CN110351090A - Group ranking digital certificate revokes method and device, storage medium, electronic equipment - Google Patents

Group ranking digital certificate revokes method and device, storage medium, electronic equipment Download PDF

Info

Publication number
CN110351090A
CN110351090A CN201910447511.0A CN201910447511A CN110351090A CN 110351090 A CN110351090 A CN 110351090A CN 201910447511 A CN201910447511 A CN 201910447511A CN 110351090 A CN110351090 A CN 110351090A
Authority
CN
China
Prior art keywords
digital certificate
target
group ranking
group
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910447511.0A
Other languages
Chinese (zh)
Other versions
CN110351090B (en
Inventor
何伟林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910447511.0A priority Critical patent/CN110351090B/en
Priority to PCT/CN2019/103431 priority patent/WO2020237879A1/en
Publication of CN110351090A publication Critical patent/CN110351090A/en
Application granted granted Critical
Publication of CN110351090B publication Critical patent/CN110351090B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

This disclosure relates to which field of computer technology more particularly to a kind of group ranking digital certificate revoke method and device, storage medium, electronic equipment.Wherein method includes: that response target complex signs digital certificate revokes request, obtains target random number corresponding with the target complex signs digital certificate;First Hash operation is done to the target random number, to obtain target abstract;Private key by revoking the group members of the target complex signs digital certificate, which runs group ranking algorithm, makes a summary to the target and carries out group ranking, revokes group ranking with obtain revoking the target complex signs digital certificate;The target random number and the group ranking of revoking are announced, to revoke the target complex signs digital certificate.Present disclose provides a kind of conceal to revoke the target complex signs digital certificates of the group members of target complex signs digital certificate and revoke mode, and mode is simply easy to carry out.

Description

Group ranking digital certificate revokes method and device, storage medium, electronic equipment
Technical field
This disclosure relates to which field of computer technology more particularly to a kind of group ranking digital certificate are revoked method and device, are deposited Storage media, electronic equipment.
Background technique
With the continuous development of electronic technology and network technology, people are more and more stronger to the dependence of network, especially logical Letter technology has become indispensable a part in people's life, Networks and information security also with technology development and increasingly Widely paid close attention to.In group ranking system, group members constitute a group, and each group members have a different private keys, private key and Unique group's public key is corresponding in group.Any one group members can represent this group and issue group ranking digital certificate in group, Verifier can use group public key to verify group ranking digital certificate, but can not determine the group members for issuing group ranking digital certificate Identity.
The group members of the group ranking digital certificate are issued since group ranking digital certificate conceals, it is thus impossible to pass through biography The verifying of system issues the signature of the group members of group ranking digital certificate to be revoked.
To sum up, it is urgently to be resolved that the method that providing one kind anonymous can revoke group ranking digital certificate has become one Problem.
It should be noted that information is only used for reinforcing the reason to the background of the disclosure disclosed in above-mentioned background technology part Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
A kind of group ranking digital certificate of being designed to provide of the disclosure is revoked method and device, storage medium, electronics and is set It is standby, a kind of method that anonymous can be revoked to group ranking digital certificate is provided.
According to one aspect of the disclosure, a kind of group ranking digital certificate is provided and revokes method, is applied to block chain, packet It includes:
Response target complex signs digital certificate revokes request, obtains target corresponding with the target complex signs digital certificate Random number;
First Hash operation is done to the target random number, to obtain target abstract;
Private key by revoking the group members of the target complex signs digital certificate runs group ranking algorithm to the target Abstract carries out group ranking, revokes group ranking with obtain revoking the target complex signs digital certificate;
The target random number and the group ranking of revoking are announced, to revoke the target complex signature number card Book.
In a kind of exemplary embodiment of the disclosure, the method also includes:
It responds target complex signs digital certificate and generates request, generate group ranking digital certificate;
The target random number is obtained, and the second Hash operation is carried out to the target random number, to obtain identification information;
The target complex signs digital certificate is generated according to the identification information and the group ranking digital certificate.
In a kind of exemplary embodiment of the disclosure, the method also includes:
The legitimate verification request that the target complex signs digital certificate is revoked is responded, the described of announcement is obtained and revokes group's label Name and the target random number;
The group ranking of revoking is verified by group's public key, group ranking and the target random number of revoking;
If the group ranking of revoking is verified, second Hash operation is carried out to the target random number, with To identification information to be compared;
Judge whether the identification information in the target complex signs digital certificate is identical as the identification information to be compared;
If they are the same, it is determined that revoking for the target complex signs digital certificate is legal.
It is described to obtain the target random number and random to the target in a kind of exemplary embodiment of the disclosure Number carries out the second Hash operation, includes: to obtain identification information
The target random number is obtained, and the first sub- Hash operation is carried out to the target random number, to obtain the first mark Know information;
Second sub- Hash operation is carried out to the target random number, to obtain second identifier information;
It is described that the target complex signs digital certificate packet is generated according to the identification information and the group ranking digital certificate It includes:
According to the first identifier information and the second identifier information and group ranking digital certificate generation Target complex signs digital certificate.
In a kind of exemplary embodiment of the disclosure, the method also includes:
The legitimate verification request that the target complex signs digital certificate is revoked is responded, the described of announcement is obtained and revokes group's label Name and the target random number;
The group ranking of revoking is verified by group's public key, group ranking and the target random number of revoking;
If the group ranking of revoking is verified, the first sub- Hash operation is carried out to the target random number, with Obtain the first identification information to be compared, and the second sub- Hash operation carried out to the target random number, with obtain second to Compare identification information;
Judge whether the first identifier information in the target complex signs digital certificate is believed with the described first mark to be compared Manner of breathing is same, and the second identifier information in the target complex signs digital certificate whether with the described second identification information phase to be compared Together;
If all the same, it is determined that revoking for the target complex signs digital certificate is legal.
In a kind of exemplary embodiment of the disclosure, it is described by group's public key, described revoke group ranking and the mesh Mark random number to it is described revoke group ranking carry out verifying include:
The group ranking of revoking is decrypted by group's public key, to obtain the target abstract;
First Hash operation is carried out to the target random number, to obtain abstract to be compared;
The target is made a summary and is matched with the abstract to be compared;
If matching, it is determined that the group ranking of revoking passes through verifying;
If mismatching, it is determined that described to revoke group ranking unverified.
According to one aspect of the disclosure, a kind of group ranking digital certificate is provided and revokes device, is applied to block chain, packet It includes:
First obtains module, revokes request for responding target complex signs digital certificate, obtains and the target group ranking The corresponding target random number of digital certificate;
First computing module, for doing the first Hash operation to the target random number, to obtain target abstract;
Signature blocks, the private key operation group ranking for the group members by revoking the target complex signs digital certificate are calculated Method makes a summary to the target and carries out group ranking, revokes group ranking with obtain revoking the target complex signs digital certificate;
Module is revoked in announcement, described to revoke for announcing the target random number and the group ranking of revoking Target complex signs digital certificate.
In a kind of exemplary embodiment of the disclosure, described device further include:
First generation module generates request for responding target complex signs digital certificate, generates group ranking digital certificate;
Second computing module carries out the second Hash fortune for obtaining the target random number, and to the target random number It calculates, to obtain identification information;
Second generation module, for generating the target complex label according to the identification information and the group ranking digital certificate Name digital certificate.
According to one aspect of the disclosure, a kind of computer readable storage medium is provided, computer program is stored thereon with, The computer program realized when being executed by processor it is any one of above-mentioned described in group ranking digital certificate revoke method.
According to one aspect of the disclosure, a kind of electronic equipment is provided, comprising:
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein, the processor be configured to execute via the executable instruction is executed it is any one of above-mentioned described in Group ranking digital certificate revokes method.
The group ranking digital certificate that the disclosure provides revokes method and device, storage medium, electronic equipment.By to mesh It marks the corresponding target random number of group ranking digital certificate and carries out the first Hash operation, to obtain target abstract, and by revoking mesh The private key operation group ranking algorithm for marking the group members of group ranking digital certificate, which makes a summary to target, carries out group ranking, to obtain revoking group Signature, and group ranking will be revoked and target random number is announced, to realize revoking for target complex signs digital certificate.Due to Private key by revoking the group members of target complex signs digital certificate runs group ranking algorithm to by demonstrate,proving with target complex signature number The target abstract of the corresponding target generating random number of book, which carries out group ranking, realizes target group ranking to obtain revoking group ranking The anonymity of digital certificate is revoked, and a kind of target group ranking for concealing and revoking the group members of target complex signs digital certificate is provided Digital certificate revokes mode, and mode is simply easy to carry out.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not The disclosure can be limited.
Detailed description of the invention
It is described in detail its exemplary embodiment by referring to accompanying drawing, the above and other feature and advantage of the disclosure will become It obtains more obvious.It should be evident that the accompanying drawings in the following description is only some embodiments of the present disclosure, it is common for this field For technical staff, without creative efforts, it is also possible to obtain other drawings based on these drawings.Attached In figure:
Fig. 1 is the flow chart that the group ranking digital certificate provided in one exemplary embodiment of the disclosure revokes method;
Fig. 2 is the flow chart of the generation target complex signs digital certificate provided in one exemplary embodiment of the disclosure;
Fig. 3 is the legitimacy that the verifying target complex signs digital certificate provided in one exemplary embodiment of the disclosure is revoked Flow chart one;
Fig. 4 is the legitimacy that the verifying target complex signs digital certificate provided in one exemplary embodiment of the disclosure is revoked Flowchart 2;
Fig. 5 is the block diagram that the group ranking digital certificate provided in one exemplary embodiment of the disclosure revokes device;
Fig. 6 is the module diagram of the electronic equipment in one exemplary embodiment of the disclosure;
Fig. 7 is the program product schematic diagram in one exemplary embodiment of the disclosure.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be real in a variety of forms It applies, and is not understood as limited to embodiment set forth herein;On the contrary, thesing embodiments are provided so that the disclosure will be comprehensively and complete It is whole, and the design of example embodiment is comprehensively communicated to those skilled in the art.Identical appended drawing reference indicates in figure Same or similar part, thus repetition thereof will be omitted.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner In example.In the following description, many details are provided to provide and fully understand to embodiment of the disclosure.However, It will be appreciated by persons skilled in the art that can be with technical solution of the disclosure without one in the specific detail or more It is more, or can be using other methods, constituent element, material, device, step etc..In other cases, it is not shown in detail or describes Known features, method, apparatus, realization, material or operation are to avoid fuzzy all aspects of this disclosure.
Block diagram shown in the drawings is only functional entity, not necessarily must be corresponding with physically separate entity. I.e., it is possible to realize these functional entitys using software form, or these are realized in the module of one or more softwares hardening A part of functional entity or functional entity, or realized in heterogeneous networks and/or processor device and/or microcontroller device These functional entitys.
A kind of group ranking digital certificate is disclosed in the present exemplary embodiment first and revokes method, is applied to block chain, institute Stating block chain can be deployed in multiple servers, and shown referring to Fig.1, the group ranking digital certificate method of revoking may include Following steps:
Step S110, response target complex signs digital certificate revokes request, obtains and the target complex signs digital certificate Corresponding target random number;
Step S120, the first Hash operation is done to the target random number, to obtain target abstract;
Step S130, group ranking algorithm pair is run by revoking the private key of the group members of the target complex signs digital certificate Target abstract carries out group ranking, revokes group ranking with obtain revoking the target complex signs digital certificate;
Step S140, the target random number and the group ranking of revoking are announced, to revoke the target complex label Name digital certificate.
Group ranking digital certificate according to the present exemplary embodiment revokes method, due to by revoking target complex number of signature The private key operation group ranking algorithm of the group members of word certificate is to raw by target random number corresponding with target complex signs digital certificate At target abstract carry out group ranking, to obtain revoking group ranking, the anonymity for realizing target complex signs digital certificate is revoked, and is mentioned A kind of conceal has been supplied to revoke the target complex signs digital certificates of the group members of target complex signs digital certificate and revoke mode, and side Formula is simply easy to carry out.
Next, with reference to Fig. 1, method is revoked to the group ranking digital certificate in the present exemplary embodiment and is made furtherly It is bright.
In step s 110, response target complex signs digital certificate revokes request, obtains and target complex signature number The corresponding target random number of certificate.
In the embodiment of the present application, first according to fig. 2, the process for generating target complex signs digital certificate is illustrated, As shown in Fig. 2, generating the process of target complex signs digital certificate may comprise steps of:
Step S210, response target complex signs digital certificate generates request, generates group ranking digital certificate.
In the embodiment of the present application, block chain calls intelligent contract, to run group developing algorithm, generates group's public key and group Administrator's private key.Each group members obtain the private key of oneself by registering to group administrator.Target is issued to user in a group members When group ranking digital certificate, block chain generates group ranking number card by the CA (e-business certification authorization machine) of the group members Book.
Step S220, the target random number is obtained, and the second Hash operation is carried out to the target random number, to obtain Identification information.
In the embodiment of the present application, block chain obtains a target random number, and the particular content of the target random number can be with Self-setting, the present exemplary embodiment do not do particular determination to this.The concrete type of second Hash operation can be by developing Personnel's self-setting, the present exemplary embodiment do not do particular determination to this.For example, second Hash operation can be SHA256 Or SM3 etc., the present exemplary embodiment does not do particular determination to this.After carrying out the second Hash operation to the target random number Obtained data are determined as identification information.
Step S230, the target complex signature number card is generated according to the identification information and the group ranking digital certificate Book.
In the embodiment of the present application, identification information can be stored in the extension field of group ranking digital certificate, to generate Target complex signs digital certificate.Group ranking digital certificate can also be marked by identification information, and by the group after label Signs digital certificate is determined as target complex signs digital certificate.It should be noted that after generating target complex signs digital certificate, It is announced after the target complex signs digital certificate is associated with target random number.
The target complex number of signature is responded when block chain receives target complex signs digital certificate and revokes request based on this The request of word certificate revocation, obtains the target random number corresponding with target complex signs digital certificate of announcement.
In the step s 120, the first Hash operation is done to the target random number, to obtain target abstract.
In the embodiment of the present application, the concrete type of first Hash operation can be with self-setting, this exemplary implementation Example does not do particular determination to this.It is determined as target abstract for the data obtained after the first Hash operation are done to target random number.
In step s 130, group ranking calculation is run by revoking the private key of the group members of the target complex signs digital certificate Method makes a summary to the target and carries out group ranking, revokes group ranking with obtain revoking the target complex signs digital certificate.
In the embodiment of the present application, the private key for revoking the group members of target complex signs digital certificate is obtained, and passes through the private Key, which calls and runs group ranking algorithm, carries out group ranking to target abstract, to obtain revoking revoking for target complex signs digital certificate Group ranking.
It is worth noting that, execute group ranking algorithm by the private keys of group members to obtain group ranking, be not group herein at The signature of member oneself.The private key of each group members is different, and group members are only merely to call group ranking according to the private key of oneself Algorithm, the signature of final signature not instead of group members oneself, the signature of all group members, i.e. group ranking.The group ranking can With with group's public key decryptions, and running group ranking algorithm by private key can then be hidden with the identity for executing the group members revoked.
In step S140, the target random number and the group ranking of revoking are announced, to revoke the target Group ranking digital certificate.In the embodiment of the present application, by target random number with revoke group ranking be associated with after announce, with complete Pairs of target complex signs digital certificate is revoked.
Further, in order to verify the legitimacy that target complex signs digital certificate is revoked, as shown in figure 3, this method may be used also To include:
Step S310, the legitimate verification request that the target complex signs digital certificate is revoked is responded, the institute of announcement is obtained It states and revokes group ranking and the target random number.In the embodiment of the present application, the target random number of announcement is and revokes group It signs associated target random number.
Step S320, it is revoked by group's public key, the target random number for revoking group ranking and announcement to described Group ranking is verified.
In the embodiment of the present application, firstly, the group ranking of revoking is decrypted by group's public key, to obtain the mesh Then mark abstract carries out first Hash operation to the target random number of announcement, to obtain abstract to be compared, finally, The target is made a summary and is matched with the abstract to be compared;If matching, it is determined that the group ranking of revoking passes through verifying;If It mismatches, it is determined that described to revoke group ranking unverified.
If step S330, the described group ranking of revoking is verified, described the is carried out to the target random number of announcement Two Hash operations, to obtain identification information to be compared.In the embodiment of the present application, it is verified if revoking group ranking, to public affairs The target random number of cloth carries out the second Hash operation, and obtained result is determined as identification information to be compared.
Step S340, judge whether the identification information in the target complex signs digital certificate is believed with the mark to be compared Manner of breathing is same.In the embodiment of the present application, the identification information in target complex signs digital certificate is carried out with identification information to be compared Matching, and according to matching result judge the identification information in target complex signs digital certificate whether with identification information phase to be compared Together, if identification information in target complex signs digital certificate and identification information match to be compared, target complex signs digital certificate In identification information it is identical as identification information to be compared, if identification information in target complex signs digital certificate and mark to be compared Information mismatches, then the identification information in target complex signs digital certificate and identification information to be compared be not identical.
Step S350, if they are the same, it is determined that revoking for the target complex signs digital certificate is legal.In the application reality It applies in example, if the identification information in group ranking digital certificate is identical as identification information to be compared, it is determined that target complex signature number Revoking for certificate is legal.
From the foregoing, it will be observed that passing through group due in the process for the legitimate verification revoked to target complex signs digital certificate Public key is verified to group ranking is revoked, and by carrying out the second Hash operation to the target random number of announcement, with obtain to than Target complex label are verified to identification information, and according to the identification information in identification information to be compared and target complex signs digital certificate The legitimacy of the digital certificate revocation of name, on the basis for the verifying for realizing the legitimacy revoked to target complex signs digital certificate On, the group members for revoking target complex signs digital certificate are also concealed, i.e. verifying group members can not be verified during verifying The group members of target complex signs digital certificate are revoked out.
Further, described to obtain in order to guarantee the safety and legitimacy for revoking operation of target complex signs digital certificate The target random number is taken, and the second Hash operation is carried out to the target random number, may include: to obtain to obtain identification information The target random number is taken, and the first sub- Hash operation is carried out to the target random number, to obtain first identifier information;To institute It states target random number and carries out the second sub- Hash operation, to obtain second identifier information.It should be noted that the first sub- Hash operation It is different from the type of the second sub- Hash operation.It is described raw according to the identification information and the group ranking digital certificate based on this It may include: according to the first identifier information and the second identifier information and institute at the target complex signs digital certificate It states group ranking digital certificate and generates the target complex signs digital certificate.In the embodiment of the present application, first identifier can be believed Breath and second identifier information preservation are in the extension field of group ranking digital certificate, to generate target complex signs digital certificate.May be used also Group ranking digital certificate to be marked by first identifier information and second identifier information, and by the group ranking number after label Word certificate is determined as target complex signs digital certificate.It should be noted that after generating target complex signs digital certificate, it will be described Target complex signs digital certificate is announced after being associated with target random number.
From the foregoing, it will be observed that by doing the sub- operation of the first Hash and the sub- operation of the second Hash respectively to target random number, to obtain First identifier information and second identifier information, and according to first identifier information and second identifier information and group ranking digital certificate Target complex preceding digital certificate is generated, due to using two different Hash operations, greatly increases decoding first identifier The difficulty of information and second identifier information, to guarantee the safety for revoking operation of target complex signs digital certificate and legal Property.
Based on this, as shown in figure 4, the process for the legitimacy that verifying target complex signs digital certificate is revoked may include following Step:
Step S410, the legitimate verification request that the target complex signs digital certificate is revoked is responded, the institute of announcement is obtained It states and revokes group ranking and the target random number.Since the step has been explained above, herein not superfluous It states.
Step S420, by group's public key, the target random number for revoking group ranking and announcement to described Group ranking is revoked to be verified.Since the step has been explained above, do not repeating herein.
If step S430, the described group ranking of revoking is verified, described the is carried out to the target random number of announcement One sub- Hash operation to obtain the first identification information to be compared, and carries out second son to the target random number of announcement Hash operation, to obtain the second identification information to be compared.First sub- Hash operation is different with the type of the second sub- Hash operation.
Step S440, judge first identifier information in the target complex signs digital certificate whether with described first to than It is identical to identification information, and the second identifier information in the target complex signs digital certificate whether with the described second mark to be compared It is identical to know information.In the embodiment of the present application, by first identifier information in target complex signs digital certificate and first to be compared Identification information is matched, come judge the first identifier information in target complex signs digital certificate whether with the first mark to be compared Information is identical.By matching the second identifier information in target complex signature number with the second identification information to be compared, come Judge whether the second identifier information in target complex signs digital certificate is identical as the second identification information to be compared.
If step S450, all the same, it is determined that revoking for the target complex signs digital certificate is legal.
In the embodiment of the present application, if the first identifier information in target complex signs digital certificate is identified with first wait compare Information is identical, and the second identifier information in target complex signs digital certificate is identical as the second identification information to be compared, it is determined that Revoking for target complex signs digital certificate is legal.
In conclusion the private key due to the group members by revoking target complex signs digital certificate runs group ranking algorithm pair Group ranking is carried out by the target abstract of target generating random number corresponding with target complex signs digital certificate, to obtain revoking group's label Name, that is, conceal the group members for revoking target complex signs digital certificate, and the anonymity for realizing target complex signs digital certificate is revoked, A kind of conceal is provided to revoke the target complex signs digital certificates of the group members of target complex signs digital certificate and revoke mode, and Mode is simply easy to carry out.
It should be noted that although describing each step of method in the disclosure in the accompanying drawings with particular order, This does not require that or implies must execute these steps in this particular order, or have to carry out step shown in whole Just it is able to achieve desired result.Additional or alternative, it is convenient to omit multiple steps are merged into a step and held by certain steps Row, and/or a step is decomposed into execution of multiple steps etc..
In an exemplary embodiment of the disclosure, it additionally provides a kind of group ranking digital certificate and revokes device, such as Fig. 5 institute Show, it may include: the first acquisition module 501, the first computing module 502, signature that the group ranking digital certificate, which revokes device 500, Module 504 is revoked in module 503, announcement, in which:
First obtains module 501, revokes request for responding target complex signs digital certificate, obtains and the target complex label The corresponding target random number of name digital certificate;
First computing module 502, for doing the first Hash operation to the target random number, to obtain target abstract;
Signature blocks 503, private key operation group's label for the group members by revoking the target complex signs digital certificate Name algorithm makes a summary to the target and carries out group ranking, revokes group ranking with obtain revoking the target complex signs digital certificate;
Module 504 is revoked in announcement, for announcing the target random number and the group ranking of revoking, to revoke State target complex signs digital certificate.
In an exemplary embodiment of the present disclosure, described device 500 can also include:
First generation module generates request for responding target complex signs digital certificate, generates group ranking digital certificate;
Second computing module carries out the second Hash fortune for obtaining the target random number, and to the target random number It calculates, to obtain identification information;
Second generation module, for generating the target complex label according to the identification information and the group ranking digital certificate Name digital certificate.
In an exemplary embodiment of the present disclosure, described device 500 can also include:
Second obtains module, and the legitimate verification request revoked for responding the target complex signs digital certificate obtains Group ranking and the target random number are revoked described in announcing;
First authentication module, for passing through group's public key, the target random number pair for revoking group ranking and announcement The group ranking of revoking is verified;
Third computing module, if being verified for the group ranking of revoking, to the target random number of announcement into Row second Hash operation, to obtain identification information to be compared;
First judgment module, for judge the identification information in the target complex signs digital certificate whether with it is described to than It is identical to identification information;
First determining module, for if they are the same, it is determined that revoking for the target complex signs digital certificate is legal.
In an exemplary embodiment of the present disclosure, second computing module may include:
First arithmetic element carries out the first sub- Hash for obtaining the target random number, and to the target random number Operation, to obtain first identifier information;
Second arithmetic element, for carrying out the second sub- Hash operation to the target random number, to obtain second identifier letter Breath;
Second generation module is specifically used for according to the first identifier information and the second identifier information and institute It states group ranking digital certificate and generates the target complex signs digital certificate.
In an exemplary embodiment of the present disclosure, described device 500 can also include:
Third obtains module, and the legitimate verification request revoked for responding the target complex signs digital certificate obtains Group ranking and the target random number are revoked described in announcing;
Second authentication module, for random by group's public key, the target for revoking group ranking and announcement It is several that the group ranking of revoking is verified;
4th computing module, if being verified for the group ranking of revoking, to the target random number of announcement into The row first sub- Hash operation to obtain the first identification information to be compared, and carries out institute to the target random number of announcement The second sub- Hash operation is stated, to obtain the second identification information to be compared;
Second judgment module, for judge the first identifier information in the target complex signs digital certificate whether with it is described First identification information to be compared is identical, and whether the second identifier information in the target complex signs digital certificate is with described second Identification information to be compared is identical;
Second determining module, if for all the same, it is determined that revoking for the target complex signs digital certificate is legal.
In an exemplary embodiment of the present disclosure, second authentication module and first authentication module can wrap It includes:
Decryption unit, for the group ranking of revoking to be decrypted by group's public key, to obtain the target abstract;
Arithmetic element carries out first Hash operation to the target random number for announcement, to be compared to obtain Abstract;
Matching unit is matched for making a summary the target with the abstract to be compared;
First determination unit, if for matching, it is determined that the group ranking of revoking passes through verifying;
Second determination unit, if for mismatching, it is determined that described to revoke group ranking unverified.
The detail that each group ranking digital certificate revokes apparatus module among the above is demonstrate,proved in corresponding group ranking number Book is revoked in method and is described in detail, therefore details are not described herein again.
It should be noted that although being referred to several modules or unit of the equipment for execution in the above detailed description, But it is this divide it is not enforceable.In fact, according to embodiment of the present disclosure, two or more above-described modules Either the feature and function of unit can embody in a module or unit.Conversely, an above-described module or The feature and function of person's unit can be to be embodied by multiple modules or unit with further division.
In an exemplary embodiment of the disclosure, a kind of electronic equipment that can be realized the above method is additionally provided.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or Program product.Therefore, various aspects of the invention can be embodied in the following forms, it may be assumed that complete hardware embodiment, complete The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here Referred to as circuit, " module " or " system ".
The electronic equipment 600 of this embodiment according to the present invention is described referring to Fig. 6.The electronics that Fig. 6 is shown Equipment 600 is only an example, should not function to the embodiment of the present invention and use scope bring any restrictions.
As shown in fig. 6, electronic equipment 600 is showed in the form of universal computing device.The component of electronic equipment 600 can wrap It includes but is not limited to: at least one above-mentioned processing unit 610, at least one above-mentioned storage unit 620, the different system components of connection The bus 630 of (including storage unit 620 and processing unit 610), display unit 640.
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 610 Row, so that various according to the present invention described in the execution of the processing unit 610 above-mentioned " illustrative methods " part of this specification The step of illustrative embodiments.For example, the processing unit 610 can execute step S110 as shown in fig. 1, response mesh Mark group ranking digital certificate revokes request, obtains target random number corresponding with the target complex signs digital certificate;Step S120, the first Hash operation is done to the target random number, to obtain target abstract;Step S130, by revoking the target The private key operation group ranking algorithm of the group members of group ranking digital certificate, which makes a summary to the target, carries out group ranking, to be revoked The target complex signs digital certificate revokes group ranking;Step S140, the target random number is revoked into group ranking with described It is announced, to revoke the target complex signs digital certificate.
Storage unit 620 may include the readable medium of volatile memory cell form, such as Random Access Storage Unit (RAM) 6201 and/or cache memory unit 6202, it can further include read-only memory unit (ROM) 6203.
Storage unit 620 can also include program/utility with one group of (at least one) program module 6205 6204, such program module 6205 includes but is not limited to: operating system, one or more application program, other program moulds It may include the realization of network environment in block and program data, each of these examples or certain combination.
Bus 630 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures Local bus.
Electronic equipment 600 can also be with one or more external equipments 670 (such as keyboard, sensing equipment, bluetooth equipment Deng) communication, can also be enabled a user to one or more equipment interact with the electronic equipment 600 communicate, and/or with make Any equipment (such as the router, modulation /demodulation that the electronic equipment 600 can be communicated with one or more of the other calculating equipment Device etc.) communication.This communication can be carried out by input/output (I/O) interface 650.Also, electronic equipment 600 can be with By network adapter 660 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network, Such as internet) communication.As shown, network adapter 660 is communicated by bus 630 with other modules of electronic equipment 600. It should be understood that although not shown in the drawings, other hardware and/or software module can not used in conjunction with electronic equipment 600, including but not Be limited to: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and Data backup storage system etc..
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the disclosure The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating Equipment (can be personal computer, server, terminal installation or network equipment etc.) is executed according to disclosure embodiment Method.
In an exemplary embodiment of the disclosure, a kind of computer readable storage medium is additionally provided, energy is stored thereon with Enough realize the program product of this specification above method.In some possible embodiments, various aspects of the invention may be used also In the form of being embodied as a kind of program product comprising program code, when described program product is run on the terminal device, institute Program code is stated for executing the terminal device described in above-mentioned " illustrative methods " part of this specification according to this hair The step of bright various illustrative embodiments.
With reference to shown in 7, the program product 700 for realizing the above method of embodiment according to the present invention is described, It can using portable compact disc read only memory (CD-ROM) and including program code, and can in terminal device, such as It is run on PC.However, program product of the invention is without being limited thereto, in this document, readable storage medium storing program for executing, which can be, appoints What include or the tangible medium of storage program that the program can be commanded execution system, device or device use or and its It is used in combination.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or System, device or the device of semiconductor, or any above combination.The more specific example of readable storage medium storing program for executing is (non exhaustive List) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
Computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal, In carry readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetic signal, Optical signal or above-mentioned any appropriate combination.Readable signal medium can also be any readable Jie other than readable storage medium storing program for executing Matter, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or and its The program of combined use.
The program code for including on readable medium can transmit with any suitable medium, including but not limited to wirelessly, have Line, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages Code, described program design language include object oriented program language-Java, C++ etc., further include conventional Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network (WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP To be connected by internet).
In addition, above-mentioned attached drawing is only the schematic theory of processing included by method according to an exemplary embodiment of the present invention It is bright, rather than limit purpose.It can be readily appreciated that the time that above-mentioned processing shown in the drawings did not indicated or limited these processing is suitable Sequence.In addition, be also easy to understand, these processing, which can be, for example either synchronously or asynchronously to be executed in multiple modules.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure His embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or Adaptive change follow the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure or Conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by claim It points out.
It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the attached claims.

Claims (10)

1. a kind of group ranking digital certificate revokes method, it is applied to block chain characterized by comprising
Response target complex signs digital certificate revokes request, and it is random to obtain target corresponding with the target complex signs digital certificate Number;
First Hash operation is done to the target random number, to obtain target abstract;
Private key by revoking the group members of the target complex signs digital certificate runs group ranking algorithm and makes a summary to the target Group ranking is carried out, revokes group ranking with obtain revoking the target complex signs digital certificate;
The target random number and the group ranking of revoking are announced, to revoke the target complex signs digital certificate.
2. group ranking digital certificate according to claim 1 revokes method, which is characterized in that the method also includes:
It responds target complex signs digital certificate and generates request, generate group ranking digital certificate;
The target random number is obtained, and the second Hash operation is carried out to the target random number, to obtain identification information;
The target complex signs digital certificate is generated according to the identification information and the group ranking digital certificate.
3. group ranking digital certificate according to claim 2 revokes method, which is characterized in that the method also includes:
Respond the legitimate verification request that the target complex signs digital certificate revokes, obtain announcement it is described revoke group ranking and The target random number;
The group ranking of revoking is tested by group's public key, the target random number for revoking group ranking and announcement Card;
If the group ranking of revoking is verified, second Hash operation is carried out to the target random number of announcement, with Obtain identification information to be compared;
Judge whether the identification information in the target complex signs digital certificate is identical as the identification information to be compared;
If they are the same, it is determined that revoking for the target complex signs digital certificate is legal.
4. group ranking digital certificate according to claim 2 revokes method, which is characterized in that it is described obtain the target with Machine number, and the second Hash operation is carried out to the target random number, include: to obtain identification information
The target random number is obtained, and the first sub- Hash operation is carried out to the target random number, to obtain first identifier letter Breath;
Second sub- Hash operation is carried out to the target random number, to obtain second identifier information;
It is described to include: according to the identification information and the group ranking digital certificate generation target complex signs digital certificate
The target is generated according to the first identifier information and the second identifier information and the group ranking digital certificate Group ranking digital certificate.
5. group ranking digital certificate according to claim 4 revokes method, which is characterized in that the method also includes:
Respond the legitimate verification request that the target complex signs digital certificate revokes, obtain announcement it is described revoke group ranking and The target random number;
The group ranking of revoking is tested by group's public key, the target random number for revoking group ranking and announcement Card;
If the group ranking of revoking is verified, the first sub- Hash operation is carried out to the target random number of announcement, To obtain the first identification information to be compared, and the second sub- Hash operation is carried out to the target random number of announcement, with To the second identification information to be compared;
Judge first identifier information in the target complex signs digital certificate whether with the described first identification information phase to be compared Together, and whether the second identifier information in the target complex signs digital certificate is identical as the described second identification information to be compared;
If all the same, it is determined that revoking for the target complex signs digital certificate is legal.
6. the group ranking digital certificate according to claim 3 or 5 revokes method, which is characterized in that it is described by group's public key, The target random number for revoking group ranking and announcement to it is described revoke group ranking and carry out verifying include:
The group ranking of revoking is decrypted by group's public key, to obtain the target abstract;
First Hash operation is carried out to the target random number of announcement, to obtain abstract to be compared;
The target is made a summary and is matched with the abstract to be compared;
If matching, it is determined that the group ranking of revoking passes through verifying;
If mismatching, it is determined that described to revoke group ranking unverified.
7. a kind of group ranking digital certificate revokes device, it is applied to block chain characterized by comprising
First obtains module, revokes request for responding target complex signs digital certificate, obtains and target complex signature number The corresponding target random number of certificate;
First computing module, for doing the first Hash operation to the target random number, to obtain target abstract;
Signature blocks, the private key for the group members by revoking the target complex signs digital certificate run group ranking algorithm pair Target abstract carries out group ranking, revokes group ranking with obtain revoking the target complex signs digital certificate;
Module is revoked in announcement, for announcing the target random number and the group ranking of revoking, to revoke the target Group ranking digital certificate.
8. group ranking digital certificate according to claim 7 revokes device, which is characterized in that described device further include:
First generation module generates request for responding target complex signs digital certificate, generates group ranking digital certificate;
Second computing module carries out the second Hash operation for obtaining the target random number, and to the target random number, with Obtain identification information;
Second generation module, for generating the target complex number of signature according to the identification information and the group ranking digital certificate Word certificate.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program quilt Realize that group ranking digital certificate described in any one of claim 1~6 revokes method when processor executes.
10. a kind of electronic equipment characterized by comprising
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein, the processor is configured to come any one of perform claim requirement 1~6 institute via the execution executable instruction The group ranking digital certificate stated revokes method.
CN201910447511.0A 2019-05-27 2019-05-27 Group signature digital certificate revoking method and device, storage medium and electronic equipment Active CN110351090B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910447511.0A CN110351090B (en) 2019-05-27 2019-05-27 Group signature digital certificate revoking method and device, storage medium and electronic equipment
PCT/CN2019/103431 WO2020237879A1 (en) 2019-05-27 2019-08-29 Method and apparatus for revoking group-signed digital certificate, storage medium, and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910447511.0A CN110351090B (en) 2019-05-27 2019-05-27 Group signature digital certificate revoking method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN110351090A true CN110351090A (en) 2019-10-18
CN110351090B CN110351090B (en) 2021-04-27

Family

ID=68174075

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910447511.0A Active CN110351090B (en) 2019-05-27 2019-05-27 Group signature digital certificate revoking method and device, storage medium and electronic equipment

Country Status (2)

Country Link
CN (1) CN110351090B (en)
WO (1) WO2020237879A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114172668A (en) * 2022-02-10 2022-03-11 亿次网联(杭州)科技有限公司 Group member management method and system based on digital certificate

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050114653A1 (en) * 1999-07-15 2005-05-26 Sudia Frank W. Certificate revocation notification systems
US20050114666A1 (en) * 1999-08-06 2005-05-26 Sudia Frank W. Blocked tree authorization and status systems
US20120017083A1 (en) * 2008-12-30 2012-01-19 France Telecom Group signature with local revocation verification with capacity for lifting anonymity
CN104901798A (en) * 2014-03-05 2015-09-09 罗伯特·博世有限公司 method for revoking a group of certificates
CN106453222A (en) * 2016-07-15 2017-02-22 海智(天津)大数据服务有限公司 ELA electronic license node network system-based electronic license management method
WO2017049111A1 (en) * 2015-09-18 2017-03-23 Jung-Min Park Group signatures with probabilistic revocation

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977110B (en) * 2010-10-09 2012-08-29 北京航空航天大学 Group signature method based on elliptic curve
CN109064169B (en) * 2018-07-13 2020-11-06 杭州复杂美科技有限公司 Transaction method, apparatus and storage medium
CN109344257B (en) * 2018-10-24 2024-05-24 平安科技(深圳)有限公司 Text emotion recognition method and device, electronic equipment and storage medium
CN109740321B (en) * 2018-12-25 2020-03-31 北京深思数盾科技股份有限公司 Method for revoking manager lock of encryption machine, encryption machine and manufacturer server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050114653A1 (en) * 1999-07-15 2005-05-26 Sudia Frank W. Certificate revocation notification systems
US20050114666A1 (en) * 1999-08-06 2005-05-26 Sudia Frank W. Blocked tree authorization and status systems
US20120017083A1 (en) * 2008-12-30 2012-01-19 France Telecom Group signature with local revocation verification with capacity for lifting anonymity
CN104901798A (en) * 2014-03-05 2015-09-09 罗伯特·博世有限公司 method for revoking a group of certificates
WO2017049111A1 (en) * 2015-09-18 2017-03-23 Jung-Min Park Group signatures with probabilistic revocation
CN106453222A (en) * 2016-07-15 2017-02-22 海智(天津)大数据服务有限公司 ELA electronic license node network system-based electronic license management method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114172668A (en) * 2022-02-10 2022-03-11 亿次网联(杭州)科技有限公司 Group member management method and system based on digital certificate
CN114172668B (en) * 2022-02-10 2022-07-05 亿次网联(杭州)科技有限公司 Group member management method and system based on digital certificate

Also Published As

Publication number Publication date
CN110351090B (en) 2021-04-27
WO2020237879A1 (en) 2020-12-03

Similar Documents

Publication Publication Date Title
US11456879B2 (en) Secure processing of an authorization verification request
US10833873B2 (en) Credential-based authorization
CN110061846A (en) Identity authentication method and relevant device are carried out to user node in block chain
CN109873808A (en) Communication means and device, storage medium and electronic equipment between block chain node
CN110247884B (en) Method, device and system for updating certificate and computer readable storage medium
CN109074449A (en) Neatly supply proves key in Secure Enclave
CN109104284B (en) Block chain anonymous transmission method based on ring signature
CN108933667A (en) A kind of management method and management system of the public key certificate based on block chain
CN104715187A (en) Method and apparatus used for authenticating nodes of electronic communication system
CN109379336A (en) A kind of uniform authentication method, distributed system and computer readable storage medium
CN102132286B (en) Digitally signing documents using identity context information
CN109361508A (en) Data transmission method, electronic equipment and computer readable storage medium
CN110147664A (en) The method and relevant device of authentication based on centralization database
CN110601858B (en) Certificate management method and device
US11275865B2 (en) Privacy friendly decentralized ledger based identity management system and methods
CN109768975A (en) Cross-platform access method, apparatus and storage medium in open source system
JP2010067184A (en) Individual two-step authentication method and system
CN109922027A (en) A kind of trusted identity authentication method, terminal and storage medium
CN108173648A (en) Security processing method, equipment and storage medium based on private key escrow
CN114760071B (en) Zero-knowledge proof based cross-domain digital certificate management method, system and medium
Kumar et al. PSEBVC: Provably secure ECC and biometric based authentication framework using smartphone for vehicular cloud environment
CN109818965B (en) Personal identity verification device and method
CN114844629A (en) Verification method and device of block chain account, computer equipment and storage medium
CN110351090A (en) Group ranking digital certificate revokes method and device, storage medium, electronic equipment
CN109951294A (en) Information update management method and relevant device in electronic labelling system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant