CN114866260A - Chameleon hash distributed identity use method and system - Google Patents
Chameleon hash distributed identity use method and system Download PDFInfo
- Publication number
- CN114866260A CN114866260A CN202210782316.5A CN202210782316A CN114866260A CN 114866260 A CN114866260 A CN 114866260A CN 202210782316 A CN202210782316 A CN 202210782316A CN 114866260 A CN114866260 A CN 114866260A
- Authority
- CN
- China
- Prior art keywords
- verifiable
- signature
- chameleon
- unit
- chameleon hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention relates to a chameleon hash distributed identity using method and a chameleon hash distributed identity using system in the technical field of computers, which comprise the following steps: generating a verifiable certificate for the distributed identity by using a chameleon Hash algorithm, and verifying the reliability of the verifiable certificate; generating a verifiable expression according to the verifiable certificate, and verifying the reliability of the verifiable expression; according to the statement requirement proposed by the distributed identity holder, the verifiable voucher is regenerated, the version-changed verifiable voucher is obtained, the reliability of the version-changed verifiable voucher is verified, the method has the advantage of reducing the workload of the issuer of the verifiable voucher, and the bottleneck that the conventional verifiable voucher structure cannot realize the function of randomly arranging and combining the statement contents is broken through.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a chameleon hash distributed identity using method and a chameleon hash distributed identity using system.
Background
When the existing DID (distributed identity) is used, the related content of the Merkle tree in the verifiable certificate structure makes the data structure of the verifiable certificate more complicated, because each data in the Merkle tree is related to other data before and after, if the verifiable certificate is selectively disclosed, the hash value of non-disclosed data must be provided at the same time so that a verifier can correctly calculate the root of the Merkle tree and verify the digital signature, therefore, the method needs to additionally calculate the information of the Merkle tree when verifying the digital signature; when a verifiable expression is presented according to a verifiable certificate, because the sequence of the statement content is strictly controlled by the related content of the Merkle tree, the existing verifiable certificate structure cannot realize the function of randomly arranging and combining the statement content, and cannot meet the privacy protection requirements of some scenes needing to replace the statement sequence of the verifiable certificate, for example, the attentiveness of each verifier of the verifiable certificate to the statement is different, the optimal way is to sort the statements according to the attentiveness of the other party before verification every time and then send the sorted statements to the other party so that the other party verifies and compares the statement information, but the existing Merkle tree structure cannot meet the function.
On the other hand, when the existing DID is used, the content related to the Merkle tree in the verifiable voucher structure makes it necessary to recalculate the digital signature of the verifiable voucher and the content related to the Merkle tree after any change occurs in the data structure of the verifiable voucher, which increases the load of the issuer of the verifiable voucher.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides the chameleon hash distributed identity using method and the chameleon hash distributed identity using system, which have the advantages of reducing the workload of a certifiable certificate issuer and breaking through the bottleneck that the conventional certifiable certificate structure cannot realize the function of randomly arranging and combining the statement contents.
In order to solve the technical problem, the invention is solved by the following technical scheme:
a chameleon hash distributed identity use method comprises the following steps:
generating a verifiable certificate for the distributed identity by using a chameleon hash algorithm, and performing reliability verification on the verifiable certificate;
generating a verifiable expression according to the verifiable certificate, and verifying the reliability of the verifiable expression;
and regenerating the verifiable certificate according to the statement requirement proposed by the distributed identity holder to obtain a modified verifiable certificate and verify the reliability of the modified verifiable certificate.
Optionally, generating a verifiable credential for the distributed identity using a chameleon hash algorithm, comprising the steps of:
obtaining a plurality of claims provided by a distributed identity holder;
calculating a common hash value and a chameleon random number of the distributed identity, and calculating a first chameleon hash value according to the common hash value and the chameleon random number;
calculating chameleon random numbers corresponding to the statements according to the statements;
signing the first chameleon hash value using a verifiable credential issuer private key to obtain a first signature.
Optionally, the authenticity verification of the verifiable credential includes the steps of:
verifying the validity of the first signature;
calculating a second chameleon hash value corresponding to each statement according to each statement;
and judging whether the second chameleon hash value is equal to the first chameleon hash value or not, wherein the first signature is effective, if so, the verifiable certificate is reliable, and otherwise, the verifiable certificate is unreliable.
Optionally, generating a verifiable representation from the verifiable credentials includes the steps of:
obtaining non-signed data of a verifiable representation, wherein the non-signed data comprises verifiable representation metadata and one or more verifiable credentials;
and signing the non-signed data by using a distributed identity holder private key to obtain a second signature.
Optionally, verifying the authenticity of the verifiable representation comprises the steps of:
verifying the validity of the first and second signatures;
calculating a second chameleon hash value corresponding to each statement according to each statement;
and judging whether the second chameleon hash value is equal to the first chameleon hash value or not, wherein the first signature and the second signature are both effective, if so, the verifiable expression is reliable, otherwise, the verifiable expression is unreliable.
Optionally, the claim requirement includes any one of adding a claim, deleting a claim, modifying content of a claim, or modifying order of a claim.
A chameleon hash distributed identity use system comprises a first generation check unit, a second generation check unit and an update check unit;
the first generation and inspection unit is used for generating verifiable certificates for the distributed identities by using a chameleon hash algorithm and verifying the reliability of the verifiable certificates;
the second generation verification unit is used for generating a verifiable expression according to the verifiable certificate and verifying the reliability of the verifiable expression;
the updating and checking unit is used for regenerating the verifiable certificate according to the statement requirement proposed by the distributed identity holder, obtaining the version-changed verifiable certificate and verifying the reliability of the version-changed verifiable certificate.
Optionally, the first generation verification unit comprises a first generation unit, and the first generation unit comprises an acquisition unit, a first calculation unit and a first signature unit;
the acquisition unit is used for acquiring a plurality of claims provided by the distributed identity holders;
the first calculation unit is used for calculating a common hash value and a chameleon random number of the distributed identity, calculating a first chameleon hash value according to the common hash value and the chameleon random number, and calculating the chameleon random number corresponding to each statement according to each statement;
the first signature unit is used for signing the first chameleon hash value by using a private key of a verifiable certificate issuer to obtain a first signature.
Optionally, the first generation verification unit further comprises a first verification unit, and the first verification unit comprises a first verification unit, a second calculation unit and a first judgment unit;
the first verification unit is used for verifying the validity of the first signature;
the second calculation unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement;
the first judging unit is used for judging whether the second chameleon hash value is equal to the first chameleon hash value or not, the first signature is valid, if yes, the verifiable certificate is reliable, otherwise, the verifiable certificate is unreliable.
Optionally, the second generation verification unit includes a second generation unit, and the second generation unit includes a data acquisition unit and a third signature unit;
the data acquisition unit is used for acquiring non-signature data of the verifiable expression, wherein the non-signature data comprises verifiable expression metadata and one or more verifiable certificates;
the second signature unit is used for signing the non-signature data by using a private key of a distributed identity holder to obtain a second signature.
Optionally, the second generation verification unit further comprises a second verification unit, and the second verification unit comprises a second verification unit, a third calculation unit and a second determination unit;
the second verifying unit is used for verifying the validity of the first signature and the second signature;
the third calculating unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement;
the second determination unit is configured to determine whether the second chameleon hash value is equal to the first chameleon hash value, and the first signature and the second signature are both valid, if so, the verifiable representation is reliable, otherwise, the verifiable representation is unreliable.
Compared with the prior art, the technical scheme provided by the invention has the following beneficial effects:
1. when the DID is used, the improved verifiable certificate structure removes the related part of a Merkle tree, the chameleon random number is added, the data structure of the verifiable certificate becomes simple, and all contents can be guaranteed not to be tampered; when the verifiable expression is presented according to the verifiable certificate, because the strict control of the related content of the Merkle tree on the sequence of the statement content is not provided, the improved verifiable certificate structure can perform any choice and any permutation and combination on the statement content, and can still pass the verification, thereby meeting the requirements of DID holders on privacy protection and simultaneously meeting the requirements on the reordering of the statements in more application scenes;
2. when the DID is used and the verifiable certificate issuer is required to regenerate the verifiable certificate due to newly adding, deleting, modifying and exchanging statement items, the improved verifiable certificate structure ensures that the verifiable certificate issuer does not need to recalculate the digital signature of the verifiable certificate and the related content of the Merkle tree, thereby lightening the load of the verifiable certificate issuer.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a diagram illustrating relationships between roles in the first embodiment.
Detailed Description
The present invention will be described in further detail with reference to examples, which are illustrative of the present invention and are not to be construed as being limited thereto.
The terms in the examples explain:
a DID is a string of characters in a specific format that represents the digital identity of an entity. The identification format of the DID is: example:123456789abcdefghijk, wherein the prefix did is fixed and indicates that the character string is a did identification character string; the example in the middle is called a DID method, which is used to indicate which set of schemes (methods) is used for defining and operating the DID identifier, and the DID method can be customized; the last long string part is the unique identification string under the DID method.
The DID document is a document for storing the DID identity, generally relates DID related information, particularly establishes the relation between the DID and the public Key thereof, then takes the DID identification as Key, stores the DID document as Value into a block chain, and makes the DID verifier quickly access and acquire the public Key of the DID holder by utilizing the characteristics that the block chain can not be tampered and data can be shared.
The VC is short for veriable Claims or veriable Credentials, can be translated into a Verifiable statement or a Verifiable certificate, is a descriptive statement issued by endorsing some attributes of another DID by one DID, is added with a digital signature of the DID to prove the authenticity of the attributes, and is a digital certificate corresponding to a DID application scene.
VP is an abbreviation of veriable Presentation, which can be translated into a Verifiable representation, and is data indicating the identity of the VC holder to the verifier. In general, the full VC can be directly shown, but in some cases, we do not need to show the complete VC content for privacy protection, and only want to selectively disclose some attributes, at this time, the disclosed VC attributes can be shown in plaintext in VP, the undisclosed VC attributes can be shown in hash value, and the receiver of VP can compute the root of the Merkle tree according to the plaintext and the VC attributes of the hash value and then verify and get through the digital signature.
If the description of DID, DID document, VC, VP and related concepts and structures are not detailed enough, the application can refer to the industry's DID standard or actual implementation. For example, W3C (World Wide Web Consortium) published the first open work draft for DID in 2019: "Denntralized Identifiers (DIDs) v 1.0".
Example one
As shown in fig. 1, a chameleon hash distributed identity using method includes the following steps: generating a verifiable certificate for the distributed identity by using a chameleon hash algorithm, and performing reliability verification on the verifiable certificate; specifically, the method for generating the verifiable certificate for the distributed identity by using the chameleon hash algorithm comprises the following steps: obtaining a plurality of claims provided by a distributed identity holder; calculating a common hash value and a chameleon random number of the distributed identity, and calculating a first chameleon hash value according to the common hash value and the chameleon random number; the first chameleon hash value is signed using a verifiable credential issuer private key to obtain a first signature.
Further, the distributed identity holder submits several claims to the verifiable credential generator, which in this embodiment may be denoted as claim 1-claim mn, and one claim is an information item, such as "name: XX "," age: XX "," address: XX district XX road XX number "of XX city XX, XX province, etc. can all be included in the information entries in the statement, and the specific content of the verifiable voucher statement and the corresponding certificate can be marked as { claim1, r 1; claim2, r 2; … …, respectively; claimi, ri; … …, respectively; claimN, rN, and i is more than or equal to 1 and less than or equal to N, then ri is calculated in the following specific way:
firstly, the distributed identity is used as chameleon information, a common hash value MD = H (DID) is calculated, chameleon random number RD = H (metadata) is selected, wherein the metadata is metadata of a verifiable certificate and comprises fixed and unchangeable information such as DID, a release purpose, release time, validity period and the like. Performing chameleon hashing on MD and RD to generate a first chameleon hash value CHD = CH (MD, RD and PKS), signing the first chameleon hash value CHD by using a private key SKS of a verifiable certificate issuer to obtain a first signature SIGD1, wherein a public key of the verifiable certificate issuer is marked as PKS, a public key used by the chameleon hashing is PKS, the private key is used as a trapdoor key of the chameleon hashing, then calculating a common hash MCi = H (claimi) of a new chameleon message claimi, and solving the chameleon random number by using the SKS, MD, RD and MCi by the verifiable certificate issuer to obtain the chameleon random number ri corresponding to MCi. According to the chameleon hash characteristic, it can be verified that any member except the certificate issuer can not calculate to obtain ri.
Therefore, the data structure of the verifiable certificate is relatively complex due to the related content of the original Merkle tree in the verifiable certificate structure, the related part of the Merkle tree is removed from the improved verifiable certificate structure, the chameleon random number is added, and the data structure of the verifiable certificate is simpler.
After the verifiable certificate is generated, the verifiable certificate issuer sends the verifiable certificate to the distributed identity holder, and the reliability verification is carried out on the verifiable certificate, which specifically comprises the following steps: verifying the validity of the first signature; calculating a second chameleon hash value corresponding to each statement according to each statement; and judging whether the second chameleon hash value is equal to the first chameleon hash value or not, and the first signature is valid, if so, verifying that the certificate is reliable, otherwise, verifying that the certificate is unreliable.
Further, the first signature is first verified using the public key of the verifiable credential issuer, if the signature passes, it indicates that the signature of the first chameleon hash value by the verifiable credential issuer is valid, and neither the distributed identity nor the metadata (metadata) has been tampered with, because if the signature passes, the MD or chameleon random number RD will be changed, and the MD or chameleon random number RD will in turn result in a change of the first chameleon hash value CHD, and the change of the first chameleon hash value CHD will eventually result in that the first signature cannot be verified, that is, the first signature is invalid; otherwise, it can be known that neither the distributed identity nor the metadata has been tampered.
On the other hand, it is also necessary to verify that each declared chameleon hash value, i.e. the second chameleon hash value CH (MCi, ri, PKS), in particular, whether CH (MCi, ri, PKS) is equal to CHD, if equal, indicates that MCi has not been modified by a member other than the verifiable credential issuer, but that the verifiable credential issuer is trusted not to modify MCi at will, so the distributed identity holder trusts MCi because, if MCi is tampered by a member other than the verifiable credential issuer, a change in the second chameleon hash value CH (MCi, ri, PKS) will result in a change in the second chameleon hash value CH (MCi, ri, PKS) which will not result in equality with the first chameleon hash value CHD; conversely, it can be known that the MCi has not been tampered with by a member other than the authenticatable credential issuer. The reason why the certificateable certificate issuer is trusted not to modify the MCi at will is that the certificateable certificate issuer is generally an authoritative institution, security safeguards are complete, and a private key of the certificateable certificate issuer is generally protected more perfectly, for example, under the common control of a plurality of administrators; in addition, a more sophisticated auditing mechanism may also exist to verify credential issuers.
After the verification steps of the first signature and the chameleon hash values of all the claims are passed, the distributed identity holder trusts the whole verifiable certificate, the verifiable certificate is reliable, and meanwhile, the improved verifiable certificate structure can ensure that all the contents cannot be tampered.
After the verifiable certificate is verified, the distributed identity holder can generate a verifiable expression according to the verifiable certificate and verify the reliability of the verifiable expression; specifically, generating a verifiable representation from a verifiable credential includes the steps of: obtaining non-signed data of the verifiable representation, wherein the non-signed data comprises verifiable representation metadata and one or more verifiable credentials; and signing the non-signed data by using a distributed identity holder private key to obtain a second signature.
For the distributed identity holder, in order to ensure the security of the identity information, it is usually necessary to hide a part of sensitive information, and at this time, the distributed identity holder needs to generate a verifiable expression, and the specific content and the corresponding certificate of the verification credential declaration set in this embodiment may be denoted as { close 1, r 1; claim2, r 2; … …, respectively; the claims after claimi are sensitive information, and at this time, a private key of a distributed identity holder is needed to sign non-signed data to obtain a second signature, so that when the verifiable expression is presented according to the verifiable certificate, the hiding of the sensitive information is realized, namely, the improved verifiable certificate can arbitrarily accept or accept and arbitrarily arrange and combine the claim content, and the requirement of the distributed identity holder on privacy protection is met.
Meanwhile, the verifiable expression also needs to verify the reliability, and specifically comprises the following steps: verifying the validity of the first signature and the second signature; calculating a second chameleon hash value corresponding to each statement according to each statement; judging whether the second chameleon hash value is equal to the first chameleon hash value or not, and the first signature and the second signature are both valid, if so, the representation can be verified to be reliable, otherwise, the representation can be verified to be unreliable, and it needs to be stated that the method for verifying the validity of the second signature is the same as the method for verifying the validity of the first signature, which is not repeated herein.
On the other hand, when the second signature is verified to be valid, the public key of the distributed identity holder is used for verifying the second signature, the signature of the verifiable expression by the distributed identity holder is verified to be valid after the signature passes, and all parts of the verifiable expression are not tampered, so that the verifiable expression can be trusted by the distributed identity verifier, and the distributed identity verifier trusts the whole verifiable expression after all the verifications pass, so that the improved verifiable credential structure can still verify the passing after randomly arranging and combining the statement content when the verifiable expression is shown according to the verifiable credential.
Further, when the distributed identity holder provides the declaration to the issuer of the verifiable certificate, there may be one or more of increase, decrease, modification of content of the declaration or modification of sequence of the declaration in comparison with the last time provided, at this time, the verifiable certificate is regenerated according to the declaration requirement proposed by the distributed identity holder, so as to obtain a modified version of the verifiable certificate and verify the reliability of the modified version of the verifiable certificate, wherein the declaration requirement includes any one of increase, deletion, modification of content of the declaration or modification of sequence of the declaration.
At this point, if the claim requirement is an incremental claim, the distributed identity holder generates an improved verifiable credential, as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
Claimi, ri
claim(i+1), r(i+1)
……
claimN, rN
// digital signature of the present VC
proof};
The method for obtaining r (i + 1) according to the client (i + 1) is the same as the above steps, the method for verifying the verifiable certificate is the same as the method for verifying the verifiable certificate, and in the prior art, due to the related content of the original Merkle tree in the structure of the verifiable certificate, the digital signature of the verifiable certificate and the related content of the Merkle tree need to be recalculated after any change occurs to the data structure of the verifiable certificate, so that the load of the issuer of the verifiable certificate is increased; the embodiment can require the verifiable certificate issuer to regenerate the verifiable certificate due to the newly added statement entry, the improved verifiable certificate structure only requires the verifiable certificate issuer to calculate the chameleon random number corresponding to the entry, the digital signature of the verifiable certificate and the content related to the Merkle tree do not need to be recalculated, and the workload of the verifiable certificate issuer is reduced.
If the claim requirement is a pruned claim, the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
claim(i-1),r(i-1)
claim(i+1), r(i+1)
……
claimN, rN
// digital signature of the present VC
proof};
The method of the verifiable certificate at the time of verification is also the same as the method of the verifiable certificate described above, and it can be seen from this step that: the original Merkle tree related content in the verifiable voucher structure ensures that the digital signature of the verifiable voucher and the Merkle tree related content need to be recalculated after the data structure of the verifiable voucher is changed; when the verifiable certificate is required to be regenerated by the distributed identity due to the deletion of the declaration entry, the improved verifiable certificate structure only needs the distributed identity to directly delete the entry without recalculating the digital signature of the verifiable certificate and the related content of the Merkle tree, thereby reducing the load of the distributed identity.
If the claim requirement is a claim content modification, the distributed identity holder presents to the distributed identity issuer a modification of an existing claim in the verifiable credential: changing claimi to claimi', the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
Claimi’, ri’
……
claimN, rN
// digital signature of the present VC
proof};
The method for obtaining ri 'according to claimi' is the same as the above steps, and the method for verifying the verifiable certificate is the same as the method for verifying the verifiable certificate, and the steps show that: the original Merkle tree related content in the verifiable voucher structure ensures that the digital signature of the verifiable voucher and the Merkle tree related content need to be recalculated after the data structure of the verifiable voucher is changed; when the verifiable certificate is required to be regenerated by the distributed identity due to the modification of the declaration entry, the improved verifiable certificate structure only needs to calculate the chameleon random number corresponding to the entry by the distributed identity, the digital signature of the verifiable certificate and the related content of the Merkle tree do not need to be recalculated, and the load of the distributed identity is reduced.
If the claim requirement is a claim order modification, the distributed identity holder presents to the distributed identity issuer an order of exchanging two existing claims in the verifiable credential: using claimi and claim (i + 1), the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2, r2
……
claim(i+1), r(i+1)
claimi,ri
……
claimN, rN
// digital signature of the present VC
proof};
The method of the verifiable certificate at the time of verification is also the same as the method of the verifiable certificate described above, and it can be seen from this step that: the original Merkle tree related content in the verifiable voucher structure ensures that the digital signature of the verifiable voucher and the Merkle tree related content need to be recalculated after the data structure of the verifiable voucher is changed; when the verifiable certificate is required to be regenerated by the distributed identities due to the exchange of the sequence of the declaration entries, the improved verifiable certificate structure only needs the distributed identities to directly exchange the appointed entries without recalculating the digital signature of the verifiable certificate and the related content of the Merkle tree, thereby reducing the load of the distributed identities.
Example two
A chameleon hash distributed identity use system comprises a first generation check unit, a second generation check unit and an update check unit; the first generation and inspection unit is used for generating verifiable certificates for the distributed identities by using a chameleon hash algorithm and performing reliability verification on the verifiable certificates; the first generation verification unit comprises a first generation unit, and the first generation unit comprises an acquisition unit, a first calculation unit and a first signature unit; the acquisition unit is used for acquiring a plurality of declarations provided by the distributed identity holders; the first calculation unit is used for calculating a common hash value and a chameleon random number of the distributed identity, calculating a first chameleon hash value according to the common hash value and the chameleon random number, and calculating the chameleon random number corresponding to each statement according to each statement; the first signature unit is used for signing the first chameleon hash value by using a private key of a verifiable certificate issuer to obtain a first signature.
Further, the distributed identity holder submits several claims to the verifiable credential generator, which in this embodiment may be denoted as claim 1-claim mn, and one claim is an information item, such as "name: XX "," age: XX "," address: XX district XX road XX number "of XX city XX, XX province, etc. can all be included in the information entries in the statement, and the specific content of the verifiable voucher statement and the corresponding certificate can be marked as { claim1, r 1; claim2, r 2; … …, respectively; claimi, ri; … …, respectively; claimN, rN, and i is more than or equal to 1 and less than or equal to N, then ri is calculated in the following specific way:
firstly, a distributed identity is used as chameleon information, a common hash value MD = H (DID) is calculated, chameleon random number RD = H (metadata) is selected, chameleon hash is carried out to obtain a first chameleon hash value CHD = CH (MD, RD, PKS), a secret key SKS of a verifiable certificate issuer is used for signing the first chameleon hash value CHD to obtain a first signature SIGD1, wherein a public key of the verifiable certificate issuer is marked as PKS, a public key used by the chameleon hash is PKS, the secret key is used as a trap key of the chameleon hash, then common hash MCi = H (claimi) of a new chameleon message claimi is calculated, the verifiable certificate issuer solves the chameleon random number by using SKS, MD, RD and MCi to obtain the chameleon random number corresponding to MCi. According to the chameleon hash characteristic, it can be verified that any member except the certificate issuer can not calculate to obtain ri.
Therefore, the data structure of the verifiable certificate is relatively complex due to the related content of the original Merkle tree in the verifiable certificate structure, the related part of the Merkle tree is removed from the improved verifiable certificate structure, the chameleon random number is added, and the data structure of the verifiable certificate is simpler.
After the verifiable certificate is generated, the verifiable certificate issuer sends the verifiable certificate to the distributed identity holder, and the reliability of the verifiable certificate is verified, so that the first generation verification unit also comprises a first verification unit, and the first verification unit comprises a first verification unit, a second calculation unit and a first judgment unit; the first verifying unit is used for verifying the validity of the first signature; the second calculation unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement; the first judging unit is used for judging whether the second chameleon hash value is equal to the first chameleon hash value or not, the first signature is effective, if yes, the certificate can be verified to be reliable, and otherwise, the certificate can be verified to be unreliable.
Further, the first signature is first verified using the public key of the verifiable credential issuer, if the signature passes, it indicates that the signature of the first chameleon hash value by the verifiable credential issuer is valid, and neither the distributed identity nor the metadata (metadata) has been tampered with, because if the signature passes, the MD or chameleon random number RD will be changed, and the MD or chameleon random number RD will in turn result in a change of the first chameleon hash value CHD, and the change of the first chameleon hash value CHD will eventually result in that the first signature cannot be verified, that is, the first signature is invalid; otherwise, it can be known that neither the distributed identity nor the metadata has been tampered.
On the other hand, it is also necessary to verify that each declared chameleon hash value, i.e. the second chameleon hash value CH (MCi, ri, PKS), in particular, whether CH (MCi, ri, PKS) is equal to CHD, if equal, indicates that MCi has not been modified by a member other than the verifiable credential issuer, but that the verifiable credential issuer is trusted not to modify MCi at will, so the distributed identity holder trusts MCi because, if MCi is tampered by a member other than the verifiable credential issuer, a change in the second chameleon hash value CH (MCi, ri, PKS) will result in a change in the second chameleon hash value CH (MCi, ri, PKS) which will not result in equality with the first chameleon hash value CHD; conversely, it can be known that the MCi has not been tampered with by a member other than the authenticatable credential issuer.
After the verification steps of the first signature and the chameleon hash values of all the claims are passed, the distributed identity holder trusts the whole verifiable certificate, the verifiable certificate is reliable, and meanwhile, the improved verifiable certificate structure can ensure that all the contents cannot be tampered.
After the verifiable certificate is verified, the second generation and verification unit generates a verifiable expression according to the verifiable certificate and verifies the reliability of the verifiable expression; the second generation verification unit comprises a second generation unit, and the second generation unit comprises a data acquisition unit and a third signature unit; the data acquisition unit is used for acquiring non-signature data of the verifiable expression, wherein the non-signature data comprises verifiable expression metadata and one or more verifiable certificates; the second signature unit is used for signing the non-signature data by using a private key of the distributed identity holder to obtain a second signature.
For the distributed identity holder, in order to ensure the security of the identity information, it is usually necessary to hide a part of sensitive information, and at this time, the distributed identity holder needs to generate a verifiable expression, and the specific content and the corresponding certificate of the verification credential declaration set in this embodiment may be denoted as { close 1, r 1; claim2, r 2; … …, respectively; the claims after claimi are sensitive information, and at this time, a private key of a distributed identity holder is needed to sign non-signed data to obtain a second signature, so that when the verifiable expression is presented according to the verifiable certificate, the hiding of the sensitive information is realized, namely, the improved verifiable certificate can arbitrarily accept or accept and arbitrarily arrange and combine the claim content, and the requirement of the distributed identity holder on privacy protection is met.
Meanwhile, the verifiable expression also needs to verify the reliability, so the second generation verification unit also comprises a second verification unit, and the second verification unit comprises a second verification unit, a third calculation unit and a second judgment unit; the second verifying unit is used for verifying the validity of the first signature and the second signature; the third calculating unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement; the second determination unit is configured to determine whether the second chameleon hash value is equal to the first chameleon hash value, and the first signature and the second signature are both valid, if so, the representation can be verified to be reliable, otherwise, the representation can be verified to be unreliable, and it needs to be described that the method for verifying the validity of the second signature is the same as the method for verifying the validity of the first signature, which is not repeated herein.
On the other hand, when the second signature is verified to be valid or not, the public key of the distributed identity holder is used for verifying the second signature, the signature of the distributed identity holder on the verifiable expression is proved to be valid after the signature passes, and all parts of the verifiable expression are not tampered, so that the distributed identity verifier can trust the verifiable expression, and the distributed identity verifier trusts the whole verifiable expression after all the verifiable expressions pass.
Further, when the distributed identity holder provides the declaration to the issuer of the verifiable certificate, there may be one or more of increase, decrease, modification of content of the declaration or modification of sequence of the declaration in comparison with the last time provided, at this time, the updating and verifying unit needs to regenerate the verifiable certificate according to the declaration requirement proposed by the distributed identity holder, obtain a modified version of the verifiable certificate, and verify the reliability of the modified version of the verifiable certificate, wherein the declaration requirement includes any one of adding the declaration, deleting the declaration, modification of content of the declaration or modification of sequence of the declaration.
At this point, if the claim requirement is an incremental claim, the distributed identity holder generates an improved verifiable credential, as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
Claimi, ri
claim(i+1), r(i+1)
……
claimN, rN
// digital signature of the present VC
proof};
The method for obtaining r (i + 1) according to the client (i + 1) is the same as the above steps, the method for verifying the verifiable certificate is the same as the method for verifying the verifiable certificate, and in the prior art, due to the related content of the original Merkle tree in the structure of the verifiable certificate, the digital signature of the verifiable certificate and the related content of the Merkle tree need to be recalculated after any change occurs to the data structure of the verifiable certificate, so that the load of the issuer of the verifiable certificate is increased; the embodiment can require the verifiable certificate issuer to regenerate the verifiable certificate due to the newly added statement entry, the improved verifiable certificate structure only requires the verifiable certificate issuer to calculate the chameleon random number corresponding to the entry, the digital signature of the verifiable certificate and the related content of the Merkle tree do not need to be recalculated, and the workload of the verifiable certificate issuer is reduced.
If the claim requirement is a pruned claim, the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
claim(i-1),r(i-1)
claim(i+1), r(i+1)
……
claimN, rN
// digital signature of the present VC
proof};
The method of the verifiable certificate at the time of verification is also the same as the method of the verifiable certificate described above, and it can be seen from this step that: the original Merkle tree related content in the verifiable voucher structure ensures that the digital signature of the verifiable voucher and the Merkle tree related content need to be recalculated after the data structure of the verifiable voucher is changed; when the verifiable certificate is required to be regenerated by the distributed identity due to the deletion of the declaration entry, the improved verifiable certificate structure only needs the distributed identity to directly delete the entry without recalculating the digital signature of the verifiable certificate and the related content of the Merkle tree, thereby reducing the load of the distributed identity.
If the claim requirement is a claim content modification, the distributed identity holder presents to the distributed identity issuer a modification of an existing claim in the verifiable credential: changing claimi to claimi', the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2,r2
……
Claimi’, ri’
……
claimN, rN
// digital signature of the present VC
proof};
The method for obtaining ri 'according to claimi' is the same as the above steps, and the method for verifying the verifiable certificate is the same as the method for verifying the verifiable certificate, and the steps show that: the original Merkle tree related content in the verifiable voucher structure ensures that the digital signature of the verifiable voucher and the Merkle tree related content need to be recalculated after the data structure of the verifiable voucher is changed; when the verifiable certificate is required to be regenerated by the distributed identity due to the modification of the declaration entry, the improved verifiable certificate structure only needs to calculate the chameleon random number corresponding to the entry by the distributed identity, the digital signature of the verifiable certificate and the related content of the Merkle tree do not need to be recalculated, and the load of the distributed identity is reduced.
If the claim requirement is a claim order modification, the distributed identity holder presents to the distributed identity issuer an order to exchange two existing claims in the verifiable credential: using claimi and claim (i + 1), the distributed identity holder generates an improved verifiable credential as follows:
{metadata
specific contents of/VC statement
claim1, r1
claim2, r2
……
claim(i+1), r(i+1)
claimi,ri
……
claimN, rN
// digital signature of the present VC
proof};
The method of the verifiable certificate at the time of verification is also the same as the method of the verifiable certificate described above, and it can be seen from this step that: the original Merkle tree related content in the verifiable voucher structure ensures that the digital signature of the verifiable voucher and the Merkle tree related content need to be recalculated after the data structure of the verifiable voucher is changed; when the verifiable certificate is required to be regenerated by the distributed identities due to the exchange of the sequence of the declaration entries, the improved verifiable certificate structure only needs the distributed identities to directly exchange the appointed entries without recalculating the digital signature of the verifiable certificate and the related content of the Merkle tree, thereby reducing the load of the distributed identities.
The units or modules described in the embodiments of the present application may be implemented by software or hardware. The described units or modules may also be provided in a processor, for example, each of the described units may be a software program provided in a computer or a mobile intelligent device, or may be a separately configured hardware device. Wherein the designation of a unit or module does not in some way constitute a limitation of the unit or module itself.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the present application. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (11)
1. A chameleon hash distributed identity use method is characterized by comprising the following steps:
generating a verifiable certificate for the distributed identity by using a chameleon hash algorithm, and verifying the reliability of the verifiable certificate;
generating a verifiable expression according to the verifiable certificate, and verifying the reliability of the verifiable expression;
and regenerating the verifiable certificate according to the statement requirement proposed by the distributed identity holder to obtain a modified verifiable certificate and verify the reliability of the modified verifiable certificate.
2. The chameleon hash distributed identity use method according to claim1, wherein generating verifiable credentials for distributed identities using a chameleon hash algorithm comprises the steps of:
obtaining a plurality of claims provided by a distributed identity holder;
calculating a common hash value and a chameleon random number of the distributed identity, and calculating a first chameleon hash value according to the common hash value and the chameleon random number;
calculating chameleon random numbers corresponding to the statements according to the statements;
signing the first chameleon hash value using a verifiable credential issuer private key to obtain a first signature.
3. The chameleon hash distributed identity use method according to claim2, wherein the authenticity verification of the verifiable credential comprises the steps of:
verifying the validity of the first signature;
calculating a second chameleon hash value corresponding to each statement according to each statement;
and judging whether the second chameleon hash value is equal to the first chameleon hash value or not, wherein the first signature is effective, if so, the verifiable certificate is reliable, and otherwise, the verifiable certificate is unreliable.
4. The chameleon hash distributed identity use method according to claim 3, wherein generating a verifiable representation from the verifiable credential comprises the steps of:
obtaining non-signed data of a verifiable representation, wherein the non-signed data comprises verifiable representation metadata and one or more verifiable credentials;
and signing the non-signed data by using a distributed identity holder private key to obtain a second signature.
5. The chameleon hash distributed identity use method according to claim 4, wherein verifying the authenticity of the verifiable representation comprises the steps of:
verifying the validity of the first and second signatures;
calculating a second chameleon hash value corresponding to each statement according to each statement;
and judging whether the second chameleon hash value is equal to the first chameleon hash value or not, wherein the first signature and the second signature are both effective, if so, the verifiable expression is reliable, otherwise, the verifiable expression is unreliable.
6. The chameleon hash DHD use method of claim1, wherein the claim requirement includes any one of adding claims, deleting claims, modifying claim content or modifying claim order.
7. A chameleon hash distributed identity use system is characterized by comprising a first generation and verification unit, a second generation and verification unit and an updating and verification unit;
the first generation verification unit is used for generating verifiable certificates for the distributed identities by using a chameleon hash algorithm and verifying the reliability of the verifiable certificates;
the second generation verification unit is used for generating a verifiable expression according to the verifiable certificate and verifying the reliability of the verifiable expression;
the updating and checking unit is used for regenerating the verifiable certificate according to the statement requirement proposed by the distributed identity holder, obtaining the version-changed verifiable certificate and verifying the reliability of the version-changed verifiable certificate.
8. The chameleon hash distributed identity use system according to claim 7, wherein the first generation verification unit comprises a first generation unit, and the first generation unit comprises an acquisition unit, a first calculation unit and a first signature unit;
the acquisition unit is used for acquiring a plurality of claims provided by the distributed identity holders;
the first calculation unit is used for calculating a common hash value and a chameleon random number of the distributed identity, calculating a first chameleon hash value according to the common hash value and the chameleon random number, and calculating the chameleon random number corresponding to each statement according to each statement;
the first signature unit is used for signing the first chameleon hash value by using a private key of a verifiable certificate issuer to obtain a first signature.
9. The chameleon hash distributed identity use system according to claim 8, wherein the first generation verification unit further comprises a first verification unit, and the first verification unit comprises a first verification unit, a second calculation unit, and a first determination unit;
the first verification unit is used for verifying the validity of the first signature;
the second calculation unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement;
the first judging unit is used for judging whether the second chameleon hash value is equal to the first chameleon hash value or not, the first signature is valid, if yes, the verifiable certificate is reliable, otherwise, the verifiable certificate is unreliable.
10. The chameleon hash distributed identity use system of claim 9, wherein the second generation verification unit comprises a second generation unit, and the second generation unit comprises a data acquisition unit and a third signature unit;
the data acquisition unit is used for acquiring non-signature data of the verifiable expression, wherein the non-signature data comprises verifiable expression metadata and one or more verifiable certificates;
the second signature unit is used for signing the non-signature data by using a private key of a distributed identity holder to obtain a second signature.
11. The chameleon hash distributed identity use system of claim 10, wherein the second generation verification unit further comprises a second verification unit, and the second verification unit comprises a second verification unit, a third calculation unit, and a second determination unit;
the second verifying unit is used for verifying the validity of the first signature and the second signature;
the third calculating unit is used for calculating a second chameleon hash value corresponding to each statement according to each statement;
the second determination unit is configured to determine whether the second chameleon hash value is equal to the first chameleon hash value, and the first signature and the second signature are both valid, if so, the verifiable representation is reliable, otherwise, the verifiable representation is unreliable.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210782316.5A CN114866260B (en) | 2022-07-05 | 2022-07-05 | Chameleon hash distributed identity using method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210782316.5A CN114866260B (en) | 2022-07-05 | 2022-07-05 | Chameleon hash distributed identity using method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114866260A true CN114866260A (en) | 2022-08-05 |
| CN114866260B CN114866260B (en) | 2022-10-28 |
Family
ID=82625861
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210782316.5A Active CN114866260B (en) | 2022-07-05 | 2022-07-05 | Chameleon hash distributed identity using method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114866260B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115906780A (en) * | 2023-03-14 | 2023-04-04 | 杭州天谷信息科技有限公司 | Format-modifiable electronic document signature method, apparatus, device and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170109759A1 (en) * | 2015-10-14 | 2017-04-20 | Accreditrust Technologies, LLC | System and methods for interdependent identity based credential collection validation |
| CN110086599A (en) * | 2019-04-24 | 2019-08-02 | 电子科技大学 | Hash calculation method and label decryption method based on homomorphism chameleon hash function |
| CN110298152A (en) * | 2019-06-28 | 2019-10-01 | 中国科学技术大学 | It is a kind of protection privacy of user and system safety line on identity management method |
| WO2019233951A1 (en) * | 2018-06-04 | 2019-12-12 | Worldline | A software application and a computer server for authenticating the identity of a digital content creator and the integrity of the creator's published content |
| CN111095327A (en) * | 2019-07-02 | 2020-05-01 | 阿里巴巴集团控股有限公司 | System and method for verifying verifiable claims |
| CN112446701A (en) * | 2019-09-03 | 2021-03-05 | 上海唯链信息科技有限公司 | Identity authentication method, equipment and storage device based on block chain |
| WO2021222284A1 (en) * | 2020-04-28 | 2021-11-04 | Microsoft Technology Licensing, Llc | Derived child verifiable credential with selective claims |
| CN113806699A (en) * | 2021-09-30 | 2021-12-17 | 中国人民解放军国防科技大学 | Cross-block-chain identity authentication method and system in inter-cloud computing environment |
| CN113918899A (en) * | 2021-08-31 | 2022-01-11 | 中国人民银行数字货币研究所 | Identity authentication method, certificate holding system and verification system |
| CN113922962A (en) * | 2021-09-10 | 2022-01-11 | 杭州溪塔科技有限公司 | Method and device for selectively disclosing digital identity attribute |
-
2022
- 2022-07-05 CN CN202210782316.5A patent/CN114866260B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170109759A1 (en) * | 2015-10-14 | 2017-04-20 | Accreditrust Technologies, LLC | System and methods for interdependent identity based credential collection validation |
| WO2019233951A1 (en) * | 2018-06-04 | 2019-12-12 | Worldline | A software application and a computer server for authenticating the identity of a digital content creator and the integrity of the creator's published content |
| CN110086599A (en) * | 2019-04-24 | 2019-08-02 | 电子科技大学 | Hash calculation method and label decryption method based on homomorphism chameleon hash function |
| CN110298152A (en) * | 2019-06-28 | 2019-10-01 | 中国科学技术大学 | It is a kind of protection privacy of user and system safety line on identity management method |
| CN111095327A (en) * | 2019-07-02 | 2020-05-01 | 阿里巴巴集团控股有限公司 | System and method for verifying verifiable claims |
| CN112446701A (en) * | 2019-09-03 | 2021-03-05 | 上海唯链信息科技有限公司 | Identity authentication method, equipment and storage device based on block chain |
| WO2021222284A1 (en) * | 2020-04-28 | 2021-11-04 | Microsoft Technology Licensing, Llc | Derived child verifiable credential with selective claims |
| CN113918899A (en) * | 2021-08-31 | 2022-01-11 | 中国人民银行数字货币研究所 | Identity authentication method, certificate holding system and verification system |
| CN113922962A (en) * | 2021-09-10 | 2022-01-11 | 杭州溪塔科技有限公司 | Method and device for selectively disclosing digital identity attribute |
| CN113806699A (en) * | 2021-09-30 | 2021-12-17 | 中国人民解放军国防科技大学 | Cross-block-chain identity authentication method and system in inter-cloud computing environment |
Non-Patent Citations (1)
| Title |
|---|
| 马晓婷等: "基于区块链技术的跨域认证方案", 《电子学报》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115906780A (en) * | 2023-03-14 | 2023-04-04 | 杭州天谷信息科技有限公司 | Format-modifiable electronic document signature method, apparatus, device and storage medium |
| CN115906780B (en) * | 2023-03-14 | 2023-06-23 | 杭州天谷信息科技有限公司 | Electronic document signature method, device and equipment capable of modifying format and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114866260B (en) | 2022-10-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6442689B1 (en) | Apparatus and method for demonstrating and confirming the status of a digital certificates and other data | |
| US11233657B2 (en) | Method and system for registering digital documents | |
| US6097811A (en) | Tree-based certificate revocation system | |
| US7526644B2 (en) | Apparatus and method for demonstrating and confirming the status of digital certificates and other data | |
| US6802002B1 (en) | Method and apparatus for providing field confidentiality in digital certificates | |
| US7065650B2 (en) | Method for indicating the integrity of a collection of digital objects | |
| US20050228999A1 (en) | Audit records for digitally signed documents | |
| WO1997050036A1 (en) | Computationally efficient method for trusted and dynamic digital objects dissemination | |
| EP3864794B1 (en) | Linking transactions | |
| US6757827B1 (en) | Autonomously secured image data | |
| CN113924748A (en) | Proof of knowledge | |
| CN114866260B (en) | Chameleon hash distributed identity using method and system | |
| US11101989B2 (en) | Trusted ring | |
| CN111460499B (en) | Merkletree-based block chain user attribute set verification method for protecting privacy | |
| CN115550060A (en) | Block chain based trusted certificate verification method, apparatus, device and medium | |
| US20050138378A1 (en) | Method and computer system operated software application for digital signature | |
| US20050289349A1 (en) | Method for generating and/or validating electronic signatures | |
| CN113326527A (en) | Credible digital signature system and method based on block chain | |
| Chabanne et al. | Verifiable document redacting | |
| CN111260528B (en) | Real estate information verification method based on asymmetric algorithm | |
| EP1164746B1 (en) | Tree-based certificate revocation system | |
| Lenzen | Certificate-based resource alteration prevention using a public key infrastructure | |
| JP2002006739A (en) | Authentication information generating device and data verifying device | |
| CN115292755A (en) | Block chain based electronic bill splitting and inquiring method and device | |
| CN115760455A (en) | Method and device for preventing repeated reimbursement of electronic certificates of unit-crossing main bodies |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |