CN109104410A - A kind of matching process and device of information - Google Patents

A kind of matching process and device of information Download PDF

Info

Publication number
CN109104410A
CN109104410A CN201810763376.6A CN201810763376A CN109104410A CN 109104410 A CN109104410 A CN 109104410A CN 201810763376 A CN201810763376 A CN 201810763376A CN 109104410 A CN109104410 A CN 109104410A
Authority
CN
China
Prior art keywords
matching
undertake
information
recipient
initiator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810763376.6A
Other languages
Chinese (zh)
Other versions
CN109104410B (en
Inventor
张明武
冷文韬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei University of Technology
Original Assignee
Hubei University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei University of Technology filed Critical Hubei University of Technology
Priority to CN201810763376.6A priority Critical patent/CN109104410B/en
Publication of CN109104410A publication Critical patent/CN109104410A/en
Application granted granted Critical
Publication of CN109104410B publication Critical patent/CN109104410B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides a kind of matching process of information and devices, method therein includes: that direction matching recipient's transmission information matches request is initiated in matching, matching recipient verifies the information in information matches request, the first response of configuration information matching request if being verified, it is sent to matching initiator, after matching initiator's the first response of reception, information in first response is verified, if being verified, then the second response is sent to matching recipient, initiator is matched to promise to undertake and the second promise according to first, obtain the first calculated result, recipient is matched to promise to undertake and the second promise according to first, obtain the second calculated result;After matching recipient's the second response of reception, the first calculated result is compared with the second calculated result, if comparison result is equal, successful match, if comparison result is unequal, it fails to match.The present invention, which solves, exists in the prior art the not high technical problem of matching result accuracy.

Description

A kind of matching process and device of information
Technical field
The present invention relates to the matching process and dress of business intelligence and field of information security technology more particularly to a kind of information It sets.
Background technique
With modern enterprise informatization, traditional information-based application is increasingly mature, such as Finance System, does Public automated system, Enterprise Resource Planning System etc..Traditional informatization focuses on the FAQs of business administration It is solved by software application, to improve working efficiency, reduce cost.However IT application in enterprises be also faced with new application with Challenge, nowadays advanced IT application cause endlessly data generating, how safely and efficiently to be sent out from mass data Pick information simultaneously creates the problem of value becomes great researching value.
It has been insufficient for however, only finding valuable information from the data set of each company oneself in isolation Growing enterprise development demand.For example, Ji Jia commercial company wishes to expand their business scale in certain panel region, but It is that this several company wishes whether before making a plan clear other side clashes with oneself plan, for protecting oneself business Purpose that is secret and maximizing each company's interests simultaneously, they must negotiate a kind of plan that can be judged between them With the presence or absence of the scheme of conflict.
For such issues that, generally use the multi-party computations based on set relation at present.Information matches in simple terms It can be understood as judging two groups of set with the presence or absence of intersection.And Secure Multi-party Computation Protocols be then can using technologies such as homomorphic cryptographies To guarantee that Collaboration computing goes out as a result, being simultaneously configured to set element polynomial under the premise of participant does not reveal oneself information Form solves the decision problem of intersection.However, present invention applicant in implementing the solution of the present invention, discovery: is based on current The agreement designed of multi-party computations method cannot detect to want the participant of cheating.For example, cribber can pass through The information that oneself does not have is forged to participate in calculating, to cover the content taken out and should not obtained.
It can be seen that the not high technical problem of matching result accuracy exists in the prior art.
Summary of the invention
The embodiment of the invention provides a kind of matching process of information and devices, to solve or at least partly solve now Have in technology that there are the technical problems that matching result accuracy is not high.
In a first aspect, the present invention provides a kind of matching process of information, be applied to matching initiator, matching recipient and Trusted enterprise certification authority, which comprises
The matching initiator initializes first key to rear, registers to the trusted enterprise certification authority, obtains first Digital certificate, wherein for the first key to including the first public key and the first private key, first digital certificate includes described the First identity information of one public key and the matching initiator;
It after the matching recipient initializes the second key pair, is registered to the trusted enterprise certification authority, obtains second Digital certificate, wherein second key pair includes the second public key and the second private key, and second digital certificate includes described the Second identity information of two public keys and the matching recipient;
The matching initiates matching recipient described in direction and sends information matches request, wherein the information matches request packet Include the first promise, the first signature and the first identity information of the matching initiator construction, wherein described first promises to undertake by described It matches initiator to be obtained according to the first information to be matched and zero-knowledge proof theory, first signature is initiated by the matching Root is obtained according to first private key;
The matching recipient verifies first identity information, first signature and first promise, If being verified, promised to undertake according to the second information to be matched and the zero-knowledge proof theory building second, and according to described Second private key obtains the second signature;
The matching recipient, which promises to undertake second identity information, second signature and described second, constitutes the letter The first response for ceasing matching request, is sent to the matching initiator for first response;
The matching initiator tests second identity information, second signature and the second promise structure Card sends the second response to the matching method of reseptance if being verified;
The matching initiator promises to undertake according to described first and described second promises to undertake, the first calculated result of acquisition, and described It signs with root is initiated according to first public key construction third, and first calculated result and third signature is sent to With the matching recipient;
The matching recipient promises to undertake according to described first and described second promises to undertake, obtains the second calculated result;
After the matching recipient receives second response, third signature is verified, if being verified, First calculated result is compared with second calculated result, if comparison result is equal, successful match, if comparing As a result unequal, then it fails to match.
Based on same inventive concept, second aspect of the present invention provides a kind of coalignment of information, is applied to matching Initiator, matching recipient and trusted enterprise certification authority, described device include:
First registration module initializes first key to rear, to trusted enterprise certification for the matching initiator Institute registration, obtain the first digital certificate, wherein the first key to include the first public key and the first private key, described first Digital certificate includes the first identity information of first public key and the matching initiator;
Second registration module after initializing the second key pair for the matching recipient, is authenticated to the trusted enterprise Institute registration obtains the second digital certificate, wherein second key pair include the second public key and the and private key, described second Digital certificate includes the second identity information of second public key and the matching recipient;
First sending module initiates matching recipient described in direction for the matching and sends information matches request, wherein The information matches request includes the first promise, the first signature and the first identity information of the matching initiator construction, wherein First promise is obtained by the matching initiator according to the first information to be matched and zero-knowledge proof theory, and described first Signature is obtained by the matching initiator according to first private key;
Constructing module, for the matching recipient to first identity information, first signature and described first Promise is verified, if being verified, is held according to the second information and the zero-knowledge proof theory building second to be matched Promise, and the second signature is obtained according to second private key;
Second sending module, for the matching recipient by second identity information, it is described second sign and it is described Second promises to undertake the first response for constituting the information matches request, and first response is sent to the matching initiator;
Authentication module, for the matching initiator to second identity information, second signature and described second It promises to undertake that structure is verified, if being verified, sends the second response to the matching method of reseptance;
Third sending module promises to undertake according to described first for the matching initiator and described second promises to undertake, acquisition the One calculated result, the matching initiator according to first public key construct third sign, and will first calculated result with The third signature is sent to and the matching recipient;
Matching module promises to undertake according to described first for the matching recipient and described second promises to undertake, obtains the second meter Calculate result;
After proving that module, the matching recipient receive second response, third signature is verified, if testing Card passes through, then is compared first calculated result with second calculated result, if comparison result is equal, matching at Function, if comparison result is unequal, it fails to match.
Based on same inventive concept, third aspect present invention provides a kind of computer equipment, including memory, processing On a memory and the computer program that can run on a processor, when processor execution described program, is realized for device and storage Method described in first aspect.
Said one or multiple technical solutions in the embodiment of the present application at least have following one or more technology effects Fruit:
In method provided by the invention, before carrying out information matches, matching is initiated by matching initiator and matching recipient Fang Shengcheng first key is to rear, and to trusted enterprise, certification authority is registered, and obtains the first digital certificate, and matching recipient generates After second key pair, to trusted enterprise, certification authority is registered, and obtains the second digital certificate, can be with by digital certificate technique Guarantee matching initiator and matches the authenticity of recipient's identity.And it matches initiator to manage using non-interactive zero-knowledge proof It is promised to undertake by construction first, matching recipient promises to undertake the first identity information of matching initiator, the first signature and first and tests Card, after verifying passes through, matching recipient also uses and matches the same non-interactive zero-knowledge proof theory building of initiator Second promises to undertake, then the second identity information of institute, the second signature and second being promised to undertake to, constituting the information matches are requested first answers It answers, is sent to matching initiator;Matching initiator then the first response is verified, matching recipient according to first promise to undertake and Second calculated result of the second promise acquisition promises to undertake the first calculating knot obtained according to the first promise and second with sender is matched Fruit is compared, if comparison result is equal, successful match, if comparison result is unequal, it fails to match.Pass through above-mentioned side Method, using non-interactive zero-knowledge proof and Secure Multi-party Computation Protocols, the present invention can ensure that the user of malice cannot forge False information participates in matching, and can prevent the behavior that participant is denied during information matches, so that matching initiator Under the premise of not revealing, complete data effectively proves private data with recipient, ensure that both sides' privacy information Correctness, so can guarantee the accuracy and safety of matching result.It solves and matching result standard exists in the prior art The not high technical problem of true property.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of flow chart of the matching process of information in the embodiment of the present invention;
Fig. 2 is the system architecture diagram of matching process application in the embodiment of the present invention;
Fig. 3 is a kind of structural block diagram of the coalignment of information in the embodiment of the present invention;
Fig. 4 is a kind of structural block diagram of computer equipment in the embodiment of the present invention.
Specific embodiment
The embodiment of the invention provides a kind of matching process of information and devices, and matching exists in the prior art to improve As a result the not high technical problem of accuracy.
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Embodiment one
The present embodiment provides a kind of matching process of information, are applied to matching initiator, matching recipient and trusted enterprise Certification authority, referring to Figure 1, this method comprises:
Step S101: matching initiator initializes first key to rear, registers to trusted enterprise certification authority, obtains first Digital certificate, wherein for first key to including the first public key and the first private key, the first digital certificate includes the first public key and matching The first identity information of initiator.
Specifically, it can provide and be comprising matching initiator, matching recipient and trusted enterprise certification authority (ECA) System, as shown in Fig. 2, the system architecture includes matching initiator 100, matching recipient 200 and trusted enterprise certification authority (ECA) 300, the matching process of information includes four-stage in short: 1, system initialization, 2, information prove, 3, information matches, 4, Information discloses.In the specific implementation process, match initiator, matching recipient refer to each enterprise private services device (or Server cluster).Match initiator, matching recipient can by the application program in the private services device cluster of each enterprise come It realizes.Trusted enterprise certification authority is authentication center, is believable enterprise's certificate issuing authority, it is by coalition of companies The server of mechanism realizes that function is that the digital certificate of the server of responsible enterprise is generated, provides, stores, revoked.Each enterprise Industry needs are registered in trusted enterprise certification authority (ECA), obtain digital certificate.Each enterprise using digital certificate to oneself Identity provides certification.The server of any enterprise includes but is not limited to data management server, data warehouse, Enterprises Strategic Decision The contents such as system.It is communicated between enterprise servers with the distributed network architecture of peer-to-peer network.
In the specific implementation process, matching initiator needs to recognize to trusted enterprise before sending information matches request Card mechanism is registered, and corresponding digital certificate is obtained.First key is generated to that can use existing Encryption Algorithm, such as RSA Algorithm.The first identity information in first digital certificate comprising the first public key and matching the initiator, (matching of enterprise's participant Initiating method and matching recipient) digital certificate of other side, the public key information of Ji Ge enterprise participant can be obtained from ECA It is disclosed.Matching initiator can will generate the first private key and be stored in local, and the first public key can be used for generating the first signature, For subsequent verification process.
Step S102: it after matching recipient initializes the second key pair, is registered to trusted enterprise certification authority, obtains second Digital certificate, wherein the second key pair include the second public key and the second private key, second digital certificate include the second public key and The second identity information of the matching recipient.
Specifically, matching recipient is before carrying out information matches, it is also desirable to and to trusted enterprise, certification authority is registered, Obtain corresponding digital certificate.Wherein, matching receiving direction trusted enterprise certification authority registration mode with match initiator's class Seemingly, it is not repeating herein.
Step S103: matching initiate direction matching recipient send information matches request, wherein information matches request include Match initiator construction first promise to undertake, first signature and the first identity information, wherein first promise to undertake by matching initiator according to The first information to be matched and zero-knowledge proof theory obtain, and the first signature is obtained by matching initiator according to the first private key.
Specifically, the first information to be matched is that matching initiator needs to carry out matched information with matching recipient, It includes the privacy informations of matching initiator.Zero-knowledge proof (Zero-Knowledge Proof) refers to that certifier can be In the case where not providing any useful information to verifier, verifier is made to believe that some judgement is correct.Zero-knowledge proof Substantially a kind of to be related to the agreement of two sides or more side, i.e. two sides or more take a series of needed for just accomplishing a task Step.Certifier proves and believes it oneself to know or possess a certain message to verifier, but proof procedure cannot be to verifying Person leaks any about the information for being proved to message.
In the specific implementation process, can use zero-knowledge proof theory treat the matched first information carry out processing obtain It obtains first to promise to undertake, the first signature is generated according to the first private key.
As a kind of optional embodiment, first is promised to undertake by matching initiator according to the first information and Zero Knowledge to be matched Certification theory obtains, comprising:
It matches initiator and the first information to be matched is converted into first information tuple { a1,...,ak, wherein a1、akPoint Different information types is not indicated, chooses the group G of rank prime number q in advance by trusted enterprise certification authority, is chosen from group G and is generated member G and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq, wherein hash function For the 0 of random length, 1 string to be mapped to integer field Zq
From integer field ZqRandomly choose vi, i ∈ 1 ..., k constitute tuple { v1,...,vk, using zero-knowledge proof theory Construction first is promised to undertake, is specifically included:
ri=vi-cαi,i∈1,...,k
Wherein, XiWithBy matching initiator to generate first g as the truth of a matter, aiviIt is generated for index, wherein XiInclude the first letter Cease tuple { a1,...,ak,Include the tuple { v randomly selected1,...,vk, wherein (c, { (ri,Xi)|i∈1,...,k}) It is promised to undertake for first.
Specifically, a1a1...akAk indicates that different information types, such as a string of characters, number etc., q indicate one big Prime number, bit length 160bit or more, group G are the prime number groups that rank is q.The effect of hash function is to reflect 0,1 string of random length It is mapped to integer field Zq, XiWithIt is all for generating the first promise, they are generated by the same matching participant, and the truth of a matter is all G, X thereiniIt contains and needs matched information tuple { a1,...,ak,Contain the tuple { v randomly selected1,..., vk}。
Step S104: matching recipient promises to undertake the first identity information, the first signature and first and verifies, if verifying is logical It crosses, is then promised to undertake according to the second information to be matched and zero-knowledge proof theory building second, and obtain second according to the second private key Signature.
Specifically, the second information to be matched is that matching recipient matches with the first information with matching initiator Information, it includes matching recipient privacy information
As a kind of optional embodiment, matches recipient and progress is promised to undertake to the first identity information, the first signature and first Verifying, comprising:
It is requested to obtain the first identity information, the first signature and the first promise according to information matches;
First identity information is verified, if being verified, the first signature is authenticated, if it is verified, then It promises to undertake and verifies to first.
As a kind of optional embodiment, matches recipient and the first promise is verified: including:
It promises to undertake to calculate according to first and obtains the first resulti∈1,...,k;
According to the first resultIt promises to undertake and verifies to first, specifically include: judging equation
It is whether true, if set up, it is verified, if invalid, Authentication failed.
Specifically, due to including the first promise in the received information matches request of matching recipient, then can basis First promises to undertake calculatingIn the specific implementation process,It can be according to the r in the first promisei,XiIt is calculated with c It obtains, whereinI and first promise to undertake in i be consistent.
As a kind of optional embodiment, recipient is matched according to the second information to be matched and zero-knowledge proof theory structure Make the second promise, comprising:
It matches recipient and the second information to be matched is converted into the second information tuple { b1,...,bm, wherein b1、bmPoint Different information types is not indicated, chooses the group G of rank prime number q in advance by trusted enterprise certification authority, is chosen from group G and is generated member G and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq, wherein hash function For the 0 of random length, 1 string to be mapped to integer field Zq
From integer field ZqRandomly choose vj, j ∈ 1 ..., m constitute tuple { v1,...,vm, using zero-knowledge proof theory Construction first is promised to undertake, is specifically included:
rj=vj-c′bj,j∈1,...,m
Wherein, XjWithBy matching recipient to generate first g as the truth of a matter, bj、vjIt is generated for index, wherein XjInclude second Information tuple { b1,...,bm,Include the tuple { v randomly selected1,...,vm, wherein (c ', { (rj,Xj)|j∈ 1 ..., m }) it is the second promise.
Specifically, since the method that matching recipient construction second is promised to undertake constructs the first side promised to undertake with initiator is matched Method is similar, and details are not described herein.
Step S105: the second identity information, the second signature and second are promised to undertake configuration information matching request by matching recipient The first response, by the first response be sent to matching initiator.
In the specific implementation process, the second identity information, the second signature and second can be promised to undertake and is added into message, To generate the first response of information matches request, the first response is above-mentioned message.
Step S106: matching initiator verifies the second identity information, the second signature and the second promise structure, if verifying Pass through, then send the second response to the matching method of reseptance, specifically, matching initiator can first receive matching Second identity information of side is verified, such as the second identity information is matched with the second digital certificate, if can with Match, then authentication success, then the second signature is authenticated, can obtain matching recipient's from the second digital certificate Then second public key is verified by the second public key, since the second signature of matching recipient is produced according to the second private key Raw, and the second public key and the second private key are a key pairs, so that matching initiator can be by the second public key come to second The correctness of signature is verified.In the specific implementation process, the second response is that direction matching recipient's transmission is initiated in matching Confirmation message.As optional, since matching recipient may have multiple, then can be sent out by matching initiator record with matching The square associated matching recipient that conversates is played, corresponding response and relevant information are sent to corresponding in order to subsequent With recipient.For example, will be recorded in table with the initiator associated matching recipient that conversates is matched, and it is stored in this Ground.
Step S107: matching initiator promises to undertake according to first and second promises to undertake, obtains the first calculated result, matches initiator Third signature is constructed according to the first public key, and the first calculated result and third signature are sent into matching recipient.
Specifically, matching initiator promises to undertake according to first and second promises to undertake, obtains the first calculated result, can use base In the multi-party computations method or other methods of set relation.
It as a kind of optional embodiment, matches initiator and is promised to undertake according to the first promise and second, acquisition first, which calculates, ties Fruit, comprising:
Promise to undertake that obtaining first generates set according to first, wherein the first element generated in set is promised to undertake by generating first Data constitute;
Promise to undertake that obtaining second generates set according to second, wherein the second element generated in set is promised to undertake by generating second Data constitute;
It obtains first and generates the first intersection that set generates set with second;
Hash function is executed to the first intersection, obtains the first calculated result.
Specifically, matching initiator can promise to undertake (c, { (r according to firsti,Xi) | i ∈ 1 ..., k }) obtain the first life At set, i.e., according in the first promiseThe result that is calculated constitute first and generate set, { Xi, i=1 .., K }, similarly, matching recipient can obtain according to same method and receive the second generation set { Xj, j=1 .., m }, then Set is generated by first and the second generation set is compared, and is found out two intersection of sets collection (i.e. the first intersection), can be denoted as:
χ={ Xi, i=1 .., k } and ∩ { Xj, j=1 .., m }, next, H operation is executed to χ, to obtain the first calculating As a result H (χ).
In the specific implementation process, matching initiator according to the first public key construct third signature, the first calculated result and Third signature is sent to and matches recipient, specifically can be by being used as message constructing third signature δ to H (χ)3, then by (H (χ),δ3) it is sent to matching participant.
Step S108: matching recipient promises to undertake according to first and second promises to undertake, obtains the second calculated result.
Specifically, matching recipient promises to undertake according to first and second promises to undertake, obtains the second calculated result, can also use Multi-party computations method or other methods based on set relation.
It as a kind of optional embodiment, matches recipient and is promised to undertake according to the first promise and second, acquisition second, which calculates, ties Fruit, comprising:
Promise to undertake that obtaining second generates set according to second, wherein the second element generated in set is promised to undertake by generating second Data constitute;
Promise to undertake that obtaining first generates set according to first, wherein the first element generated in set is promised to undertake by generating first Data constitute;
It obtains second and generates the second intersection that set generates set with first;
Hash function is executed to the second intersection, obtains the second calculated result.
Specifically, matching recipient can promise to undertake (c ', { (r according to secondj,Xj) | j ∈ 1 ..., m }) obtain the second life At set, i.e., according in the first promiseThe result that is calculated constitute second and generate set { Xj, j=1 .., M }, set and second then is generated by first and generates set and is compared, and finds out two intersection of sets collection (i.e. the second intersection), it can be with It is denoted as χ ',
χ '={ Xj, j=1 .., m } and ∩ { Xi, i=1 .., k }, next, being operated to χ ' execution H, to obtain the second meter It calculates result H (χ ').
Step S109: after matching recipient receives second response, verifying third signature, if being verified, Then the first calculated result is compared with the second calculated result, if comparison result is equal, successful match, if comparison result is not Equal, then it fails to match.
Specifically, the first calculated result for matching recipient is H (χ), and matching recipient receives matching sender and sends Message be (H (χ), δ3), matching method of reseptance receive matching sender send the second response after, to third sign into Row verifying terminates session if signature verification fails.If being verified, judge whether equation H (χ)=H (χ ') is true, if Set up then successful match;Otherwise it fails to match.
As a kind of optional embodiment, the first calculated result is being compared with the second calculated result, if comparing knot Fruit is equal, then after successful match, the method for the present embodiment further include:
Matching recipient's compared result is sent to matching initiator after signing.
In information matching method provided in an embodiment of the present invention, on the whole, step S101, step S102 belongs in Fig. 2 Shown in system initialization, step S103, step S104, step S105 belongs to information shown in Fig. 2 proves, step S106, Step S107, step S108 belongs to information matches shown in Fig. 2, and step S109, which belongs to information shown in Fig. 2, to be proved.The present invention is real The method for applying the information matches of an offer can be applied to the matching of the privacy information of anti-malicious act under business intelligence environment, It include trusted enterprise certification authority, the private services device cluster of each enterprise using distributed frame.First, use nonreciprocal zero Knowledge proof designs a kind of safe data proof of possession method, in multiple enterprises under the premise of not revealing both sides' privacy, to Participant proves oneself to possess specific privacy information.Second, have devised a kind of safe information matching method, this method energy It is enough securely to be compared the information that multiple users are held, and in the acquisition participant in the case where guaranteeing fair and oneself Shared information result.
The information matching method provided in order to illustrate the embodiments of the present invention more clearly realizes process, hands over below by one Mutual embodiment is discussed in detail: the participant of information matches includes matching sender, matching recipient and trusted enterprise certification Mechanism.Firstly, in system initialisation phase: matching sender executes step 1.1 and generates first key pair, and retains first key First private key of centering, matching recipient generates the second key pair, and retains the second private key of the second cipher key pair, next holds Row step 1.2: matching sending direction letter corporate authentication mechanism sends the first registration request, matching receiving direction trusted enterprise certification Mechanism sends the second registration request, and after registering through, trusted enterprise certification authority is respectively to matching sender and matching recipient Send the first digital certificate and the second digital certificate;Then execute step 1.3: matching sender, which extracts, sorts out the first tuple, Matching recipient extracts and sorts out the second tuple, then executes step 1.4: trusted enterprise certification authority chooses open zero-knowledge proof Global parameter and hash function.Prove the stage followed by information, execute step 2.1: matching sender initiates matching request, And the first tuple is promised to undertake using zero-knowledge proof construction first, and generate the first signature, next execute step 2.2: matching Recipient verifies matched first identity information of matching sender, does not pass through such as, then refuses to match, such as pass through, then Matching recipient continues the first signature of verifying matching sender, does not pass through such as, then refuses to match, such as pass through, then match reception The first of Fang Jixu verifying matching sender is promised to undertake, is not passed through such as, is then refused to match, such as pass through, then follow the steps 2.3: to the Binary group is promised to undertake using zero-knowledge proof construction second, and generates response and the second signature, then execute step 2.4: matching is sent Side verifies the second identity information for the matching recipient for sending the first response, if not passing through, refuses to match, such as logical It crosses, then continues the second signature of verifying matching recipient, do not pass through such as, then refuse to match, such as pass through, then continue verifying matching and connect The second of debit is promised to undertake, is not passed through such as, is then refused to match, such as pass through, then usage record table T record matching recipient and matching The relevant information of request, and the second response is sent to matching recipient.Next enter the information matches stage, execute step 3.1: Matching sender promises to undertake according to the second of matching recipient executes matching, and obtain χ, then execute step 3.2: matching receives root It is promised to undertake according to the first of matching sender and executes matching, obtain χ '.It finally enters information and discloses the stage, execute step 4.1: matching hair The side of sending calculates H (χ) and constructs third signature, and be sent to matching recipient, then execute step 4.2: matching recipient receives After second response, third signature is verified, if not passing through, refuses to match, judgement passes through the calculated H of χ ' if passing through Whether (χ ') and H (χ) be equal, if equal, successful match, otherwise it fails to match.
Said one or multiple technical solutions in the embodiment of the present application at least have following one or more technology effects Fruit:
In method provided by the invention, before carrying out information matches, matching is initiated by matching initiator and matching recipient Fang Shengcheng first key is to rear, and to trusted enterprise, certification authority is registered, and obtains the first digital certificate, and matching recipient generates After second key pair, to trusted enterprise, certification authority is registered, and obtains the second digital certificate, can be with by digital certificate technique Guarantee matching initiator and matches the authenticity of recipient's identity.And it matches initiator to manage using non-interactive zero-knowledge proof It is promised to undertake by construction first, matching recipient promises to undertake the first identity information of matching initiator, the first signature and first and tests Card, after verifying passes through, matching recipient also uses and matches the same non-interactive zero-knowledge proof theory building of initiator Second promise to undertake, then by institute the second identity information, second signature and second promise to undertake configuration information matching request the first response, send out It send to matching initiator;Then matching initiator verifies the first response, matching recipient promises to undertake and second according to first Promise to undertake obtain the second calculated result with match sender according to first promise to undertake and second promise acquisition the first calculated result into Row compares, if comparison result is equal, successful match, if comparison result is unequal, it fails to match.By the above method, adopt With non-interactive zero-knowledge proof and Secure Multi-party Computation Protocols, the present invention can ensure that the user of malice cannot forge falseness Information participates in matching, and can prevent the behavior that participant is denied during information matches, so that matching initiator and reception Under the premise of not revealing, complete data effectively proves the private data of side, ensure that the correctness of both sides' privacy information, So can guarantee the accuracy and safety of matching result.Solve that matching result accuracy exists in the prior art is not high The technical issues of.
Based on the same inventive concept, present invention also provides and a kind of dress corresponding with the method for information matches of embodiment It sets, detailed in Example two.
Embodiment two
The present embodiment provides a kind of devices of information matches, are applied to matching initiator, matching recipient and trusted enterprise Certification authority refers to Fig. 3, which includes:
First registration module 301 initializes first key to rear for matching initiator, infuses to trusted enterprise certification authority Volume obtains the first digital certificate, wherein for first key to including the first public key and the first private key, the first digital certificate includes the First identity information of one public key and matching initiator;
Second registration module 302 is infused after matching recipient's the second key pair of initialization to trusted enterprise certification authority Volume obtains the second digital certificate, wherein the second key pair include the second public key and the and private key, the second digital certificate include the Second identity information of two public keys and matching recipient;
First sending module 303 initiates direction matching recipient's transmission information matches request for matching, wherein information It include the first promise, the first signature and the first identity information of matching initiator's construction with request, wherein first promises to undertake by matching Initiator obtains according to the first information to be matched and zero-knowledge proof theory, and the first signature is by matching initiator according to the first private Key obtains;
Constructing module 304 verifies the first identity information, the first signature and the first promise for matching recipient, If being verified, promised to undertake according to the second information to be matched and zero-knowledge proof theory building second, and according to the second private key Obtain the second signature;
Second sending module 305 is believed for matching recipient and promising to undertake to constitute by the second identity information, the second signature and second First response is sent to matching initiator by the first response for ceasing matching request;
Authentication module 306 tests the second identity information, the second signature and the second promise structure for matching initiator Card sends the second response to matching recipient if being verified;
Third sending module 307, for matching, initiator promises to undertake according to first and the second promise, acquisition first calculate knot Fruit;It matches initiator and third signature is constructed according to the first public key, and the first calculated result and third signature are sent to matching and connect Debit;
Matching module 308, for matching, recipient promises to undertake according to first and second promises to undertake, the second calculated result of acquisition;
It proves module 309, after matching recipient's the second response of reception, third signature is verified, if verifying is logical It crosses, is then compared the first calculated result with the second calculated result, if comparison result is equal, successful match, if comparing knot Fruit is unequal, then it fails to match.
As a kind of optional embodiment, the present embodiment provides in device, the first sending module 303 is also used to:
It matches initiator and the first information to be matched is converted into first information tuple { a1,...,ak, wherein a1、akPoint Different information types is not indicated, chooses the group G of rank prime number q in advance by trusted enterprise certification authority, is chosen from group G and is generated member G and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq, wherein hash function For the 0 of random length, 1 string to be mapped to integer field Zq
From integer field ZqRandomly choose vi, i ∈ 1 ..., k constitute tuple { v1,...,vk, using zero-knowledge proof theory Construction first is promised to undertake, is specifically included:
ri=vi-cαi,i∈1,...,k
Wherein, XiWithBy matching initiator to generate first g as the truth of a matter, ai viIt is generated for index, wherein XiInclude first Information tuple { a1,...,ak,Include the tuple { v randomly selected1,...,vk, wherein (c, { (ri,Xi)|i∈1,..., K }) it is the first promise.
As a kind of optional embodiment, the present embodiment provides in device, constructing module 304 is also used to:
It is requested to obtain the first identity information, the first signature and the first promise according to information matches;
First identity information is verified, if being verified, the first signature is authenticated, if it is verified, then It promises to undertake and verifies to first.
As a kind of optional embodiment, the present embodiment provides in device, constructing module 304 is also used to:
It promises to undertake to calculate according to first and obtains the first resulti∈1,...,k;
According to the first resultIt promises to undertake and verifies to first, specifically include: judging equation
It is whether true, if set up, it is verified, if invalid, Authentication failed.
As a kind of optional embodiment, the present embodiment provides in device, constructing module 304 is also used to:
It matches recipient and the second information to be matched is converted into the second information tuple { b1,...,bm, wherein b1、bmPoint Different information types is not indicated, chooses the group G of rank prime number q in advance by trusted enterprise certification authority, is chosen from group G and is generated member G and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq, wherein hash function For the 0 of random length, 1 string to be mapped to integer field Zq
From integer field ZqRandomly choose vj, j ∈ 1 ..., m constitute tuple { v1,...,vm, using zero-knowledge proof theory Construction first is promised to undertake, is specifically included:
rj=vj-c′bj,j∈1,...,m
Wherein, XjWithBy matching recipient to generate first g as the truth of a matter, bj、vjIt is generated for index, wherein XjInclude second Information tuple { b1,...,bm,Include the tuple { v randomly selected1,...,vm, wherein (c ', { (rj,Xj)|j∈ 1 ..., m }) it is the second promise.
As a kind of optional embodiment, the present embodiment provides in device, third sending module 307 is also used to:
Promise to undertake that obtaining first generates set according to first, wherein the first element generated in set is promised to undertake by generating first Data constitute;
Promise to undertake that obtaining second generates set according to second, wherein the second element generated in set is promised to undertake by generating second Data constitute;
It obtains first and generates the first intersection that set generates set with second;
Hash function is executed to the first intersection, obtains the first calculated result.
As a kind of optional embodiment, the present embodiment provides in device, matching module 308 is also used to:
Promise to undertake that obtaining second generates set according to second, wherein the second element generated in set is promised to undertake by generating second Data constitute;
Promise to undertake that obtaining first generates set according to first, wherein the first element generated in set is promised to undertake by generating first Data constitute;
It obtains second and generates the second intersection that set generates set with first;
Hash function is executed to the second intersection, obtains the second calculated result.
As a kind of optional embodiment, further includes the 4th sending module the present embodiment provides device, is used for:
First calculated result is being compared with the second calculated result, if comparison result is equal, after successful match:
Matching recipient's compared result is sent to matching initiator after signing.
By the device that the embodiment of the present invention two is introduced, the information matching method to implement the embodiment of the present invention one is adopted Device, so based on the method that the embodiment of the present invention one is introduced, the affiliated personnel in this field can understand the tool of the device Body structure and deformation, so details are not described herein.Device used by the method for all embodiment of the present invention one belongs to this hair The bright range to be protected.
Embodiment three
Based on the same inventive concept, present invention also provides a kind of computer equipment, Fig. 4 is referred to, including storage 401, On a memory and the computer program 403 that can run on a processor, processor 402 executes above-mentioned for processor 402 and storage The method in embodiment one is realized when program.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, those skilled in the art can carry out various modification and variations without departing from this hair to the embodiment of the present invention The spirit and scope of bright embodiment.In this way, if these modifications and variations of the embodiment of the present invention belong to the claims in the present invention And its within the scope of equivalent technologies, then the present invention is also intended to include these modifications and variations.

Claims (10)

1. a kind of matching process of information, which is characterized in that be applied to matching initiator, matching recipient and trusted enterprise certification Mechanism, which comprises
The matching initiator initializes first key to rear, registers to the trusted enterprise certification authority, obtains the first number Certificate, wherein for the first key to including the first public key and the first private key, first digital certificate includes described first public First identity information of key and the matching initiator;
It after the matching recipient initializes the second key pair, is registered to the trusted enterprise certification authority, obtains the second number Certificate, wherein second key pair includes the second public key and the second private key, and second digital certificate includes described second public Second identity information of key and the matching recipient;
The matching initiates matching recipient described in direction and sends information matches request, wherein information matches request includes institute State the first promise, the first signature and the first identity information of matching initiator, wherein described first promises to undertake by matching initiation Root is obtained according to the first information to be matched and zero-knowledge proof theory, and first signature is by the matching initiator according to institute State the acquisition of the first private key;
The matching recipient promises to undertake first identity information, first signature and described first and verifies, if testing Card passes through, then is promised to undertake according to the second information to be matched and the zero-knowledge proof theory building second, and according to described second Private key obtains the second signature;
The matching recipient, which promises to undertake second identity information, second signature and described second, constitutes the information First response is sent to the matching initiator by the first response with request;
The matching initiator verifies second identity information, second signature and the second promise structure, if It is verified, then sends the second response to the matching method of reseptance;
The matching initiator promises to undertake according to described first and described second promises to undertake, obtains the first calculated result, the matching hair Root is played according to first public key construction third signature, and first calculated result and third signature is sent to described Match recipient;
The matching recipient promises to undertake according to described first and described second promises to undertake, obtains the second calculated result;
After the matching recipient receives second response, third signature is verified, if being verified, by institute The first calculated result is stated to be compared with second calculated result, if comparison result is equal, successful match, if comparison result Unequal, then it fails to match.
2. the method as described in claim 1, which is characterized in that described first promises to undertake by the matching initiator according to be matched The first information and zero-knowledge proof theory obtain, comprising:
The first information to be matched is converted into first information tuple { a by the matching initiator1,...,ak, wherein a1、 akDifferent information types is respectively indicated, chooses the group G of rank prime number q in advance by the trusted enterprise certification authority, from the group G Middle selection generates member g and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq, In, the hash function is used to the 0 of random length, 1 string being mapped to integer field Zq
From the integer field ZqRandomly choose vi, i ∈ 1 ..., k constitute tuple { v1,...,vk, using zero-knowledge proof theory It constructs described first to promise to undertake, specifically include:
ri=vi-cαi, i ∈ 1 ..., k
Wherein, XiWithBy the matching initiator to generate first g as the truth of a matter, ai viIt is generated for index, wherein XiInclude the first letter Cease tuple { a1,...,ak,Include the tuple { v randomly selected1,...,vk, wherein (c, { (ri,Xi)|i∈1,...,k}) It is promised to undertake for described first.
3. method according to claim 2, which is characterized in that the matching recipient is to first identity information, described First signature and first promise are verified, comprising:
First identity information is obtained according to information matches request, first signature and described first is promised to undertake;
First identity information is verified, if being verified, first signature is authenticated, if verifying is logical It crosses, then promises to undertake and verify to described first.
4. method as claimed in claim 3, which is characterized in that the matching recipient promises to undertake to described first and verifies: Include:
It promises to undertake to calculate according to described first and obtains the first result
According to first resultIt promises to undertake and verifies to described first, specifically include: judging equation
It is whether true, if set up, it is verified, if invalid, verifies Failure.
5. the method as described in claim 1, which is characterized in that the matching recipient is according to the second information to be matched and institute State the promise of zero-knowledge proof theory building second, comprising:
Second information to be matched is converted into the second information tuple { b by the matching recipient1,...,bm, wherein b1、 bmDifferent information types is respectively indicated, chooses the group G of rank prime number q in advance by the trusted enterprise certification authority, from the group G Middle selection generates member g and integer field Zq, and global parameter (Z is setq, G, q, g) and hash function H:{ 0,1 * → Zq, In, the hash function is used to the 0 of random length, 1 string being mapped to integer field Zq
From the integer field ZqRandomly choose vj, j ∈ 1 ..., m constitute tuple { v1,...,vm, using zero-knowledge proof theory It constructs described first to promise to undertake, specifically include:
rj=vj-c′bj,j∈1,...,m
Wherein, XjWithBy the matching recipient to generate first g as the truth of a matter, bj、vjIt is generated for index, wherein XjInclude second Information tuple { b1,...,bm,Include the tuple { v randomly selected1,...,vm, wherein (c ', { (rj,Xj)|j∈ 1 ..., m }) it is second promise.
6. method according to claim 2, which is characterized in that the matching initiator promises to undertake and described the according to described first Two promise to undertake, obtain the first calculated result, comprising:
Promise to undertake that obtaining first generates set according to described first, wherein the element in the first generation set is as described in generating First data promised to undertake are constituted;
Promise to undertake that obtaining second generates set according to described second, wherein the element in the second generation set is as described in generating Second data promised to undertake are constituted;
It obtains described first and generates the first intersection that set generates set with described second;
The hash function is executed to first intersection, obtains first calculated result.
7. method according to claim 2, which is characterized in that the matching recipient promises to undertake and described the according to described first Two promise to undertake, obtain the second calculated result, comprising:
Promise to undertake that obtaining second generates set according to described second, wherein the element in the second generation set is as described in generating Second data promised to undertake are constituted;
Promise to undertake that obtaining first generates set according to described first, wherein the element in the first generation set is as described in generating First data promised to undertake are constituted;
It obtains described second and generates the second intersection that set generates set with described first;
The hash function is executed to second intersection, obtains second calculated result.
8. the method for claim 7, which is characterized in that by first calculated result and second calculated result It is compared, if comparison result is equal, after successful match, the method also includes:
Matching recipient's compared result is sent to the matching initiator after signing.
9. a kind of coalignment of information, which is characterized in that be applied to matching initiator, matching recipient and trusted enterprise certification Mechanism, described device include:
First registration module, for matching initiator initialization first key to rear, to the trusted enterprise certification authority Registration obtains the first digital certificate, wherein for the first key to including the first public key and the first private key, described first is digital Certificate includes the first identity information of first public key and the matching initiator;
Second registration module, after initializing the second key pair for the matching recipient, to the trusted enterprise certification authority Registration obtains the second digital certificate, wherein second key pair include the second public key and the and private key, second number Certificate includes the second identity information of second public key and the matching recipient;
First sending module initiates matching recipient described in direction for the matching and sends information matches request, wherein described Information matches request includes the first promise, the first signature and the first identity information of the matching initiator construction, wherein described First promises to undertake by the matching initiator according to the first information to be matched and the acquisition of zero-knowledge proof theory, first signature It is obtained by the matching initiator according to first private key;
Constructing module promises to undertake first identity information, first signature and described first for the matching recipient It is verified, if being verified, is promised to undertake according to the second information to be matched and the zero-knowledge proof theory building second, and The second signature is obtained according to second private key;
Second sending module is used for the matching recipient for second identity information, second signature and described second It promises to undertake the first response for constituting the information matches request, first response is sent to the matching initiator;
Authentication module promises to undertake second identity information, second signature and described second for the matching initiator Structure is verified, if being verified, sends the second response to the matching method of reseptance;
Third sending module promises to undertake according to described first for the matching initiator and described second promises to undertake, obtains the first meter It calculates as a result, the matching initiator constructs third signature according to first public key, and by first calculated result and described Third signature is sent to and the matching recipient;
Matching module promises to undertake according to described first for the matching recipient and described second promises to undertake, obtains second and calculate knot Fruit;
After proving that module, the matching recipient receive second response, third signature is verified, if verifying is logical It crosses, is then compared first calculated result with second calculated result, if comparison result is equal, successful match, If comparison result is unequal, it fails to match.
10. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, which is characterized in that the processor is realized when executing described program such as any one of claim 1 to 8 claim The method.
CN201810763376.6A 2018-07-12 2018-07-12 Information matching method and device Active CN109104410B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810763376.6A CN109104410B (en) 2018-07-12 2018-07-12 Information matching method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810763376.6A CN109104410B (en) 2018-07-12 2018-07-12 Information matching method and device

Publications (2)

Publication Number Publication Date
CN109104410A true CN109104410A (en) 2018-12-28
CN109104410B CN109104410B (en) 2021-01-01

Family

ID=64846114

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810763376.6A Active CN109104410B (en) 2018-07-12 2018-07-12 Information matching method and device

Country Status (1)

Country Link
CN (1) CN109104410B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756343A (en) * 2019-01-31 2019-05-14 平安科技(深圳)有限公司 Authentication method, device, computer equipment and the storage medium of digital signature
CN109886029A (en) * 2019-01-28 2019-06-14 湖北工业大学 Secret protection set intersection calculation method and system based on polynomial repressentation
CN113569294A (en) * 2021-09-22 2021-10-29 浙江大学 Zero knowledge proving method and device, electronic equipment and storage medium
CN114553443A (en) * 2022-04-25 2022-05-27 湖南三湘银行股份有限公司 Method and system for docking third-party data model

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101257380A (en) * 2007-12-05 2008-09-03 航天信息股份有限公司 User entity for self-generating public key certificate and system and method for managing public key certificate
CN104270351A (en) * 2014-09-22 2015-01-07 湖北工业大学 Information matching method and system based on mobile terminal privacy protection
CN104717067A (en) * 2013-12-17 2015-06-17 中国移动通信集团辽宁有限公司 Safety verification method, device and system based on non-interactive zero-knowledge
US20150341792A1 (en) * 2014-05-22 2015-11-26 Sypris Electronics, Llc Network authentication system with dynamic key generation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101257380A (en) * 2007-12-05 2008-09-03 航天信息股份有限公司 User entity for self-generating public key certificate and system and method for managing public key certificate
CN104717067A (en) * 2013-12-17 2015-06-17 中国移动通信集团辽宁有限公司 Safety verification method, device and system based on non-interactive zero-knowledge
US20150341792A1 (en) * 2014-05-22 2015-11-26 Sypris Electronics, Llc Network authentication system with dynamic key generation
CN104270351A (en) * 2014-09-22 2015-01-07 湖北工业大学 Information matching method and system based on mobile terminal privacy protection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZHANG MINGWU等: "Tolerating Sensitive-Leakage With Larger Plaintext-Space and Higher Leakage-Rate in Privacy-Aware Internet-of-Things", 《IEEE ACCESS》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109886029A (en) * 2019-01-28 2019-06-14 湖北工业大学 Secret protection set intersection calculation method and system based on polynomial repressentation
CN109756343A (en) * 2019-01-31 2019-05-14 平安科技(深圳)有限公司 Authentication method, device, computer equipment and the storage medium of digital signature
CN109756343B (en) * 2019-01-31 2021-07-20 平安科技(深圳)有限公司 Authentication method and device for digital signature, computer equipment and storage medium
CN113569294A (en) * 2021-09-22 2021-10-29 浙江大学 Zero knowledge proving method and device, electronic equipment and storage medium
US11550952B1 (en) 2021-09-22 2023-01-10 Zhejiang University Zero-knowledge proof method and electronic device
CN114553443A (en) * 2022-04-25 2022-05-27 湖南三湘银行股份有限公司 Method and system for docking third-party data model
CN114553443B (en) * 2022-04-25 2022-07-12 湖南三湘银行股份有限公司 Method and system for docking third-party data model

Also Published As

Publication number Publication date
CN109104410B (en) 2021-01-01

Similar Documents

Publication Publication Date Title
US11842317B2 (en) Blockchain-based authentication and authorization
CN109756485B (en) Electronic contract signing method, electronic contract signing device, computer equipment and storage medium
US11212081B2 (en) Method for signing a new block in a decentralized blockchain consensus network
CN103095453B (en) The Bloom filter of the public key encryption occured simultaneously using privately owned set
Baldimtsi et al. Anonymous credentials light
CN107967557A (en) Reputation Evaluation System and method, electronic fare payment system are changed based on block chain
CN111064734B (en) Block chain system user identity anonymity and traceable method, corresponding storage medium and electronic device
CN109104410A (en) A kind of matching process and device of information
CN109889497A (en) A kind of data integrity verification method for going to trust
Huang et al. Blockchain-assisted transparent cross-domain authorization and authentication for smart city
CN113301022A (en) Internet of things equipment identity security authentication method based on block chain and fog calculation
CN113360943A (en) Block chain private data protection method and device
Yu et al. Identity‐Based Proxy Signcryption Protocol with Universal Composability
Šimunić et al. Verifiable computing applications in blockchain
CN106506165A (en) Fictitious assets anonymity sort method based on homomorphic cryptography
CN113468570A (en) Private data sharing method based on intelligent contract
CN108259180B (en) Method for quantum specifying verifier signature
Boontaetae et al. RDI: Real digital identity based on decentralized PKI
US8868903B2 (en) Digital arbitration
CN110519040A (en) The anti-quantum calculation digital signature method and system of identity-based
Wang et al. A novel blockchain identity authentication scheme implemented in fog computing
CN113362065A (en) Online signature transaction implementation method based on distributed private key
Huang et al. How to protect privacy in optimistic fair exchange of digital signatures
Huang et al. Dynamic Group Signature Scheme on Lattice with Verifier-local Revocation
Deng et al. A Secure and Efficient Access Control Scheme for Shared IoT Devices over Blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant