CN112069547B - Identity authentication method and system for supply chain responsibility main body - Google Patents
Identity authentication method and system for supply chain responsibility main body Download PDFInfo
- Publication number
- CN112069547B CN112069547B CN202010743844.0A CN202010743844A CN112069547B CN 112069547 B CN112069547 B CN 112069547B CN 202010743844 A CN202010743844 A CN 202010743844A CN 112069547 B CN112069547 B CN 112069547B
- Authority
- CN
- China
- Prior art keywords
- private key
- signature
- group
- user
- representing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000012795 verification Methods 0.000 claims abstract description 43
- 230000008569 process Effects 0.000 claims description 12
- 230000006870 function Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 229910052698 phosphorus Inorganic materials 0.000 claims description 8
- 239000000470 constituent Substances 0.000 claims description 4
- 125000004122 cyclic group Chemical group 0.000 claims description 4
- 229910052757 nitrogen Inorganic materials 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 210000001747 pupil Anatomy 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Entrepreneurship & Innovation (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Finance (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a method and a system for authenticating identity of a supply chain responsibility main body, comprising the following steps: generating a public-private key pair of the responsibility main body according to the identity of the responsibility main body and the user password, wherein the public-private key pair comprises a system main private key and a system main public key; generating a signature private key according to the system main private key and the user identifier; carrying out digital signature encryption on the user data of the responsible main body by using a signature private key to obtain signature data; and verifying the signature data by using the identity. According to the identity authentication method and system for the supply chain responsibility main body, provided by the embodiment of the invention, the user-set password is added when the system main private key and the signature private key are generated, and the signature is performed after double verification of the user identifier and the user password is needed when the signature is used, so that the safety of the main private key and the signature private key is improved, and the problems of inaccurate verification or user data leakage can be effectively prevented.
Description
Technical Field
The invention relates to the technical field of blockchain, in particular to a method and a system for identity authentication of a supply chain responsibility main body.
Background
The identity information in the agricultural product informatization traceability system is scattered in each system, each system needs to be registered by filling in the identity information by a user and is subjected to real-name authentication (KYC authentication for short), and the system needs to be set for a special person to audit and confirm the registered information, so that the time of the user is wasted, and the manpower, financial resources and material resources of a platform where the system is located are consumed. With the development of blockchain services, a secure digital identity authentication system needs to be established, so that users can use their own digital identities in different distributed applications of blockchains.
Digital Identity (DI) is also called a Digital identifier, and is information that can uniquely determine an identity of an entity. The digital identity should consist of information that cannot be repudiated by the entity, such as an identifiable name of the entity, an electronic mailbox, an identification card number, a telephone number, etc. Digital identity is also a code representation of real identity information by means of a digital identifier, responsible for connecting physical world physical objects and digital world objects. The next generation of internet is an era of full digital, and organizations, enterprises, individuals in the real world, and various commodities, even various equipment objects, and the like need to have identities in the digital world representing themselves in the digital world.
The digital identity may be represented using an identification code such as an organization code, a business universal credit code, a personal identification number, a cell phone number, an email address, a merchandise barcode, various types of codes, and the like. With the advent of the blockchain age, the use of unified digital identities became the basis for blockchain world data sharing and exchange.
However, when the identity of the agricultural product supply chain main body is authenticated at present, the problem of inconsistency between the physical identity and the digital identity of a visitor of the agricultural product supply chain node exists, and the authenticity of the responsible main body and the validity of information transmission cannot be effectively traced.
Disclosure of Invention
The embodiment of the invention provides a method and a system for authenticating identity of a supply chain responsibility main body, which are used for solving the defects of weak user data safety and confidentiality in the prior art and realizing a reasonable, efficient and safe method for authenticating identity of the supply chain responsibility main body on the basis of enhancing user data safety protection.
In a first aspect, an embodiment of the present invention provides a supply chain responsibility principal identity authentication method, which mainly includes: generating a public-private key pair of a responsibility main body according to the identity of the responsibility main body and a user password, wherein the public-private key pair comprises a system main private key and a system main public key; generating a signature private key according to the system main private key and the user identifier; carrying out digital signature encryption on the user data of the responsible main body by using a signature private key to obtain signature data; and verifying the signature data by using the identity.
Alternatively, the generating the public-private key pair of the responsible party according to the identity of the responsible party and the user password mainly includes: and carrying out one-time hash encryption on the identity of the responsible main body and the user password by utilizing a key generation center, generating a public-private key pair, and releasing a system main public key to a blockchain for disclosure.
Optionally, the generating the signature private key according to the system main private key and the user identifier mainly includes: and carrying out secondary hash encryption on the system main private key and the user identifier by using a key generation center to generate a signature private key.
Optionally, the digital signature encrypting the user data of the responsible party by using the signature private key to obtain signature data includes:
s31, calculating group G related to user data T G=e (P 1 ,P pub-8 ) The method comprises the steps of carrying out a first treatment on the surface of the Element g represents the intermediate encryption result; e represents the slave group G 1 ×G 2 To group G T Bilinear pair of G 1 And G 2 Represents the addition cycle group, G T For the multiplicative cyclic group, group G 1 、G 2 And G T Having the same order; p (P) 1 Representation group G 1 Is the generator, P pub-8 Representing a system master private key;
s32, generating follow-upThe number of machines r, r E [1, N-1]]The method comprises the steps of carrying out a first treatment on the surface of the r represents a random number selected within a predetermined range, and N represents a group G 1 、G 2 And G T Is the order of (2);
s33, calculating group G T W, w=g r Converting the data type of w into a bit string; w represents a constituent part of ciphertext;
s34, calculating a certificate H, h=h 2 (m||w, N); h represents a certificate, H 2 () Representing a secure hash function, M representing a bit string corresponding to user data, and symbol||representing an associative operational relationship;
s35, calculating a certificate l, l= (r-h) mod N; if l=0, returning to step S32; if l is not equal to 0, go to step S36;
s36, calculating group G 1 The element S, S= [ l ]]ds A ;ds A Representing a signature private key, [ l ]]ds A Represent l and ds A Performing dot multiplication operation;
and S37, acquiring the signature data K, K= (h, S).
Optionally, the verifying the signature data by using the identity identifier mainly includes:
let the signature data to be verified be represented as K ', K ' = (h ', S '), the bit string corresponding to the user data to be verified be represented as M ';
s41, checking whether h' E [1, N-1] is met; if not, the verification is not passed; if so, executing step S42;
s42, converting the data type of S 'into points on the elliptic curve, and checking S' ∈G 1 Whether or not to establish; if not, the verification is not passed; if so, executing step S43;
s43, calculating group G T G=e (P 1 ,P’ pub-8 );P’ pub-8 Representing a system master public key;
s44, calculating group G T Element t, t=g in (a) h ;
S45, calculating a certificate h 1 ,h 1 =H 1 (ID A ||hid,N);ID A Representing the identity of the user, and his represents the certificate id;H 1 () Representing a secure hash function;
s46, calculating group G 2 The element P, P= [ h ] 1 ]P 2 +P’ pub-s ;P 2 Representation group G 2 Is P' pub-s Representing a system master public key;
s47, calculating group G T U=e (S', P);
s48, calculating group G T The element w ', w ' =u·t in (b), converting the data type of w ' into a bit string; u and t respectively represent the components of the main private key of the system;
s49, calculating certificate h 2 =H 2 (M '| w', N), check h 2 Whether or not =h' holds; if so, the verification is passed; otherwise, the verification is not passed.
Optionally, the identity authentication method of the supply chain responsibility main body provided by the embodiment of the invention further includes: based on SM9 national secret algorithm, public-private key pair of the responsibility main body is generated according to identity mark of the responsibility main body and user password, and signature private key is generated according to system main private key and user mark.
Alternatively, the user identification may be: an identification constructed from an archive including information on business names, social unification credit codes, addresses, legal representatives, etc.
In a second aspect, an embodiment of the present invention further provides a supply chain responsibility principal identity authentication system, which mainly includes: public-private key generation unit, signature private key generation unit, encryption unit and verification unit, wherein: the public-private key generation unit is mainly used for generating a public-private key pair of the responsibility main body according to the identity of the responsibility main body and the user password, wherein the public-private key pair comprises a system main private key and a system main public key; the signature private key generation unit is mainly used for generating a signature private key according to the system main private key and the user identifier; the encryption unit is mainly used for carrying out digital signature encryption on the user data of the responsible main body by using a signature private key to obtain signature data; the verification unit is mainly used for verifying the signature data by using the identity.
In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of any one of the supply chain responsibility principal identity authentication methods described above when the program is executed.
In a fourth aspect, embodiments of the present invention also provide a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of a supply chain liability principal identity authentication method as described in any one of the above.
According to the identity authentication method and system for the supply chain responsibility main body, provided by the embodiment of the invention, the user-set password is added when the system main private key and the signature private key are generated, and the signature is performed after double verification of the user identifier and the user password is needed when the signature is used, so that the safety of the main private key and the signature private key is improved, and the problems of inaccurate verification or user data leakage can be effectively prevented.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a method for identity authentication of a supply chain responsible agent according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a connection flow of a supply chain responsibility principal identity authentication system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The embodiment of the invention provides a supply chain responsibility main body identity authentication method, as shown in fig. 1, which comprises the following steps:
step S1: generating a public-private key pair of a responsibility main body according to the identity of the responsibility main body and a user password, wherein the public-private key pair comprises a system main private key and a system main public key;
step S2: generating a signature private key according to the system main private key and the user identifier;
step S3: carrying out digital signature encryption on the user data of the responsible main body by utilizing the signature private key to obtain signature data;
step S3: and verifying the signature data by using the identity.
Step S1 can be regarded as a process of encrypting the identity of the responsible main body once by using a user password based on a blockchain technology; the identity of the responsible party can be information which is specific to the responsible party and used for carrying out identity identification, such as a mobile phone number, an identity card number, a traceability code, an enterprise unified credit code, an email address, a commodity bar code and the like of the responsible party. Generally, the identity marks and the person main body are in one-to-one correspondence, namely, the corresponding responsibility main body can be correspondingly obtained through any identity mark.
The blockchain algorithm for generating the public-private key pair of the responsible party can be an identification password method based on domestic SM2, SM3 or SM9, and the embodiment of the invention is not particularly limited. Specifically, this may be performed by a key generation center (key generation center, KGC) of the blockchain. The KGC is a trusted mechanism system which is responsible for selecting system parameters, generating a master key and generating a user private key, when the system private key is used for digital identity generation, the system master key is a key at the top layer of the identification password key hierarchical structure and mainly comprises a system master private key and a system master public key, wherein the system master public key is used for being published to a blockchain, and the system master private key is encrypted by the KGC and then is handed to a user for secret storage. In the identification password, the system main private key is generated by KGC through a random number generator, and the system main public key is generated by combining the system main private key with system parameters.
It should be noted that: when the system main private key is generated, the user password is added, the identity and the password are used for generating the system main private key and the system main public key, the system main private key and the system main public key are secret and signature, and the system main private key and the system main public key dynamically change along with encryption time and times, so that the main private key is ensured to have the attribute set by the user, and the safety of the main private key is improved.
In step S2, after the public-private key pair is generated, the identity authentication method of the supply chain responsibility main body provided by the embodiment of the invention further performs secondary encryption on the system main private key, and in the encryption process, besides adding the user password, the system main private key can be further combined with the user identification so as to solve the problem of inconsistency between the physical identity and the digital identity of the agricultural product supply chain link point user, thereby ensuring that the physical identity of the user corresponds to the digital identity. The user identifier is identification information uniquely corresponding to each user, for example: fingerprint information, pupil information, signature information, stamp information, etc., the embodiment of the present invention is not particularly limited. The signature private key is generated by utilizing the system main private key and the user identifier in a secret-one-sign mode and is dynamically changed, so that the authenticity and the credibility of the digital identity can be ensured.
Step S3 may be regarded as a step of digitally signing the user data using the 2-time encrypted private key constructed in the previous step, i.e., the signature private key. Because the signature private key used in the step simultaneously contains the user password, the identity identification information and the user identification information, the security and the privacy of the user data are effectively improved on the basis of ensuring the one-to-one correspondence between the digital signature and the user identity.
Step S4 may be regarded as a step of verifying the encrypted user data. In the verification process, the signature data can be verified by only using the identification as the basis of digital identification, digital signature and digital verification in the Internet of things, and the verification steps are simplified on the premise of ensuring the verification accuracy.
According to the identity authentication method for the supply chain responsibility main body, provided by the embodiment of the invention, the user-set password is added when the system main private key and the signature private key are generated, and the signature is performed after double verification of the user identifier and the user password is needed when the signature is used, so that the safety of the main private key and the signature private key is improved, and the problems of inaccurate verification or user data leakage can be effectively prevented.
Based on the foregoing embodiment, as an optional embodiment, the generating the public-private key pair of the responsible party according to the identity of the responsible party and the user password may include: and carrying out one-time hash encryption on the identity of the responsible main body and the user password by utilizing a key generation center, generating a public-private key pair, and releasing a system main public key to a blockchain for disclosure.
Specifically, the whole steps can be divided into two aspects of hashing and encryption, wherein hashing (Hash) is the conversion of target text (i.e., text corresponding to an identity and a user password) into an irreversible Hash string (or called a message digest) of the same length; encryption (Encrypt) is the conversion of target text into a reversible ciphertext of a different length. The encryption algorithm in the present invention may be based on the secret SM2, SM3 or SM9, and the embodiment of the present invention is not specifically limited.
The identity authentication method of the supply chain responsibility main body combines the user password on the basis of the traditional encryption of the responsibility main body based on SM2, SM3 or SM9 and the like, and further ensures the safety of the user data.
Based on the content of the foregoing embodiment, as an optional embodiment, the generating a signature private key according to the system main private key and the user identifier may include: and carrying out secondary hash encryption on the system main private key and the user identifier by using a key generation center to generate a signature private key.
Specifically, in the embodiment of the invention, the system main private key is secondarily encrypted through KGC, and the secondarily encrypted system main private key is combined with the user identifier, so that the secondarily encrypted signature private key not only contains the password information set by the user and the identity information of the user, but also contains the identity information of the user, and the problems of inaccurate verification or leakage of user data are effectively prevented on the basis of providing enough security and confidentiality for the user data.
Optionally, in the process of secondary encryption, another user password can be set, and the security of the data is further enhanced by adopting multi-layer password protection.
Based on the content of the foregoing embodiment, as an optional embodiment, the step of performing digital signature encryption on the user data of the responsible party by using the signature private key to obtain signature data may include the following steps:
s31, calculating group G related to user data T G=e (P 1 ,P pub-8 ) The method comprises the steps of carrying out a first treatment on the surface of the Element g represents the intermediate encryption result; e represents the slave group G 1 ×G 2 To group G T Bilinear pair of G 1 And G 2 Represents the addition cycle group, G T For the multiplicative cyclic group, group G 1 、G 2 And G T Having the same order; p (P) 1 Representation group G 1 Is the generator, P pub-8 Representing a system master private key;
s32, generating a random number r, r E [1, N-1]]The method comprises the steps of carrying out a first treatment on the surface of the r represents a random number selected within a predetermined range, and N represents a group G 1 、G 2 And G T Is the order of (2);
s33, calculating group G T W, w=g r Converting the data type of w into a bit string; w represents a constituent part of ciphertext;
s34, calculating a certificate H, h=h 2 (m||w, N); h represents a certificate, H 2 () Representing a secure hash function, M representing a bit string corresponding to user data, and symbol||representing an associative operational relationship;
s35, calculating a certificate l, l= (r-h) mod N; if l=0, returning to step S32; if l is not equal to 0, go to step S36;
s36, calculating group G 1 The element S, S= [ l ]]ds A ;ds A Representing a signature private key, [ l ]]ds A Represent l and ds A Performing dot multiplication operation;
and S37, acquiring the signature data K, K= (h, S).
Based on the content of the foregoing embodiment, as an optional embodiment, the verifying the signature data with the identity may include the following steps:
for convenience of description, let the signature data to be verified be represented as K ', K ' = (h ', S '), and the bit string corresponding to the user data to be verified be represented as M ';
s41, checking whether h' E [1, N-1] is met; if not, the verification is not passed; if so, executing step S42;
s42, converting the data type of S 'into points on the elliptic curve, and checking S' ∈G 1 Whether or not to establish; if not, the verification is not passed; if so, executing step S43;
s43, calculating group G T G=e (P 1 ,P’ pub-8 );P’ pub-8 Representing a system master public key;
s44, calculating group G T Element t, t=g in (a) h ;
S45, calculating a certificate h 1 ,h 1 =H 1 (ID A ||hid,N);ID A Representing the identity of the user, and hid representing the certificate id; h 1 () Representing a secure hash function;
s46, calculating group G 2 The element P, P= [ h ] 1 ]P 2 +P’ pub-s ;P 2 Representation group G 2 Is P' pub-s Representing a system master public key;
s47, calculating group G T U=e (S', P);
s48, calculating group G T The element w ', w ' =u·t in (b), converting the data type of w ' into a bit string; u, t represent the system respectivelyA component of the master private key;
s49, calculating certificate h 2 =H 2 (M '| w', N), check h 2 Whether or not =h' holds; if so, the verification is passed; otherwise, the verification is not passed.
It should be noted that, the identity authentication method of the supply chain responsibility main body provided by the embodiment of the invention is a digital signature algorithm based on the identification and realized by adopting elliptic curve pairs, a signer of the algorithm holds an identification and a corresponding signature private key, and the signature private key is generated by a key generation center through the combination of a system main private key and a user identification of the signer. The signer uses the private key to generate a digital signature for the data, and the verifier uses the user identification of the signer to verify the authenticity of the signature.
Further, in the identity authentication method of the supply chain responsibility main body provided by the embodiment of the invention, before the generation and verification processes of the signature, the message M to be signed and the message M' to be verified are compressed by using a password hash function.
Based on the foregoing embodiment, as an optional embodiment, the supply chain responsibility principal identity authentication method provided by the embodiment of the present invention further includes: based on SM9 national secret algorithm, public-private key pair of the responsibility main body is generated according to identity mark of the responsibility main body and user password, and signature private key is generated according to system main private key and user mark.
The user identifier may be an identifier constructed from a file including information such as a business name, social uniform credit code, address, legal representative, and the like.
In order to more clearly illustrate the implementation steps of the identity authentication method of the supply chain responsibility main body provided by the embodiment of the invention, in order to solve the problem of inconsistency between the physical identity and the digital identity of the supply chain main body in the agricultural product supply chain tracing, thereby ensuring that the physical identity of an operator corresponds to the digital identity, when each tracing main body of the agricultural product supply chain registers on a blockchain, a file comprising information such as enterprise name, social unified credit code, address, legal person representative and the like is created. In the following, a specific application of the embodiment of the present invention will be described with a mobile phone number of a registrant as a user identifier, including, but not limited to, the following steps:
step 1: method for generating signature private key
signPrivateKey=kgc.genPrivateKey(signMasterKeyPair.getPrivateKey(),id_A,userPasswd,PrivateKeyType.KEY_SIGN);
Wherein, the signPrivateKey: signing the private key;
kgc.genprivatekey (): KGC generates a private key method;
sign motorkeypair, getprivatekey (): the signature key pair obtains a system private key;
id_a: an identification, such as 13988888888;
userPasswd: user password, default to 123456;
PrivateKeyType: private key type
Key_sign: signing the private key;
step 2: signature method
sm9.sign(signMasterKeyPair.getPublicKey(),signPrivateKey,M.getBytes());
Wherein sm9.Sign (): sm9signature method;
sign playerkeypair, getpublickey (): the signature key pair obtains a public key;
sign privatekey: signing the private key;
getbytes (): acquiring byte stream of information M needing signature;
step 3: signature verification method
sm9.verify(signMasterKeyPair.getPublicKey(),id_A,M.getBytes(),signature));
Wherein sm9.Verify (): sm9 verifies the signature method;
sign playerkeypair, getpublickey (): the signature key pair obtains a public key;
id_a: an identification, such as 13988888888;
getbytes (): acquiring byte stream by the information M needing signature verification;
signature: signature name throttling.
The steps are concretely realized as follows:
(1) Parameters of SM9 (SM 9 cutoff parameters) were selected as follows:
equation parameter b:05
Curve parameter t:60000000 0058F98A
Base domain feature q: b6400000 02A3A6F1 D603AB4F F58EC745 21F2934B 1A7AEEDB E56F9B27 E351457D
The order of the group N: b6400000 02A3A6F1 D603AB4F F58EC744 49F2934B 18EA8BEE E56EE19C D69ECF25
Beta:B6400000 02A3A6F1 D603AB4F F58EC745 21F2934B 1A7AEEDB E56F9B27 E351457B
alpha0:00
alpha1:B6400000 02A3A6F1 D603AB4F F58EC745 21F2934B 1A7AEEDB E56F9B27 E351457C
Group G1 generator P1:
93DE051D 62BF718F F5ED0704 487D01D6 E1E40869 09DC3280 E8C4E481 7C66DDDD
21FE8DDA 4F21E607 63106512 5C395BBC 1C1C00CB FA602435 0C464CD7 0A3EA616
group G2 generator P2:
85AEF3D0 78640C98 597B6027 B441A01F F1DD2C19 0F5E93C4 54806C11 D8806141
37227552 92130B08 D2AAB97F D34EC120 EE265948 D19C17AB F9B7213B AF82D65B
17509B09 2E845C12 66BA0D26 2CBEE6ED 0736A96F A347C8BD 856DC76B 84EBEB96
A7CF28D5 19BE3DA6 5F317015 3D278FF2 47EFBA98 A71A0811 6215BBA5 C999A7C7
(2) The SM9 signing process is as follows:
signature master key and user signature private key generation process:
sm9 master private key:
85D5C452 624E6220 90A331D2 512BF750 F32A90EC F766A8A9 845E78C0 CB6801E6
signing master public key Ppub-s:
sm9 master public key:
B26709A8 A3588E68 5972B6CF 56C739C5 4A79E221 0E6C9554 93C39F0F C1316753
4729FA93 1009D8BC 7140987B B6E8D2CC 170AD6DC E6022A85 5FDDF385 EE1CE9B8
80A48294 96BA8AC0 FA7FF1A6 E9F09452 EE650718 E2D9BDB0 49EA3358 803A9E35
6F80A6A6 B9934ADA 9627E1F1 8B214BD6 27517203 88951DA8 83856CA2 1470478C
identity IDA of entity a:13988888888
16-ary representation of ID A: 31333938 38383838 383838
User passwd 123456
16-ary representation of user passwd: 31323334 3536
Signature private key ds_a:
SM9 private key:
64A7A691 C0632A27 0E960674 5E950262 63359A44 C1AADEF7 48C112E8 255BEA85
B11ADCC6 02FD0F7E CC26FCF7 766B8DF1 D7A99A5D AB832A22 C71FC39D 222E1ACE
message M to be signed: "xlimited";
16 th order of M:
2A2AE69C 89E99990 E585ACE5 8FB8
A1:g=e(P1,Ppub-8)
a2: a random number r is generated and the random number r,
r=38463060478428560599688230304478404988338972700287671339516099073105502341613
A3:
w=[{x=25387407373577958128899537310510008106354296005288647593086786187779936494859,y=42689362163765392019091490002214494810671461627578390713146323229168452848078},
{x=39415410162262081548810966583637685570166404065576895886670655633049190747484,y=70143232134186640604394127098974540869178111263857364733016713409743389857872},
{x=40169016787753967686757293302447837021910497646059611771776930911049585987223,y=66409378642797489295186618554808979853838480827041913054783705834346139350886},
{x=29552723778864333757431552505862979469317059194030112118279102984868205513244,y=70270695051809392853612038836930468605767556256171923855264429729184936438930},
{x=77485204898453876845476007006929315905112531952154204079958743757480080133829,y=39831832785598908049173102649863610020865314294014422562854832309433818364089},
{x=81733983860896289520629489466185085659716647413422286199478502932331605258183,y=59820506918996338469936777769306187206009675201189565195451147683401588547802},]
A4:
h=5684319719326081095363488123625747275228985117062758645981298586619206522474
A5:
l=32778740759102479504324742180852657713109987583224912693534800486486295819139
A6:
s=42750716135002385234333160167459259417304341990806279140603252710584027288800,62326983540172281363013405571170190930565274372882444592220667151351682923762,0
A7:
h=5684319719326081095363488123625747275228985117062758645981298586619206522474
the signature of message M is (h, s): sm9signature:
h:0C913600 A76B4BF5 742F809F 40A305F7 0ECB0F28 EEBAAE88 98631A91 3DD1566A
s:5E840C40 57A9623D EBFD719C 42A80612 A7C3508C 452A7117 58BAF0C3 5EF994E0
89CBD293 028FD183 9B64DE2C 8E082A3C ADF65BBD B57279C7 FEA638F8 D86B7CF2
(3) The verification process is as follows:
b1 inspection of
h=56843197193815363481236257475228985110757587262985866192062474in [1, 824016654578434644304531045962960019-845 1431873730126272376717 ] whether or not it is true = true
B2: checking s2=true
B3:
G2=[{x=64270714525897213109976348658049162635611633464661501967467429514136259912038,y=7198933611403195494201844805727580599447136643211639368240224616690082697798},
{x=30542872938684341831572435760632268803848589464974587641808957363322247896028,y=70937393089228396994956748080764821105850249530366224304002055586102239391039},
{x=20893915644960652402727915126718410527017015990402852044587531822263893999191,y=24205433299081466643779386265960744913957040935941340759824201725943050866748},
{x=19115750410636842124886811823688111861744651529959974577554822522227818493810,y=9272787359247622645006675073285109721329542513716549877906499732354512285015},
{x=1463487778251251096036683988654861361187802949473946927010136190068736682232,y=62772827100998371456557207674727811442861965890217936278246713378653734992335},
{x=22860290645784724137498543031120676906887744361672612081600872326053349310277,y=15128902679593305958397014788450608278693066043256596795522394403396230705399},]
B4:
t=[{x=62144650951401636982696604912456979487261096560151434351238080578400841105940,y=8529849690266475148618504134395031604689629513703720334621651352985301619488},
{x=10337235488848171511204660805848448646242699943495391674465396001582104925338,y=63126627891429220567414992481354352083255980905022326324581788925106522479519},
{x=11111012966485206295664899268978519736347715501907754194407050632763282507303,y=33322778810983061842251918419569416204892158550528046413102359568235450647603}
{x=49354865534096654804410479841937826249959872768620208228354631603366940842194,y=50316584971276021151278262155477418860452443358156364694524359089801825426589}
{x=13426175445859155243369654124347779814265213773806439274881773759045323978081,y=18905225374638483307382241108366990676000093545432999225735547446555968080295}
{x=44884960495267794487568389686907532663979022092363585511691781778840921769798,y=21345562295621116108998638141542715733592536223093717574521704716679718858007}]。
B5:
h1=17747406270443163816538606729558334745986233638126423354797579868520096643064
B6:
P={x=20932823011935154144938787058169896994396671993155680136601491536962762835022,y=77238125973535556104201825990222313058931530462549924281874697199199442171550},{x=77686904348712971335785515411529252564005416194884699224489368102111309695122,y=57487846061866216313652706058355910770914281150977951454377955724771163349954},0
B7:
u=[{x=13844631013881838922959162113323859777944389820011841199076682808323358555087,y=61617086794026133545112892283754575962795429111588643334851124605802448285659},
{x=68283407124097367194678109867501777523005153016828271006978850700968360380464,y=30477861310634336326503105420404219890245256057922862417942766697943931289150},
{x=1825444314893073161949387977187769254744139222408986148946750593211768025449,y=12320743182806721627515424258933253387290570744805664680682971301620434901961},
{x=411268636388269395921672003756978951993245809081019153346552008019176936331,y=61571293667263499238202200894808137369118889224610980803474053092657245039344},
{x=17723399229627305093643822899594448170526308417815203456264949796368872016472,y=7835952639063379601604530078963415993842622435162714744535475519936410246416},
{x=12126549737973630771460196238386283890987092000469626928408395733269705620771,y=38828005045470939350052798939212628940513985750430418804177573271650835257347}],
B8:
w2=[{x=25387407373577958128899537310510008106354296005288647593086786187779936494859,y=42689362163765392019091490002214494810671461627578390713146323229168452848078},
{x=39415410162262081548810966583637685570166404065576895886670655633049190747484,y=70143232134186640604394127098974540869178111263857364733016713409743389857872},
{x=40169016787753967686757293302447837021910497646059611771776930911049585987223,y=66409378642797489295186618554808979853838480827041913054783705834346139350886},
{x=29552723778864333757431552505862979469317059194030112118279102984868205513244,y=70270695051809392853612038836930468605767556256171923855264429729184936438930},
{x=77485204898453876845476007006929315905112531952154204079958743757480080133829,y=39831832785598908049173102649863610020865314294014422562854832309433818364089},
{x=81733983860896289520629489466185085659716647413422286199478502932331605258183,y=59820506918996338469936777769306187206009675201189565195451147683401588547802}];
B9:
h2=5684319719326081095363488123625747275228985117062758645981298586619206522474
0C913600 A76B4BF5 742F809F 40A305F7 0ECB0F28 EEBAAE88 98631A91 3DD1566A
Verification result: h=h2 verify OK.
The embodiment of the invention also provides a supply chain responsibility main body identity authentication system, as shown in fig. 2, mainly comprising: a public-private key generation unit 11, a signature private key generation unit 21, an encryption unit 31, and a verification unit 41. The public-private key generation unit 11 is configured to generate a public-private key pair of a responsible body according to an identity of the responsible body and a user password, where the public-private key pair includes a system master private key and a system master public key; the signature private key generation unit is used for generating a signature private key according to the system main private key and the user identifier; the encryption unit is used for carrying out digital signature encryption on the user data of the responsible main body by utilizing the signature private key to obtain signature data; the verification unit is used for verifying the signature data by using the identity.
Specifically, in the identity authentication system for the responsible main body of the supply chain provided by the embodiment of the invention, firstly, the public-private key generation unit 11 is utilized to encrypt the identity of the responsible main body once, so as to obtain the main private key of the system and the main public key of the system, and the user password is fused in the primary encryption process, so that the encryption security is effectively improved. Then, the system main private key is secondarily encrypted by the signature private key generation unit 21, and the signature private key of the user is acquired. In the process, the user identification is fused, so that the signature private key has the attribute set by the user, the security of the main private key is improved, and the correspondence between the digital signature and the user identity is realized. Further, the user data is signed by the encryption unit 31 using the signature private key, thereby realizing the digitization of the signature. Finally, verification of the signature data can be achieved by the verification unit 41 using the identity of the responsible party.
Furthermore, the identity authentication system of the supply chain responsibility main body provided by the embodiment of the invention can be added with the password set by the user in specific application, is better than SM2, SM3 and SM9, and is suitable for the current use habit.
Furthermore, the identity authentication system of the supply chain responsibility main body provided by the embodiment of the invention can be applied to related equipment and software, and meanwhile, the system can be widely used for marking as the basis of digital identity recognition, digital signature and digital verification in the Internet of things.
Further, the identity authentication system of the supply chain responsibility main body provided by the embodiment of the invention can be preset in a security, a device and a mobile phone APP, and can also be realized by adopting a computer system.
Further, the identity authentication system of the supply chain responsibility main body provided by the embodiment of the invention can be widely applied to the digital world and is not limited to the Internet of things, block chains, big data and the like.
The identity authentication system of the supply chain responsibility main body adds the user-set password when generating the system main private key and the signature private key, and the user identification and the user password are required to be subjected to double verification and then to signature when the signature is used, so that the safety of the main private key and the signature private key is improved, and the problems of inaccurate verification or user data leakage can be effectively prevented.
It should be noted that, when the identity authentication system of the supply chain responsibility main body provided in the embodiment of the present invention is specifically executed, the identity authentication system of the supply chain responsibility main body may be implemented based on the identity authentication method of the supply chain responsibility main body described in any one of the above embodiments, and the description of this embodiment is omitted.
Fig. 3 illustrates a physical schematic diagram of an electronic device, as shown in fig. 3, where the electronic device may include: processor 310, communication interface (Communications Interface) 320, memory 330 and communication bus 340, wherein processor 310, communication interface 320, memory 330 accomplish communication with each other through communication bus 340. The processor 310 may invoke logic instructions in the memory 330 to perform a supply chain responsibility principal identity authentication method including: generating a public-private key pair of the responsibility main body according to the identity of the responsibility main body and the user password, wherein the public-private key pair comprises a system main private key and a system main public key; generating a signature private key according to the system main private key and the user identifier; carrying out digital signature encryption on the user data of the responsible main body by using a signature private key to obtain signature data; and verifying the signature data by using the identity.
Further, the logic instructions in the memory 330 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, embodiments of the present invention also provide a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the supply chain responsibility principal identity authentication method provided by the above-described method embodiments, the method comprising: generating a public-private key pair of the responsibility main body according to the identity of the responsibility main body and the user password, wherein the public-private key pair comprises a system main private key and a system main public key; generating a signature private key according to the system main private key and the user identifier; carrying out digital signature encryption on the user data of the responsible main body by using a signature private key to obtain signature data; and verifying the signature data by using the identity.
In yet another aspect, embodiments of the present invention further provide a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the method of supply chain responsibility principal identity authentication provided by the above embodiments, the method comprising: generating a public-private key pair of the responsibility main body according to the identity of the responsibility main body and the user password, wherein the public-private key pair comprises a system main private key and a system main public key; generating a signature private key according to the system main private key and the user identifier; carrying out digital signature encryption on the user data of the responsible main body by using a signature private key to obtain signature data; and verifying the signature data by using the identity.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A supply chain liability principal identity authentication method, comprising:
generating a public-private key pair of a responsibility main body according to the identity of the responsibility main body and a user password, wherein the public-private key pair comprises a system main private key and a system main public key;
generating a signature private key according to the system main private key and the user identifier;
carrying out digital signature encryption on the user data of the responsible main body by utilizing the signature private key to obtain signature data;
verifying the signature data by using the identity;
the step of using the signature private key to carry out digital signature encryption on the user data of the responsible main body to obtain signature data comprises the following steps:
s31, calculating group G related to user data T G=e (P 1 ,P pub-8 ) The method comprises the steps of carrying out a first treatment on the surface of the Element g represents the intermediate encryption result; e represents the slave group G 1 ×G 2 To group G T Bilinear pair of G 1 And G 2 Represents the addition cycle group, G T For the multiplicative cyclic group, group G 1 、G 2 And G T Having the same order; p (P) 1 Representation group G 1 Is the generator, P pub-8 Representing a system master private key;
s32, generating a random number r, r E [1, N-1]]The method comprises the steps of carrying out a first treatment on the surface of the r represents a random number selected within a predetermined range, and N represents a group G 1 、G 2 And G T Is the order of (2);
s33, calculating group G T W, w=g r Converting the data type of w into a bit string; w represents a constituent part of ciphertext;
s34, calculating a certificate H, h=h 2 (m||w, N); h represents a certificate, H 2 () Representing a secure hash function, M representing a bit string corresponding to user data, and symbol||representing an associative operational relationship;
s35, calculating a certificatel,l= (r-h) mod N; if it islIf=0, the process returns to step S32; if it islNot equal to 0, go to step S36;
s36, calculating group G 1 Element S, s= [l]ds A ;ds A Representing a signature private key [l] ds A Representing the presentation to belAnd ds A Performing dot multiplication operation;
s37, acquiring the signature data K, K= (h, S);
the verifying the signature data by using the identity mark comprises the following steps:
let the signature data to be verified be represented as K ', K ' = (h ', S '), the bit string corresponding to the user data to be verified be represented as M ';
s41, checking whether h' -epsilon [1, N-1] is true; if not, the verification is not passed; if so, executing step S42;
s42, converting the data type of the S 'into points on an elliptic curve, and checking the S' E G 1 Whether or not to establish; if not, the verification is not passed; if so, executing step S43;
s43, calculating group G T G=e (P 1 ,P’ pub-8 );P’ pub-8 Representing a system master public key;
s44, calculating group G T Element t, t=g in (a) h ;
S45, calculating a certificate h 1 ,h 1 =H 1 (ID A ||hid,N);ID A Representing the identity of the user, and hid representing the certificate id; h 1 () Representing a secure hash function;
s46, calculating group G 2 The element P, P= [ h ] 1 ]P 2 +P’ pub-s ;P 2 Representation group G 2 Is P' pub-s Representing a system master public key;
s47, calculating group G T U=e (S', P);
s48, calculating group G T The element w ', w ' =u·t in (b), converting the data type of w ' into a bit string; u and t respectively represent the components of the main private key of the system;
s49, calculating certificate h 2 =H 2 (M '| w', N), check h 2 Whether or not =h' holds; if so, the verification is passed; otherwise, the verification is not passed.
2. The supply chain liability principal identity authentication method according to claim 1, wherein the generating a public-private key pair of the liability principal from an identity of the liability principal and a user password includes:
and carrying out one-time hash encryption on the identity of the responsible main body and the user password by utilizing a key generation center, generating the public-private key pair, and releasing the system main public key to a blockchain for disclosure.
3. The supply chain liability principal identity authentication method according to claim 1, wherein the generating a signature private key from the system master private key and a user identification includes:
and performing secondary hash encryption on the system main private key and the user identifier by using a key generation center to generate the signature private key.
4. The supply chain liability principal identity authentication method of claim 1, further comprising:
based on a national secret SM9 algorithm, a public-private key pair of a responsibility main body is generated according to the identity of the responsibility main body and a user password, and a signature private key is generated according to the system main private key and the user identifier.
5. The supply chain liability principal identity authentication method according to claim 1, wherein the user identification is: an identification constructed from a profile including business name, social unifying credit code, address, legal representative information.
6. A supply chain liability principal identity authentication system, comprising: the public-private key generation unit, the signature private key generation unit, the encryption unit and the verification unit;
the public-private key generation unit is used for generating a public-private key pair of the responsibility main body according to the identity of the responsibility main body and the user password, wherein the public-private key pair comprises a system main private key and a system main public key;
the signature private key generation unit is used for generating a signature private key according to the system main private key and the user identifier;
the encryption unit is used for carrying out digital signature encryption on the user data of the responsibility main body by utilizing the signature private key to obtain signature data;
the verification unit is used for verifying the signature data by using the identity;
the step of performing digital signature encryption on the user data of the responsible main body by using the signature private key to obtain signature data comprises the following steps:
s31, calculating group G related to user data T G=e (P 1 ,P pub-8 ) The method comprises the steps of carrying out a first treatment on the surface of the Element g represents the intermediate encryption result; e represents the slave group G 1 ×G 2 To group G T Bilinear pair of G 1 And G 2 Represents the addition cycle group, G T For the multiplicative cyclic group, group G 1 、G 2 And G T Having the same order; p (P) 1 Representation group G 1 Is the generator, P pub-8 Representing a system master private key;
s32, generating a random number r, r E [1, N-1]]The method comprises the steps of carrying out a first treatment on the surface of the r represents a random number selected within a predetermined range, and N represents a group G 1 、G 2 And G T Is the order of (2);
s33, calculating group G T W, w=g r Converting the data type of w into a bit string; w represents a constituent part of ciphertext;
s34, calculating a certificate H, h=h 2 (m||w, N); h represents a certificate, H 2 () Representing a secure hash function, M representing a bit string corresponding to user data, and symbol||representing an associative operational relationship;
s35, calculating a certificatel,l= (r-h) mod N; if it islIf=0, the process returns to step S32; if it islNot equal to 0, go to step S36;
s36, calculating group G 1 Element S, s= [l]ds A ;ds A Representing a signature private key [l] ds A Representing the presentation to belAnd ds A Performing dot multiplication operation;
s37, acquiring the signature data K, K= (h, S);
the verifying the signature data by using the identity mark comprises the following steps:
let the signature data to be verified be represented as K ', K ' = (h ', S '), the bit string corresponding to the user data to be verified be represented as M ';
s41, checking whether h' -epsilon [1, N-1] is true; if not, the verification is not passed; if so, executing step S42;
s42, converting the data type of the S 'into points on an elliptic curve, and checking the S' E G 1 Whether or not to establish; if not, the verification is not passed; if so, executing step S43;
s43, calculating group G T G=e (P 1 ,P’ pub-8 );P’ pub-8 Representing a system master public key;
s44, calculating group G T Element t, t=g in (a) h ;
S45, calculating a certificate h 1 ,h 1 =H 1 (ID A ||hid,N);ID A Representing the identity of the user, and hid representing the certificate id; h 1 () Representing a secure hash function;
s46, calculating group G 2 The element P, P= [ h ] 1 ]P 2 +P’ pub-s ;P 2 Representation group G 2 Is P' pub-s Representing a system master public key;
s47, calculating group G T U=e (S', P);
s48, calculating group G T The element w ', w ' =u·t in (b), converting the data type of w ' into a bit string; u and t respectively represent the components of the main private key of the system;
s49, calculating certificate h 2 =H 2 (M '| w', N), check h 2 Whether or not =h' holds; if so, the verification is passed; otherwise, the verification is not passed.
7. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor performs the steps of the supply chain liability principal identity authentication method according to any one of claims 1 to 5.
8. A computer readable storage medium having stored thereon a computer program, which when executed by a processor performs the steps of the supply chain liability principal identity authentication method according to any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010743844.0A CN112069547B (en) | 2020-07-29 | 2020-07-29 | Identity authentication method and system for supply chain responsibility main body |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010743844.0A CN112069547B (en) | 2020-07-29 | 2020-07-29 | Identity authentication method and system for supply chain responsibility main body |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112069547A CN112069547A (en) | 2020-12-11 |
| CN112069547B true CN112069547B (en) | 2023-12-08 |
Family
ID=73656726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010743844.0A Active CN112069547B (en) | 2020-07-29 | 2020-07-29 | Identity authentication method and system for supply chain responsibility main body |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112069547B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112712357A (en) * | 2020-12-30 | 2021-04-27 | 普华云创科技(北京)有限公司 | Multi-mechanism multi-chain multi-currency multi-account private key management method and system |
| CN112699394B (en) * | 2021-01-13 | 2022-11-25 | 北卡科技有限公司 | SM9 algorithm-based key application method |
| CN112966291A (en) * | 2021-04-13 | 2021-06-15 | 宁波和利时信息安全研究院有限公司 | Identity management method, industrial control system and storage medium |
| CN113032814B (en) * | 2021-04-28 | 2022-06-24 | 华南理工大学 | Internet of things data management method and system |
| CN115412250B (en) * | 2021-05-28 | 2024-05-10 | 浪潮卓数大数据产业发展有限公司 | SM9 key generation center authentication method, device, equipment and medium |
| CN114499883A (en) * | 2022-02-09 | 2022-05-13 | 浪潮云信息技术股份公司 | Cross-organization identity authentication method and system based on block chain and SM9 algorithm |
| CN115242480B (en) * | 2022-07-15 | 2024-10-11 | 京东方科技集团股份有限公司 | Device access method, system and non-volatile computer storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014125206A1 (en) * | 2013-02-15 | 2014-08-21 | Orange | Cryptographic method for generating a pair of user keys for an entity having a public identifier i, and system |
| CN108173639A (en) * | 2018-01-22 | 2018-06-15 | 中国科学院数据与通信保护研究教育中心 | A kind of two side's cooperation endorsement methods based on SM9 signature algorithms |
| CN108809658A (en) * | 2018-07-20 | 2018-11-13 | 武汉大学 | A kind of digital signature method and system of the identity base based on SM2 |
| CN108989054A (en) * | 2018-08-30 | 2018-12-11 | 武汉理工大学 | A kind of cryptographic system and digital signature method |
| CN109951288A (en) * | 2019-01-22 | 2019-06-28 | 中国科学院信息工程研究所 | A kind of classification signature method and system based on SM9 Digital Signature Algorithm |
| CN110880977A (en) * | 2019-11-26 | 2020-03-13 | 武汉大学 | Safe and efficient SM9 ring signature generation and verification method |
| CN110896351A (en) * | 2019-11-14 | 2020-03-20 | 湖南盾神科技有限公司 | Identity-based digital signature method based on global hash |
| CN110912708A (en) * | 2019-11-26 | 2020-03-24 | 武汉大学 | Ring signature generation method based on SM9 digital signature algorithm |
| CN110943976A (en) * | 2019-11-08 | 2020-03-31 | 中国电子科技网络信息安全有限公司 | Password-based user signature private key management method |
| CN111010272A (en) * | 2019-12-20 | 2020-04-14 | 武汉理工大学 | Identification private key generation and digital signature method, system and device |
-
2020
- 2020-07-29 CN CN202010743844.0A patent/CN112069547B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014125206A1 (en) * | 2013-02-15 | 2014-08-21 | Orange | Cryptographic method for generating a pair of user keys for an entity having a public identifier i, and system |
| CN108173639A (en) * | 2018-01-22 | 2018-06-15 | 中国科学院数据与通信保护研究教育中心 | A kind of two side's cooperation endorsement methods based on SM9 signature algorithms |
| CN108809658A (en) * | 2018-07-20 | 2018-11-13 | 武汉大学 | A kind of digital signature method and system of the identity base based on SM2 |
| CN108989054A (en) * | 2018-08-30 | 2018-12-11 | 武汉理工大学 | A kind of cryptographic system and digital signature method |
| CN109951288A (en) * | 2019-01-22 | 2019-06-28 | 中国科学院信息工程研究所 | A kind of classification signature method and system based on SM9 Digital Signature Algorithm |
| CN110943976A (en) * | 2019-11-08 | 2020-03-31 | 中国电子科技网络信息安全有限公司 | Password-based user signature private key management method |
| CN110896351A (en) * | 2019-11-14 | 2020-03-20 | 湖南盾神科技有限公司 | Identity-based digital signature method based on global hash |
| CN110880977A (en) * | 2019-11-26 | 2020-03-13 | 武汉大学 | Safe and efficient SM9 ring signature generation and verification method |
| CN110912708A (en) * | 2019-11-26 | 2020-03-24 | 武汉大学 | Ring signature generation method based on SM9 digital signature algorithm |
| CN111010272A (en) * | 2019-12-20 | 2020-04-14 | 武汉理工大学 | Identification private key generation and digital signature method, system and device |
Non-Patent Citations (5)
| Title |
|---|
| A blockchain-based certificateless public key signature scheme for vehicle-to-infrastructure communication in VANETs;Ikram Ali 等;Journal of Systems Architecture;第99卷;1-17 * |
| Secure and efficient handover authentication based on bilinear pairing functions;Daojing He 等;IEEE Transactions on Wireless Communications;第11卷(第1期);48-53 * |
| 可监管匿名认证方案;王震 等;软件学报;第30卷(第06期);1705-1720 * |
| 基于双线性配对的可验证签密方案;黄梦桥 等;计算机工程;第30卷(第01期);1705-1720 * |
| 基于证书的无双线性对的代理签名方案;周才学;数学的实践与认识;第45卷(第07期);199-208 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112069547A (en) | 2020-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112069547B (en) | Identity authentication method and system for supply chain responsibility main body | |
| US11936774B2 (en) | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys | |
| CN106961336B (en) | A kind of key components trustship method and system based on SM2 algorithm | |
| CN101039182B (en) | Authentication system and method for issuing user identification certificate | |
| CN113014392B (en) | Block chain-based digital certificate management method, system, equipment and storage medium | |
| CA2838675C (en) | Implicitly certified digital signatures | |
| CN106341493A (en) | Entity rights oriented digitalized electronic contract signing method | |
| CN111835526B (en) | Method and system for generating anonymous credential | |
| US20150207621A1 (en) | Method for creating asymmetrical cryptographic key pairs | |
| CN110138567A (en) | A kind of collaboration endorsement method based on ECDSA | |
| Gulati et al. | Self-sovereign dynamic digital identities based on blockchain technology | |
| CN114760114A (en) | Identity authentication method, device, equipment and medium | |
| CN118013559B (en) | Seal data encryption security system based on blockchain data user character model | |
| CN111262691A (en) | Identification private key generation and use method, system and device based on hybrid master key | |
| NL1043779B1 (en) | Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge | |
| CN111082932B (en) | Anti-repudiation identification private key generation and digital signature method, system and device | |
| CN111064564B (en) | SM9 signature private key generation and digital signature method, system and device | |
| TWI576779B (en) | Method and Method of Payment Authentication System for Internet of Things | |
| Verheul | Privacy protection in electronic education based on polymorphic pseudonymization | |
| CN117714052A (en) | Method for authentication, encryption and key exchange of manageable pseudonyms | |
| JPH1165441A (en) | Method and device for providing identity of plain sentence for plural ciphered sentences |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |