CN113641985B - Distributed trusted organization identity access control system and method - Google Patents

Distributed trusted organization identity access control system and method Download PDF

Info

Publication number
CN113641985B
CN113641985B CN202111189028.0A CN202111189028A CN113641985B CN 113641985 B CN113641985 B CN 113641985B CN 202111189028 A CN202111189028 A CN 202111189028A CN 113641985 B CN113641985 B CN 113641985B
Authority
CN
China
Prior art keywords
organization
user
identity
party application
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111189028.0A
Other languages
Chinese (zh)
Other versions
CN113641985A (en
Inventor
杨国忠
朱俊领
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Rongzer Information Technology Co Ltd
Original Assignee
Jiangsu Rongzer Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Rongzer Information Technology Co Ltd filed Critical Jiangsu Rongzer Information Technology Co Ltd
Priority to CN202111189028.0A priority Critical patent/CN113641985B/en
Publication of CN113641985A publication Critical patent/CN113641985A/en
Application granted granted Critical
Publication of CN113641985B publication Critical patent/CN113641985B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a distributed trusted organization identity access control system and a distributed trusted organization identity access control method, which relate to the technical field of information security and solve the technical problem of organization identity verification in a multi-organization co-cooperation service scene under the condition of not leaking privacy; the system comprises an organization application module, a trusted organization identity server and an identity verification module, wherein the organization application module is used for a user to apply for an organization identity, an administrator of an organization allocates the organization identity for the user and generates an attribute private key based on a CP-ABE (content protection-based access encryption) cryptographic algorithm; when a user accesses the third-party application by the organization identity, the identity verification module is used for verifying whether the user has the corresponding organization identity by the third-party application.

Description

Distributed trusted organization identity access control system and method
Technical Field
The invention relates to the technical field of information security, in particular to a distributed trusted organization identity access control system and a distributed trusted organization identity access control method.
Background
In a multi-organization co-cooperation business scene, the identity of each participant needs to be credible, so that the business process is real and effective, and the result cannot be repudiated. The credible identity is embodied in that the identity of a subject individual citizen participating in the business is credible, the relationship between the individual and an organization is credible, and the identity of the organization represented by the individual is credible;
in user and authority management of a traditional application system, user identities are usually verified by using user names and passwords, then the identities of users in an organization are determined according to roles or groups of the users, and authorization and access control are performed according to the identities; but has the following disadvantages: 1. problem of repeated authentication, multiple authentication: the identity system constructed in multiple ways wastes resources, and has a plurality of barriers in data sharing and use, and data information among different enterprise main bodies is stored respectively and cannot be comprehensively utilized; 2. identity data privacy and security issues: user identity information is scattered in the identity authenticator hands of each enterprise level, the user cannot use the information of the user with care, or the enterprise can expose the identity information after performing information verification on the user identity, and even the privacy information of the user is seriously invaded; secondly, the user identity information is stored on the server of each enterprise, and the attention degree and the measure strength of different enterprises on data security are different, so that the data leakage of the user is a problem of a barrel effect, and the privacy of the user is leaked at any place when the data leakage is broken down; in addition, the traditional management carries out authorization and access control through roles or groups, and is easy to attack and crack, so that illegal users are subjected to unauthorized access; therefore, a distributed trusted organization identity access control system and method are provided.
Disclosure of Invention
In order to solve the problems existing in the scheme, the invention provides a distributed trusted organization identity access control system and a distributed trusted organization identity access control method, which solve the problem of verification of organization identities in a multi-organization cooperative business scene under the condition of not leaking privacy.
The purpose of the invention can be realized by the following technical scheme:
a distributed trusted organization identity access control system comprises an organization application module, a trusted organization identity server and an identity verification module;
the organization application module is used for a user to apply for organization identity; when a user applies for joining an organization, an administrator of the organization distributes an organization identity for the user and generates an attribute private key based on a CP-ABE cryptographic algorithm; the user updates the digital identity after receiving the public and private keys and stores the updated digital identity to the trusted organization identity server;
when the user accesses the third-party application in the organization identity, the identity verification module is used for verifying whether the user has the corresponding organization identity by the third-party application; and after the verification is successful, the third-party application authorizes the user to access according to the organization identity of the user.
Further, the specific working steps of the organization application module are as follows:
s1: the user uploads the joining request information to an organization administrator through the organization application module;
s2: an organization administrator allocates organization identities, namely attribute sets, to corresponding users; the attribute set is one or more attribute sets owned by a user;
s3: an organization administrator calls a CP-ABE (content provider-based encryption and decryption) cryptographic algorithm to generate an attribute private key SK for a user;
s4: the organization administrator returns the public and private keys to the user, where the public and private keys comprise a public key PK and a user attribute private key SK.
Further, the organization administrator invokes a CP-ABE cryptographic algorithm to generate an attribute private key SK for the user, which specifically includes:
and (3) calling an initialization algorithm: completing an initialization process, and generating a pair of public key PK and master key MK;
invoking a key generation algorithm: and transmitting a master key MK and an attribute set, and generating an attribute private key SK for the user.
Further, the specific verification steps of the identity verification module are as follows:
the organization discloses the data identity of the organization, and the third-party application sets an access strategy for the organization;
when a user accesses a third-party application by an organization identity, a digital identity of the user is disclosed for the third-party application; the third party application acquires the public key of the user from the trusted organization identity server according to the digital identity of the user; wherein, the public key of the user is a public key PK;
the third party application encrypts the randomly generated character string by using the public key and the access strategy and sends the encrypted ciphertext to the user;
the user decrypts the received ciphertext into a plaintext by using the attribute private key SK based on a CP-ABE (content encryption-based encryption) cryptographic algorithm and returns the plaintext to the third party for application; and comparing the received plaintext with the original character string by the third party application, and if the plaintext is the same as the original character string, successfully verifying.
Further, the decryption algorithm in the CP-ABE cryptographic algorithm is: when the attribute set contained in the user attribute private key SK meets the access structure contained in the ciphertext, the public key PK, the ciphertext and the user attribute private key SK are transmitted, and the ciphertext is decrypted into plaintext; wherein the access structure appears as: the access strategy of the data supports comparison operation and logic operation.
Further, if the attribute set contained in the attribute private key SK of the user does not satisfy the access structure contained in the ciphertext, decryption cannot be performed, and direct verification fails.
Further, a distributed trusted organization identity access control method includes:
the method comprises the following steps: when a user applies for joining an organization through the organization application module, an administrator of the organization allocates an organization identity for the user and generates an attribute private key; the specific process of joining the organization by the user is as follows:
a user applies for joining an organization;
an organization administrator allocates an organization identity, namely an attribute set, to a user;
an organization administrator calls a CP-ABE (content provider-based encryption and decryption) cryptographic algorithm to generate an attribute private key SK for a user;
step two: the organization administrator returns the public and private keys to the user, the user updates the digital identity after receiving the public and private keys, and the updated digital identity is stored in the trusted organization identity server;
step three: when the user accesses the third-party application in the organization identity, the third-party application verifies whether the user has the corresponding organization identity through the identity verification module; after the verification is successful, the third-party application can authorize the user to access according to the organization identity of the user, and the specific verification process is as follows:
the organization discloses the data identity of the organization, and the third-party application sets an access strategy for the organization;
the user discloses a digital identity of the user to the third-party application, and the third-party application acquires a public key of the user from the trusted organization identity server according to the digital identity of the user;
the third party application encrypts the randomly generated character string by using the public key and the access strategy and sends the encrypted ciphertext to the user;
the user decrypts the received ciphertext into a plaintext by using the attribute private key SK based on a CP-ABE (content encryption-based encryption) cryptographic algorithm and returns the plaintext to the third party for application; and comparing the received plaintext with the original character string by the third party application, and if the plaintext is the same as the original character string, successfully verifying.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention embeds CP-ABE in distributed digital identity to realize organization identity; the public key PK is used as a public key of an organization, the master key MK is used as a corresponding organization private key, and the user attribute private key SK is generated according to the master key MK and an attribute set and is completely controlled by the organization; the attribute private key SK already contains the attribute owned by the user, namely the organization identity of the user;
2. the user private key SK is used for verifying the organization identity (namely the relation with the main body) of an individual, the user private key SK is generated according to the organization private key MK and the organization identity and is completely controlled by an organization, the whole verification process does not need the user to provide any private data, namely, zero knowledge proof, and a third-party application system carries out authorization and access control according to an access structure, so that authorization for multiple users is achieved, and information safety is greatly improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a system block diagram of a distributed trusted organization identity access control system according to the present invention.
Fig. 2 is a schematic flow chart of a distributed trusted organization identity access control method according to the present invention.
FIG. 3 is a flow chart of a user joining an organization in accordance with the present invention.
FIG. 4 is a flow chart of organizational identity verification in the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1 to 4, a distributed trusted organization identity access control system includes an organization application module, a trusted organization identity server, and an identity verification module;
the organization application module is used for a user to apply for an organization identity, and when the user applies for joining in an organization, an administrator of the organization distributes the organization identity for the user and generates a private key; the specific distribution process is as follows:
s1: the user uploads the joining request information to an organization administrator through the organization application module;
s2: in response to receiving the joining request information uploaded by the organization application module, an organization administrator allocates an organization identity, namely an attribute set, to the corresponding user; the attribute set is one or more attribute sets owned by a user; for example: user 1: { electric, professor }; and (4) a user 2: { computer, professor }; user 3: { electric, doctor }; the user 4: { computer, doctor };
s3: in response to the organization identity being allocated to the corresponding user, the organization administrator invokes a CP-ABE cryptographic algorithm to generate an attribute private key SK for the user;
wherein the CP-ABE cryptographic algorithm comprises the following main algorithms:
1. an initialization algorithm: completing an initialization process, and generating a pair of public key PK and master key MK;
2. the key generation algorithm: a master key MK and an attribute set are transmitted, and an attribute private key SK is generated for a user;
3. and (3) encryption algorithm: the public key PK, the plaintext data and the access structure are transmitted, the plaintext data are encrypted into ciphertext, and the generated ciphertext can only be decrypted by a user meeting the access structure;
4. and (3) decryption algorithm: when the attribute set contained in the user attribute private key SK meets the access structure contained in the ciphertext, the public key PK, the ciphertext and the user attribute private key SK are transmitted, and the ciphertext is decrypted into plaintext;
wherein the access structure appears as: the access strategy of the data supports comparison operation and logic operation; for example: professor computer and doctor;
s4: the organization administrator returns the public and private keys to the user, wherein the public and private keys comprise a public key PK and a user attribute private key SK;
s5: the user updates the digital identity after receiving the public and private keys;
the organization application module is used for storing the digital identity after the user is updated to a trusted organization identity server;
when the user accesses the third-party application by the organization identity, the identity verification module is used for verifying whether the user has the corresponding organization identity by the third-party application, and the specific steps are as follows:
v1: an organization discloses own data identity identification, and a third party application sets an access strategy for the organization, wherein the access strategy is an access structure; for example: professor computer and doctor;
v2: when a user accesses a third-party application by an organization identity, a digital identity of the user is disclosed for the third-party application; the third party application acquires the public key of the user from the trusted organization identity server according to the digital identity of the user; wherein, the public key of the user is a public key PK;
v3: the third party application encrypts the randomly generated character string by using the public key and the access strategy and sends the encrypted ciphertext to the user;
v4: the user decrypts the received ciphertext into a plaintext by using the attribute private key SK based on a CP-ABE (content encryption-based encryption) cryptographic algorithm and returns the plaintext to the third party for application;
the user attribute private key SK is used for verifying the relationship between organization identities, namely, main bodies of individuals, and is generated according to the master key MK and the organization identities and is completely controlled by the organization; the master key MK and the public key PK are a pair of public and private keys;
if the user attribute private key SK does not meet the access structure, decryption cannot be performed, and direct verification fails;
the invention embeds CP-ABE cryptographic algorithm in the distributed digital identity, taking the public key PK as a public key of an organization, taking the master key MK as a corresponding organization private key, and taking the attribute private key SK as a private key of a user; the attribute private key SK already contains the attribute (representing the organization identity of the user) owned by the user, and the verifiable organization identity is realized based on the zero knowledge proof;
v5: comparing the received plaintext with the original character string by the third party application, and if the plaintext is the same as the original character string, successfully verifying the plaintext; after the verification is successful, the third-party application can authorize the user to access according to the organization identity of the user;
in the whole verification process, no private data is required to be provided by a user, namely, a zero-knowledge proof is obtained, and a third-party application system carries out authorization and access control according to an access structure, so that authorization for multiple users is realized; the user completes the authorization after the successful verification according to the process, and any privacy of individuals and organizations cannot be leaked in the verification and authorization processes, so that the information security is greatly improved;
wherein "zero knowledge" demonstrates: it means that the prover can convince the verifier that some assertion is correct without providing the verifier with any useful information. "zero knowledge" proves to be essentially an agreement involving two or more parties, i.e., a series of steps that are required by two or more parties to complete a task. The prover proves to the verifier and convinces him that he knows or owns a certain message, but the proving process cannot reveal any information about the proven message to the verifier.
A distributed trusted organization identity access control method comprises the following steps:
the method comprises the following steps: when a user applies for joining an organization through the organization application module, an administrator of the organization allocates an organization identity for the user and generates an attribute private key; the specific process of joining the organization by the user is as follows:
a user applies for joining an organization;
an organization administrator allocates an organization identity, namely an attribute set, to a user;
an organization administrator calls a CP-ABE (content provider-based encryption and decryption) cryptographic algorithm to generate an attribute private key SK for a user;
step two: the organization administrator returns the public and private keys to the user, the user updates the digital identity after receiving the public and private keys, and the updated digital identity is stored in the trusted organization identity server;
step three: when the user accesses the third-party application in the organization identity, the third-party application verifies whether the user has the corresponding organization identity through the identity verification module; after the verification is successful, the third-party application can authorize the user to access according to the organization identity of the user, and the specific verification process is as follows:
the organization discloses the data identity of the organization, and the third-party application sets an access strategy for the organization;
the user discloses a digital identity of the user to the third-party application, and the third-party application acquires a public key of the user from the trusted organization identity server according to the digital identity of the user;
the third party application encrypts the randomly generated character string by using the public key and the access strategy and sends the encrypted ciphertext to the user;
the user decrypts the received ciphertext into a plaintext by using the attribute private key SK based on a CP-ABE (content encryption-based encryption) cryptographic algorithm and returns the plaintext to the third party for application; and comparing the received plaintext with the original character string by the third party application, and if the plaintext is the same as the original character string, successfully verifying.
The working principle of the invention is as follows:
when the distributed trusted organization identity access control system and the distributed trusted organization identity access control method work, the organization application module is used for a user to apply for an organization identity, and when the user applies for joining in an organization, an administrator of the organization distributes the organization identity for the user and generates a private key; firstly, an organization administrator distributes organization identities, namely attribute sets, to corresponding users, and the organization administrator calls a CP-ABE (content provider-based encryption and decryption) cryptographic algorithm to generate an attribute private key SK for the users; when a user accesses a third-party application by an organization identity, the identity verification module is used for verifying whether the user has the corresponding organization identity by the third-party application, firstly, the data identity of the user is organized and disclosed, and the third-party application sets an access strategy for the organization; then the third party application obtains the public key of the user from the trusted organization identity server according to the digital identity of the user; then, encrypting the randomly generated character string by using the public key and the access strategy, and sending the encrypted ciphertext to the user; the user decrypts the received ciphertext into a plaintext by using the attribute private key SK based on a CP-ABE (content encryption-based encryption) cryptographic algorithm and returns the plaintext to the third party for application; if the received plaintext is the same as the original character string, the verification is successful; the third-party application can authorize the user to access according to the organization identity of the user; in the whole verification process, a user does not need to provide any privacy data, namely, a zero-knowledge proof, and meanwhile, a third-party application system carries out authorization and access control according to an access structure, so that authorization for multiple users is realized; and any privacy of individuals and organizations cannot be leaked in the verification and authorization processes, so that the information security is greatly improved.
In the description herein, references to the description of "one embodiment," "an example," "a specific example" or the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims (2)

1. A distributed trusted organization identity access control system is characterized by comprising an organization application module, a trusted organization identity server and an identity verification module;
the organization application module is used for a user to apply for organization identity; when a user applies for joining an organization, an administrator of the organization distributes an organization identity for the user and generates an attribute private key based on a CP-ABE cryptographic algorithm; the user updates the digital identity after receiving the public and private keys and stores the updated digital identity to the trusted organization identity server; the specific working steps are as follows:
s1: the user uploads the joining request information to an organization administrator through the organization application module;
s2: an organization administrator allocates organization identities, namely attribute sets, to corresponding users; the attribute set is one or more attribute sets owned by a user;
s3: the organization administrator calls a CP-ABE cryptography algorithm to generate an attribute private key SK for a user, and the method specifically comprises the following steps: and (3) calling an initialization algorithm: completing an initialization process, and generating a pair of public key PK and master key MK; invoking a key generation algorithm: a master key MK and an attribute set are transmitted, and an attribute private key SK is generated for a user;
s4: the organization administrator returns the public and private keys to the user, wherein the public and private keys comprise a public key PK and a user attribute private key SK;
when the user accesses the third-party application in the organization identity, the identity verification module is used for verifying whether the user has the corresponding organization identity by the third-party application; after the verification is successful, the third-party application authorizes the user to access according to the organization identity of the user; the specific verification steps are as follows:
the organization discloses the data identity of the organization, and the third-party application sets an access strategy for the organization;
when a user accesses a third-party application by an organization identity, a digital identity of the user is disclosed for the third-party application; the third party application acquires the public key of the user from the trusted organization identity server according to the digital identity of the user; wherein, the public key of the user is a public key PK;
the third party application encrypts the randomly generated character string by using the public key and the access strategy and sends the encrypted ciphertext to the user;
the user decrypts the received ciphertext into a plaintext by using the attribute private key SK based on a CP-ABE (content encryption-based encryption) cryptographic algorithm and returns the plaintext to the third party for application; comparing the received plaintext with the original character string by the third party application, and if the plaintext is the same as the original character string, successfully verifying the plaintext;
wherein the decryption algorithm in the CP-ABE cryptographic algorithm is as follows: when the attribute set contained in the user attribute private key SK meets the access structure contained in the ciphertext, the public key PK, the ciphertext and the user attribute private key SK are transmitted, and the ciphertext is decrypted into plaintext; wherein the access structure appears as: the access strategy of the data supports comparison operation and logic operation; if the attribute set contained in the attribute private key SK of the user does not meet the access structure contained in the ciphertext, decryption cannot be performed, and direct verification fails.
2. The method for executing a distributed trusted organization identity access control system according to claim 1, comprising:
the method comprises the following steps: when a user applies for joining an organization through the organization application module, an administrator of the organization allocates an organization identity for the user and generates an attribute private key; the specific process of joining the organization by the user is as follows:
a user applies for joining an organization;
an organization administrator allocates an organization identity, namely an attribute set, to a user;
an organization administrator calls a CP-ABE (content provider-based encryption and decryption) cryptographic algorithm to generate an attribute private key SK for a user;
step two: the organization administrator returns the public and private keys to the user, the user updates the digital identity after receiving the public and private keys, and the updated digital identity is stored in the trusted organization identity server;
step three: when the user accesses the third-party application in the organization identity, the third-party application verifies whether the user has the corresponding organization identity through the identity verification module; after the verification is successful, the third-party application can authorize the user to access according to the organization identity of the user, and the specific verification process is as follows:
the organization discloses the data identity of the organization, and the third-party application sets an access strategy for the organization;
the user discloses a digital identity of the user to the third-party application, and the third-party application acquires a public key of the user from the trusted organization identity server according to the digital identity of the user;
the third party application encrypts the randomly generated character string by using the public key and the access strategy and sends the encrypted ciphertext to the user;
the user decrypts the received ciphertext into a plaintext by using the attribute private key SK based on a CP-ABE (content encryption-based encryption) cryptographic algorithm and returns the plaintext to the third party for application; and comparing the received plaintext with the original character string by the third party application, and if the plaintext is the same as the original character string, successfully verifying.
CN202111189028.0A 2021-10-12 2021-10-12 Distributed trusted organization identity access control system and method Active CN113641985B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111189028.0A CN113641985B (en) 2021-10-12 2021-10-12 Distributed trusted organization identity access control system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111189028.0A CN113641985B (en) 2021-10-12 2021-10-12 Distributed trusted organization identity access control system and method

Publications (2)

Publication Number Publication Date
CN113641985A CN113641985A (en) 2021-11-12
CN113641985B true CN113641985B (en) 2022-02-11

Family

ID=78426422

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111189028.0A Active CN113641985B (en) 2021-10-12 2021-10-12 Distributed trusted organization identity access control system and method

Country Status (1)

Country Link
CN (1) CN113641985B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941201A (en) * 2022-11-15 2023-04-07 上海钛动网络科技有限公司 Block chain privacy protection system based on zero-knowledge proof algorithm

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103490881B (en) * 2013-09-06 2017-01-25 数安时代科技股份有限公司 Authentication service system, user authentication method, and authentication information processing method and system
CN106534072B (en) * 2016-10-13 2019-12-10 腾讯科技(深圳)有限公司 user information authorization method, device, equipment and system
CN111163036B (en) * 2018-11-07 2022-03-29 中移(苏州)软件技术有限公司 Data sharing method, device, client, storage medium and system
CN111193695B (en) * 2019-07-26 2021-07-06 腾讯科技(深圳)有限公司 Encryption method and device for third party account login and storage medium
CN111200601B (en) * 2019-12-29 2022-09-20 航天信息股份有限公司企业服务分公司 Method and system for butting user and application based on universal transfer service

Also Published As

Publication number Publication date
CN113641985A (en) 2021-11-12

Similar Documents

Publication Publication Date Title
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
CN109040045B (en) Cloud storage access control method based on ciphertext policy attribute-based encryption
CN106961336B (en) A kind of key components trustship method and system based on SM2 algorithm
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
JP5562687B2 (en) Securing communications sent by a first user to a second user
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
JP3060071B2 (en) Computer network encryption key distribution system
Katz et al. Efficient and secure authenticated key exchange using weak passwords
US8683209B2 (en) Method and apparatus for pseudonym generation and authentication
CN106161402A (en) Encryption equipment key injected system based on cloud environment, method and device
Au et al. Privacy-preserving personal data operation on mobile cloud—Chances and challenges over advanced persistent threat
CN103856478A (en) Certificate signing and issuing method of trusted network, attestation method of trusted network and corresponding devices
JP2008503966A (en) Anonymous certificate for anonymous certificate presentation
AU2003202511A1 (en) Methods for authenticating potential members invited to join a group
CN109963282A (en) Secret protection access control method in the wireless sensor network that IP is supported
CN113761582A (en) Group signature based method and system for protecting privacy of block chain transaction under supervision
CN109495497A (en) Based on the management of credit worthiness dynamic and domestic cryptographic algorithm privacy information encrypted transmission method
CN106850584B (en) A kind of anonymous authentication method of curstomer-oriented/server network
CN113641985B (en) Distributed trusted organization identity access control system and method
CN111447058B (en) Book resource access control method based on Chinese remainder theorem
CN116318696A (en) Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties
Camenisch et al. (Un) linkable pseudonyms for governmental databases
CN114124392A (en) Data controlled circulation method, system, device and medium supporting access control
Ma et al. Catch me if you can: A Secure Bilateral Access Control System With Anonymous Credentials
CN113630260B (en) Organization identity encryption and decryption method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant