CN109104410A - A kind of matching process and device of information - Google Patents
A kind of matching process and device of information Download PDFInfo
- Publication number
- CN109104410A CN109104410A CN201810763376.6A CN201810763376A CN109104410A CN 109104410 A CN109104410 A CN 109104410A CN 201810763376 A CN201810763376 A CN 201810763376A CN 109104410 A CN109104410 A CN 109104410A
- Authority
- CN
- China
- Prior art keywords
- matching
- undertake
- information
- recipient
- initiator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides a kind of matching process of information and devices, method therein includes: that direction matching recipient's transmission information matches request is initiated in matching, matching recipient verifies the information in information matches request, the first response of configuration information matching request if being verified, it is sent to matching initiator, after matching initiator's the first response of reception, information in first response is verified, if being verified, then the second response is sent to matching recipient, initiator is matched to promise to undertake and the second promise according to first, obtain the first calculated result, recipient is matched to promise to undertake and the second promise according to first, obtain the second calculated result;After matching recipient's the second response of reception, the first calculated result is compared with the second calculated result, if comparison result is equal, successful match, if comparison result is unequal, it fails to match.The present invention, which solves, exists in the prior art the not high technical problem of matching result accuracy.
Description
Technical field
The present invention relates to the matching process and dress of business intelligence and field of information security technology more particularly to a kind of information
It sets.
Background technique
With modern enterprise informatization, traditional information-based application is increasingly mature, such as Finance System, does
Public automated system, Enterprise Resource Planning System etc..Traditional informatization focuses on the FAQs of business administration
It is solved by software application, to improve working efficiency, reduce cost.However IT application in enterprises be also faced with new application with
Challenge, nowadays advanced IT application cause endlessly data generating, how safely and efficiently to be sent out from mass data
Pick information simultaneously creates the problem of value becomes great researching value.
It has been insufficient for however, only finding valuable information from the data set of each company oneself in isolation
Growing enterprise development demand.For example, Ji Jia commercial company wishes to expand their business scale in certain panel region, but
It is that this several company wishes whether before making a plan clear other side clashes with oneself plan, for protecting oneself business
Purpose that is secret and maximizing each company's interests simultaneously, they must negotiate a kind of plan that can be judged between them
With the presence or absence of the scheme of conflict.
For such issues that, generally use the multi-party computations based on set relation at present.Information matches in simple terms
It can be understood as judging two groups of set with the presence or absence of intersection.And Secure Multi-party Computation Protocols be then can using technologies such as homomorphic cryptographies
To guarantee that Collaboration computing goes out as a result, being simultaneously configured to set element polynomial under the premise of participant does not reveal oneself information
Form solves the decision problem of intersection.However, present invention applicant in implementing the solution of the present invention, discovery: is based on current
The agreement designed of multi-party computations method cannot detect to want the participant of cheating.For example, cribber can pass through
The information that oneself does not have is forged to participate in calculating, to cover the content taken out and should not obtained.
It can be seen that the not high technical problem of matching result accuracy exists in the prior art.
Summary of the invention
The embodiment of the invention provides a kind of matching process of information and devices, to solve or at least partly solve now
Have in technology that there are the technical problems that matching result accuracy is not high.
In a first aspect, the present invention provides a kind of matching process of information, be applied to matching initiator, matching recipient and
Trusted enterprise certification authority, which comprises
The matching initiator initializes first key to rear, registers to the trusted enterprise certification authority, obtains first
Digital certificate, wherein for the first key to including the first public key and the first private key, first digital certificate includes described the
First identity information of one public key and the matching initiator;
It after the matching recipient initializes the second key pair, is registered to the trusted enterprise certification authority, obtains second
Digital certificate, wherein second key pair includes the second public key and the second private key, and second digital certificate includes described the
Second identity information of two public keys and the matching recipient;
The matching initiates matching recipient described in direction and sends information matches request, wherein the information matches request packet
Include the first promise, the first signature and the first identity information of the matching initiator construction, wherein described first promises to undertake by described
It matches initiator to be obtained according to the first information to be matched and zero-knowledge proof theory, first signature is initiated by the matching
Root is obtained according to first private key;
The matching recipient verifies first identity information, first signature and first promise,
If being verified, promised to undertake according to the second information to be matched and the zero-knowledge proof theory building second, and according to described
Second private key obtains the second signature;
The matching recipient, which promises to undertake second identity information, second signature and described second, constitutes the letter
The first response for ceasing matching request, is sent to the matching initiator for first response;
The matching initiator tests second identity information, second signature and the second promise structure
Card sends the second response to the matching method of reseptance if being verified;
The matching initiator promises to undertake according to described first and described second promises to undertake, the first calculated result of acquisition, and described
It signs with root is initiated according to first public key construction third, and first calculated result and third signature is sent to
With the matching recipient;
The matching recipient promises to undertake according to described first and described second promises to undertake, obtains the second calculated result;
After the matching recipient receives second response, third signature is verified, if being verified,
First calculated result is compared with second calculated result, if comparison result is equal, successful match, if comparing
As a result unequal, then it fails to match.
Based on same inventive concept, second aspect of the present invention provides a kind of coalignment of information, is applied to matching
Initiator, matching recipient and trusted enterprise certification authority, described device include:
First registration module initializes first key to rear, to trusted enterprise certification for the matching initiator
Institute registration, obtain the first digital certificate, wherein the first key to include the first public key and the first private key, described first
Digital certificate includes the first identity information of first public key and the matching initiator;
Second registration module after initializing the second key pair for the matching recipient, is authenticated to the trusted enterprise
Institute registration obtains the second digital certificate, wherein second key pair include the second public key and the and private key, described second
Digital certificate includes the second identity information of second public key and the matching recipient;
First sending module initiates matching recipient described in direction for the matching and sends information matches request, wherein
The information matches request includes the first promise, the first signature and the first identity information of the matching initiator construction, wherein
First promise is obtained by the matching initiator according to the first information to be matched and zero-knowledge proof theory, and described first
Signature is obtained by the matching initiator according to first private key;
Constructing module, for the matching recipient to first identity information, first signature and described first
Promise is verified, if being verified, is held according to the second information and the zero-knowledge proof theory building second to be matched
Promise, and the second signature is obtained according to second private key;
Second sending module, for the matching recipient by second identity information, it is described second sign and it is described
Second promises to undertake the first response for constituting the information matches request, and first response is sent to the matching initiator;
Authentication module, for the matching initiator to second identity information, second signature and described second
It promises to undertake that structure is verified, if being verified, sends the second response to the matching method of reseptance;
Third sending module promises to undertake according to described first for the matching initiator and described second promises to undertake, acquisition the
One calculated result, the matching initiator according to first public key construct third sign, and will first calculated result with
The third signature is sent to and the matching recipient;
Matching module promises to undertake according to described first for the matching recipient and described second promises to undertake, obtains the second meter
Calculate result;
After proving that module, the matching recipient receive second response, third signature is verified, if testing
Card passes through, then is compared first calculated result with second calculated result, if comparison result is equal, matching at
Function, if comparison result is unequal, it fails to match.
Based on same inventive concept, third aspect present invention provides a kind of computer equipment, including memory, processing
On a memory and the computer program that can run on a processor, when processor execution described program, is realized for device and storage
Method described in first aspect.
Said one or multiple technical solutions in the embodiment of the present application at least have following one or more technology effects
Fruit:
In method provided by the invention, before carrying out information matches, matching is initiated by matching initiator and matching recipient
Fang Shengcheng first key is to rear, and to trusted enterprise, certification authority is registered, and obtains the first digital certificate, and matching recipient generates
After second key pair, to trusted enterprise, certification authority is registered, and obtains the second digital certificate, can be with by digital certificate technique
Guarantee matching initiator and matches the authenticity of recipient's identity.And it matches initiator to manage using non-interactive zero-knowledge proof
It is promised to undertake by construction first, matching recipient promises to undertake the first identity information of matching initiator, the first signature and first and tests
Card, after verifying passes through, matching recipient also uses and matches the same non-interactive zero-knowledge proof theory building of initiator
Second promises to undertake, then the second identity information of institute, the second signature and second being promised to undertake to, constituting the information matches are requested first answers
It answers, is sent to matching initiator;Matching initiator then the first response is verified, matching recipient according to first promise to undertake and
Second calculated result of the second promise acquisition promises to undertake the first calculating knot obtained according to the first promise and second with sender is matched
Fruit is compared, if comparison result is equal, successful match, if comparison result is unequal, it fails to match.Pass through above-mentioned side
Method, using non-interactive zero-knowledge proof and Secure Multi-party Computation Protocols, the present invention can ensure that the user of malice cannot forge
False information participates in matching, and can prevent the behavior that participant is denied during information matches, so that matching initiator
Under the premise of not revealing, complete data effectively proves private data with recipient, ensure that both sides' privacy information
Correctness, so can guarantee the accuracy and safety of matching result.It solves and matching result standard exists in the prior art
The not high technical problem of true property.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of flow chart of the matching process of information in the embodiment of the present invention;
Fig. 2 is the system architecture diagram of matching process application in the embodiment of the present invention;
Fig. 3 is a kind of structural block diagram of the coalignment of information in the embodiment of the present invention;
Fig. 4 is a kind of structural block diagram of computer equipment in the embodiment of the present invention.
Specific embodiment
The embodiment of the invention provides a kind of matching process of information and devices, and matching exists in the prior art to improve
As a result the not high technical problem of accuracy.
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Embodiment one
The present embodiment provides a kind of matching process of information, are applied to matching initiator, matching recipient and trusted enterprise
Certification authority, referring to Figure 1, this method comprises:
Step S101: matching initiator initializes first key to rear, registers to trusted enterprise certification authority, obtains first
Digital certificate, wherein for first key to including the first public key and the first private key, the first digital certificate includes the first public key and matching
The first identity information of initiator.
Specifically, it can provide and be comprising matching initiator, matching recipient and trusted enterprise certification authority (ECA)
System, as shown in Fig. 2, the system architecture includes matching initiator 100, matching recipient 200 and trusted enterprise certification authority (ECA)
300, the matching process of information includes four-stage in short: 1, system initialization, 2, information prove, 3, information matches, 4,
Information discloses.In the specific implementation process, match initiator, matching recipient refer to each enterprise private services device (or
Server cluster).Match initiator, matching recipient can by the application program in the private services device cluster of each enterprise come
It realizes.Trusted enterprise certification authority is authentication center, is believable enterprise's certificate issuing authority, it is by coalition of companies
The server of mechanism realizes that function is that the digital certificate of the server of responsible enterprise is generated, provides, stores, revoked.Each enterprise
Industry needs are registered in trusted enterprise certification authority (ECA), obtain digital certificate.Each enterprise using digital certificate to oneself
Identity provides certification.The server of any enterprise includes but is not limited to data management server, data warehouse, Enterprises Strategic Decision
The contents such as system.It is communicated between enterprise servers with the distributed network architecture of peer-to-peer network.
In the specific implementation process, matching initiator needs to recognize to trusted enterprise before sending information matches request
Card mechanism is registered, and corresponding digital certificate is obtained.First key is generated to that can use existing Encryption Algorithm, such as
RSA Algorithm.The first identity information in first digital certificate comprising the first public key and matching the initiator, (matching of enterprise's participant
Initiating method and matching recipient) digital certificate of other side, the public key information of Ji Ge enterprise participant can be obtained from ECA
It is disclosed.Matching initiator can will generate the first private key and be stored in local, and the first public key can be used for generating the first signature,
For subsequent verification process.
Step S102: it after matching recipient initializes the second key pair, is registered to trusted enterprise certification authority, obtains second
Digital certificate, wherein the second key pair include the second public key and the second private key, second digital certificate include the second public key and
The second identity information of the matching recipient.
Specifically, matching recipient is before carrying out information matches, it is also desirable to and to trusted enterprise, certification authority is registered,
Obtain corresponding digital certificate.Wherein, matching receiving direction trusted enterprise certification authority registration mode with match initiator's class
Seemingly, it is not repeating herein.
Step S103: matching initiate direction matching recipient send information matches request, wherein information matches request include
Match initiator construction first promise to undertake, first signature and the first identity information, wherein first promise to undertake by matching initiator according to
The first information to be matched and zero-knowledge proof theory obtain, and the first signature is obtained by matching initiator according to the first private key.
Specifically, the first information to be matched is that matching initiator needs to carry out matched information with matching recipient,
It includes the privacy informations of matching initiator.Zero-knowledge proof (Zero-Knowledge Proof) refers to that certifier can be
In the case where not providing any useful information to verifier, verifier is made to believe that some judgement is correct.Zero-knowledge proof
Substantially a kind of to be related to the agreement of two sides or more side, i.e. two sides or more take a series of needed for just accomplishing a task
Step.Certifier proves and believes it oneself to know or possess a certain message to verifier, but proof procedure cannot be to verifying
Person leaks any about the information for being proved to message.
In the specific implementation process, can use zero-knowledge proof theory treat the matched first information carry out processing obtain
It obtains first to promise to undertake, the first signature is generated according to the first private key.
As a kind of optional embodiment, first is promised to undertake by matching initiator according to the first information and Zero Knowledge to be matched
Certification theory obtains, comprising:
It matches initiator and the first information to be matched is converted into first information tuple { a1,...,ak, wherein a1、akPoint
Different information types is not indicated, chooses the group G of rank prime number q in advance by trusted enterprise certification authority, is chosen from group G and is generated member
G and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq, wherein hash function
For the 0 of random length, 1 string to be mapped to integer field Zq;
From integer field ZqRandomly choose vi, i ∈ 1 ..., k constitute tuple { v1,...,vk, using zero-knowledge proof theory
Construction first is promised to undertake, is specifically included:
ri=vi-cαi,i∈1,...,k
Wherein, XiWithBy matching initiator to generate first g as the truth of a matter, aiviIt is generated for index, wherein XiInclude the first letter
Cease tuple { a1,...,ak,Include the tuple { v randomly selected1,...,vk, wherein (c, { (ri,Xi)|i∈1,...,k})
It is promised to undertake for first.
Specifically, a1a1...akAk indicates that different information types, such as a string of characters, number etc., q indicate one big
Prime number, bit length 160bit or more, group G are the prime number groups that rank is q.The effect of hash function is to reflect 0,1 string of random length
It is mapped to integer field Zq, XiWithIt is all for generating the first promise, they are generated by the same matching participant, and the truth of a matter is all
G, X thereiniIt contains and needs matched information tuple { a1,...,ak,Contain the tuple { v randomly selected1,...,
vk}。
Step S104: matching recipient promises to undertake the first identity information, the first signature and first and verifies, if verifying is logical
It crosses, is then promised to undertake according to the second information to be matched and zero-knowledge proof theory building second, and obtain second according to the second private key
Signature.
Specifically, the second information to be matched is that matching recipient matches with the first information with matching initiator
Information, it includes matching recipient privacy information
As a kind of optional embodiment, matches recipient and progress is promised to undertake to the first identity information, the first signature and first
Verifying, comprising:
It is requested to obtain the first identity information, the first signature and the first promise according to information matches;
First identity information is verified, if being verified, the first signature is authenticated, if it is verified, then
It promises to undertake and verifies to first.
As a kind of optional embodiment, matches recipient and the first promise is verified: including:
It promises to undertake to calculate according to first and obtains the first resulti∈1,...,k;
According to the first resultIt promises to undertake and verifies to first, specifically include: judging equation
It is whether true, if set up, it is verified, if invalid,
Authentication failed.
Specifically, due to including the first promise in the received information matches request of matching recipient, then can basis
First promises to undertake calculatingIn the specific implementation process,It can be according to the r in the first promisei,XiIt is calculated with c
It obtains, whereinI and first promise to undertake in i be consistent.
As a kind of optional embodiment, recipient is matched according to the second information to be matched and zero-knowledge proof theory structure
Make the second promise, comprising:
It matches recipient and the second information to be matched is converted into the second information tuple { b1,...,bm, wherein b1、bmPoint
Different information types is not indicated, chooses the group G of rank prime number q in advance by trusted enterprise certification authority, is chosen from group G and is generated member
G and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq, wherein hash function
For the 0 of random length, 1 string to be mapped to integer field Zq;
From integer field ZqRandomly choose vj, j ∈ 1 ..., m constitute tuple { v1,...,vm, using zero-knowledge proof theory
Construction first is promised to undertake, is specifically included:
rj=vj-c′bj,j∈1,...,m
Wherein, XjWithBy matching recipient to generate first g as the truth of a matter, bj、vjIt is generated for index, wherein XjInclude second
Information tuple { b1,...,bm,Include the tuple { v randomly selected1,...,vm, wherein (c ', { (rj,Xj)|j∈
1 ..., m }) it is the second promise.
Specifically, since the method that matching recipient construction second is promised to undertake constructs the first side promised to undertake with initiator is matched
Method is similar, and details are not described herein.
Step S105: the second identity information, the second signature and second are promised to undertake configuration information matching request by matching recipient
The first response, by the first response be sent to matching initiator.
In the specific implementation process, the second identity information, the second signature and second can be promised to undertake and is added into message,
To generate the first response of information matches request, the first response is above-mentioned message.
Step S106: matching initiator verifies the second identity information, the second signature and the second promise structure, if verifying
Pass through, then send the second response to the matching method of reseptance, specifically, matching initiator can first receive matching
Second identity information of side is verified, such as the second identity information is matched with the second digital certificate, if can with
Match, then authentication success, then the second signature is authenticated, can obtain matching recipient's from the second digital certificate
Then second public key is verified by the second public key, since the second signature of matching recipient is produced according to the second private key
Raw, and the second public key and the second private key are a key pairs, so that matching initiator can be by the second public key come to second
The correctness of signature is verified.In the specific implementation process, the second response is that direction matching recipient's transmission is initiated in matching
Confirmation message.As optional, since matching recipient may have multiple, then can be sent out by matching initiator record with matching
The square associated matching recipient that conversates is played, corresponding response and relevant information are sent to corresponding in order to subsequent
With recipient.For example, will be recorded in table with the initiator associated matching recipient that conversates is matched, and it is stored in this
Ground.
Step S107: matching initiator promises to undertake according to first and second promises to undertake, obtains the first calculated result, matches initiator
Third signature is constructed according to the first public key, and the first calculated result and third signature are sent into matching recipient.
Specifically, matching initiator promises to undertake according to first and second promises to undertake, obtains the first calculated result, can use base
In the multi-party computations method or other methods of set relation.
It as a kind of optional embodiment, matches initiator and is promised to undertake according to the first promise and second, acquisition first, which calculates, ties
Fruit, comprising:
Promise to undertake that obtaining first generates set according to first, wherein the first element generated in set is promised to undertake by generating first
Data constitute;
Promise to undertake that obtaining second generates set according to second, wherein the second element generated in set is promised to undertake by generating second
Data constitute;
It obtains first and generates the first intersection that set generates set with second;
Hash function is executed to the first intersection, obtains the first calculated result.
Specifically, matching initiator can promise to undertake (c, { (r according to firsti,Xi) | i ∈ 1 ..., k }) obtain the first life
At set, i.e., according in the first promiseThe result that is calculated constitute first and generate set, { Xi, i=1 ..,
K }, similarly, matching recipient can obtain according to same method and receive the second generation set { Xj, j=1 .., m }, then
Set is generated by first and the second generation set is compared, and is found out two intersection of sets collection (i.e. the first intersection), can be denoted as:
χ={ Xi, i=1 .., k } and ∩ { Xj, j=1 .., m }, next, H operation is executed to χ, to obtain the first calculating
As a result H (χ).
In the specific implementation process, matching initiator according to the first public key construct third signature, the first calculated result and
Third signature is sent to and matches recipient, specifically can be by being used as message constructing third signature δ to H (χ)3, then by (H
(χ),δ3) it is sent to matching participant.
Step S108: matching recipient promises to undertake according to first and second promises to undertake, obtains the second calculated result.
Specifically, matching recipient promises to undertake according to first and second promises to undertake, obtains the second calculated result, can also use
Multi-party computations method or other methods based on set relation.
It as a kind of optional embodiment, matches recipient and is promised to undertake according to the first promise and second, acquisition second, which calculates, ties
Fruit, comprising:
Promise to undertake that obtaining second generates set according to second, wherein the second element generated in set is promised to undertake by generating second
Data constitute;
Promise to undertake that obtaining first generates set according to first, wherein the first element generated in set is promised to undertake by generating first
Data constitute;
It obtains second and generates the second intersection that set generates set with first;
Hash function is executed to the second intersection, obtains the second calculated result.
Specifically, matching recipient can promise to undertake (c ', { (r according to secondj,Xj) | j ∈ 1 ..., m }) obtain the second life
At set, i.e., according in the first promiseThe result that is calculated constitute second and generate set { Xj, j=1 ..,
M }, set and second then is generated by first and generates set and is compared, and finds out two intersection of sets collection (i.e. the second intersection), it can be with
It is denoted as χ ',
χ '={ Xj, j=1 .., m } and ∩ { Xi, i=1 .., k }, next, being operated to χ ' execution H, to obtain the second meter
It calculates result H (χ ').
Step S109: after matching recipient receives second response, verifying third signature, if being verified,
Then the first calculated result is compared with the second calculated result, if comparison result is equal, successful match, if comparison result is not
Equal, then it fails to match.
Specifically, the first calculated result for matching recipient is H (χ), and matching recipient receives matching sender and sends
Message be (H (χ), δ3), matching method of reseptance receive matching sender send the second response after, to third sign into
Row verifying terminates session if signature verification fails.If being verified, judge whether equation H (χ)=H (χ ') is true, if
Set up then successful match;Otherwise it fails to match.
As a kind of optional embodiment, the first calculated result is being compared with the second calculated result, if comparing knot
Fruit is equal, then after successful match, the method for the present embodiment further include:
Matching recipient's compared result is sent to matching initiator after signing.
In information matching method provided in an embodiment of the present invention, on the whole, step S101, step S102 belongs in Fig. 2
Shown in system initialization, step S103, step S104, step S105 belongs to information shown in Fig. 2 proves, step S106,
Step S107, step S108 belongs to information matches shown in Fig. 2, and step S109, which belongs to information shown in Fig. 2, to be proved.The present invention is real
The method for applying the information matches of an offer can be applied to the matching of the privacy information of anti-malicious act under business intelligence environment,
It include trusted enterprise certification authority, the private services device cluster of each enterprise using distributed frame.First, use nonreciprocal zero
Knowledge proof designs a kind of safe data proof of possession method, in multiple enterprises under the premise of not revealing both sides' privacy, to
Participant proves oneself to possess specific privacy information.Second, have devised a kind of safe information matching method, this method energy
It is enough securely to be compared the information that multiple users are held, and in the acquisition participant in the case where guaranteeing fair and oneself
Shared information result.
The information matching method provided in order to illustrate the embodiments of the present invention more clearly realizes process, hands over below by one
Mutual embodiment is discussed in detail: the participant of information matches includes matching sender, matching recipient and trusted enterprise certification
Mechanism.Firstly, in system initialisation phase: matching sender executes step 1.1 and generates first key pair, and retains first key
First private key of centering, matching recipient generates the second key pair, and retains the second private key of the second cipher key pair, next holds
Row step 1.2: matching sending direction letter corporate authentication mechanism sends the first registration request, matching receiving direction trusted enterprise certification
Mechanism sends the second registration request, and after registering through, trusted enterprise certification authority is respectively to matching sender and matching recipient
Send the first digital certificate and the second digital certificate;Then execute step 1.3: matching sender, which extracts, sorts out the first tuple,
Matching recipient extracts and sorts out the second tuple, then executes step 1.4: trusted enterprise certification authority chooses open zero-knowledge proof
Global parameter and hash function.Prove the stage followed by information, execute step 2.1: matching sender initiates matching request,
And the first tuple is promised to undertake using zero-knowledge proof construction first, and generate the first signature, next execute step 2.2: matching
Recipient verifies matched first identity information of matching sender, does not pass through such as, then refuses to match, such as pass through, then
Matching recipient continues the first signature of verifying matching sender, does not pass through such as, then refuses to match, such as pass through, then match reception
The first of Fang Jixu verifying matching sender is promised to undertake, is not passed through such as, is then refused to match, such as pass through, then follow the steps 2.3: to the
Binary group is promised to undertake using zero-knowledge proof construction second, and generates response and the second signature, then execute step 2.4: matching is sent
Side verifies the second identity information for the matching recipient for sending the first response, if not passing through, refuses to match, such as logical
It crosses, then continues the second signature of verifying matching recipient, do not pass through such as, then refuse to match, such as pass through, then continue verifying matching and connect
The second of debit is promised to undertake, is not passed through such as, is then refused to match, such as pass through, then usage record table T record matching recipient and matching
The relevant information of request, and the second response is sent to matching recipient.Next enter the information matches stage, execute step 3.1:
Matching sender promises to undertake according to the second of matching recipient executes matching, and obtain χ, then execute step 3.2: matching receives root
It is promised to undertake according to the first of matching sender and executes matching, obtain χ '.It finally enters information and discloses the stage, execute step 4.1: matching hair
The side of sending calculates H (χ) and constructs third signature, and be sent to matching recipient, then execute step 4.2: matching recipient receives
After second response, third signature is verified, if not passing through, refuses to match, judgement passes through the calculated H of χ ' if passing through
Whether (χ ') and H (χ) be equal, if equal, successful match, otherwise it fails to match.
Said one or multiple technical solutions in the embodiment of the present application at least have following one or more technology effects
Fruit:
In method provided by the invention, before carrying out information matches, matching is initiated by matching initiator and matching recipient
Fang Shengcheng first key is to rear, and to trusted enterprise, certification authority is registered, and obtains the first digital certificate, and matching recipient generates
After second key pair, to trusted enterprise, certification authority is registered, and obtains the second digital certificate, can be with by digital certificate technique
Guarantee matching initiator and matches the authenticity of recipient's identity.And it matches initiator to manage using non-interactive zero-knowledge proof
It is promised to undertake by construction first, matching recipient promises to undertake the first identity information of matching initiator, the first signature and first and tests
Card, after verifying passes through, matching recipient also uses and matches the same non-interactive zero-knowledge proof theory building of initiator
Second promise to undertake, then by institute the second identity information, second signature and second promise to undertake configuration information matching request the first response, send out
It send to matching initiator;Then matching initiator verifies the first response, matching recipient promises to undertake and second according to first
Promise to undertake obtain the second calculated result with match sender according to first promise to undertake and second promise acquisition the first calculated result into
Row compares, if comparison result is equal, successful match, if comparison result is unequal, it fails to match.By the above method, adopt
With non-interactive zero-knowledge proof and Secure Multi-party Computation Protocols, the present invention can ensure that the user of malice cannot forge falseness
Information participates in matching, and can prevent the behavior that participant is denied during information matches, so that matching initiator and reception
Under the premise of not revealing, complete data effectively proves the private data of side, ensure that the correctness of both sides' privacy information,
So can guarantee the accuracy and safety of matching result.Solve that matching result accuracy exists in the prior art is not high
The technical issues of.
Based on the same inventive concept, present invention also provides and a kind of dress corresponding with the method for information matches of embodiment
It sets, detailed in Example two.
Embodiment two
The present embodiment provides a kind of devices of information matches, are applied to matching initiator, matching recipient and trusted enterprise
Certification authority refers to Fig. 3, which includes:
First registration module 301 initializes first key to rear for matching initiator, infuses to trusted enterprise certification authority
Volume obtains the first digital certificate, wherein for first key to including the first public key and the first private key, the first digital certificate includes the
First identity information of one public key and matching initiator;
Second registration module 302 is infused after matching recipient's the second key pair of initialization to trusted enterprise certification authority
Volume obtains the second digital certificate, wherein the second key pair include the second public key and the and private key, the second digital certificate include the
Second identity information of two public keys and matching recipient;
First sending module 303 initiates direction matching recipient's transmission information matches request for matching, wherein information
It include the first promise, the first signature and the first identity information of matching initiator's construction with request, wherein first promises to undertake by matching
Initiator obtains according to the first information to be matched and zero-knowledge proof theory, and the first signature is by matching initiator according to the first private
Key obtains;
Constructing module 304 verifies the first identity information, the first signature and the first promise for matching recipient,
If being verified, promised to undertake according to the second information to be matched and zero-knowledge proof theory building second, and according to the second private key
Obtain the second signature;
Second sending module 305 is believed for matching recipient and promising to undertake to constitute by the second identity information, the second signature and second
First response is sent to matching initiator by the first response for ceasing matching request;
Authentication module 306 tests the second identity information, the second signature and the second promise structure for matching initiator
Card sends the second response to matching recipient if being verified;
Third sending module 307, for matching, initiator promises to undertake according to first and the second promise, acquisition first calculate knot
Fruit;It matches initiator and third signature is constructed according to the first public key, and the first calculated result and third signature are sent to matching and connect
Debit;
Matching module 308, for matching, recipient promises to undertake according to first and second promises to undertake, the second calculated result of acquisition;
It proves module 309, after matching recipient's the second response of reception, third signature is verified, if verifying is logical
It crosses, is then compared the first calculated result with the second calculated result, if comparison result is equal, successful match, if comparing knot
Fruit is unequal, then it fails to match.
As a kind of optional embodiment, the present embodiment provides in device, the first sending module 303 is also used to:
It matches initiator and the first information to be matched is converted into first information tuple { a1,...,ak, wherein a1、akPoint
Different information types is not indicated, chooses the group G of rank prime number q in advance by trusted enterprise certification authority, is chosen from group G and is generated member
G and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq, wherein hash function
For the 0 of random length, 1 string to be mapped to integer field Zq;
From integer field ZqRandomly choose vi, i ∈ 1 ..., k constitute tuple { v1,...,vk, using zero-knowledge proof theory
Construction first is promised to undertake, is specifically included:
ri=vi-cαi,i∈1,...,k
Wherein, XiWithBy matching initiator to generate first g as the truth of a matter, ai viIt is generated for index, wherein XiInclude first
Information tuple { a1,...,ak,Include the tuple { v randomly selected1,...,vk, wherein (c, { (ri,Xi)|i∈1,...,
K }) it is the first promise.
As a kind of optional embodiment, the present embodiment provides in device, constructing module 304 is also used to:
It is requested to obtain the first identity information, the first signature and the first promise according to information matches;
First identity information is verified, if being verified, the first signature is authenticated, if it is verified, then
It promises to undertake and verifies to first.
As a kind of optional embodiment, the present embodiment provides in device, constructing module 304 is also used to:
It promises to undertake to calculate according to first and obtains the first resulti∈1,...,k;
According to the first resultIt promises to undertake and verifies to first, specifically include: judging equation
It is whether true, if set up, it is verified, if invalid,
Authentication failed.
As a kind of optional embodiment, the present embodiment provides in device, constructing module 304 is also used to:
It matches recipient and the second information to be matched is converted into the second information tuple { b1,...,bm, wherein b1、bmPoint
Different information types is not indicated, chooses the group G of rank prime number q in advance by trusted enterprise certification authority, is chosen from group G and is generated member
G and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq, wherein hash function
For the 0 of random length, 1 string to be mapped to integer field Zq;
From integer field ZqRandomly choose vj, j ∈ 1 ..., m constitute tuple { v1,...,vm, using zero-knowledge proof theory
Construction first is promised to undertake, is specifically included:
rj=vj-c′bj,j∈1,...,m
Wherein, XjWithBy matching recipient to generate first g as the truth of a matter, bj、vjIt is generated for index, wherein XjInclude second
Information tuple { b1,...,bm,Include the tuple { v randomly selected1,...,vm, wherein (c ', { (rj,Xj)|j∈
1 ..., m }) it is the second promise.
As a kind of optional embodiment, the present embodiment provides in device, third sending module 307 is also used to:
Promise to undertake that obtaining first generates set according to first, wherein the first element generated in set is promised to undertake by generating first
Data constitute;
Promise to undertake that obtaining second generates set according to second, wherein the second element generated in set is promised to undertake by generating second
Data constitute;
It obtains first and generates the first intersection that set generates set with second;
Hash function is executed to the first intersection, obtains the first calculated result.
As a kind of optional embodiment, the present embodiment provides in device, matching module 308 is also used to:
Promise to undertake that obtaining second generates set according to second, wherein the second element generated in set is promised to undertake by generating second
Data constitute;
Promise to undertake that obtaining first generates set according to first, wherein the first element generated in set is promised to undertake by generating first
Data constitute;
It obtains second and generates the second intersection that set generates set with first;
Hash function is executed to the second intersection, obtains the second calculated result.
As a kind of optional embodiment, further includes the 4th sending module the present embodiment provides device, is used for:
First calculated result is being compared with the second calculated result, if comparison result is equal, after successful match:
Matching recipient's compared result is sent to matching initiator after signing.
By the device that the embodiment of the present invention two is introduced, the information matching method to implement the embodiment of the present invention one is adopted
Device, so based on the method that the embodiment of the present invention one is introduced, the affiliated personnel in this field can understand the tool of the device
Body structure and deformation, so details are not described herein.Device used by the method for all embodiment of the present invention one belongs to this hair
The bright range to be protected.
Embodiment three
Based on the same inventive concept, present invention also provides a kind of computer equipment, Fig. 4 is referred to, including storage 401,
On a memory and the computer program 403 that can run on a processor, processor 402 executes above-mentioned for processor 402 and storage
The method in embodiment one is realized when program.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, those skilled in the art can carry out various modification and variations without departing from this hair to the embodiment of the present invention
The spirit and scope of bright embodiment.In this way, if these modifications and variations of the embodiment of the present invention belong to the claims in the present invention
And its within the scope of equivalent technologies, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. a kind of matching process of information, which is characterized in that be applied to matching initiator, matching recipient and trusted enterprise certification
Mechanism, which comprises
The matching initiator initializes first key to rear, registers to the trusted enterprise certification authority, obtains the first number
Certificate, wherein for the first key to including the first public key and the first private key, first digital certificate includes described first public
First identity information of key and the matching initiator;
It after the matching recipient initializes the second key pair, is registered to the trusted enterprise certification authority, obtains the second number
Certificate, wherein second key pair includes the second public key and the second private key, and second digital certificate includes described second public
Second identity information of key and the matching recipient;
The matching initiates matching recipient described in direction and sends information matches request, wherein information matches request includes institute
State the first promise, the first signature and the first identity information of matching initiator, wherein described first promises to undertake by matching initiation
Root is obtained according to the first information to be matched and zero-knowledge proof theory, and first signature is by the matching initiator according to institute
State the acquisition of the first private key;
The matching recipient promises to undertake first identity information, first signature and described first and verifies, if testing
Card passes through, then is promised to undertake according to the second information to be matched and the zero-knowledge proof theory building second, and according to described second
Private key obtains the second signature;
The matching recipient, which promises to undertake second identity information, second signature and described second, constitutes the information
First response is sent to the matching initiator by the first response with request;
The matching initiator verifies second identity information, second signature and the second promise structure, if
It is verified, then sends the second response to the matching method of reseptance;
The matching initiator promises to undertake according to described first and described second promises to undertake, obtains the first calculated result, the matching hair
Root is played according to first public key construction third signature, and first calculated result and third signature is sent to described
Match recipient;
The matching recipient promises to undertake according to described first and described second promises to undertake, obtains the second calculated result;
After the matching recipient receives second response, third signature is verified, if being verified, by institute
The first calculated result is stated to be compared with second calculated result, if comparison result is equal, successful match, if comparison result
Unequal, then it fails to match.
2. the method as described in claim 1, which is characterized in that described first promises to undertake by the matching initiator according to be matched
The first information and zero-knowledge proof theory obtain, comprising:
The first information to be matched is converted into first information tuple { a by the matching initiator1,...,ak, wherein a1、
akDifferent information types is respectively indicated, chooses the group G of rank prime number q in advance by the trusted enterprise certification authority, from the group G
Middle selection generates member g and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq,
In, the hash function is used to the 0 of random length, 1 string being mapped to integer field Zq;
From the integer field ZqRandomly choose vi, i ∈ 1 ..., k constitute tuple { v1,...,vk, using zero-knowledge proof theory
It constructs described first to promise to undertake, specifically include:
ri=vi-cαi, i ∈ 1 ..., k
Wherein, XiWithBy the matching initiator to generate first g as the truth of a matter, ai viIt is generated for index, wherein XiInclude the first letter
Cease tuple { a1,...,ak,Include the tuple { v randomly selected1,...,vk, wherein (c, { (ri,Xi)|i∈1,...,k})
It is promised to undertake for described first.
3. method according to claim 2, which is characterized in that the matching recipient is to first identity information, described
First signature and first promise are verified, comprising:
First identity information is obtained according to information matches request, first signature and described first is promised to undertake;
First identity information is verified, if being verified, first signature is authenticated, if verifying is logical
It crosses, then promises to undertake and verify to described first.
4. method as claimed in claim 3, which is characterized in that the matching recipient promises to undertake to described first and verifies:
Include:
It promises to undertake to calculate according to described first and obtains the first result
According to first resultIt promises to undertake and verifies to described first, specifically include: judging equation
It is whether true, if set up, it is verified, if invalid, verifies
Failure.
5. the method as described in claim 1, which is characterized in that the matching recipient is according to the second information to be matched and institute
State the promise of zero-knowledge proof theory building second, comprising:
Second information to be matched is converted into the second information tuple { b by the matching recipient1,...,bm, wherein b1、
bmDifferent information types is respectively indicated, chooses the group G of rank prime number q in advance by the trusted enterprise certification authority, from the group G
Middle selection generates member g and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq,
In, the hash function is used to the 0 of random length, 1 string being mapped to integer field Zq;
From the integer field ZqRandomly choose vj, j ∈ 1 ..., m constitute tuple { v1,...,vm, using zero-knowledge proof theory
It constructs described first to promise to undertake, specifically include:
rj=vj-c′bj,j∈1,...,m
Wherein, XjWithBy the matching recipient to generate first g as the truth of a matter, bj、vjIt is generated for index, wherein XjInclude second
Information tuple { b1,...,bm,Include the tuple { v randomly selected1,...,vm, wherein (c ', { (rj,Xj)|j∈
1 ..., m }) it is second promise.
6. method according to claim 2, which is characterized in that the matching initiator promises to undertake and described the according to described first
Two promise to undertake, obtain the first calculated result, comprising:
Promise to undertake that obtaining first generates set according to described first, wherein the element in the first generation set is as described in generating
First data promised to undertake are constituted;
Promise to undertake that obtaining second generates set according to described second, wherein the element in the second generation set is as described in generating
Second data promised to undertake are constituted;
It obtains described first and generates the first intersection that set generates set with described second;
The hash function is executed to first intersection, obtains first calculated result.
7. method according to claim 2, which is characterized in that the matching recipient promises to undertake and described the according to described first
Two promise to undertake, obtain the second calculated result, comprising:
Promise to undertake that obtaining second generates set according to described second, wherein the element in the second generation set is as described in generating
Second data promised to undertake are constituted;
Promise to undertake that obtaining first generates set according to described first, wherein the element in the first generation set is as described in generating
First data promised to undertake are constituted;
It obtains described second and generates the second intersection that set generates set with described first;
The hash function is executed to second intersection, obtains second calculated result.
8. the method for claim 7, which is characterized in that by first calculated result and second calculated result
It is compared, if comparison result is equal, after successful match, the method also includes:
Matching recipient's compared result is sent to the matching initiator after signing.
9. a kind of coalignment of information, which is characterized in that be applied to matching initiator, matching recipient and trusted enterprise certification
Mechanism, described device include:
First registration module, for matching initiator initialization first key to rear, to the trusted enterprise certification authority
Registration obtains the first digital certificate, wherein for the first key to including the first public key and the first private key, described first is digital
Certificate includes the first identity information of first public key and the matching initiator;
Second registration module, after initializing the second key pair for the matching recipient, to the trusted enterprise certification authority
Registration obtains the second digital certificate, wherein second key pair include the second public key and the and private key, second number
Certificate includes the second identity information of second public key and the matching recipient;
First sending module initiates matching recipient described in direction for the matching and sends information matches request, wherein described
Information matches request includes the first promise, the first signature and the first identity information of the matching initiator construction, wherein described
First promises to undertake by the matching initiator according to the first information to be matched and the acquisition of zero-knowledge proof theory, first signature
It is obtained by the matching initiator according to first private key;
Constructing module promises to undertake first identity information, first signature and described first for the matching recipient
It is verified, if being verified, is promised to undertake according to the second information to be matched and the zero-knowledge proof theory building second, and
The second signature is obtained according to second private key;
Second sending module is used for the matching recipient for second identity information, second signature and described second
It promises to undertake the first response for constituting the information matches request, first response is sent to the matching initiator;
Authentication module promises to undertake second identity information, second signature and described second for the matching initiator
Structure is verified, if being verified, sends the second response to the matching method of reseptance;
Third sending module promises to undertake according to described first for the matching initiator and described second promises to undertake, obtains the first meter
It calculates as a result, the matching initiator constructs third signature according to first public key, and by first calculated result and described
Third signature is sent to and the matching recipient;
Matching module promises to undertake according to described first for the matching recipient and described second promises to undertake, obtains second and calculate knot
Fruit;
After proving that module, the matching recipient receive second response, third signature is verified, if verifying is logical
It crosses, is then compared first calculated result with second calculated result, if comparison result is equal, successful match,
If comparison result is unequal, it fails to match.
10. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor
Calculation machine program, which is characterized in that the processor is realized when executing described program such as any one of claim 1 to 8 claim
The method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810763376.6A CN109104410B (en) | 2018-07-12 | 2018-07-12 | Information matching method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810763376.6A CN109104410B (en) | 2018-07-12 | 2018-07-12 | Information matching method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109104410A true CN109104410A (en) | 2018-12-28 |
CN109104410B CN109104410B (en) | 2021-01-01 |
Family
ID=64846114
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810763376.6A Active CN109104410B (en) | 2018-07-12 | 2018-07-12 | Information matching method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109104410B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109756343A (en) * | 2019-01-31 | 2019-05-14 | 平安科技(深圳)有限公司 | Authentication method, device, computer equipment and the storage medium of digital signature |
CN109886029A (en) * | 2019-01-28 | 2019-06-14 | 湖北工业大学 | Secret protection set intersection calculation method and system based on polynomial repressentation |
CN113569294A (en) * | 2021-09-22 | 2021-10-29 | 浙江大学 | Zero knowledge proving method and device, electronic equipment and storage medium |
CN114553443A (en) * | 2022-04-25 | 2022-05-27 | 湖南三湘银行股份有限公司 | Method and system for docking third-party data model |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101257380A (en) * | 2007-12-05 | 2008-09-03 | 航天信息股份有限公司 | User entity for self-generating public key certificate and system and method for managing public key certificate |
CN104270351A (en) * | 2014-09-22 | 2015-01-07 | 湖北工业大学 | Information matching method and system based on mobile terminal privacy protection |
CN104717067A (en) * | 2013-12-17 | 2015-06-17 | 中国移动通信集团辽宁有限公司 | Safety verification method, device and system based on non-interactive zero-knowledge |
US20150341792A1 (en) * | 2014-05-22 | 2015-11-26 | Sypris Electronics, Llc | Network authentication system with dynamic key generation |
-
2018
- 2018-07-12 CN CN201810763376.6A patent/CN109104410B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101257380A (en) * | 2007-12-05 | 2008-09-03 | 航天信息股份有限公司 | User entity for self-generating public key certificate and system and method for managing public key certificate |
CN104717067A (en) * | 2013-12-17 | 2015-06-17 | 中国移动通信集团辽宁有限公司 | Safety verification method, device and system based on non-interactive zero-knowledge |
US20150341792A1 (en) * | 2014-05-22 | 2015-11-26 | Sypris Electronics, Llc | Network authentication system with dynamic key generation |
CN104270351A (en) * | 2014-09-22 | 2015-01-07 | 湖北工业大学 | Information matching method and system based on mobile terminal privacy protection |
Non-Patent Citations (1)
Title |
---|
ZHANG MINGWU等: "Tolerating Sensitive-Leakage With Larger Plaintext-Space and Higher Leakage-Rate in Privacy-Aware Internet-of-Things", 《IEEE ACCESS》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109886029A (en) * | 2019-01-28 | 2019-06-14 | 湖北工业大学 | Secret protection set intersection calculation method and system based on polynomial repressentation |
CN109756343A (en) * | 2019-01-31 | 2019-05-14 | 平安科技(深圳)有限公司 | Authentication method, device, computer equipment and the storage medium of digital signature |
CN109756343B (en) * | 2019-01-31 | 2021-07-20 | 平安科技(深圳)有限公司 | Authentication method and device for digital signature, computer equipment and storage medium |
CN113569294A (en) * | 2021-09-22 | 2021-10-29 | 浙江大学 | Zero knowledge proving method and device, electronic equipment and storage medium |
US11550952B1 (en) | 2021-09-22 | 2023-01-10 | Zhejiang University | Zero-knowledge proof method and electronic device |
CN114553443A (en) * | 2022-04-25 | 2022-05-27 | 湖南三湘银行股份有限公司 | Method and system for docking third-party data model |
CN114553443B (en) * | 2022-04-25 | 2022-07-12 | 湖南三湘银行股份有限公司 | Method and system for docking third-party data model |
Also Published As
Publication number | Publication date |
---|---|
CN109104410B (en) | 2021-01-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11842317B2 (en) | Blockchain-based authentication and authorization | |
CN109756485B (en) | Electronic contract signing method, electronic contract signing device, computer equipment and storage medium | |
US11212081B2 (en) | Method for signing a new block in a decentralized blockchain consensus network | |
CN103095453B (en) | The Bloom filter of the public key encryption occured simultaneously using privately owned set | |
Baldimtsi et al. | Anonymous credentials light | |
CN107967557A (en) | Reputation Evaluation System and method, electronic fare payment system are changed based on block chain | |
CN111064734B (en) | Block chain system user identity anonymity and traceable method, corresponding storage medium and electronic device | |
CN109104410A (en) | A kind of matching process and device of information | |
CN109889497A (en) | A kind of data integrity verification method for going to trust | |
Huang et al. | Blockchain-assisted transparent cross-domain authorization and authentication for smart city | |
CN113301022A (en) | Internet of things equipment identity security authentication method based on block chain and fog calculation | |
CN113360943A (en) | Block chain private data protection method and device | |
Yu et al. | Identity‐Based Proxy Signcryption Protocol with Universal Composability | |
Šimunić et al. | Verifiable computing applications in blockchain | |
CN106506165A (en) | Fictitious assets anonymity sort method based on homomorphic cryptography | |
CN113468570A (en) | Private data sharing method based on intelligent contract | |
CN108259180B (en) | Method for quantum specifying verifier signature | |
Boontaetae et al. | RDI: Real digital identity based on decentralized PKI | |
US8868903B2 (en) | Digital arbitration | |
CN110519040A (en) | The anti-quantum calculation digital signature method and system of identity-based | |
Wang et al. | A novel blockchain identity authentication scheme implemented in fog computing | |
CN113362065A (en) | Online signature transaction implementation method based on distributed private key | |
Huang et al. | How to protect privacy in optimistic fair exchange of digital signatures | |
Huang et al. | Dynamic Group Signature Scheme on Lattice with Verifier-local Revocation | |
Deng et al. | A Secure and Efficient Access Control Scheme for Shared IoT Devices over Blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |