CN112613018A - Block chain-based digital certificate using system - Google Patents

Block chain-based digital certificate using system Download PDF

Info

Publication number
CN112613018A
CN112613018A CN202011570290.5A CN202011570290A CN112613018A CN 112613018 A CN112613018 A CN 112613018A CN 202011570290 A CN202011570290 A CN 202011570290A CN 112613018 A CN112613018 A CN 112613018A
Authority
CN
China
Prior art keywords
biological characteristic
matrix
characteristic information
certificate
digital certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011570290.5A
Other languages
Chinese (zh)
Inventor
吴从华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Cresun Innovation Technology Co Ltd
Original Assignee
Xian Cresun Innovation Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Cresun Innovation Technology Co Ltd filed Critical Xian Cresun Innovation Technology Co Ltd
Priority to CN202011570290.5A priority Critical patent/CN112613018A/en
Publication of CN112613018A publication Critical patent/CN112613018A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Health & Medical Sciences (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a digital certificate use system based on a block chain, which comprises: the system comprises a client, a service background, an identity authentication subsystem, a certificate service subsystem and a block chain certificate storage subsystem; the client is used for initiating a digital certificate application to the service background and submitting the biological characteristic information of an applicant; the service background is used for calling the identity authentication subsystem to perform identity authentication on the biological characteristic information; the identity authentication subsystem is used for responding to a calling request of the service background, performing identity authentication on the biological characteristic information and returning an identity authentication result; the certificate service subsystem is used for responding to a calling request of the service background, applying for a digital certificate from a third party organization, providing digital signature or encryption service for the client by using the digital certificate and returning an acquisition or use result of the digital certificate; the block chain certificate storage subsystem is used for storing electronic evidence related to application and use of the digital certificate, and the system can ensure the consistency of the application form of the digital certificate and a user.

Description

Block chain-based digital certificate using system
Technical Field
The invention belongs to the technical field of digital certificates, and particularly relates to a digital certificate using system based on a block chain.
Background
The digital certificate is a digital certificate which marks the biological characteristic information of each communication party in internet communication and can be used by people on the internet to identify the identity of the other party. The digital certificate is also referred to as a digital identifier. The digital certificate guarantees the integrity and safety of information and data in the computer network traffic of network users in an encrypted or decrypted form.
In the prior art, the use of digital certificates mainly adopts the following two ways: firstly, a U shield is used, namely a user applies for the U shield to a related organization, and then the U shield provided with a digital certificate is used for logging in and signing and encrypting to complete business operation; secondly, installing and using the digital certificate, namely, a user applies for the digital certificate to a relevant organization first and then installs the digital certificate into an operating system; the user uses the pre-installed digital certificate in the system to log in, sign and encrypt to complete the service operation.
However, the existing method using the U shield and installing the digital certificate also has defects, such as: how to ensure the security of the biometric information stored locally by the registrant and the security of the biometric information of the applicant in the application process.
Disclosure of Invention
In order to solve the above problems in the prior art, the present invention provides a digital certificate using system based on a blockchain. The technical problem to be solved by the invention is realized by the following technical scheme:
the digital certificate using system based on the block chain provided by the embodiment of the invention is applied to a service processing end and comprises the following components:
the system comprises a client, a service background, an identity authentication subsystem, a certificate service subsystem and a block chain certificate storage subsystem;
the client is used for initiating a digital certificate application to the service background and submitting the biological characteristic information of an applicant;
the service background is used for receiving the digital certificate use application and the biological characteristic information and calling the identity authentication subsystem to perform identity authentication on the biological characteristic information; and the system is used for confirming that a client obtains the use authority of the digital certificate after the identity authentication subsystem passes the authentication of the biological characteristic information, and calling the certificate service subsystem to apply for obtaining the digital certificate from a third party organization;
the identity authentication subsystem is used for responding to the calling request of the service background, performing identity authentication on the biological characteristic information and returning an identity authentication result to the service platform;
the certificate service subsystem is used for responding to a calling request of a service background, applying for a digital certificate from a third party organization, providing digital signature or encryption service for a client by using the digital certificate, and returning an acquisition or use result of the digital certificate to the service background;
the block chain certificate storage subsystem is used for storing electronic evidence related to application and use of the digital certificate;
the identity authentication subsystem is used for realizing identity authentication by comparing digital signatures obtained by respectively encrypting the biological characteristic information of the registered personnel and the applied personnel stored in a service background.
In one embodiment of the invention, the identity authentication subsystem comprises: a biological characteristic obtaining unit, a biological characteristic encryption unit and a biological characteristic authentication unit; the biological characteristic acquisition unit is used for acquiring first biological characteristic information and second biological characteristic information; the biological characteristic encryption unit is used for encrypting the first biological characteristic information and the second biological characteristic information to obtain a first user signature and a second user signature; the biological characteristic authentication unit is used for comparing the first user signature with the second user signature and returning an identity authentication result;
the first biological characteristic information is stored in a business background register person, and the second biological characteristic information is the biological characteristic information of an applicant; the first user signature and the second user signature are both digital signatures obtained by encrypting the biological characteristic information by the biological characteristic encryption unit by adopting a private key.
In one embodiment of the invention, the storage certificate subsystem comprises a plurality of blockchain nodes, and the nodes are connected with each other through a TCP/IP protocol.
In one embodiment of the invention, the storage credential subsystem is commonly managed by a plurality of different independent organizations.
In one embodiment of the present invention, the biometric information is one of face data and fingerprint data.
In an embodiment of the present invention, the digital signature obtained by encrypting the biometric information with a private key includes:
constructing a GRS code based on a finite field;
generating a public key and private key pair according to the GRS code;
performing Hash operation on the biological characteristic information to obtain a first abstract value;
and encrypting the first digest value by using the private key to obtain a digital signature.
In one embodiment of the present invention, the constructing a finite field based GRS code includes:
constructing a finite field, and constructing a GRS code with the code length of n, the dimension of k and the error correction capability of t according to the finite field, wherein n, k and t are all any positive integers and satisfy the requirement
Figure BDA0002862289150000031
In one embodiment of the invention, the finite field comprises:
finite field F of q elementsqAnd a positive integer m, and q is 2m
In an embodiment of the present invention, the generating a public key and a private key according to the GRS code includes:
and selecting an (n-k) x (n-k) nonsingular matrix, an n x n dense matrix and an n x n sparse matrix in the finite field, wherein the rank of the dense matrix is z, the average row weight and the column weight of the sparse matrix are x, z and x are natural numbers, z is less than n, and x is less than n.
Performing matrix addition operation on the dense matrix and the sparse matrix to obtain a transformation matrix;
performing matrix multiplication on the inverse matrix of the nonsingular matrix, the check matrix and the transposed matrix of the transformation matrix to obtain a public key; wherein the check matrix is a matrix of the GRS code (n-k) x n;
and taking the nonsingular matrix, the check matrix, the transformation matrix and a decoding algorithm as private keys.
In an embodiment of the present invention, the generating a public key and a private key pair according to the GRS code includes:
and selecting an (n-k) x (n-k) nonsingular matrix, an n x n dense matrix and an n x n sparse matrix in the finite field, wherein the rank of the dense matrix is z, the average row weight and the column weight of the sparse matrix are x, z and x are natural numbers, z is less than n, and x is less than n.
Performing matrix addition operation on the dense matrix and the sparse matrix to obtain a transformation matrix;
performing matrix multiplication on the inverse matrix of the nonsingular matrix, the check matrix and the transposed matrix of the transformation matrix to obtain a public key; wherein the check matrix is a matrix of the GRS code (n-k) x n;
and taking the nonsingular matrix, the check matrix, the transformation matrix and a decoding algorithm as private keys.
In one embodiment of the invention, the decoding algorithm is an iterative decoding algorithm in the time domain.
In the digital certificate use system based on the blockchain provided by the embodiment, the digital signature technology is adopted to encrypt the biological characteristic information of the registrant and the applicant, so that the biological characteristic information is safer and cannot be tampered or stolen, on the basis, the client initiates a digital certificate use application to the service background to obtain the use permission of the digital certificate, and the identity authentication subsystem performs identity authentication on the applicant, so that the certificate use permission of the applicant can be judged, and the consistency of an application form of the digital certificate and a user can be ensured.
The present invention will be described in further detail with reference to the accompanying drawings and examples.
Drawings
Fig. 1 is a schematic structural diagram of a block chain-based digital certificate using system according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a digital signature method according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.
Example one
Referring to fig. 1, fig. 1 is a schematic structural diagram of a block chain-based digital certificate using system according to an embodiment of the present invention; the block chain-based digital certificate using system 10 provided by the embodiment of the present invention may include:
the system comprises a client 101, a business background 102, an identity authentication subsystem 103, a certificate service subsystem 104 and a block chain storage subsystem 105.
The digital Certificate in this embodiment refers to a string of numbers that mark biometric information of each party of communication in internet communication, and provides a way to verify the identity of a communication entity on the internet, and the digital Certificate is issued by an Authority-CA organization, also called a Certificate Authority (Certificate Authority) center.
The client 10 is one of devices such as a smart phone, a tablet computer, and a computer, and is mainly used for initiating a digital certificate use application to the service background 102 and submitting biometric information of an applicant.
The service background 102 may be a computer, a server, or other devices, and is mainly configured to receive the digital certificate application and the biometric information, and invoke the identity authentication subsystem 103 to perform identity authentication on the biometric information; and is used for confirming that the client obtains the digital certificate use authority after the identity authentication subsystem 103 passes the authentication of the biological characteristic information, and calling the certificate service subsystem 104 to apply for obtaining the digital certificate from a third party organization.
The identity authentication subsystem 103 is one of devices such as a computer and a server, and is configured to respond to a call request of the service background 102, perform identity authentication on the biometric information, and return an identity authentication result; the identity authentication subsystem is used for realizing identity authentication by comparing digital signatures obtained by respectively encrypting the biological characteristic information of the registered personnel and the applied personnel stored in a service background.
Specifically, the identity authentication subsystem 103 includes: a biological characteristic obtaining unit, a biological characteristic encryption unit and a biological characteristic authentication unit; the biological characteristic acquisition unit is used for acquiring first biological characteristic information and second biological characteristic information; the biological characteristic encryption unit is used for encrypting the first biological characteristic information and the second biological characteristic information to obtain a first user signature and a second user signature; the biological characteristic authentication unit is used for comparing the first user signature with the second user signature and returning an identity authentication result to the service platform.
The first biological characteristic information is stored in a business background register person, and the second biological characteristic information is the biological characteristic information of an applicant; the first user signature and the second user signature are both digital signatures obtained by encrypting the biological characteristic information by the biological characteristic encryption unit by adopting a private key.
The biometric information is one of face data and fingerprint data.
The identity authentication subsystem 103 encrypts the biometric information of the registrant and the applicant by using a digital signature technology, so that the biometric information is safer and cannot be tampered or stolen.
Moreover, the identity authentication subsystem 103 determines the right of the digital certificate application initiated by the client, and simultaneously ensures that the applicant (the user corresponding to the client account lock) of the digital certificate and the user (the user initiating the application through the client account) are the same person, that is, the user operates the same person.
The certificate service subsystem 104 may be a computer, a server, or other devices, and is mainly configured to respond to a call request of the service background 102, apply for a digital certificate from a third party authority, provide a digital signature or encryption service for the client 101 using the digital certificate, and return an acquisition or use result of the digital certificate to the service background.
It should be noted that the digital signature provided by the certificate service subsystem 104 to the client is to digitally sign the content of the digital certificate applied by the client, and the digital signature referred to in the aforementioned identity authentication subsystem is to digitally sign the biometric information stored in the service background registrant and the applicant, so the content of the digital signature is different between the two.
According to the embodiment, the certificate service subsystem is called by the service background to apply for the digital certificate from the third-party organization, and the digital certificate is used by the certificate service system to provide digital signature or encryption service for the client, so that carrying and transmission risks brought by direct issuance of the digital certificate to the client are avoided, the safety and convenience in use of the digital certificate are improved, and meanwhile, the issuance cost and the use cost of the certificate are saved.
The blockchain verification subsystem 105 includes a plurality of blockchain nodes, which are a combination of a set of physical networks, computers, blockchain applications, and databases. The nodes are connected with each other through a TCP/IP protocol. The blockchain credentialing subsystem 105 is preferably commonly managed by a plurality of different independent organizations, such as a business organization (a company organization providing business services), a law arbitration organization (an arbitration committee providing law services). The method is mainly used for storing electronic evidence related to application and use of the digital certificate.
In an alternative embodiment, the block chain credentialing subsystem 105 further provides a credentialing service interface for the client 101 to invoke to perform credentialing service of the electronic certificate related to application and use of the digital certificate.
In yet another alternative embodiment, the block chain credentialing subsystem 105 further provides management interfaces for management operations such as querying, deleting, and the like to various authorities.
It can be understood that, by storing the electronic evidence related to the application and use of the digital certificate in the block chain storage system 105, the application and use of the digital certificate are provided with witness services, and by utilizing the anti-tampering characteristic of the block chain, the digital certificate user is prevented from being repudiated, and the use safety of the digital certificate is improved.
Example two
In addition to the first embodiment, the present embodiment describes in detail a digital signature method according to the first embodiment.
Referring to fig. 2, fig. 2 is a schematic flow chart of a digital signature method according to an embodiment of the present invention. The digital signature method provided by the embodiment comprises the following steps:
s21, constructing a GRS code based on the finite field.
Specifically, S21 may include: constructing a finite field, and constructing a GRS code (generalized Reed-Solomon code) with a code length of n, a dimension of k and an error correction capability of t according to the finite field, wherein n, k and t are all any positive integers and satisfy the requirement of
Figure BDA0002862289150000091
Wherein the finite field can select a finite field F comprising q elementsqAnd selecting a positive integer m so that q satisfies q 2m
It should be noted that the selection of the embodiment of the present invention is based on the finite field FqInstead of being based on the normal binary system, because the code with the same security level (such as Goppa code) is based on the finite field F when facing the ISD decoding attackqGo of (2)The ppa code has a smaller public key amount than the binary-based Goppa code. For example, a finite field based Goppa code with a security level of 128, with a public key amount of 725740 bits; and a binary Goppa code-based, public key quantity of 1537536bits with a security level of 128. In contrast, based on the finite field FqThe amount of public keys of Goppa code is nearly an order of magnitude smaller than that of the public keys based on binary Goppa code.
In addition, the GRS code is selected rather than the other codes (e.g., Goppa code) because the GRS code is a very large distance separable (MDS) code, which has good performance; the existing coder and decoder of the GRS code has a plurality of applications in various fields and good practicability; furthermore, GRS codes are more flexible than Goppa codes; and the GRS code has the advantage of stronger expandability.
And S22, generating a public key and a private key according to the GRS code.
In this embodiment, the public key and the private key are generated based on the GRS code of the finite field, which can ensure that the public key and the private key have higher security performance and occupy smaller space.
In an alternative embodiment, S22 may include steps S221 to S224.
S221, selecting an (n-k) x (n-k) nonsingular matrix, an n x n dense matrix and an n x n sparse matrix in a finite field, wherein the rank of the dense matrix is z, the average row weight and the column weight of the sparse matrix are x, z is a natural number, z is smaller than n, and x is smaller than n.
As an embodiment of the present invention, a dense matrix may be adopted, in which the rank z is much smaller than n, and the average row weight and column weight x of the sparse matrix are much smaller than n.
In particular, a dense matrix may be represented by the product of the transpose of the matrix and the matrix, i.e.
Figure BDA0002862289150000101
Wherein
Figure BDA0002862289150000102
Is a finite field FqTwo zxn matrices are defined above, and the rank of the matrix is z.
Optionally, in this embodiment, the following choices for the parameters m, n, k, t, and x are available for reference, see table 1, and there are but not limited to these choices, but considering the correctness, feasibility, and security of the scheme, and the public key amount and the signature length, the scheme of the present invention preferably adopts three sets of parameter values listed in table 1.
TABLE 1 parameter selection
m n k t x
12 4094 4074 10 1~1.1
16 65534 65516 9 1~1.1
10 1022 1002 10 1~1.1
And S222, performing matrix addition operation on the dense matrix and the sparse matrix to obtain a transformation matrix.
Specifically, the addition operation adopts formula (1):
Figure BDA0002862289150000103
wherein the content of the first and second substances,
Figure BDA0002862289150000104
a transformation matrix is represented that is,
Figure BDA0002862289150000105
a dense matrix is represented that is,
Figure BDA0002862289150000106
a sparse matrix is represented.
S223, carrying out matrix multiplication on the inverse matrix of the nonsingular matrix, the check matrix and the transpose matrix of the transformation matrix to obtain a public key; wherein, the check matrix is an (n-k) x n matrix of the GRS code.
Specifically, the multiplication operation adopts formula (2):
Figure BDA0002862289150000107
wherein the content of the first and second substances,
Figure BDA0002862289150000108
which represents the public key(s),
Figure BDA0002862289150000109
representing the inverse of the non-singular matrix,
Figure BDA00028622891500001010
a check matrix is represented that is,
Figure BDA00028622891500001011
representing a transpose of the transform matrix.
S224, the nonsingular matrix, the check matrix, the transformation matrix and the decoding algorithm are used as private keys.
It will be appreciated that the public key is used for external disclosure and the private key is used for storage. The public key and the private key are two different parameter sets in an algorithm, but are inherently associated with each other, and are generated simultaneously but can be used independently.
And S23, carrying out hash operation on the biological characteristic information to obtain an abstract value.
The hash operation can change an input vector of an arbitrary length into an output of a fixed length by a hash algorithm. Note that the hash operation is one-way, non-reversible.
In an alternative embodiment, S23 may include S231 to S232.
And S231, performing primary hash operation on the biological characteristic information.
In this embodiment, the biological feature information M is subjected to the primary hash operation to obtain h (M).
And S232, performing the Hash operation again on the result obtained by the primary Hash operation to obtain an abstract value.
In this embodiment, the result h (m) obtained by the primary hash operation is subjected to the hash operation again to obtain the digest value SxI.e. calculating SxH (m) i), wherein i is 0,1,2 … …. In the embodiment of the invention, i is taken to be 0, and the abstract value S is made to bexIs a vector of length n-k.
In other embodiments, the digest value may be obtained by one or more hash operations, and the output length may be satisfied.
And S24, encrypting the digest value by using the private key to obtain a digital signature.
In an alternative embodiment, step S24 may include steps S241 to S244.
Step S241, multiply the nonsingular matrix and the digest value to obtain a syndrome to be translated.
Specifically, the multiplication operation adopts formula (3):
Figure BDA0002862289150000111
wherein, S'xWhich represents the syndrome to be interpreted,
Figure BDA0002862289150000112
representing a non-singular matrix, SxRepresenting the digest value.
And S242, decoding the syndrome to be decoded by using a decoding algorithm in combination with the check matrix of the private key to obtain a first error vector.
Any existing decoding algorithm can be selected as the decoding algorithm, and in this embodiment, the decoding algorithm is preferably an iterative decoding algorithm in the time domain, that is,: BM iterative decoding algorithms (Berlekamp-Massey), Chien search algorithms (Chien), and Forney algorithms. The decoding algorithm is fast in speed, simple to implement and easy to implement by a computer, so that the decoding algorithm is a fast decoding algorithm.
Optionally, the decoding algorithm may include the following steps:
the method comprises the following steps: calculating a syndrome;
step two: determining an error location polynomial;
step three: determining an error estimation function;
step four: and solving the error position number and the error numerical value, and correcting errors.
Completing the four steps to finish one-time decoding, and if the decoding is successful, directly decoding an error vector; otherwise, it is considered as decoding failure.
With the solution of the embodiment of the present invention, if the decoding fails, i' is made to be i +1, and S231 is restarted until the decoding succeeds.
And S243, performing matrix multiplication on the first error vector and an inverse matrix of the transformation matrix of the private key to obtain a second error vector, wherein the weight of the second error vector is less than or equal to the error correction capability t of the GRS code.
Specifically, see formula (4):
Figure BDA0002862289150000121
wherein the content of the first and second substances,
Figure BDA0002862289150000122
which represents a second error vector, is,
Figure BDA0002862289150000123
which represents a first error vector, is shown,
Figure BDA0002862289150000124
an inverse matrix of a transformation matrix representing the private key.
S244, the second error vector is used as a digital signature.
So far, a digital signature based on an error vector error correction code has been obtained, but the error vector occupies more bits due to the existence of a plurality of 0 elements. In order to reduce the bit number, the scheme provided by the invention can be further optimized on the basis of the embodiment.
Preferably, after obtaining the second error vector, the method further includes the following steps:
and constructing an index pair for the second error vector to obtain the index pair of the second error vector.
Specifically, the index pair of the second error vector can be obtained according to equation (5).
Figure BDA0002862289150000131
Wherein, IeRepresenting an index pair.
Extracting non-zero elements in the second error vector and marking as error values, and constructing an index pair I of the second error vector by using the error position alpha and the error position ce
Accordingly, the index pair is treated as a digital signature.
The scheme provided by the embodiment of the invention is based on the finite field FqThe GRS code generates a public key and a private key, obtains a digest value according to the biological characteristic information, and encrypts the digest value by using the private key to obtain a digital signature. The digital signature scheme has high feasibility, and can reduce the public key amount, improve the digital signature efficiency and further improve the safety; therefore, through the digital signature technology of the embodiment, the biological characteristic information of the registrant and the applicant can be encrypted, so that the biological characteristic information is safer and cannot be tampered and stolen.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (10)

1. A digital certificate using system based on block chain is applied to a service processing terminal, and is characterized by comprising: the system comprises a client, a service background, an identity authentication subsystem, a certificate service subsystem and a block chain certificate storage subsystem;
the client is used for initiating a digital certificate application to the service background and submitting the biological characteristic information of an applicant;
the service background is used for receiving the digital certificate use application and the biological characteristic information and calling the identity authentication subsystem to perform identity authentication on the biological characteristic information; and the system is used for confirming that a client obtains the use authority of the digital certificate after the identity authentication subsystem passes the authentication of the biological characteristic information, and calling the certificate service subsystem to apply for obtaining the digital certificate from a third party organization;
the identity authentication subsystem is used for responding to the calling request of the service background, performing identity authentication on the biological characteristic information and returning an identity authentication result to the service platform;
the certificate service subsystem is used for responding to a calling request of a service background, applying for a digital certificate from a third party organization, providing digital signature or encryption service for a client by using the digital certificate, and returning an acquisition or use result of the digital certificate to the service background;
the block chain certificate storage subsystem is used for storing electronic evidence related to application and use of the digital certificate;
the identity authentication subsystem is used for realizing identity authentication by comparing digital signatures obtained by respectively encrypting the biological characteristic information of the registered personnel and the applied personnel stored in a service background.
2. The digital certificate usage system of claim 1, wherein the identity authentication subsystem comprises: a biological characteristic obtaining unit, a biological characteristic encryption unit and a biological characteristic authentication unit; the biological characteristic acquisition unit is used for acquiring first biological characteristic information and second biological characteristic information; the biological characteristic encryption unit is used for encrypting the first biological characteristic information and the second biological characteristic information to obtain a first user signature and a second user signature; the biological characteristic authentication unit is used for comparing the first user signature with the second user signature and returning an identity authentication result;
the first biological characteristic information is stored in a business background register person, and the second biological characteristic information is the biological characteristic information of an applicant; the first user signature and the second user signature are both digital signatures obtained by encrypting the biological characteristic information by the biological characteristic encryption unit by adopting a private key.
3. The system according to claim 1, wherein the storage certificate system comprises a plurality of blockchain nodes, and wherein the nodes are interconnected via TCP/IP protocol.
4. The system of claim 3, wherein the storage certificate system is collectively managed by a plurality of different independent authorities.
5. The system of claim 3, wherein the biometric information is one of facial data and fingerprint data.
6. The system for using digital certificates according to claim 5, wherein the digital signature obtained by encrypting the biometric information with a private key comprises:
constructing a GRS code based on a finite field;
generating a public key and private key pair according to the GRS code;
performing Hash operation on the biological characteristic information to obtain a first abstract value;
and encrypting the first digest value by using the private key to obtain a digital signature.
7. The system of claim 6, wherein the constructing a finite field based GRS code comprises:
constructing a finite field, and constructing a GRS code with the code length of n, the dimension of k and the error correction capability of t according to the finite field, wherein n, k and t are all any positive integers and satisfy the requirement
Figure FDA0002862289140000031
8. The digital certificate usage system of claim 8, wherein the finite field comprises:
finite field F of q elementsqAnd a positive integer m, and q is 2m
9. The system of claim 7, wherein the generating a public key and the private key from the GRS code comprises:
and selecting an (n-k) x (n-k) nonsingular matrix, an n x n dense matrix and an n x n sparse matrix in the finite field, wherein the rank of the dense matrix is z, the average row weight and the column weight of the sparse matrix are x, z and x are natural numbers, z is less than n, and x is less than n.
Performing matrix addition operation on the dense matrix and the sparse matrix to obtain a transformation matrix;
performing matrix multiplication on the inverse matrix of the nonsingular matrix, the check matrix and the transposed matrix of the transformation matrix to obtain a public key; wherein the check matrix is a matrix of the GRS code (n-k) x n;
and taking the nonsingular matrix, the check matrix, the transformation matrix and a decoding algorithm as private keys.
10. The system according to claim 9, wherein the decoding algorithm is an iterative decoding algorithm in the time domain.
CN202011570290.5A 2020-12-26 2020-12-26 Block chain-based digital certificate using system Withdrawn CN112613018A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011570290.5A CN112613018A (en) 2020-12-26 2020-12-26 Block chain-based digital certificate using system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011570290.5A CN112613018A (en) 2020-12-26 2020-12-26 Block chain-based digital certificate using system

Publications (1)

Publication Number Publication Date
CN112613018A true CN112613018A (en) 2021-04-06

Family

ID=75247978

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011570290.5A Withdrawn CN112613018A (en) 2020-12-26 2020-12-26 Block chain-based digital certificate using system

Country Status (1)

Country Link
CN (1) CN112613018A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113708936A (en) * 2021-08-26 2021-11-26 南京邮电大学 Block chain-based multiple scattered order verification method and system for personal information

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113708936A (en) * 2021-08-26 2021-11-26 南京邮电大学 Block chain-based multiple scattered order verification method and system for personal information
CN113708936B (en) * 2021-08-26 2022-08-16 南京邮电大学 Block chain-based multiple scattered order verification method and system for personal information

Similar Documents

Publication Publication Date Title
US20230231840A1 (en) Encryption and decryption techniques using shuffle function
US10728038B2 (en) Multiple secrets in quorum based data processing
US8208627B2 (en) Format-preserving cryptographic systems
WO2020019341A1 (en) Method and device for processing blockchain account, and storage medium
US11488134B2 (en) Format-preserving cryptographic systems
CN100399737C (en) Method of data protection
CN113348455A (en) Apparatus and method for providing authentication, non-repudiation, managed access, and twin discrimination of data using data control signatures
CN112635009A (en) Medical data encryption method based on block chain
Yu et al. Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof
CN112613018A (en) Block chain-based digital certificate using system
CN112613008A (en) Student identity online authentication method and system
CN114268447A (en) File transmission method and device, electronic equipment and computer readable medium
CN112613844A (en) Personnel contract electronic signature method
CN112613879A (en) Financial transaction data processing method based on GRS code
CN112614557A (en) Electronic medical record encryption archiving method
CN112632507A (en) Electronic document signature device
CN112769573B (en) Digital signature method, signature verification method and device based on GRS code
CN112565201B (en) Private key processing method and device in block chain and computer storage medium
CN112613078A (en) Document electronic signature method, signature verification method and device
CN112631992A (en) Electronic file filing method and system
CN112634092A (en) Contract authentication method and device based on block chain and electronic equipment
JP2005227331A (en) Secret information management system, secret information management method, and secret information management program
CN112613054A (en) Electronic archive verification method and device based on GRS code and electronic equipment
CN112738210A (en) Pavement maintenance method and system
CN112633712A (en) Online bidding method and system based on GRS codes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210406

WW01 Invention patent application withdrawn after publication