CN114091001B - Collaborative authentication method, system, device and storage medium - Google Patents

Collaborative authentication method, system, device and storage medium Download PDF

Info

Publication number
CN114091001B
CN114091001B CN202210046592.5A CN202210046592A CN114091001B CN 114091001 B CN114091001 B CN 114091001B CN 202210046592 A CN202210046592 A CN 202210046592A CN 114091001 B CN114091001 B CN 114091001B
Authority
CN
China
Prior art keywords
signature
component
private key
authenticator
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210046592.5A
Other languages
Chinese (zh)
Other versions
CN114091001A (en
Inventor
晏志文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Yiketeng Information Technology Co ltd
Original Assignee
Nanjing Yiketeng Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Yiketeng Information Technology Co ltd filed Critical Nanjing Yiketeng Information Technology Co ltd
Priority to CN202210046592.5A priority Critical patent/CN114091001B/en
Publication of CN114091001A publication Critical patent/CN114091001A/en
Application granted granted Critical
Publication of CN114091001B publication Critical patent/CN114091001B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cooperative authentication method, a system, a device and a storage medium, wherein the method comprises the following steps: the method comprises the steps that an authenticated party generates a first private key component, a private public key is generated based on the first private key component, and an auxiliary authenticator generates a second private key component; the auxiliary authenticator generates a collaborative public key according to the private public key and the second private key component, applies for a certificate to the certificate issuer based on the collaborative public key and the identity information of the authenticatee, and feeds back the certificate to the authenticatee; the master authenticator feeds back a message to be signed to the authenticatee in response to an authentication request sent by the authenticatee; the authenticated party cooperates with the auxiliary authenticator to generate a signature result based on the message to be signed and the first private key component and the second private key component, and sends the signature result and the certificate to the main authenticator; and the main authenticator verifies and authenticates the signature result and the certificate. The technical scheme provided by the invention can solve the technical problems of private key loss, abuse, lack of supervision and audit and safety risk of the authentication system in the prior art.

Description

Collaborative authentication method, system, device and storage medium
Technical Field
The present invention relates to the field of network information security technologies, and in particular, to a method, a system, an apparatus, and a storage medium for collaborative authentication.
Background
With the development of scientific technology, communication technology has changed people's lives, and in recent years, the number of users using communication devices has increased, and network information security technology has become more and more important.
In the prior art, the traditional identity authentication method based on a public key certificate relies on a signature verification algorithm of an asymmetric encryption principle. In the traditional identity authentication method, firstly, an authenticated party initiates an authentication request flow to an authenticator; the authenticator generates a local random number and sends the local random number to the authenticatee; after the authenticated party uses the certificate to sign, the certificate and the signing result are sent to the authenticated party; the authenticator completes the verification of the received signature certificate, including the validity period of the signature certificate, certificate chain authentication, revocation list and blacklist, and checks whether the certificate user is matched with the authenticatee; the authenticator decrypts and verifies the signature of the signature content of the authenticatee by using the public key of the signature certificate, and if the signature content is consistent with the random number sent before, the identity authentication of the authenticatee is completed.
Therefore, the traditional identity authentication process directly occurs between an authenticator and an authenticatee, and the security of the identity completely depends on the security of the private key, so that the following problems may occur in practical application.
1. In the traditional identity authentication system, only one private key is provided, the security of the private key is crucial, and a user lacks strong security protection when keeping the private key, so that once the private key is lost or stolen, the private key can be faked as an identity by an information stealer;
2. identity authentication directly occurs between an authenticator and an authenticator, a certificate management organization is difficult to audit and supervise the authentication process, and the risk of abusing certificates exists;
3. in the traditional method, if the private key of the certificate is lost or stolen, the certificate is revoked through a CRL revocation list to prevent information loss, but the processing mode is long in period and has delay risk;
4. the authenticated party and the authenticator are in a one-to-many relationship, and the modification of the authenticator to solve the above problems causes great cost and risk.
Disclosure of Invention
The invention provides a collaborative authentication method, a system, a device and a storage medium, aiming at effectively solving the technical problems of private key loss, abuse, lack of supervision and audit and safety risk of an authentication system in the prior art.
According to an aspect of the present invention, there is provided a collaborative authentication method, the method comprising:
an authenticatee generates a first private key component and a private public key based on the first private key component, and an auxiliary authenticator associated with the authenticatee generates a second private key component;
the auxiliary authenticator generates a collaborative public key according to the private public key and the second private key component, applies for a certificate for the authenticatee to a certificate issuer based on the collaborative public key and the identity information of the authenticatee, and feeds back the certificate issued by the certificate issuer to the authenticatee;
the master authenticator feeds back a message to be signed to the authenticatee in response to an authentication request sent by the authenticatee;
the authenticatee and the auxiliary authenticator generate a signature result based on the message to be signed and the first private key component and the second private key component, and send the signature result and the certificate to the main authenticator;
and the main authenticator checks the signature result and the certificate to finish the authentication of the authenticatee.
Further, the authenticated party generating a first private key component and generating a private public key based on the first private key component, the secondary authenticator associated with the authenticated party generating a second private key component comprising:
the authenticated party generates a first random number within a preset value range based on a random number generator, and the first random number is used as the first private key component;
the authenticated party generates the private public key based on the first private key component and a preset basic parameter required by an adopted encryption mechanism;
and the auxiliary authenticator generates a second random number in the preset value range based on a random number generator, and takes the second random number as the second private key component.
Further, the authenticated party generating a signature result based on the message to be signed and the first private key component and the second private key component in cooperation with the auxiliary authenticator, and sending the signature result and the certificate to the primary authenticator includes:
the authenticated party generates a message digest about the message to be signed according to a hash value and a hash function and based on an SM2 algorithm, generates a first signature element based on the basic parameter and a first signature component based on the first private key component, and sends the message digest, the first signature element and the first signature component to the auxiliary authenticator;
the secondary authenticator generates a second signature element based on the second private key component and the base parameter and subsequently generates a third signature element based on the second private key component, the first signature element and the second signature element;
the secondary authenticator generating a second signature component based on the third signature element and the message digest and a third signature component based on the first signature component and the second signature component and transmitting the second signature component and the third signature component back to the authenticator;
the authenticatee generates a fourth signature component based on the second signature component and the third signature component, and transmits a combination of the second signature component and the fourth signature component as the signature result and the certificate to the master authenticator.
Further, the adopted encryption mechanism is an encryption mechanism based on SM2 algorithm, and the authenticatee and the assistant authenticator share the elliptic curve E defined by the SM2 algorithmpAnd EpThe base point is of an upper order n, and the preset base parameter is the base point G.
Further, the generating, by the authenticated party, the private public key based on the first private key component and a preset basic parameter required by the adopted encryption mechanism includes:
the authenticated party generates the private public key according to:
PA=D1*G,
wherein, PARepresenting said private public key, D1Is the first private key component and G is the base point.
Further, the generating, by the secondary authenticator, a collaborative public key from the private public key and the second private key component includes:
the secondary authenticator generates the collaborative public key according to the following formula:
P= D2 PA *G,
wherein P represents the collaborative public key, D2Is the second private key component, PAIs the private public key and G is the base point.
Further, the generating a first signature element based on the base parameter and generating a first signature component based on the first private key component includes:
the authentication is carried outGenerating a third random number K within the preset value range based on a random number generator1And a fourth random number K3
Calculating the first signature element W according to1
W1= K1*G,
Wherein, W1Representing said first signature element, K1Is the third random number, G is the base point;
calculating the first signature component according to:
S1=(K3D1 -1)mod n,
wherein S is1Representing said first signature component, K3Is said fourth random number, D1 -1Is the first private key component D1N is a constant associated with the preset value range.
Further, the secondary authenticator generating a second signature element based on the second private key component and the base parameter, and subsequently generating a third signature element based on the second private key component, the first signature element, and the second signature element comprises:
the auxiliary authenticator generates a fifth random number K in the preset value range based on a random number generator2
Generating the second signature element according to:
W2= K2D2*G,
wherein, W2Representing said second signature element, K2Is said fifth random number, D2Is the second private key component, G is the base point;
generating the third signature element according to the following formula, the third signature element being an elliptic curve point defined by the SM2 algorithm,
W=D2 W1+ W2
wherein W represents the third signature element, D2Is the second private key component, W1Is the first signature element, W2Is the second signature element, and the coordinates of the elliptic curve point represented by the third signature element are (x)1,y1)。
Further, the secondary authenticator generating a second signature component based on the third signature element and the message digest, and generating a third signature component based on the first signature component and the second signature component comprises:
the secondary authenticator generates the second signature component r according to the following formula, wherein if r =0, the fifth random number K is regenerated2And based on a new fifth random number K2Re-computing the third signature element until the second signature component r is non-zero,
r =(x1+e)mod n,
wherein r represents the second signature component, x1Is the abscissa of the elliptic curve point represented by the third signature element, e is the message digest, and n is a constant related to the preset value range;
generating the third signature component according to:
S2 = S1(K2 +D2 -1 r)mod n,
wherein S is2Representing said third signature component, S1For the first signature component, D2 -1As the second private key component D2R is the second signature component, and n is a constant associated with the preset value range.
Further, the authenticator generating a fourth signature component based on the second signature component and the third signature component comprises:
the authenticated party generates the fourth signature component S according to the following equation, and regenerates the third random number K if the fourth signature component S =01And a fourth random number K3And based on a new third random number K1And a fourth random number K3Regenerating the third signature component and the second signature component untilTo the fourth signature component S being non-zero,
S=(D1 -1K1+ K3 -1S2-r)mod n,
wherein S represents the fourth signature component, D1 -1Is the first private key component D1Inverse of (A), K1Is said third random number, K3 -1Is said fourth random number K3Inverse of (1), S2Is the third signature component, r is the second signature component, and n is a constant associated with the preset value range.
According to another aspect of the present invention, there is provided a collaborative authentication system comprising:
an authenticated device for generating a first private key component and a private public key based on the first private key component;
the auxiliary authentication device is associated with the authenticated device and used for generating a second private key component, generating a cooperative public key according to the private public key and the second private key component, applying a certificate for the authenticated device to a certificate issuing device based on the cooperative public key and the identity information of the authenticated device, and feeding back the certificate issued by the certificate issuing device to the authenticated device;
the master authentication device is used for feeding back a message to be signed to the authenticated device in response to an authentication request sent by the authenticated device;
the authenticated device is further configured to initiate the authentication request, generate, after receiving the message to be signed, a signature result based on the message to be signed and the first and second private key components in cooperation with the auxiliary authentication device, and send the signature result and the certificate to the primary authentication device;
the auxiliary authentication device is further used for generating the signature result in cooperation with the authenticated device;
the main authentication device is further used for verifying the signature result and the certificate so as to finish the authentication of the authenticated party.
According to another aspect of the present invention, the present invention provides a collaborative authentication method for an authenticated party, the method comprising:
generating a first private key component, generating a private public key based on the first private key component, sending the private public key to an auxiliary authenticator to trigger the auxiliary authenticator to generate a second private key component, and generating a collaborative public key according to the private public key and the second private key component;
receiving a certificate which is sent by the auxiliary authenticator and is applied to the authenticatee based on the cooperative public key and the identity information of the authenticatee;
and sending an authentication request to the main authenticator to obtain a message to be signed fed back by the main authenticator, generating a signature result based on the message to be signed and the first private key component and the second private key component in cooperation with the auxiliary authenticator, and sending the signature result and the certificate to the main authenticator to finish authentication.
According to another aspect of the present invention, the present invention provides a collaborative authentication method for assisting an authenticator, the method comprising:
receiving a private public key generated by an authenticated party based on a first private key component, generating a second private key component, generating a collaborative public key according to the private public key and the second private key component, applying a certificate for the authenticated party to a certificate issuing party based on the collaborative public key and the identity information of the authenticated party, and feeding back the certificate issued by the certificate issuing party to the authenticated party;
generating a signature result based on the message to be signed and the first private key component and the second private key component which are fed back to the authenticatee by the main authenticator in response to an authentication request sent by the authenticatee, so that the main authenticator completes authentication for the authenticatee based on the signature result and the certificate.
According to another aspect of the present invention, the present invention provides a collaborative authentication method for a primary authenticator, the method comprising:
receiving an authentication request from an authenticated party and feeding back a message to be signed to the authenticated party;
receiving a signature result generated by the authenticated party in cooperation with the auxiliary authenticator based on the message to be signed and the first private key component and the second private key component, and receiving a certificate applied to the authenticated party from a certificate issuer based on the cooperation public key and the identity information of the authenticated party and sent by the authenticated party;
and verifying the signature result and the certificate to finish the authentication of the authenticated party.
According to another aspect of the present invention, the present invention provides an authenticated apparatus for an authenticated party in a collaborative authentication system, the collaborative authentication system further including a primary authenticator and a secondary authenticator associated with the authenticated party, the apparatus comprising:
the private public key generating unit is used for generating a first private key component, generating a private public key based on the first private key component, sending the private public key to the auxiliary authenticator, triggering the auxiliary authenticator to generate a second private key component, and generating a collaborative public key according to the private public key and the second private key component;
a certificate receiving unit, configured to receive a certificate that is applied to the authenticated party from a certificate issuer based on the collaborative public key and the identity information of the authenticated party and is sent by the auxiliary authenticator;
and the authentication unit is used for sending an authentication request to a main authenticator to obtain a message to be signed fed back by the main authenticator, generating a signature result based on the message to be signed and the first private key component and the second private key component in cooperation with the auxiliary authenticator, and sending the signature result and the certificate to the main authenticator to finish authentication.
According to another aspect of the present invention, the present invention provides a secondary authentication apparatus for a secondary authenticator in a collaborative authentication system, the collaborative authentication system further including a primary authenticator and an authenticatee associated with the secondary authenticator, the apparatus comprising:
the cooperative public key generating unit is used for receiving a private public key generated by the authenticated party based on the first private key component, generating a second private key component and generating a cooperative public key according to the private public key and the second private key component;
a certificate applying and sending unit, configured to apply a certificate for the authenticated party to a certificate issuer based on the collaborative public key and the identity information of the authenticated party, and send the certificate issued by the certificate issuer to the authenticated party;
and the auxiliary authentication unit is used for generating a signature result by cooperating with the authenticated party based on the message to be signed and the first private key component and the second private key component which are fed back to the authenticated party by the main authenticator in response to the authentication request sent by the authenticated party so as to enable the main authenticator to finish the authentication of the authenticated party based on the signature result and the certificate.
According to another aspect of the present invention, the present invention provides a primary authenticator used in a cooperative authentication system, the cooperative authentication system further including an authenticatee and a secondary authenticator associated with the authenticatee, the apparatus comprising:
the authentication request receiving unit is used for receiving an authentication request from the authenticated party and feeding back a message to be signed to the authenticated party;
a signature result and certificate receiving unit, configured to receive a signature result generated by the authenticated party in cooperation with the auxiliary authenticator based on the message to be signed and the first and second private key components, and receive a certificate that is sent by the authenticated party and applies for the authenticated party to a certificate issuer based on the cooperation public key and the identity information of the authenticated party;
and the signature verification unit verifies the signature of the signature result and the certificate so as to finish the authentication of the authenticated party.
According to another aspect of the present invention, there is provided a storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform any of the above described cooperative authentication methods.
Through one or more of the above embodiments in the present invention, at least the following technical effects can be achieved:
according to the technical scheme of the invention, in addition to an authenticator, an authenticatee and a certificate issuer in the traditional authentication method, the invention adds an auxiliary authentication system, and inserts an auxiliary authentication flow before the authenticatee authenticates through the SM2 collaborative signature algorithm and the auxiliary authentication system. The method comprises the steps that a first private key component is generated by an authenticated party, a second private key component is generated by an auxiliary authenticating party, and only one possible information security risk brought by the private key is solved through the two private key components. The authentication system can effectively audit and supervise the authentication request of the authenticated party, can rapidly block the unsafe request, and solves the technical problems of private key loss, abuse, lack of supervision and audit under the condition that the original authentication mode and authentication flow are not changed by the authentication system through a collaborative signature mechanism.
Drawings
The technical solution and other advantages of the present invention will become apparent from the following detailed description of specific embodiments of the present invention, which is to be read in connection with the accompanying drawings.
FIG. 1 is a schematic flow chart of a cooperative authentication method according to the present invention;
fig. 2 is a schematic flowchart of a certificate issuing stage in the cooperative authentication method according to the embodiment of the present invention;
fig. 3 is a schematic flowchart of an authentication phase in which an authenticator authenticates an authenticatee in the cooperative authentication method according to the embodiment of the present invention;
fig. 4 is a schematic flow chart of signature result generation between the authenticated party and the auxiliary authenticator based on the SM2 algorithm;
FIG. 5 is a schematic structural diagram of a cooperative authentication system provided in the present invention;
FIG. 6 is a flowchart illustrating a collaborative authentication method for an authenticated party according to the present invention;
FIG. 7 is a flowchart illustrating a cooperative authentication method for assisting an authenticator according to the present invention;
FIG. 8 is a flowchart illustrating a collaborative authentication method for a primary authenticator according to the present invention;
fig. 9 is a schematic structural diagram of a cooperative authentication apparatus for an authenticated party according to the present invention;
fig. 10 is a schematic structural diagram of a cooperative authentication apparatus for assisting an authenticator according to the present invention;
fig. 11 is a schematic structural diagram of a cooperative authentication apparatus for a primary authenticator provided in the present invention.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that, unless explicitly stated or limited otherwise, the term "and/or" herein is only one kind of association relationship describing the associated object, and means that there may be three kinds of relationships, for example, a and/or B, and may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this document generally indicates that the preceding and following related objects are in an "or" relationship unless otherwise specified.
As shown in fig. 1, which is a schematic flow chart of a cooperative authentication method provided by the present invention, the cooperative authentication method includes:
step 101: an authenticatee generates a first private key component and a private public key based on the first private key component, and an auxiliary authenticator associated with the authenticatee generates a second private key component;
step 102: the auxiliary authenticator generates a collaborative public key according to the private public key and the second private key component, applies for a certificate for the authenticatee to a certificate issuer based on the collaborative public key and the identity information of the authenticatee, and feeds back the certificate issued by the certificate issuer to the authenticatee;
step 103: the master authenticator feeds back a message to be signed to the authenticatee in response to an authentication request sent by the authenticatee;
step 104: the authenticatee and the auxiliary authenticator generate a signature result based on the message to be signed and the first private key component and the second private key component, and send the signature result and the certificate to the main authenticator;
step 105: and the main authenticator checks the signature result and the certificate to finish the authentication of the authenticatee.
In the identity authentication method of the present invention, the identity authentication process is divided into two stages, the first stage is a certificate issuing stage before authentication, corresponding to step 101, step 102 and step 103, and fig. 2 is a schematic flow chart of the certificate issuing stage before authentication. The second phase is an authentication phase of the authenticator with the authenticatee, corresponding to step 103 and step 104, and fig. 3 is a schematic flow chart of the authentication phase of the authenticator with the authenticatee.
In step 101, an authenticatee generates a first private key component and a private public key based on the first private key component, and a secondary authenticator associated with the authenticatee generates a second private key component. Illustratively, an asymmetric encryption scheme, i.e., an asymmetric encryption algorithm, is an enhancement to a symmetric encryption scheme using a password and a user name. When an asymmetric encryption algorithm is used, a public key and a private key that are paired with each other are generated. Different from the traditional identity authentication system, the scheme is also provided with an auxiliary authenticator besides the main authenticator and the authenticatee. As shown in fig. 2, a first private key component is generated by the authenticated party, and a private public key is generated based on the first private key component, and the authenticated party sends the private public key to the auxiliary authenticator to generate a collaborative public key, i.e., "i authenticated party private public key" shown in fig. 2. The auxiliary authenticator generates a second private key component, the private key is mainly used for decryption or signature, the authenticated party and the auxiliary authenticator need to respectively preserve the private key component, the private key can be protected by adding a password, and the private key does not need to be transmitted to the outside.
After the step 101 is executed, step 102 is executed, in which the auxiliary authenticator generates a collaborative public key according to the private public key and the second private key component, applies a certificate for the authenticatee to a certificate issuer based on the collaborative public key and the identity information of the authenticatee, and feeds back the certificate issued by the certificate issuer to the authenticatee. Illustratively, the collaborative public key is generated by the secondary authenticator, i.e., "generate collaborative public key" shown in fig. 2, where the public key is mainly used for encryption or verification. The cooperative public key can be published to the outside without keeping secret per se. The authenticated party obtains the certificate issued by the certificate issuer, namely the 'application certificate' shown in fig. 2, through the auxiliary authenticator. Among them, the Certificate Authority (CA) is a trusted third party in e-commerce transactions, and takes responsibility for validity check of the public key in the public key system. The auxiliary authenticator uses the cooperative public key and the identity information of the authenticatee to proxy the authenticatee to apply the certificate of the authenticatee to the certificate issuer. After the certificate issuing party determines the identity of the authenticated party, the cooperative public key and the identity information of the authenticated party are bound together and signed to form a certificate, and the certificate is issued to the auxiliary authentication party, namely, the 'issuing certificate' shown in fig. 2, and the certificate contains the cooperative public key. The secondary authenticator forwards the certificate to the authenticated party, i.e. "return certificate" in fig. 2, and after the authenticated party receives the certificate, the certificate is stored. In the scheme of the invention, the auxiliary party generates the cooperative public key and the proxy authenticated party applies for the certificate, so that the authenticated party can be prevented from cheating, and because the authentication party does not sense the cooperative process, the scheme can prevent an unknown person from impersonating the authenticated party to steal the information of the authentication party, and the safety of the identity authentication system is effectively improved.
After step 102 is executed, step 103 is executed, and the master authenticator feeds back a message to be signed to the authenticatee in response to an authentication request sent by the authenticatee. Illustratively, in the identity verification process, an authenticated party initiates an authentication process, the authenticated party sends an authentication request to a main authenticator, and the main authenticator receives the authentication request and then sends information to be signed to the authenticated party, namely "sending parameter to be signed" shown in fig. 3.
After step 103, step 104 is executed, in which the authenticatee cooperates with the secondary authenticator to generate a signature result based on the message to be signed and the first private key component and the second private key component, and sends the signature result and the certificate to the primary authenticator. Illustratively, the SM2 algorithm is an asymmetric encryption method promulgated by the national crypto authority, collectively referred to as elliptic curve algorithms. After receiving the message to be signed sent by the authenticator, the authenticatee initiates a cooperative authentication process with the auxiliary authenticator, the auxiliary authenticator first completes the preposed identity authentication of the authenticatee, i.e. "authentication by the auxiliary authenticator" shown in fig. 3, then cooperates with the authenticatee to generate a signature result, i.e. "cooperative signature" shown in fig. 3, and then the authenticatee sends the cooperative signature certificate and the cooperative signature result to the authenticator, which is "sending certificate and signature" shown in fig. 3.
After step 104 is executed, step 105 is executed, and the master authenticator checks the signature result and the certificate to complete the authentication of the authenticatee. Illustratively, in this process, the authenticator authenticates the certificate first and then authenticates the signature result.
The authenticator authenticates the correctness of the collaborative signature certificate according to the root certificate downloaded in advance, and further determines whether the collaborative signature certificate of the authenticatee is trustable according to the validity of the CRL or OCSP authentication certificate, i.e. "check the local root certificate" and "authenticate validity according to the CRL or OCSP" shown in fig. 3. The root certificate is a digital certificate issued by a certificate mark issuer and is a coordination basis of an issuing organization and a network user, a user must have a trusted root certificate, the digital certificate of the user is valid, and after the root certificate is installed by an authenticator, the root certificate is trusted, namely, the authenticator trusts the certificate mark issuer, so that the authenticated party is trusted.
And the main authenticator checks the signature result to finish the authentication of the authenticated party. Illustratively, in order to confirm whether the authenticated party is trustable, the authenticator needs to authenticate the signature result and the certificate, after the authenticator verifies the certificate, the authenticator decrypts the signature by using a cooperative public key in the certificate, verifies whether the signature result is consistent, if so, the authenticated party is trustable, and if not, the authenticated party signs by using a different key or data is changed, so that the risk of stealing information may exist.
According to the technical scheme of the invention, in addition to an authenticator, an authenticatee and a certificate issuer in the traditional authentication method, the invention adds an auxiliary authentication system, and adds an auxiliary authentication flow before the authenticatee authenticates through the SM2 collaborative signature algorithm and the auxiliary authentication system. The method comprises the steps that a first private key component is generated by an authenticated party, a second private key component is generated by an auxiliary authenticating party, and the information security risk possibly brought by only one private key is solved through the two private key components. The cooperative authentication method can effectively audit and supervise the authentication request of the authenticated party, can quickly block the unsafe request, and solves the technical problems of private key loss, abuse, lack of supervision and audit under the condition that the original authentication mode and authentication flow are not changed by the authentication system through a cooperative signature mechanism.
Further, in the technical solution disclosed in the present invention, the authenticated party generates a first random number within a preset value range based on a random number generator, and uses the first random number as the first private key component; the authenticated party generates the private public key based on the first private key component and a preset basic parameter required by an adopted encryption mechanism; and the auxiliary authenticator generates a second random number in the preset value range based on a random number generator, and takes the second random number as the second private key component. Illustratively, in the present invention, in order to protect the security of the private key, the authenticated party and the auxiliary authenticator each generate a private key. The authenticated party generates a first random number as a first private key component through a random number generator, and the first random number cannot be a negative number or infinite number and needs to be valued in a preset value range. In order to protect the security of the first private key component, the authenticated party needs to protect the first private key securely without transmitting it out, and generates a private public key that can be transmitted out based on the first private key component and preset basic parameters required by the encryption mechanism, and sends the private public key to the secondary authenticator. The manner in which the secondary authenticator generates the second private key component is the same as the manner in which the authenticatee generates the first private key component, and the random number generator generates the second random number as the second private key component.
Further, the authenticated party generates a message digest about the message to be signed according to a hash value and a hash function and based on an SM2 algorithm, generates a first signature element based on the basic parameter and a first signature component based on the first private key component, and sends the message digest, the first signature element and the first signature component to the secondary authenticator; the secondary authenticator generates a second signature element based on the second private key component and the base parameter and subsequently generates a third signature element based on the second private key component, the first signature element and the second signature element; the secondary authenticator generating a second signature component based on the third signature element and the message digest and a third signature component based on the first signature component and the second signature component and transmitting the second signature component and the third signature component back to the authenticator; the authenticatee generates a fourth signature component based on the second signature component and the third signature component, and transmits a combination of the second signature component and the fourth signature component as the signature result with the certificate to the master authenticator. Illustratively, the process is a specific step of generating a signature result by the cooperation of the authenticated party and the auxiliary authenticator based on the message to be signed and the first private key component and the second private key component, and sending the signature result and the certificate added with the cooperation public key to the main authenticator.
Further, the employed encryption mechanismIs an encryption mechanism based on SM2 algorithm, the authenticatee and the secondary authenticator share an elliptic curve E defined by the SM2 algorithmpAnd EpThe base point is of an upper order n, and the preset base parameter is the base point G. In other words, the authenticator and the secondary authenticator are both encrypted based on the SM2 collaborative signature algorithm, the two parties use the same elliptic curve in the encryption process, and the base point G on the elliptic curve is the same, wherein the order of the base point G is n.
Fig. 4 is a schematic flow chart of generating a signature result based on the SM2 algorithm between the authenticated party and the secondary authenticator, and next, a specific method for generating a signature result from the first private key component and the second private key component is described.
Further, in the technical solution disclosed in the present invention, the generating, by the authenticated party, the private public key based on the first private key component and a preset basic parameter required by an adopted encryption mechanism includes: the authenticated party generates the private public key according to: pA=D1G, wherein PARepresenting said private public key, D1Is the first private key component and G is the base point. Illustratively, the authenticatee generates the private public key based on the first private key component and a base point G on an elliptic curve defined by the SM2 algorithm.
Further, the generating, by the secondary authenticator, a collaborative public key from the private public key and the second private key component includes: the secondary authenticator generates the collaborative public key according to the following formula: p = D2 PAG, where P denotes the collaborative public key, D2Is the second private key component, PAIs the private public key and G is the base point. Illustratively, the secondary authenticator generates a collaborative public key from the private public key, the second private key component, and base point G based on the SM2 algorithm. In the identity authentication system, only the cooperative public key is known, and the first private key component and the second private key component are difficult to realize by reverse deduction. I.e., the private key may generate the public key, but the public key cannot reverse the private key.
Further, the generating a first signature element based on the base parameter and generating a first signature element based on the first private key componentThe signature components include: the authenticated party generates a third random number K in the preset value range based on a random number generator1And a fourth random number K3(ii) a Calculating the first signature element W according to1;W1= K1G, wherein W1Representing said first signature element, K1Is the third random number, G is the base point; calculating the first signature component according to: s1=(K3D1 -1) mod n, where S1Representing said first signature component, K3Is said fourth random number, D1 -1Is the first private key component D1N is a constant associated with the preset value range.
Further, the secondary authenticator generating a second signature element based on the second private key component and the base parameter, and subsequently generating a third signature element based on the second private key component, the first signature element, and the second signature element comprises: the auxiliary authenticator generates a fifth random number K in the preset value range based on a random number generator2(ii) a Generating the second signature element according to: w2= K2D2G, wherein W2Representing said second signature element, K2Is said fifth random number, D2Is the second private key component, G is the base point; generating the third signature element according to the following formula, the third signature element being an elliptic curve point defined by the SM2 algorithm, W = D2 W1+ W2Wherein W represents the third signature element, D2Is the second private key component, W1Is the first signature element, W2Is the second signature element, and the coordinates of the elliptic curve point represented by the third signature element are (x)1,y1)。
Further, the secondary authenticator generating a second signature component based on the third signature element and the message digest, and generating a third signature component based on the first signature component and the second signature component comprises: what is needed isThe secondary authenticator generates the second signature component r according to the following formula, wherein if r =0, the fifth random number K is regenerated2And based on a new fifth random number K2Recalculating the third signature element until the second signature component r is non-zero, r = (x)1+ e) mod n, where r represents the second signature component, x1Is the abscissa of the elliptic curve point represented by the third signature element, e is the message digest, and n is a constant related to the preset value range; generating the third signature component according to: s2 = S1(K2 +D2 -1 r) mod n, where S2Representing said third signature component, S1For the first signature component, D2 -1As the second private key component D2R is the second signature component, and n is a constant associated with the preset value range. Further, the authenticator generating a fourth signature component based on the second signature component and the third signature component comprises: the authenticated party generates the fourth signature component S according to the following equation, and regenerates the third random number K if the fourth signature component S =01And a fourth random number K3And based on a new third random number K1And a fourth random number K3Regenerating the third signature component and the second signature component until the fourth signature component S is non-zero, S = (D)1 - 1K1+ K3 -1S2-r) mod n, where S represents the fourth signature component, D1 -1Is the first private key component D1Inverse of (A), K1Is said third random number, K3 -1Is said fourth random number K3Inverse of (1), S2Is the third signature component, r is the second signature component, and n is a constant associated with the preset value range.
As shown in fig. 5, the present invention also provides a cooperative authentication apparatus, including:
authenticated device 301 to generate a first private key component and a private public key based on the first private key component;
an auxiliary authentication device 302, where the auxiliary authentication device 302 is associated with the authenticated device 301, and is configured to generate a second private key component, generate a collaborative public key according to the private public key and the second private key component, apply a certificate for the authenticated device 301 to a certificate issuing device based on the collaborative public key and the identity information of the authenticated device 301, and feed back the certificate issued by the certificate issuing device to the authenticated device 301;
a master authentication device 303 configured to feed back a message to be signed to the authenticated device 301 in response to the authentication request sent by the authenticated device 301;
the authenticated device 301 is further configured to initiate the authentication request, generate, after receiving the message to be signed, a signature result based on the message to be signed and the first private key component and the second private key component in cooperation with the auxiliary authentication device 302, and send the signature result and the certificate to the primary authentication device 303;
the auxiliary authentication device 302 is further configured to generate the signature result in cooperation with the authenticated device 301;
the master authentication device 303 is further configured to verify the signature result and the certificate to complete authentication of the authenticated device 301.
As shown in fig. 6, based on the same inventive concept as the above-described cooperative authentication method, the present invention also provides a cooperative authentication method for an authenticated party, comprising:
step 401: generating a first private key component, generating a private public key based on the first private key component, sending the private public key to an auxiliary authenticator to trigger the auxiliary authenticator to generate a second private key component, and generating a collaborative public key according to the private public key and the second private key component;
step 402: receiving a certificate which is sent by the auxiliary authenticator and is applied to the authenticatee based on the cooperative public key and the identity information of the authenticatee;
step 403: and sending an authentication request to the main authenticator to obtain a message to be signed fed back by the main authenticator, generating a signature result based on the message to be signed and the first private key component and the second private key component in cooperation with the auxiliary authenticator, and sending the signature result and the certificate to the main authenticator to finish authentication.
As shown in fig. 7, based on the same inventive concept as the above-described collaborative authentication method, the present invention also provides a collaborative authentication method for assisting an authenticator, including:
step 501: receiving a private public key generated by an authenticated party based on a first private key component, generating a second private key component, generating a collaborative public key according to the private public key and the second private key component, applying a certificate for the authenticated party to a certificate issuing party based on the collaborative public key and the identity information of the authenticated party, and feeding back the certificate issued by the certificate issuing party to the authenticated party;
step 502: generating a signature result based on the message to be signed and the first private key component and the second private key component which are fed back to the authenticatee by the main authenticator in response to an authentication request sent by the authenticatee, so that the main authenticator completes authentication for the authenticatee based on the signature result and the certificate.
As shown in fig. 8, based on the same inventive concept as the above-described cooperative authentication method, the present invention also provides a cooperative authentication method for a master authenticator, including:
step 601: receiving an authentication request from an authenticated party and feeding back a message to be signed to the authenticated party;
step 602: receiving a signature result generated by the authenticated party in cooperation with the auxiliary authenticator based on the message to be signed and the first private key component and the second private key component, and receiving a certificate applied to the authenticated party from a certificate issuer based on the cooperation public key and the identity information of the authenticated party and sent by the authenticated party;
step 603: and verifying the signature result and the certificate to finish the authentication of the authenticated party.
As shown in fig. 9, based on the same inventive concept as the above-described collaborative authentication method and system, the present invention further provides an authenticated device for an authenticated party in a collaborative authentication system, where the collaborative authentication system further includes a primary authenticator and a secondary authenticator associated with the authenticated party, and the authenticated device includes:
a private public key generating unit 701, configured to generate a first private key component, generate a private public key based on the first private key component, send the private public key to the auxiliary authenticator, trigger the auxiliary authenticator to generate a second private key component, and generate a collaborative public key according to the private public key and the second private key component;
a certificate receiving unit 702, configured to receive a certificate that is sent by the secondary authenticator and is applied to the authenticator for the authenticator based on the cooperative public key and the identity information of the authenticator;
the authentication unit 703 is configured to send an authentication request to a primary authenticator to obtain a message to be signed, which is fed back by the primary authenticator, generate a signature result based on the message to be signed and the first and second private key components in cooperation with the secondary authenticator, and send the signature result and the certificate to the primary authenticator to complete authentication.
As shown in fig. 10, based on the same inventive concept as the above-described cooperative authentication system and method, the present invention further provides a secondary authentication apparatus for a secondary authenticator in the cooperative authentication system, where the cooperative authentication system further includes a primary authenticator and an authenticatee associated with the secondary authenticator, and the secondary authentication apparatus includes:
a cooperative public key generation unit 801, configured to receive a private public key generated by the authenticated party based on the first private key component, generate a second private key component, and generate a cooperative public key according to the private public key and the second private key component;
a certificate applying and sending unit 802, configured to apply a certificate for the authenticated party to a certificate issuer based on the collaborative public key and the identity information of the authenticated party, and send the certificate issued by the certificate issuer to the authenticated party;
a secondary authentication unit 803, configured to generate, in cooperation with the authenticatee, a signature result based on the message to be signed and the first private key component and the second private key component, which are fed back to the authenticatee by the master authenticator in response to the authentication request sent by the authenticatee, so that the master authenticator completes authentication for the authenticatee based on the signature result and the certificate.
As shown in fig. 11, based on the same inventive concept as the collaborative authentication system and method described above, the present invention further provides a primary authentication apparatus for a primary authenticator in the collaborative authentication system, the collaborative authentication system further including an authenticatee and a secondary authenticator associated with the authenticatee, the primary authentication apparatus including:
an authentication request receiving unit 901, which receives an authentication request from the authenticated party and feeds back a message to be signed to the authenticated party;
a signature result and certificate receiving unit 902, configured to receive a signature result generated by the authenticated party in cooperation with the auxiliary authenticator based on the message to be signed and the first private key component and the second private key component, and receive a certificate that is sent by the authenticated party and applies for the authenticated party to a certificate issuer based on the cooperation public key and the identity information of the authenticated party;
and the signing and verifying unit 903 is used for signing and verifying the signature result and the certificate so as to finish the authentication of the authenticated party.
According to another aspect of the present invention, there is also provided a storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform any of the above described cooperative authentication methods.
In summary, although the present invention has been described with reference to the preferred embodiments, the above-described preferred embodiments are not intended to limit the present invention, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention, therefore, the scope of the present invention shall be determined by the appended claims.

Claims (11)

1. A collaborative authentication method, the method comprising:
an authenticatee generates a first private key component and a private public key based on the first private key component, and an auxiliary authenticator associated with the authenticatee generates a second private key component;
the auxiliary authenticator generates a collaborative public key according to the private public key and the second private key component, applies for a certificate for the authenticatee to a certificate issuer based on the collaborative public key and the identity information of the authenticatee, and feeds back the certificate issued by the certificate issuer to the authenticatee;
the master authenticator feeds back a message to be signed to the authenticatee in response to an authentication request sent by the authenticatee;
the auxiliary authenticator authenticates the identity of the authenticated party;
after the identity authentication is passed, the authenticated party cooperates with the auxiliary authenticator to generate a signature result based on the message to be signed and the first private key component and the second private key component, and the signature result and the certificate are sent to the main authenticator;
the main authenticator checks the signature result and the certificate to finish the authentication of the authenticatee;
wherein the generating, by the authenticator in cooperation with the secondary authenticator, a signature result based on the message to be signed and the first and second private key components after passing the identity authentication, and sending the signature result and the certificate to the primary authenticator comprises:
the authenticated party generates a message digest according to the message to be signed, generates a first signature element based on basic parameters and a first signature component based on the first private key component, and sends the message digest, the first signature element and the first signature component to the auxiliary authenticator;
the secondary authenticator generates a second signature element based on the second private key component and the base parameter and subsequently generates a third signature element based on the second private key component, the first signature element and the second signature element;
the secondary authenticator generating a second signature component based on the third signature element and the message digest and a third signature component based on the first signature component and the second signature component and transmitting the second signature component and the third signature component back to the authenticator;
the authenticatee generates a fourth signature component based on the second signature component and the third signature component, and transmits a combination of the second signature component and the fourth signature component as the signature result and the certificate to the master authenticator.
2. The method of claim 1, wherein the authenticatee generates a first private key component and a private public key based on the first private key component, and wherein generating a second private key component by a secondary authenticator associated with the authenticatee comprises:
the authenticated party generates a first random number within a preset value range based on a random number generator, and the first random number is used as the first private key component;
the authenticated party generates the private public key based on the first private key component and the preset basic parameters required by the adopted encryption mechanism;
and the auxiliary authenticator generates a second random number in the preset value range based on a random number generator, and takes the second random number as the second private key component.
3. The method of claim 2, wherein said sampling is performedThe used encryption mechanism is based on SM2 algorithm, and the authenticatee and the assistant authenticator share the elliptic curve E defined by the SM2 algorithmpAnd EpThe base point is of an upper order n, and the preset base parameter is the base point G.
4. The method of claim 3, wherein the authenticated party generating the private public key based on the first private key component and preset base parameters required by an employed encryption mechanism comprises:
the authenticated party generates the private public key according to:
PA=D1*G,
wherein, PARepresenting said private public key, D1Is the first private key component and G is the base point.
5. The method of claim 4, wherein the secondary authenticator generating a collaborative public key from the private public key and the second private key component comprises:
the secondary authenticator generates the collaborative public key according to the following formula:
P= D2 PA *G,
wherein P represents the collaborative public key, D2Is the second private key component, PAIs the private public key and G is the base point.
6. The method of claim 5, wherein generating a first signature element based on the base parameter and generating a first signature component based on the first private key component comprises:
the authenticated party generates a third random number K in the preset value range based on a random number generator1And a fourth random number K3
Calculating the first signature element W according to1
W1= K1*G,
Wherein, W1Representing said first signature element, K1Is the third random number, G is the base point;
calculating the first signature component according to:
S1=(K3D1 -1)mod n,
wherein S is1Representing said first signature component, K3Is said fourth random number, D1 -1Is the first private key component D1N is a constant associated with the preset value range.
7. The method of claim 6, wherein the secondary authenticator generating a second signature element based on the second private key component and the base parameters, and subsequently generating a third signature element based on the second private key component, the first signature element, and the second signature element comprises:
the auxiliary authenticator generates a fifth random number K in the preset value range based on a random number generator2
Generating the second signature element according to:
W2= K2D2*G,
wherein, W2Representing said second signature element, K2Is said fifth random number, D2Is the second private key component, G is the base point;
generating the third signature element according to the following formula, the third signature element being an elliptic curve point defined by the SM2 algorithm,
W=D2 W1+ W2
wherein W represents the third signature element, D2Is the second private key component, W1Is the first signature element, W2Is the second signature element, and the coordinates of the elliptic curve point represented by the third signature element are (x)1,y1)。
8. The method of claim 7, wherein the secondary authenticator generates a second signature component based on the third signature element and the message digest, and generates a third signature component based on the first signature component and the second signature component comprises:
the secondary authenticator generates the second signature component r according to the following formula, wherein if r =0, the fifth random number K is regenerated2And based on a new fifth random number K2Re-computing the third signature element until the second signature component r is non-zero,
r =(x1+e)mod n,
wherein r represents the second signature component, x1Is the abscissa of the elliptic curve point represented by the third signature element, e is the message digest, and n is a constant related to the preset value range;
generating the third signature component according to:
S2 = S1(K2 +D2 -1 r)mod n,
wherein S is2Representing said third signature component, S1For the first signature component, D2 -1As the second private key component D2R is the second signature component, and n is a constant associated with the preset value range.
9. The method of claim 8, wherein the authenticated party generating a fourth signature component based on the second signature component and the third signature component comprises:
the authenticated party generates the fourth signature component S according to the following equation, and regenerates the third random number K if the fourth signature component S =01And a fourth random number K3And based on a new third random number K1And a fourth random number K3Regenerating the third signature component and the second signature component until the fourth signature component S is non-zero,
S=(D1 -1K1+ K3 -1S2- r)mod n,
wherein S represents the fourth signature component, D1 -1Is the first private key component D1Inverse of (A), K1Is said third random number, K3 -1Is said fourth random number K3Inverse of (1), S2Is the third signature component, r is the second signature component, and n is a constant associated with the preset value range.
10. A collaborative authentication system comprising:
an authenticated device for generating a first private key component and a private public key based on the first private key component;
the auxiliary authentication device is associated with the authenticated device and used for generating a second private key component, generating a cooperative public key according to the private public key and the second private key component, applying a certificate for the authenticated device to a certificate issuing device based on the cooperative public key and the identity information of the authenticated device, and feeding back the certificate issued by the certificate issuing device to the authenticated device;
the master authentication device is used for feeding back a message to be signed to the authenticated device in response to an authentication request sent by the authenticated device;
the auxiliary authentication device is further used for identity authentication of the authenticated device;
the authenticated device is further used for initiating the authentication request, cooperating with the auxiliary authentication device to generate a signature result based on the message to be signed and the first private key component and the second private key component after the message to be signed is received and passes the identity authentication, and sending the signature result and the certificate to the main authentication device;
the auxiliary authentication device is further used for generating the signature result in cooperation with the authenticated device;
the main authentication device is further used for verifying the signature result and the certificate so as to finish the authentication of the authenticated device;
wherein the initiating the authentication request and cooperating with the auxiliary authentication device to generate a signature result based on the message to be signed and the first and second private key components after the message to be signed is received and passes the identity authentication comprises:
the authenticated device generates a message digest according to the message to be signed, generates a first signature element based on basic parameters and a first signature component based on the first private key component, and sends the message digest, the first signature element and the first signature component to the auxiliary authentication device;
the generating the signature result in cooperation with the authenticated device comprises:
the secondary authentication device generating a second signature element based on the second private key component and a base parameter, and subsequently generating a third signature element based on the second private key component, the first signature element, and the second signature element;
the secondary authentication device generating a second signature component based on the third signature element and the message digest, and generating a third signature component based on the first signature component and the second signature component, and transmitting the second signature component and the third signature component back to the authenticated device;
the sending the signature result and the certificate to the master authentication apparatus includes:
the authenticated device generates a fourth signature component based on the second signature component and the third signature component, and transmits a combination of the second signature component and the fourth signature component as the signature result and the certificate to the master authentication device.
11. A storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform the method of claim 1.
CN202210046592.5A 2022-01-17 2022-01-17 Collaborative authentication method, system, device and storage medium Active CN114091001B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210046592.5A CN114091001B (en) 2022-01-17 2022-01-17 Collaborative authentication method, system, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210046592.5A CN114091001B (en) 2022-01-17 2022-01-17 Collaborative authentication method, system, device and storage medium

Publications (2)

Publication Number Publication Date
CN114091001A CN114091001A (en) 2022-02-25
CN114091001B true CN114091001B (en) 2022-04-22

Family

ID=80308799

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210046592.5A Active CN114091001B (en) 2022-01-17 2022-01-17 Collaborative authentication method, system, device and storage medium

Country Status (1)

Country Link
CN (1) CN114091001B (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506156B (en) * 2016-12-15 2018-08-03 北京三未信安科技发展有限公司 A kind of distributed Threshold Signature method based on elliptic curve
CN108989047B (en) * 2018-07-19 2021-03-02 郑州信大捷安信息技术股份有限公司 SM2 algorithm-based cooperative signature method and system for two communication parties
CN111130804B (en) * 2019-12-27 2022-09-06 上海市数字证书认证中心有限公司 SM2 algorithm-based collaborative signature method, device, system and medium

Also Published As

Publication number Publication date
CN114091001A (en) 2022-02-25

Similar Documents

Publication Publication Date Title
KR101298562B1 (en) System and method for implementing digital signature using one time private keys
CA2543796A1 (en) Method and apparatus for verifiable generation of public keys
JPH06223041A (en) Rarge-area environment user certification system
JP2003318896A (en) Method for authenticating potential member invited to join group
WO2010069180A1 (en) Method, system and device for key distribution
WO2007019760A1 (en) A method and a system for a mobile terminal joining in a domain and obtaining a rights object
CN101212293A (en) Identity authentication method and system
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CN111800378A (en) Login authentication method, device, system and storage medium
CN114692218A (en) Electronic signature method, equipment and system for individual user
CN114598533B (en) Block chain side chain cross-chain identity trusted authentication and data encryption transmission method
CN114553480A (en) Cross-domain single sign-on method and device
CN114697038A (en) Quantum attack resistant electronic signature method and system
CN111224784B (en) Role separation distributed authentication and authorization method based on hardware trusted root
CN110996301B (en) Human-vehicle interaction system design and implementation method based on zero-knowledge identity authentication
CN114091001B (en) Collaborative authentication method, system, device and storage medium
JP5393594B2 (en) Efficient mutual authentication method, program, and apparatus
CN110572257B (en) Identity-based data source identification method and system
CN109104393B (en) Identity authentication method, device and system
CN110855444A (en) Pure software CAVA identity authentication method based on trusted third party
TWI772908B (en) System and method for using a device of fast identity online to certified and signed
RU2771928C2 (en) Secure data exchange ensuring direct secrecy
CN115694829A (en) Method and system for generating offline identity authentication token based on SM2 elliptic curve
CN114765533A (en) Remote certification method, device and system based on quantum key communication
CN116455662A (en) Method, system, device, storage medium and electronic equipment for verifying user identity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant