CN110417703A - It is a kind of to act on behalf of method, server and the terminal device signed again - Google Patents

It is a kind of to act on behalf of method, server and the terminal device signed again Download PDF

Info

Publication number
CN110417703A
CN110417703A CN201810385018.6A CN201810385018A CN110417703A CN 110417703 A CN110417703 A CN 110417703A CN 201810385018 A CN201810385018 A CN 201810385018A CN 110417703 A CN110417703 A CN 110417703A
Authority
CN
China
Prior art keywords
group
signed
parameter
message
generation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810385018.6A
Other languages
Chinese (zh)
Other versions
CN110417703B (en
Inventor
李亚楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongchang (suzhou) Software Technology Co Ltd
China Mobile Communications Group Co Ltd
Original Assignee
Zhongchang (suzhou) Software Technology Co Ltd
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongchang (suzhou) Software Technology Co Ltd, China Mobile Communications Group Co Ltd filed Critical Zhongchang (suzhou) Software Technology Co Ltd
Priority to CN201810385018.6A priority Critical patent/CN110417703B/en
Publication of CN110417703A publication Critical patent/CN110417703A/en
Application granted granted Critical
Publication of CN110417703B publication Critical patent/CN110417703B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity

Abstract

The method signed again and server, terminal device are acted on behalf of the invention discloses a kind of, for improving the safety signed again.Method therein that sign again of acting on behalf of includes: to grow up to be a useful person to generate group using all living creatures, wherein, the group includes at least two groups, inputting the parameter that all living creatures grows up to be a useful person includes security parameter, the first parameter and the second parameter, first parameter is used to indicate the bit length of message to be signed, and second parameter is used to indicate the bit length of subscriber identity information;Selection first generates member from the group, and the first generation member is sent to terminal, wherein, described first, which generates member, indicates the message to be signed and the subscriber identity information, so that the terminal and allograph equipment are based on the first generation member generation and sign again, a group includes that at least one generates member.

Description

It is a kind of to act on behalf of method, server and the terminal device signed again
Technical field
The present invention relates to field of information security technology, in particular to a kind of to act on behalf of method, server and the terminal signed again Equipment.
Background technique
The realization that current agency signs again is to input a security parameter, output system by system parameter generating algorithm Parameter and master key.Master key and a subscriber identity information are inputted by key-extraction algorithm again, obtain the private key of user.Again The identity and private key of bailee, principal, that is, user identity and private key are inputted by weight signature key generating algorithm, export generation The heavy signature key of reason person.Then the private key and a message of an identity are given by signature generating algorithm, output disappears at this Signature on breath.If signature is effectively to sign, principal is exported according to weight signature key by signature generating algorithm again and is existed Signature again in the message.
And terminal or proxy server, which generate the realization signed again to be based on system parameter, at present is believed according to user identity The selected element of group generated is ceased, the signature again generated in this way is relatively simple, lower so as to cause safety.
As it can be seen that the safety signed that current agency's weight endorsement method obtains is lower again.
Summary of the invention
The embodiment of the present invention provides a kind of method, server and terminal device acted on behalf of and signed again, signs again for improving Safety.
In a first aspect, a kind of method acted on behalf of and signed again is provided, this method comprises:
It is grown up to be a useful person using all living creatures and generates group, wherein the group includes at least two groups, inputs the ginseng that all living creatures grows up to be a useful person Number includes security parameter, the first parameter and the second parameter, and first parameter is used to indicate the bit length of message to be signed, institute State the bit length that the second parameter is used to indicate subscriber identity information;
Selection first generates member from the group, and the first generation member is sent to terminal, wherein described first Generate member and indicate the message to be signed and the subscriber identity information so that the terminal and allograph equipment be based on this One generates member generation signs again, and a group includes that at least one generates member.
It can bit length and use based on message to be signed using agency provided in an embodiment of the present invention weight endorsement method The bit length and security parameter of family identity information are grown up to be a useful person by all living creatures generates at least two groups, and each group includes at least one Member is generated, then selection first generates member from this at least two groups generation for being included members, is sent to terminal.Terminal and agency's label Name equipment is based on the first generation member generation and signs again.Since the first generation member is generated from message to be signed and subscriber identity information At least two groups in select one, the selection inside a fixed group compared to the prior art, selectable range compared with Extensively, therefore, the complexity signed again signed in compared to the prior art again generated according to the first generation member is just higher, thus Improve the safety signed again.
Optionally, after generating member from selection first in the group, further includes:
From the first group of integers choose L to element, and according to the L to element calculate the first group element, wherein the value of L with The value of first parameter is identical, first group of integers be do not include the group order group of integers;
N is chosen to element from first group of integers, and the second group element is calculated to element according to the N, wherein N's It is worth identical as the value of second parameter;
Wherein, first group element, second group element and described first generate first for the terminal and described The generation of allograph equipment is signed again.
This optional mode describes the embodiment of the present invention and has comprehensively considered subscriber identity information and information to be signed, from And determine the first group element and the second group element respectively, compared to the prior art in one kind for only being determined according to subscriber identity information For group element, the combination signed again that may be constructed is more, and this improves the safeties signed again.In addition, the present invention is real The server applied in example calculates the first group element to element according to the multidimensional L randomly selected, according to the multidimensional N randomly selected to member Element calculates the second group element, therefore calculating process is related to polyteny operation, compared to the prior art in be to be transported by bilinearity It calculates and obtains group element, the computation rate of server is higher in the embodiment of the present invention, to improve the effect entirely acted on behalf of and signed again Rate.
Optionally, after generating member from selection first in the group, further includes:
Obtain the function H (I, M) of message and user identity, wherein I is used to indicate the subscriber identity information, and M is for referring to Show the message to be signed;
The H (I, M) progress Bilinear Pairing is mapped into the group, wherein H (I, M) and institute after the mapping It is raw for the terminal and the allograph equipment to state the first generation member and first group element and second group element At signature again:
As i ∈ { 2 ..., n },
As i ∈ { n+1 ..., n+l=k },
Wherein, n indicates the value of first parameter, and l indicates the value of second parameter,For the user identity Corresponding second group element of n-th of bit of information I, id1For n-th of bit of the subscriber identity information I,For corresponding first group element of first of bit of the message to be signed, mi-nFor the message to be signed First of bit.
This optional mode describes how to be mapped H (I, M).The embodiment of the present invention is in view of being related to user's body Therefore part information and two kinds of elements of message to be signed are divided into two when H (I, M) progress Bilinear Pairing is mapped to group A process respectively corresponds message to be signed and subscriber identity information, and terminal and allograph equipment are according to the H (I, M) after mapping Generation sign again it is also complex, to further improve the safety signed again.And in the prior art to H (I, M) into It is a process when row mapping, treats for signature information and subscriber identity information, be all same process, terminal and agency Signature device is signed by a relatively simple again according to H (I, the M) generation after mapping.
Second aspect provides a kind of method acted on behalf of and signed again, this method comprises:
The system parameter that server is sent is received, the system parameter includes the first generation member, and the first generation member is It is determined in the group that server is generated according to subscriber identity information and message to be signed, the group includes at least two groups;
The first generation member is encrypted, and generates member and received allograph for encrypted described first and sets The signature again of the standby message to be signed generated is sent to authentication server, so that the authentication server is based on encrypted First, which generates member, verifies the heavy signature;
The authentication server is received to the validation value of the heavy signature, and the heavy signature is judged according to the validation value Whether effectively.
The allograph method mentioned using the embodiment of the present invention, terminal verifying sign again whether it is effective when, Ke Yitong The operation that authentication server carries out a part is crossed, undertakes whole verifying operation phases with traditional proxy weight signature scheme, that is, terminal Than the operand of terminal reduces, and reduces to the configuration requirement of terminal, also mitigates the burden of terminal, improve verification efficiency.
Optionally, judge whether the heavy signature is effective according to the validation value, comprising:
It is iterated calculating based on the function H (I, M) for calculating factor pair message to be signed and subscriber identity information, is tied Fruit value, wherein I is used to indicate the subscriber identity information, and M is used to indicate the message to be signed, the calculating factor be from It does not include a randomly selected value in the group of integers of the order of the group;
Compare the end value and the validation value, however, it is determined that the end value is identical as the validation value, it is determined that institute It is effective to state signature again.
Effectively whether how terminal in this optional mode verifies if having been described in detail signs again.
The third aspect provides a kind of server, which includes:
Generation unit generates group for growing up to be a useful person using all living creatures, wherein the group includes at least two groups, inputs institute Stating the parameter that all living creatures grows up to be a useful person includes security parameter, the first parameter and the second parameter, and first parameter is used to indicate to be signed disappear The bit length of breath, second parameter are used to indicate the bit length of subscriber identity information;
Selecting unit is sent to terminal for the first generation of selection member from the group, and by the first generation member, Wherein, described first the member instruction message to be signed and the subscriber identity information are generated, so that the terminal and agency's label Name equipment is based on the first generation member generation and signs again, and a group includes that at least one generates member.
Optionally, the selecting unit is also used to:
After selection first generates member in the group, L is chosen to element from the first group of integers, and according to the L First group element is calculated to element, wherein the value of L is identical as the value of first parameter, and first group of integers is not include The group of integers of the order of the group;
N is chosen to element from first group of integers, and the second group element is calculated to element according to the N, wherein N's It is worth identical as the value of second parameter;
Wherein, first group element, second group element and described first generate first for the terminal and described The generation of allograph equipment is signed again.
Optionally, the server further includes map unit, is used for:
After selection first generates member in the group, the function H (I, M) of message and user identity is obtained, wherein I is used to indicate the subscriber identity information, and M is used to indicate the message to be signed;
The H (I, M) progress Bilinear Pairing is mapped into the group, wherein H (I, M) and institute after the mapping It is raw for the terminal and the allograph equipment to state the first generation member and first group element and second group element At signature again:
As i ∈ { 2 ..., n },
As i ∈ { n+1 ..., n+l=k },
Wherein, n indicates the value of first parameter, and l indicates the value of second parameter,For the user identity Corresponding second group element of n-th of bit of information I, id1For n-th of bit of the subscriber identity information I,For corresponding first group element of first of bit of the message to be signed, mi-nTo be signed disappear to be described First of bit of breath.
The technical effect of server provided by the present application may refer to the technology of each implementation of above-mentioned first aspect Effect, details are not described herein again.
Fourth aspect provides a kind of server, which includes:
At least one processor, and
The memory being connect at least one described processor;
Wherein, the memory is stored with the instruction that can be executed by least one described processor, described at least one It manages device and realizes such as the described in any item methods of first aspect by executing the instruction of the memory storage.
The technical effect of server provided by the present application may refer to the technology of each implementation of above-mentioned first aspect Effect, details are not described herein again.
5th aspect, provides a kind of terminal device, which includes:
Receiving unit, for receiving the system parameter of server transmission, the system parameter includes the first generation member, described First generation member is server according to determining in the group of subscriber identity information and message to be signed generation, and the group is at least Including two groups;
Encryption unit for encrypting to the first generation member, and generates member for encrypted described first and connects The signature again for the message to be signed that the allograph equipment of receipts generates is sent to authentication server, so that the service for checking credentials Device is based on encrypted first generation member and verifies to the heavy signature;
Authentication unit, for receiving the authentication server to the validation value of the heavy signature, and according to the validation value Judge whether the heavy signature is effective.
Optionally, the authentication unit is specifically used for:
It is iterated calculating based on the function H (I, M) for calculating factor pair message to be signed and subscriber identity information, is tied Fruit value, wherein I is used to indicate the subscriber identity information, and M is used to indicate the message to be signed, the calculating factor be from It does not include a randomly selected value in the group of integers of the order of the group;
Compare the end value and the validation value, however, it is determined that the end value is identical as the validation value, it is determined that institute It is effective to state signature again.
The technical effect of terminal device provided by the present application may refer to the skill of each implementation of above-mentioned second aspect Art effect, details are not described herein again.
6th aspect, provides a kind of terminal device, which includes:
At least one processor, and
The memory being connect at least one described processor;
Wherein, the memory is stored with the instruction that can be executed by least one described processor, described at least one It manages device and realizes such as the described in any item methods of second aspect by executing the instruction of the memory storage.
The technical effect of terminal device provided by the present application may refer to the skill of each implementation of above-mentioned second aspect Art effect, details are not described herein again.
7th aspect, provides a kind of computer storage medium, is stored thereon with computer program, the computer program quilt Such as first aspect or second aspect described in any item methods are realized when processor executes.
Agency's weight endorsement method provided in an embodiment of the present invention can bit length and user's body based on message to be signed The bit length and security parameter of part information are grown up to be a useful person by all living creatures and generate group, that is, at least two groups.Each group includes extremely Few generation member, then a generation member is selected from this at least two groups, i.e., first generates member, and generates member for first and send To terminal, so that terminal and the generation of allograph equipment are signed again.Due to the first generation member be from according to message to be signed and One selected at least two groups that subscriber identity information generates, the compared to the prior art choosing inside a fixed group It selects, selectable range is wider, therefore, generates the signing in compared to the prior art again of signing again that member generates according to first Complexity is just higher, to improve the safety signed again.
Detailed description of the invention
Fig. 1 is the flow diagram provided in an embodiment of the present invention for acting on behalf of weight endorsement method;
Fig. 2 is a kind of structural schematic diagram of server provided in an embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of server provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of terminal device provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of terminal device provided in an embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described.
In order to make it easy to understand, the process that agency signs is described below again:
It acts on behalf of in weight signature system, there are one and half reliable succedaneums, will be entrusted using the code key of signature again of oneself Signature of the person Alice in message m is converted into signature of the bailee Bob on m, and succedaneum not can know that signature in the process The information of code key can not replace Alice and Bob to sign on any message.Specifically, 6 algorithms are related generally to, respectively Parameter generation algorithm, key schedule, weight signature key generating algorithm, signature generating algorithm, again sign generating algorithm and Signature verification algorithm.Wherein, server is used to obtain system parameter according to subscriber identity information by system parameter generating algorithm And master key, and the private key for exporting user is obtained according to the identity information and master key of user by key schedule.Terminal Equipment passes through weight signature key generating algorithm according to the private key and identity information of user, and the identity information and private key of principal obtain Obtain the heavy signature key of succedaneum.Terminal device is by signature generating algorithm according to subscriber identity information and private key and a message M exports signature sigma of the user in message m.Allograph equipment by again signature generating algorithm according to weight signature key, σ be by Signature of the support person in message m, export heavy signature sigma of the principal in message m '.Terminal device passes through signature verification algorithm root According to the signature sigma on subscriber identity information and message m, effectively whether verifying sign again.
It is according to subscriber identity information that terminal or proxy server, which generate the realization signed again and be based on system parameter, at present The selected generation member of the group generated, the signature again generated in this way is relatively simple, lower so as to cause safety.In view of This, agency's weight endorsement method, server and terminal device provided in an embodiment of the present invention, it is intended to improve the safety signed again.
Technical solution provided in an embodiment of the present invention is introduced with reference to the accompanying drawings of the specification.
Referring to Figure 1, the embodiment of the invention provides a kind of method acted on behalf of and signed again, the detailed process descriptions of this method It is as follows.
In step s101, server can be grown up to be a useful person using all living creatures generates group, wherein and group includes at least two groups, The parameter that input all living creatures grows up to be a useful person includes security parameter, the first parameter and the second parameter, and the first parameter is used to indicate message to be signed Bit length, the second parameter is used to indicate the bit length of subscriber identity information.
It is the system ginseng generated according to server that terminal and allograph equipment i.e. proxy server, which generate signature again, What number was realized.System parameter is usually server based on the generations such as user related information such as subscriber identity information, including root According to the group that subscriber identity information generates, the generation member etc. that group includes.Server is according to system parameter generating algorithm in the prior art Security parameter λ is inputted, system parameter is generated, only takes into account a group of subscriber identity information generation, and is selected from this group of the insides A generation member is selected, range of choice is relatively narrow, and therefore, probability a possibility that signing again obtained by the generation member is lower, from And cause safety lower.Server in the embodiment of the present invention can be grown up to be a useful person using all living creatures generates group, and input all living creatures grows up to be a useful person Parameter include security parameter, the first parameter and the second parameter, the first parameter is used to indicate the bit length of message to be signed, Two parameters are used to indicate the bit length of subscriber identity information, wherein group includes at least two groups namely the embodiment of the present invention In server obtains according to subscriber identity information and message to be signed is at least two groups, and a group includes at least one Member is generated, then the range of choice for generating member is just wider.
Specifically, the server in the embodiment of the present invention can run all living creatures by system parameter generating algorithm and grow up to be a useful person Γ (1λ, k=l+n), wherein 1λIndicate that security parameter, l indicate that the bit length of message to be signed, n indicate the ratio of subscriber identity information Bit length, all living creatures, which grows up to be a useful person after Γ is run, can export the group G=(G that order is p1,...,Gk), GkIndicate k-th group.Each Group includes that at least one generates member, and generate member in the embodiment of the present invention is indicated with g, such as g1,...,gkIt is in group G respectively Generate member.
After server generates group, in step s 102, a generation member can be selected to generate from group as first Member, and the first generation member is sent to terminal, so that terminal and allograph equipment are based on the first generation member generation and sign again.By It is to select from the group that subscriber identity information and message to be signed generate in the first generation member, so the first generation member can To indicate message to be signed and subscriber identity information, so terminal or equipment to be signed generate the label again that member generates according to first Name also would indicate that message to be signed and subscriber identity information.
Server selection first can generate member g=g from the generation member that group includes1, first is being selected from group After generating member, server can also choose respectively L to element and N to element from the first group of integers, and be calculated according to L element First group element calculates the second group element to element according to N, wherein the first group element and the second group element are used for terminal and generation Reason signature device generation is signed again, and the value of L is identical as the value of the first parameter, and the value of N is identical as the value of the second parameter.Wherein, it selects The L taken is the bit length of message to be signed to the quantity of element, therefore the first group element is the bit long with message to be signed It spends relevant.Wherein, the N of selection is the bit length of subscriber identity information to the quantity of element, thus the second group element be with The bit length of subscriber identity information is relevant.First group of integers be do not include group order group of integers.If all living creatures at What device generated is the group that order is P, then the first group of integers is exactly the group of integers for not including P.
Specifically, the server in the embodiment of the present invention can randomly select l to element from the first group of integers, for example,Wherein, (an,0,an,1) it is used to indicate n-th pair of element,Be used to indicate does not include P's First group of integers.Server calculates group element to element according to the l of selection, obtains the first group element, such asWherein, A is used to indicate first group of member Element, each first group element includes the element chosen from the first group of integers and first generates the element that member generates, such asMember exactly is generated to element and first by l and calculates acquisition.Similarly, in the embodiment of the present invention Server n can be randomly selected from the first group of integers to element, for example,Its In, (bn,0,bn,1) nth elements are used to indicate,Be used to indicate do not include P the first group of integers.Server is according to the n of selection Group element is calculated to element, obtains the second group element, such as:
And terminal in the embodiment of the present invention or allograph equipment are according to the first group element, the second group element and One generate member generate signs again, be related to two kinds of group elements, compared to the prior art in only according to subscriber identity information determine For a kind of group element, the combination signed again that may be constructed is more, and this improves the safeties signed again.In addition, this hair Server in bright embodiment calculates the first group element to element according to the multidimensional l randomly selected, according to the multidimensional n randomly selected Second group element is calculated to element, therefore calculating process is related to polyteny operation, compared to the prior art in be to pass through two-wire Property operation obtain group element, the computation rate of server is higher in the embodiment of the present invention, signs again to improve entire agency Efficiency.
After selection first generates member in group, server can also obtain to disappear server in the embodiment of the present invention The function H (I, M) of breath and user identity, and H (I, M) progress Bilinear Pairing is mapped into group.Wherein, I is used to indicate use Family identity information, M are used to indicate message to be signed, and the H (I, M) after mapping is signed again for terminal and the generation of allograph equipment Name.
Wherein, the function H (I, M) of message and user identity can be H (I, M): { 0,1 }n×{0,1}l→Gk, that is, incite somebody to action 0, 1}n×{0,1}lMake operation and maps to Gk, wherein GkIndicate that k-th group, l indicate the bit length of message to be signed, n instruction The bit length of subscriber identity information.In view of the first group element and the second group element indicate respectively different information, the present invention Server in embodiment is when mapping to group for H (I, M) progress Bilinear Pairing, it is contemplated that the first group element and second group Element, specific mapping can be realized by following formula:
As i ∈ { 2 ..., n },
As i ∈ { n+1 ..., n+l=k },
Wherein, n indicates the value of the first parameter, and l indicates the value of the second parameter,It is n-th of subscriber identity information I Corresponding second group element of bit, id1For n-th of bit of subscriber identity information I,For message to be signed Corresponding first group element of first of bit, mi-nFor first of bit of message to be signed.
It is in the prior art a process when being mapped H (I, M), treats signature information and subscriber identity information For, it is all that same process, terminal and allograph equipment generate comparatively letter of signing again according to the H (I, M) after mapping It is single.And the server in the embodiment of the present invention is divided into two processes when H (I, M) progress Bilinear Pairing is mapped to group, Message to be signed and subscriber identity information are respectively corresponded, terminal and allograph equipment are signed again according to H (I, the M) generation after mapping Name is also complex, to further improve the safety signed again.
The group of acquisition, generation member, the first group element and the second group element can be packaged into system parameter hair by server Terminal is given, certain system parameter can also include the bit length of message to be signed, the bit length of subscriber identity information, group The order etc. of group.Such as system parameter can be { G1,...,Gk,g1,...,gk,k,l,n,p,H,(A1,0,A1,1),(A2,0, A2,1)...,(Al,0,Al,1),...(B1,0,B1,1),...,(Bn,0,Bn,1)}。
Server, which inputs security parameter by system parameter generating algorithm, can also generate master key, in the embodiment of the present invention Server can enable master key MSK be { (b1,0,b1,1),...,(bn,0,bn,1), server is by system parameter and master key MSK is sent to terminal.Terminal can be by key-extraction algorithm to the subscriber identity information and master key MSK for determining user's input Operation is carried out, private key corresponding to the user is obtained.For example, subscriber identity information I=(id1,...,idn)∈{0,1}n, wherein id1For n-th of bit of subscriber identity information I, corresponding private key is exportedIts In, g is the first generation member,For the second group element,For master key.The private key SK of terminal acquisition userILater, it can incite somebody to action Subscriber identity information and private key are sent to allograph equipment, and allograph equipment can weigh signature key generating algorithm and obtain generation Manage this section of weight signature key.
For example, terminal is sent to allograph equipment bailee i.e. subscriber identity informationAnd private keyAnd the identity information of principalAnd private keyAllograph equipment passes through weight The heavy signature key of signature key generating algorithm output agent person Wherein,Indicating that weight signature key, g are the first generation member, function e is used to indicate bilinear operation,With In instruction bailee private key,It is used to indicate principal's private key.
For allograph equipment before generating signature again, terminal can generate label based on subscriber identity information on message M Name: message M=(m for example to be signed1,...,ml)∈{0,1}l, it is the l bit of message M, bailee IAPrivate key It enablesIt calculatesI ∈ [l] obtains the signature of message M to be signedWherein, Gn-1+iIndicate the (n-1)th+i groups,It indicates i-th of bailee The corresponding group element of bit, function e are used to indicate bilinear operation.
The signature sigma of message M to be signed is sent to allograph equipment by terminal, allograph equipment be based on by The signature and weight signature key of support person, generates agency and signs again.Specifically, bailee I is givenAFor wait sign The signature sigma of name message MA, weight signature keyThe signature again of allograph equipment generation MWherein, σBIndicate the signature again of M.
After allograph equipment generates signature again, signature again can be sent to terminal, whether terminal authentication signs again It is legal.Specifically, continuing with referring to Fig. 1, in the embodiment of the present invention, in step s 201, terminal can receive server transmission System parameter, system parameter includes first generating member, and first to generate member be server according to subscriber identity information and to be signed It is determined in the group that message generates, group includes at least two groups.In step S202, terminal can to first generate member into Row encryption, and the signature again that encrypted first generates the message to be signed that member and received allograph equipment generate is sent To authentication server, so that authentication server is based on the first counterweight signature of encrypted first generation and is verified.Specifically, terminal Can never including group's order P group of integers in randomly select an elementAnd calculate R=gr, generate character string VString=(r, R), i.e., encrypted first generates member.
(σ, R) is sent to authentication server by terminal, and authentication server receives (σ, R) and is based on VString, user identity letter Breath I and the signature of message to be signed verify (m, σ) counterweight signature.Authentication server calculates K1=e (σ, R), wherein letter Number e indicates to carry out bilinear operation, the validation value that K1 expression counterweight signature is verified.Authentication server is by K1It is sent to Terminal, so that terminal determines whether effectively to sign again.In step S203, terminal can receive authentication server counterweight signature Validation value, and judge whether the heavy signature is effective according to validation value.Specifically, terminal calculates the function of message and user identity H (I, M), specifically, K2=H (I, M)r, wherein r be never including group's order P group of integers in randomly select an elementK2For terminal counterweight signature validation value, if the terminal determine that K1=K2Then determining signature again is effective, otherwise, if K1≠K2, then can determine that signature is invalid again.
Due to terminal verifying sign again whether it is effective when, can by authentication server carry out a part operation, with Traditional proxy weight signature scheme, that is, terminal undertakes whole verifying operations and compares, and the operand of terminal reduces, and matches to terminal Setting requirement reduces, and also mitigates the burden of terminal, improves verification efficiency.
In conclusion agency's weight endorsement method provided in an embodiment of the present invention can be based on the bit length of message to be signed It is grown up to be a useful person with the bit length and security parameter of subscriber identity information by all living creatures and generates group, that is, at least two groups.Each Group includes that at least one generates member, then a generation member is selected from this at least two groups, i.e., first generates member, and raw by first Cheng Yuan is sent to terminal, so that terminal and the generation of allograph equipment are signed again.Since the first generation member is from according to wait sign One selected at least two groups that name message and subscriber identity information generate, compared to the prior art from a fixed group The inside selection, selectable range is wider, therefore, generates the weight signed in compared to the prior art again that member generates according to first The complexity of signature is just higher, to improve the safety signed again.
Equipment provided in an embodiment of the present invention is introduced with reference to the accompanying drawings of the specification.
Fig. 2 is referred to, based on the same inventive concept, one embodiment of the invention provides a kind of server, which can be with Including generation unit 201 and selecting unit 202.Wherein, generation unit is for supporting server to execute the step S101 in Fig. 1. Selecting unit is for supporting server to execute the step S102 in Fig. 1.Wherein, the institute for each step that above method embodiment is related to The function description of corresponding function module can be quoted by having related content, and details are not described herein.
Optionally, selecting unit is also used to:
After selection first generates member in group, L is chosen to element from the first group of integers, and according to L to element meter Calculate the first group element, wherein the value of L is identical as the value of the first parameter, the first group of integers be do not include group order integer Group;
N is chosen to element from the first group of integers, and the second group element is calculated to element according to N, wherein the value of N and second The value of parameter is identical;
Wherein, the first group element, the second group element and first generate member and sign again for terminal and the generation of allograph equipment Name.
Optionally, server further includes map unit 203, is used for:
After selection first generates member in group, the function H (I, M) of message and user identity is obtained, wherein I is used In instruction subscriber identity information, M is used to indicate message to be signed;
H (I, M) progress Bilinear Pairing is mapped into group, wherein H (I, M) after mapping generates member and the with first One group element and the second group element are generated for terminal and allograph equipment signs again:
As i ∈ { 2 ..., n },
As i ∈ { n+1 ..., n+l=k },
Wherein, n indicates the value of the first parameter, and l indicates the value of the second parameter,It is n-th of subscriber identity information I Corresponding second group element of bit, id1For n-th of bit of subscriber identity information I,For message to be signed Corresponding first group element of first of bit, mi-nFor first of bit of message to be signed.
Using integrated unit, Fig. 3 is referred to, based on the same inventive concept, one embodiment of the invention provides A kind of server, the server may include: at least one processor 301, and processor 301 is used to executing to be stored in memory The step of agency as shown in Figure 1 provided in an embodiment of the present invention weighs endorsement method is realized when computer program.
Optionally, processor 301 specifically can be central processing unit, application-specific integrated circuit (English: Application Specific Integrated Circuit, referred to as: ASIC), it can be one or more for controlling journey The integrated circuit that sequence executes.
Optionally, which further includes the memory 302 connecting at least one processor, and memory 302 can wrap Include read-only memory (English: Read Only Memory, abbreviation: ROM), random access memory (English: Random Access Memory, referred to as: RAM) and magnetic disk storage.The number required when being run for storage processor 301 of memory 302 According to being stored with the instruction that can be executed by least one processor 301, at least one processor 301 is by executing memory 302 The instruction of storage executes method as shown in Figure 1.Wherein, the quantity of memory 302 is one or more.Wherein, memory 302 show together in Fig. 3, but it is understood that memory 302 is not essential functional module, therefore with void in Fig. 3 Line is shown.
Wherein, entity device corresponding to generation unit 201, selecting unit 202 and map unit 203 may each be aforementioned Processor 301.The server can be used for executing method provided by embodiment shown in FIG. 1.Therefore about in the equipment The function that each functional module can be realized can refer to the corresponding description in embodiment shown in FIG. 1, seldom repeat.
Fig. 4 is referred to, based on the same inventive concept, one embodiment of the invention provides a kind of terminal device, the terminal device It may include receiving unit 401, encryption unit 402 and authentication unit 403.Wherein, receiving unit is for supporting terminal device to hold Step S201 in row Fig. 1.Encryption unit is for supporting terminal device to execute the step S202 in Fig. 1.Authentication unit is for branch It holds terminal device and executes step S203 in Fig. 1.Wherein, all related contents for each step that above method embodiment is related to are equal The function description of corresponding function module can be quoted, details are not described herein.
Using integrated unit, Fig. 5 is referred to, based on the same inventive concept, one embodiment of the invention provides A kind of terminal device, the terminal device may include: at least one processor 501, and processor 501 is deposited for executing in memory The step of agency as shown in Figure 1 provided in an embodiment of the present invention weighs endorsement method is realized when the computer program of storage.
Optionally, processor 501 specifically can be central processing unit, application-specific integrated circuit (English: Application Specific Integrated Circuit, referred to as: ASIC), it can be one or more for controlling journey The integrated circuit that sequence executes.
Optionally, which further includes the memory 502 connecting at least one processor, and memory 502 can be with Including read-only memory (English: Read Only Memory, abbreviation: ROM), random access memory (English: Random Access Memory, referred to as: RAM) and magnetic disk storage.The number required when being run for storage processor 501 of memory 502 According to being stored with the instruction that can be executed by least one processor 501, at least one processor 501 is by executing memory 502 The instruction of storage executes method as shown in Figure 1.Wherein, the quantity of memory 502 is one or more.Wherein, memory 502 show together in Fig. 5, but it is understood that memory 502 is not essential functional module, therefore with void in Fig. 5 Line is shown.
Wherein, entity device corresponding to receiving unit 401, encryption unit 402 and authentication unit 403 may each be aforementioned Processor 501.The server can be used for executing method provided by embodiment shown in FIG. 1.Therefore about in the equipment The function that each functional module can be realized can refer to the corresponding description in embodiment shown in FIG. 1, seldom repeat.
The embodiment of the present invention also provides a kind of computer storage medium, wherein computer storage medium is stored with computer Instruction, when computer instruction is run on computers, so that computer executes as the method for figure 1.
It is apparent to those skilled in the art that for convenience and simplicity of description, only with above-mentioned each function The division progress of module can according to need and for example, in practical application by above-mentioned function distribution by different function moulds Block is completed, i.e., the internal structure of device is divided into different functional modules, to complete all or part of function described above Energy.The specific work process of the system, apparatus, and unit of foregoing description, can be with reference to corresponding in preceding method embodiment Journey, details are not described herein.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the module or unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the application The all or part of the steps of embodiment the method.And storage medium above-mentioned includes: general serial bus USB (Universal Serial Bus flash disk), mobile hard disk, read-only memory (Read-Only Memory, ROM), Random access memory (Random Access Memory, RAM), magnetic or disk etc. be various to can store program code Medium.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (10)

1. a kind of act on behalf of the method signed again characterized by comprising
It is grown up to be a useful person using all living creatures and generates group, wherein the group includes at least two groups, inputs the parameter packet that all living creatures grows up to be a useful person Including security parameter, the first parameter and the second parameter, first parameter is used to indicate the bit length of message to be signed, and described Two parameters are used to indicate the bit length of subscriber identity information;
Selection first generates member from the group, and the first generation member is sent to terminal, wherein described first generates Member indicates the message to be signed and the subscriber identity information, so that the terminal and allograph equipment are based on first life It signs again at member generation, a group includes that at least one generates member.
2. the method as described in claim 1, which is characterized in that after selection first generates member in the group, also wrap It includes:
From the first group of integers choose L to element, and according to the L to element calculate the first group element, wherein the value of L with it is described The value of first parameter is identical, first group of integers be do not include the group order group of integers;
From first group of integers choose N to element, and according to the N to element calculate the second group element, wherein the value of N with The value of second parameter is identical;
Wherein, first group element, second group element and described first generate member and are used for the terminal and the agency Signature device generation is signed again.
3. method according to claim 2, which is characterized in that after selection first generates member in the group, also wrap It includes:
Obtain the function H (I, M) of message and user identity, wherein I is used to indicate the subscriber identity information, and M is used to indicate institute State message to be signed;
The H (I, M) progress Bilinear Pairing is mapped into the group, wherein H (I, M) after the mapping and described the One, which generates member and first group element and second group element, generates weight for the terminal and the allograph equipment Signature:
As i ∈ { 2 ..., n },
As i ∈ { n+1 ..., n+l=k },
Wherein, n indicates the value of first parameter, and l indicates the value of second parameter,For the subscriber identity information I Corresponding second group element of n-th of bit, id1For n-th of bit of the subscriber identity information I,For corresponding first group element of first of bit of the message to be signed, mi-nFor the message to be signed First of bit.
4. a kind of act on behalf of the method signed again characterized by comprising
The system parameter that server is sent is received, the system parameter includes the first generation member, and described first generates member to service It is determined in the group that device is generated according to subscriber identity information and message to be signed, the group includes at least two groups;
The first generation member is encrypted, and generates member and the life of received allograph equipment for encrypted described first At the signature again of the message to be signed be sent to authentication server so that the authentication server is based on encrypted first Member is generated to verify the heavy signature;
The authentication server is received to the validation value of the heavy signature, and whether the heavy signature is judged according to the validation value Effectively.
5. method as claimed in claim 4, which is characterized in that judge whether the heavy signature is effective according to the validation value, Include:
It is iterated calculating based on the function H (I, M) for calculating factor pair message to be signed and subscriber identity information, obtains result Value, wherein I is used to indicate the subscriber identity information, and M is used to indicate the message to be signed, and the calculating factor is never A randomly selected value in the group of integers of order including the group;
Compare the end value and the validation value, however, it is determined that the end value is identical as the validation value, it is determined that described heavy Signature is effective.
6. a kind of server characterized by comprising
Generation unit generates group for growing up to be a useful person using all living creatures, wherein the group includes at least two groups, inputs the group The parameter of generator includes security parameter, the first parameter and the second parameter, and first parameter is used to indicate message to be signed Bit length, second parameter are used to indicate the bit length of subscriber identity information;
Selecting unit is sent to terminal for the first generation of selection member from the group, and by the first generation member, In, described first, which generates member, indicates the message to be signed and the subscriber identity information, so that the terminal and allograph Equipment is based on the first generation member generation and signs again, and a group includes that at least one generates member.
7. a kind of server characterized by comprising
At least one processor, and
The memory being connect at least one described processor;
Wherein, the memory is stored with the instruction that can be executed by least one described processor, at least one described processor The method according to claim 1 is realized in instruction by executing the memory storage.
8. a kind of terminal device characterized by comprising
Receiving unit, for receiving the system parameter of server transmission, the system parameter includes that the first generation is first, and described first Generating member is server according to determining in the group of subscriber identity information and message to be signed generation, and the group includes at least Two groups;
Encryption unit, for being encrypted to the first generation member, and encrypted first generation is first and received The signature again for the message to be signed that allograph equipment generates is sent to authentication server, so that the authentication server base Member is generated in encrypted first to verify the heavy signature;
Authentication unit judges for receiving the authentication server to the validation value of the heavy signature, and according to the validation value Whether the heavy signature is effective.
9. a kind of terminal device characterized by comprising
At least one processor, and
The memory being connect at least one described processor;
Wherein, the memory is stored with the instruction that can be executed by least one described processor, at least one described processor Method as described in claim 4 or 5 is realized in instruction by executing the memory storage.
10. a kind of computer storage medium, is stored thereon with computer program, which is characterized in that the computer program is located It manages when device executes and realizes such as the described in any item methods of claim 1-8 or 9-10.
CN201810385018.6A 2018-04-26 2018-04-26 Proxy re-signing method, server and terminal equipment Active CN110417703B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810385018.6A CN110417703B (en) 2018-04-26 2018-04-26 Proxy re-signing method, server and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810385018.6A CN110417703B (en) 2018-04-26 2018-04-26 Proxy re-signing method, server and terminal equipment

Publications (2)

Publication Number Publication Date
CN110417703A true CN110417703A (en) 2019-11-05
CN110417703B CN110417703B (en) 2021-11-30

Family

ID=68345956

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810385018.6A Active CN110417703B (en) 2018-04-26 2018-04-26 Proxy re-signing method, server and terminal equipment

Country Status (1)

Country Link
CN (1) CN110417703B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102684885A (en) * 2012-05-25 2012-09-19 孙华 Identity-based threshold ring signature method
US20150230196A1 (en) * 2012-04-30 2015-08-13 Apple Inc. Extension of location status event
CN105049430A (en) * 2015-06-30 2015-11-11 河海大学 Ciphertext-policy attribute-based encryption method having efficient user revocation capability
CN105262587A (en) * 2015-10-30 2016-01-20 西安电子科技大学 Group key distribution method for machine-type communication based on proxy re-encryption
CN106209365A (en) * 2016-09-18 2016-12-07 西安电子科技大学 The method that Backup Data is heavily signed is utilized when user cancels under cloud environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150230196A1 (en) * 2012-04-30 2015-08-13 Apple Inc. Extension of location status event
CN102684885A (en) * 2012-05-25 2012-09-19 孙华 Identity-based threshold ring signature method
CN105049430A (en) * 2015-06-30 2015-11-11 河海大学 Ciphertext-policy attribute-based encryption method having efficient user revocation capability
CN105262587A (en) * 2015-10-30 2016-01-20 西安电子科技大学 Group key distribution method for machine-type communication based on proxy re-encryption
CN106209365A (en) * 2016-09-18 2016-12-07 西安电子科技大学 The method that Backup Data is heavily signed is utilized when user cancels under cloud environment

Also Published As

Publication number Publication date
CN110417703B (en) 2021-11-30

Similar Documents

Publication Publication Date Title
CN103765809B (en) The public key of implicit authentication
CN103733564B (en) Utilize the digital signature of implicit certificate chain
CN110351096A (en) Multi-signature method, signature center, medium and electronic equipment
US8745376B2 (en) Verifying implicit certificates and digital signatures
CN105162583B (en) A kind of single, single-stage and multistage key pair dispersing method and its system
CN108632248A (en) Data ciphering method, data query method, apparatus, equipment and storage medium
CN110365481A (en) The optimization of the close SM2 algorithm of state is accelerated to realize system and method
CN109272316B (en) Block implementing method and system based on block chain network
CN110069939A (en) Encryption data consistency desired result method, apparatus, computer equipment and storage medium
CN111597590B (en) Block chain-based data integrity quick inspection method
CN111342962B (en) Method and system for verifying ciphertext message range
CN111274594B (en) Block chain-based secure big data privacy protection sharing method
CN103718501B (en) Information processing device and method
CN104780052B (en) Network equipment group authentication method in a kind of software defined network
CN109067526A (en) Level public private key pair generation method and device
CN109167662A (en) A kind of seed generation method and its equipment
CN106790311A (en) Cloud Server stores integrality detection method and system
CN112152813B (en) Certificateless content extraction signcryption method supporting privacy protection
CN109903158A (en) The method that transaction amount is in some section is proved using zero knowledge probative agreement
CN103490897B (en) A kind of multivariable public key signature/checking system and signature/verification method
CN106209365A (en) The method that Backup Data is heavily signed is utilized when user cancels under cloud environment
CN109274504B (en) Multi-user big data storage sharing method and system based on cloud platform
CN101729250B (en) Verification method, equipment and system of increment provable data integrity (IPDI)
CN108494561B (en) Aggregation electronic signature method with fixed signature length
CN112785306B (en) Homomorphic encryption method and application system based on Paillier

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant