)。
In step S502, random number g is chosen, it is multinomial to build the second multinomial φ (X) and the 3rd according to the random number g FormulaWherein, the second multinomial3rd multinomial(X-g) may be used Divided exactly by m (X)-m (g).
In step S503, according to the second multinomial φ (X), the 3rd multinomialWith first circulation group G1The first P and Q of generation, the private key X of ownerOwner, calculate local permission grant voucher WM, wherein,
Herein, the local permission grant voucher W by being calculatedMReflect the social networks of user and succedaneum with And the corresponding authority authorized according to cohesion between the two.
In step S504, the private key X of succedaneum is utilizedProxyTo the local permission grant voucher WM, random number polynomial Value rMAnd the public key Y of ownerOwnerSigned, generation certificate of authority CertProxy, wherein, CertProxy=S (WM‖rM‖ YOwner,XProxy)。
In step S505, by intermediate parameters C, local permission grant voucher WM, random number polynomial value rMAnd commission certificate CertOwner, certificate of authority CertProxySent as authorized certificate to the user terminal, to authorize the right to use to the user Limit.
Herein, the embodiment of the present invention is with intermediate parameters C, local permission grant voucher WM, random number polynomial value rMAnd committee Hold in the palm certificate CertOwner, certificate of authority CertProxyAs authorized certificate, succedaneum's terminal 3 be sent to the authorized certificate of user without The information such as identity information, scope of authority and the term of validity of owner need to be included, so as to serve the effect of protection owner's privacy.
In step S205, internet of things equipment receives the local authority and authorized certificate of user's input, and verifies institute The validity of authorized certificate is stated, when the authorized certificate is effective, then according to the authorized certificate to described in user release Local authority.
Herein, when user needs accessing internet of things equipment, then the authorized certificate and part that receive user terminal 4 Authority MlInternet of things equipment 5 is submitted to, to send using request.
The internet of things equipment 5 receives the local authority M of user's inputlAnd authorized certificate, use the public affairs of owner YOwnerTo entrusting certificate CertOwnerValidity verified, and the use of the public key of succedaneum is YProxyTo the certificate of authority CertProxyValidity verified.
If the commission certificate CertOwnerWith the certificate of authority CertProxyWhen effective, then equation e (C, P) is verified =e (WM,YOwner-hMP)·e(rMQ, P) whether set up, the use request of user is received if setting up, according to the authorized certificate Access right is discharged to the user;Otherwise, the use request failure of user.
In embodiments of the present invention, the algorithm for signature can be elliptic curve public key cryptographic algorithm, used Hash functions can be SHA256 algorithms.It should be appreciated that these AESs are only a preferred exemplary of the embodiment of the present invention, Other AESs can also be used.
By the embodiment of the present invention, the rights management when being shared use to internet of things equipment is realized, owner can be with Agency by agreement person is authorized, and succedaneum can represent owner and authorize access right to internet of things equipment to other users, and It is related that the identity information, scope of authority and the term of validity with owner etc. need not be related to during user interacts to internet of things equipment Information, so as to serve the effect of Anonymous authorization, the privacy information of owner is effectively protected, for open smart city thing Collaborative share service in networked environment provides effective guarantee.
Fig. 6 shows the composition structure of server provided in an embodiment of the present invention, for convenience of description, illustrate only and this The related part of inventive embodiments.
In embodiments of the present invention, the server is used to realize the internet of things equipment shown in above-mentioned Fig. 1, Fig. 2 or Fig. 3 The function of server 1 in delegable method, as certificate agency, generate common parameter, public key necessary to system operation And private key.Refering to Fig. 6, the server includes:
Initialization module 11, for choosing the first circulation group G of two q ranks1With second circulation group G2, wherein, q is big element Number, and in first circulation group G1With second circulation group G2On discrete logarithm problem be difficult to resolve, define first circulation group G1Life Into first P and Q, bilinear map e is defined:G1×G1→G2, define Hash functions H:{0,1}*×G1→Zq
Definition module 12, for defining the private key X of ownerOwner, succedaneum private key XPrOxy, the private key X of userUser, then The public key Y of ownerOwner=XOwnerP, the public key Y of succedaneumProxy=XProxyP, the public key Y of userUser=XUserP。
In embodiments of the present invention, server 1 complete to the private key and public key of owner, the private key of succedaneum and public key with And after the initialization of the public key and private key of user, by offline mode, the private key of the owner and public key are sent respectively Succedaneum's terminal 3 and the private key by user are sent to owner's terminal 2, by the private key of the succedaneum and public key The user terminal 4 is sent to public key.
Fig. 7 shows the composition structure of terminal provided in an embodiment of the present invention, for convenience of description, illustrate only and this hair The related part of bright embodiment.
In embodiments of the present invention, the terminal is used for the committee for realizing the internet of things equipment shown in above-mentioned Fig. 1, Fig. 2 or Fig. 4 The function of owner's terminal 2 in authorization method is held in the palm, the equipment used as owner side, realization will be to internet of things equipment access right Mandate ability pass to succedaneum.Alternatively, the terminal include but is not limited to smart mobile phone, tablet personal computer etc. intelligently set It is standby.
Refering to Fig. 7, the terminal includes:
Definition module 21, for defining entrusted information set w, wherein,MiRepresent and ownership, agency The related information of person's identity, scope of authority or the term of validity;
Module 22 is built, for building eap-message digest according to entrusted information set w and the Hash function Set wH, and according to the eap-message digest set wHThe first multinomial m (X) is built, wherein,
Computing module 23, for choosing n rank random number polynomial r (X), according to the first multinomial m (X), first circulation Group G1The first P and Q of generation, the private key X of ownerOwnerIntermediate parameters C is calculated, wherein, C=m (XOwner)P+r(XOwner)Q;
Certificates constructing module 24 is entrusted, for the private key X using ownerOwnerTo the intermediate parameters C, succedaneum's identity IDProxyAnd the public key Y of succedaneumProxySigned, generation commission certificate CertOwner, wherein, CertOwner=S (C ‖ IDProxy‖YProxy,XOwner);
Delegation certification sending module 25, for by the public key Y of the ownerOwner, random number polynomial value r (XOwner), commission Information aggregate w, intermediate parameters C and commission certificate CertOwnerSent as delegation certification to succedaneum's terminal, with to the generation Reason person authorizes scope of authority.
Fig. 8 show another embodiment of the present invention provide terminal composition structure, for convenience of description, illustrate only with The related part of the embodiment of the present invention.
In embodiments of the present invention, the terminal is used for the committee for realizing the internet of things equipment shown in above-mentioned Fig. 1, Fig. 2 or Fig. 5 The function of succedaneum's terminal 3 in authorization method is held in the palm, the equipment used as succedaneum side, realizes that the identity for representing owner will be right The access right of internet of things equipment passes to user.Alternatively, the terminal includes but is not limited to smart mobile phone, tablet personal computer etc. Smart machine.
Refering to Fig. 8, the terminal includes:
First structure module 31, for after the delegation certification is received, according to entrusted information set w and Hash function Build eap-message digest set wH, and according to the eap-message digest set wHThe first multinomial m (X) is built, wherein,
Authentication module 32, for the public key Y according to the first multinomial m (X), ownerOwnerAnd first circulation group G1 Generation member P and Q checking equation C=m (YOwner)P+r(YOwner) whether Q set up, if so, then entrust certificate CertOwnerIt is Effectively, the scope of authority that the owner authorizes is obtained;
First computing module 33, for when being authorized, selecting local authority M corresponding to userl, according to Hash functions Calculate the local authority MlMessage digest value hMAnd message digest value h is calculated according to n rank random number polynomial r (X)MWith Machine polynomial value rM, wherein, hM=H (Ml), rM=r (hM);
Second structure module 34, for choosing random number g, the second multinomial φ (X) and the are built according to the random number g Three multinomialsWherein, the second multinomial3rd multinomial (X-g) can be divided exactly by m (X)-m (g);
Second computing module 35, for according to the second multinomial φ (X), the 3rd multinomialWith first Cyclic group G1The first P and Q of generation, the private key X of ownerOwner, calculate local permission grant voucher WM, wherein,
Certificate of authority generation module 36, for the private key X using succedaneumProxyTo the local permission grant voucher WM、 Random number polynomial value rMAnd the public key Y of ownerOwnerSigned, generation certificate of authority CertProxy, wherein, CertProxy=S (WM‖rM‖YOwner,XProxy)
Authorized certificate sending module 37, for by intermediate parameters C, local permission grant voucher WM, random number polynomial value rMWith And commission certificate CertOwner, certificate of authority CertProxySent as authorized certificate to user terminal, to be authorized to the user Access right.
Herein, the embodiment of the present invention is with intermediate parameters C, local permission grant voucher WM, random number polynomial value rMAnd committee Hold in the palm certificate CertOwner, certificate of authority CertProxyAs authorized certificate, terminal is sent to the authorized certificate of user without including thing The information such as main identity information, scope of authority and the term of validity, so as to serve the effect of protection owner's privacy.
Fig. 9 shows the composition structure for the internet of things equipment that another embodiment of the present invention provides, and for convenience of description, only shows The part related to the embodiment of the present invention is gone out.
In embodiments of the present invention, the internet of things equipment is used to realize the internet of things equipment shown in above-mentioned Fig. 1 or Fig. 2 The function of internet of things equipment 5 in delegable method, including but not limited to access the smart machine of internet.Refering to Fig. 9, institute Stating internet of things equipment includes:
First authentication module 51, for receiving the local authority M of user's inputlAnd authorized certificate, the authorized certificate bag Include intermediate parameters C, local permission grant voucher WM, random number polynomial value rMAnd commission certificate CertOwner, the certificate of authority CertProxy, use the public key Y of ownerOwnerTo entrusting certificate CertOwnerValidity verified, and using succedaneum Public key YProxyTo certificate of authority CertProxyValidity verified;
Second authentication module 52, if for the commission certificate CertOwnerWith the certificate of authority CertProxyEffectively, Then verify equation e (C, P)=e (WM,YOwner-hMP)·e(rMQ, P) whether set up, according to the authorized certificate pair if setting up The user discharges access right;
Wherein, the e represents bilinear map, and e:G1×G1→G2, the G1Represent first circulation group and the G2Table Show second circulation group, the P and Q represent first circulation group G1Generation member, the hMRepresent according to calculating Hash functions Local authority MlMessage digest value hM
It should be noted that the device in the embodiment of the present invention can be used for realizing whole skills in above method embodiment Art scheme, the function of its each functional module can be implemented according to the method in above method embodiment, and it is implemented Process can refer to the associated description in examples detailed above, and here is omitted.
By the embodiment of the present invention, the rights management when being shared use to internet of things equipment is realized, owner can be with Warranty of attorney shares the access right of internet of things equipment to other users;And during user interacts with internet of things equipment The related information such as the identity information, scope of authority and the term of validity to owner need not be related to, so as to serve the work of Anonymous authorization With being effectively protected the privacy information of owner, provided for the collaborative share service in open smart city environment of internet of things Effective guarantee.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein Member and algorithm steps, it can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually Performed with hardware or software mode, application-specific and design constraint depending on technical scheme.Professional and technical personnel Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description With the specific work process of unit, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In several embodiments provided herein, it should be understood that the delegable of disclosed internet of things equipment Method, server, terminal and internet of things equipment, it can realize by another way.For example, device described above is implemented Example is only schematical, for example, the division of the module, unit, only a kind of division of logic function, can when actually realizing To there is other dividing mode, such as multiple units or component can combine or be desirably integrated into another system, or some Feature can be ignored, or not perform.It is another, shown or discussed mutual coupling or direct-coupling or communication connection It can be by some interfaces, the INDIRECT COUPLING or communication connection of device or unit, can be electrical, mechanical or other shapes Formula.
The unit illustrated as separating component can be or may not be physically separate, show as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit, module in each embodiment of the present invention can be integrated in a processing unit, Can be that unit, module are individually physically present, can also two or more units, module be integrated in a unit In.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.

Claims (10)

1. a kind of delegable method of internet of things equipment, it is characterised in that methods described includes:
Server initiation common parameter, and generate the private key and public key of owner, the private key of succedaneum and public key and user Private key and public key;
Owner's terminal obtains entrusted information, and according to the entrusted information, the private key of owner, the public key of succedaneum and public ginseng Number obtains delegation certification, the delegation certification is sent to succedaneum's terminal, to authorize scope of authority to the succedaneum;
Succedaneum's terminal verifies the validity of the delegation certification, with described in acquisition after the delegation certification is received The scope of authority that owner authorizes;
When carrying out the use mandate of internet of things equipment, local authority corresponding to succedaneum's terminal selection user, and according to The local authority, the private key of owner, the private key of succedaneum and the authorized voucher of common parameter, the authorized certificate is sent out User terminal is delivered to, to authorize access right to the user;
The internet of things equipment receives the local authority and authorized certificate of user's input, and verifies having for the authorized certificate Effect property, when the authorized certificate is effective, then the local authority is discharged to the user according to the authorized certificate.
2. the delegable method of internet of things equipment as claimed in claim 1, it is characterised in that the server initiation is public Altogether parameter, and generate the private key and public key of owner, the private key and public key of the private key of succedaneum and public key and user include:
Server chooses the first circulation group G of two q ranks1With second circulation group G2, wherein, q is Big prime, and in first circulation Group G1With second circulation group G2On discrete logarithm problem be difficult to resolve, define first circulation group G1Generation member P and Q, definition is double Linear Mapping e:G1×G1→G2, define Hash functions H:{0,1}*×G1→Zq
Define the private key X of ownerOwner, succedaneum private key XProxy, user private key XUser, then the public key Y of ownerOwner= XOwnerP, the public key Y of succedaneumProxy=XProxyP, the public key Y of userUser=XUserP。
3. the delegable method of internet of things equipment as claimed in claim 2, it is characterised in that owner's terminal obtains committee Information is held in the palm, and delegation certification is obtained according to the entrusted information, the private key of owner, the public key of succedaneum and common parameter, will The delegation certification is sent to succedaneum's terminal, is included with authorizing scope of authority to the succedaneum:
Owner terminal definitions entrusted information set w, wherein,MiRepresent and ownership, succedaneum's identity, commission The information of authority or term of validity correlation;
Eap-message digest set w is built according to entrusted information set w and the Hash functionH, and according to the eap-message digest set wHThe first multinomial m (X) is built, wherein,
N rank random number polynomial r (X) are chosen, according to the first multinomial m (X), first circulation group G1Generation member P and Q, owner Private key XOwnerIntermediate parameters C is calculated, wherein, C=m (XOwner)P+r(XOwner)Q;
Utilize the private key X of ownerOwnerTo the intermediate parameters C, succedaneum's identity IDProxyAnd the public key Y of succedaneumProxyEnter Row signature, generation commission certificate CertOwner, wherein, CertOwner=S (C | | IDProxy||YProxy,XOwner);
By the public key Y of the ownerOwner, random number polynomial value r (XOwner), entrusted information set w, intermediate parameters C and commission Certificate CertOwnerSent as delegation certification to succedaneum's terminal, to authorize scope of authority to the succedaneum.
4. the delegable method of internet of things equipment as claimed in claim 3, it is characterised in that succedaneum's terminal is connecing After receiving the delegation certification, the validity of the delegation certification is verified, the scope of authority authorized to obtain the owner includes:
Succedaneum's terminal disappears after the delegation certification is received according to entrusted information set w and Hash function structure Breath summary set wH, and according to the eap-message digest set wHThe first multinomial m (X) is built, wherein,
According to the first multinomial m (X), the public key Y of ownerOwnerAnd first circulation group G1Generation member P and Q checking equation C=m (YOwner)P+r(YOwner) whether Q set up, if so, then entrust certificate CertOwnerIt is effective, obtains the owner and award The scope of authority given.
5. the delegable method of internet of things equipment as claimed in claim 4, it is characterised in that described to be set in progress Internet of Things During standby use mandate, succedaneum's terminal chooses local authority corresponding to user, and according to the local authority, owner Private key, the private key of succedaneum and the authorized voucher of common parameter, the authorized certificate is sent to user terminal, with to institute Stating user and authorizing access right includes:
When being authorized, local authority M corresponding to succedaneum's terminal selection userl, the office is calculated according to Hash functions Portion authority MlMessage digest value hMAnd message digest value h is calculated according to n rank random number polynomial r (X)MRandom number polynomial value rM, wherein, hM=H (Ml), rM=r (hM);
Random number g is chosen, the second multinomial φ (X) and the 3rd multinomial are built according to the random number gWherein, second Multinomial3rd multinomial(X-g) can be divided exactly by m (X)-m (g);
According to the second multinomial φ (X), the 3rd multinomialWith first circulation group G1Generation first P and Q, owner private Key XOwner, calculate local permission grant voucher WM, wherein,
Utilize the private key X of succedaneumProxyTo the local permission grant voucher WM, random number polynomial value rMAnd the public key of owner YOwnerSigned, generation certificate of authority CertProxy, wherein, CertProxy=S (WM||rM||YOwner,XProxy);
By intermediate parameters C, local permission grant voucher WM, random number polynomial value rMAnd commission certificate CertOwner, the certificate of authority CertProxySent as authorized certificate to the user terminal, to authorize access right to the user.
6. the delegable method of internet of things equipment as claimed in claim 5, it is characterised in that the internet of things equipment receives The local authority and authorized certificate of user's input, and the validity of the authorized certificate is verified, have in the authorized certificate During effect, then discharging the local authority to the user according to the authorized certificate includes:
The internet of things equipment receives the local authority M of user's inputlAnd authorized certificate, use the public key Y of ownerOwnerTo commission Certificate CertOwnerValidity verified, and using succedaneum public key YProxyTo certificate of authority CertProxyIt is effective Property is verified;
If the commission certificate CertOwnerWith the certificate of authority CertProxyEffectively, then equation e (C, P)=e (W are verifiedM, YOwner-hMP)·e(rMQ, P) whether set up, access right is discharged to the user according to the authorized certificate if setting up.
7. a kind of server, it is characterised in that the server includes:
Initialization module, for choosing the first circulation group G of two q ranks1With second circulation group G2, wherein, q is Big prime, and First circulation group G1With second circulation group G2On discrete logarithm problem be difficult to resolve, define first circulation group G1Generation member P and Q, define bilinear map e:G1×G1→G2, define Hash functions H:{0,1}*×G1→Zq
Definition module, for defining the private key X of ownerOwner, succedaneum private key XProxy, user private key XUser, then owner Public key YOwner=XOwnerP, the public key Y of succedaneumProxy=XProxyP, the public key Y of userUser=XUserP。
8. a kind of terminal, it is characterised in that the terminal includes:
Definition module, for defining entrusted information set w, wherein,MiRepresent with ownership, succedaneum's identity, The information of scope of authority or term of validity correlation;
Module is built, for building eap-message digest set w according to entrusted information set w and the Hash functionH, and according to institute State eap-message digest set wHThe first multinomial m (X) is built, wherein,
Computing module, for choosing n rank random number polynomial r (X), according to the first multinomial m (X), first circulation group G1Life Into first P and Q, the private key X of ownerOwnerIntermediate parameters C is calculated, wherein, C=m (XOwner)P+r(XOwner)Q;
Certificates constructing module is entrusted, for the private key X using ownerOwnerTo the intermediate parameters C, succedaneum's identity IDProxyWith And the public key Y of succedaneumProxySigned, generation commission certificate CertOwner, wherein, CertOwner=S (C | | IDProxy|| YProxy,XOwner);
Delegation certification sending module, for by the public key Y of the ownerOwner, random number polynomial value r (XOwner), entrusted information collection Close w, intermediate parameters C and commission certificate CertOwnerSent as delegation certification to succedaneum's terminal, to authorize committee to succedaneum Hold in the palm authority.
9. a kind of terminal, it is characterised in that the terminal includes:
First structure module, for after the delegation certification is received, being disappeared according to entrusted information set w and Hash function structure Breath summary set wH, and according to the eap-message digest set wHThe first multinomial m (X) is built, wherein,
Authentication module, for the public key Y according to the first multinomial m (X), ownerOwnerAnd first circulation group G1Generation First P and Q checking equation C=m (YOwner)P+r(YOwner) whether Q set up, if so, then entrust certificate CertOwnerBe it is effective, Obtain the scope of authority that the owner authorizes;
First computing module, for when being authorized, selecting local authority M corresponding to userl, institute is calculated according to Hash functions State local authority MlMessage digest value hMAnd message digest value h is calculated according to n rank random number polynomial r (X)MIt is random multinomial Formula value rM, wherein, hM=H (Ml), rM=r (hM);
Second structure module, for choosing random number g, it is multinomial that the second multinomial φ (X) and the 3rd is built according to the random number g FormulaWherein, the second multinomial3rd multinomial(X-g) may be used Divided exactly by m (X)-m (g);
Second computing module, for according to the second multinomial φ (X), the 3rd multinomialWith first circulation group G1The first P and Q of generation, the private key X of ownerOwner, calculate local permission grant voucher WM, wherein,
Certificate of authority generation module, for the private key X using succedaneumProxyTo the local permission grant voucher WM, it is random more Item formula value rMAnd the public key Y of ownerOwnerSigned, generation certificate of authority CertProxy, wherein, CertProxy=S (WM||rM ||YOwner,XProxy);
Authorized certificate sending module, for by intermediate parameters C, local permission grant voucher WM, random number polynomial value rMAnd commission Certificate CertOwner, certificate of authority CertProxySent as authorized certificate to user terminal, to authorize access right to user.
10. a kind of internet of things equipment, it is characterised in that the internet of things equipment includes:
First authentication module, for receiving the local authority M of user's inputlAnd authorized certificate, the authorized certificate include middle join Number C, local permission grant voucher WM, random number polynomial value rMAnd commission certificate CertOwner, certificate of authority CertProxy, use The public key Y of ownerOwnerTo entrusting certificate CertOwnerValidity verified, and using succedaneum public key YProxyTo awarding Warrant book CertProxyValidity verified;
Second authentication module, if for the commission certificate CertOwnerWith the certificate of authority CertProxyEffectively, then verify Equation e (C, P)=e (WM,YOwner-hMP)·e(rMQ, P) whether set up, according to the authorized certificate to the use if setting up Family discharges access right;
Wherein, the e represents bilinear map, and e:G1×G1→G2, the G1Represent first circulation group, the G2Represent second Cyclic group, the P and Q represent first circulation group G1Generation member, the hMRepresent the local power calculated according to Hash functions Limit MlMessage digest value hM
CN201610543643.XA 2016-07-11 2016-07-11 Entrusting authorization method of Internet of things equipment, server, terminal and Internet of things equipment Active CN107612870B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610543643.XA CN107612870B (en) 2016-07-11 2016-07-11 Entrusting authorization method of Internet of things equipment, server, terminal and Internet of things equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610543643.XA CN107612870B (en) 2016-07-11 2016-07-11 Entrusting authorization method of Internet of things equipment, server, terminal and Internet of things equipment

Publications (2)

Publication Number Publication Date
CN107612870A true CN107612870A (en) 2018-01-19
CN107612870B CN107612870B (en) 2021-01-05

Family

ID=61055425

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610543643.XA Active CN107612870B (en) 2016-07-11 2016-07-11 Entrusting authorization method of Internet of things equipment, server, terminal and Internet of things equipment

Country Status (1)

Country Link
CN (1) CN107612870B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110798310A (en) * 2018-08-01 2020-02-14 奥的斯电梯公司 Component delegation to an IoT hub using granted blockchains
CN111294379A (en) * 2018-12-10 2020-06-16 北京沃东天骏信息技术有限公司 Block chain network service platform, authority hosting method thereof and storage medium
CN111314059A (en) * 2018-12-11 2020-06-19 北京沃东天骏信息技术有限公司 Processing method, device and equipment of account authority proxy and readable storage medium
CN111970306A (en) * 2020-08-31 2020-11-20 Oppo广东移动通信有限公司 Authority authentication method, server, client and storage medium
CN113343208A (en) * 2021-05-20 2021-09-03 网易(杭州)网络有限公司 Certificate authorization method, device, terminal and storage medium
CN114584323A (en) * 2022-04-26 2022-06-03 南方电网科学研究院有限责任公司 Lattice-based proxy signature and verification method, device, equipment and storage medium
WO2023246695A1 (en) * 2022-06-22 2023-12-28 华为技术有限公司 Device authorization method, electronic device and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110225643A1 (en) * 2010-03-12 2011-09-15 Igor Faynberg Secure dynamic authority delegation
CN103039050A (en) * 2010-02-24 2013-04-10 瑞典爱立信有限公司 Method for managing access to protected resources and delegating authority in a computer network
CN103763319A (en) * 2014-01-13 2014-04-30 华中科技大学 Method for safely sharing mobile cloud storage light-level data
CN104219328A (en) * 2014-09-26 2014-12-17 宁波市北仑海伯精密机械制造有限公司 Sharing system and sharing method for internet-of-things device
CN104703178A (en) * 2015-03-15 2015-06-10 西安电子科技大学 Machine type communication authenticating and key negotiating method based on group anonymous proxy
CN105491228A (en) * 2015-11-24 2016-04-13 大连楼兰科技股份有限公司 Method and system for sharing vehicle control rights

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103039050A (en) * 2010-02-24 2013-04-10 瑞典爱立信有限公司 Method for managing access to protected resources and delegating authority in a computer network
US20110225643A1 (en) * 2010-03-12 2011-09-15 Igor Faynberg Secure dynamic authority delegation
CN103763319A (en) * 2014-01-13 2014-04-30 华中科技大学 Method for safely sharing mobile cloud storage light-level data
CN104219328A (en) * 2014-09-26 2014-12-17 宁波市北仑海伯精密机械制造有限公司 Sharing system and sharing method for internet-of-things device
CN104703178A (en) * 2015-03-15 2015-06-10 西安电子科技大学 Machine type communication authenticating and key negotiating method based on group anonymous proxy
CN105491228A (en) * 2015-11-24 2016-04-13 大连楼兰科技股份有限公司 Method and system for sharing vehicle control rights

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
翟征德,冯登国,徐震: ""细粒度的基于信任度的可控委托授权模型"", 《软件学报》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110798310A (en) * 2018-08-01 2020-02-14 奥的斯电梯公司 Component delegation to an IoT hub using granted blockchains
CN111294379A (en) * 2018-12-10 2020-06-16 北京沃东天骏信息技术有限公司 Block chain network service platform, authority hosting method thereof and storage medium
CN111294379B (en) * 2018-12-10 2022-06-07 北京沃东天骏信息技术有限公司 Block chain network service platform, authority hosting method thereof and storage medium
CN111314059A (en) * 2018-12-11 2020-06-19 北京沃东天骏信息技术有限公司 Processing method, device and equipment of account authority proxy and readable storage medium
CN111970306A (en) * 2020-08-31 2020-11-20 Oppo广东移动通信有限公司 Authority authentication method, server, client and storage medium
CN111970306B (en) * 2020-08-31 2022-11-04 Oppo广东移动通信有限公司 Authority authentication method, server, client and storage medium
CN113343208A (en) * 2021-05-20 2021-09-03 网易(杭州)网络有限公司 Certificate authorization method, device, terminal and storage medium
CN114584323A (en) * 2022-04-26 2022-06-03 南方电网科学研究院有限责任公司 Lattice-based proxy signature and verification method, device, equipment and storage medium
WO2023246695A1 (en) * 2022-06-22 2023-12-28 华为技术有限公司 Device authorization method, electronic device and system

Also Published As

Publication number Publication date
CN107612870B (en) 2021-01-05

Similar Documents

Publication Publication Date Title
CN107612870A (en) Delegable method, server, terminal and the internet of things equipment of internet of things equipment
Wang et al. Secure cloud-based EHR system using attribute-based cryptosystem and blockchain
Gai et al. Permissioned blockchain and edge computing empowered privacy-preserving smart grid networks
WO2020192743A1 (en) Permission management method, permission validation method and related apparatuses
CN108781161B (en) Method for controlling and distributing blockchain implementation of digital content
JP4790731B2 (en) Derived seed
AU2012315674B2 (en) Parameter based key derivation
CN109478223A (en) Method and system for realizing block chain
CN110089071B (en) Secure distributed data processing
CN105264819A (en) Minimal disclosure credential verification and revocation
CN101155032A (en) Warrant system capable of anonymous selection and its method
US20130276084A1 (en) Anonymous access to a service by means of aggregated certificates
Chen et al. A blockchain-based signature exchange protocol for metaverse
Zhao et al. A blockchain based identity management system considering reputation
CN102301643B (en) Methods and system for managing dynamic cryptographic credentials in data processing system
Zhang et al. A secure quantum voting scheme based on quantum group blind signature
US20120066497A1 (en) Method and device for enabling portable user reputation
CN107248997A (en) Authentication method based on smart card under environment of multi-server
CN112149165B (en) Blockchain-based symptom matching social system and method with incentive mechanism
Buccafurri et al. Ethereum Transactions and Smart Contracts among Secure Identities.
CN107431703A (en) The security model of identification and certification in the coded communication using the commission certificate chain for being tied to third party's key
CN110443069B (en) Method, system and equipment for protecting privacy of mobile social network
CN101383823B (en) Network resource access control method in reliable access
JP2009129214A (en) Authority transfer system, authority transfer method and authority transfer program
CN104539602B (en) A kind of safety key managing method being applied in cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant