CN115134091A - Management method of distributed digital identity identifier - Google Patents
Management method of distributed digital identity identifier Download PDFInfo
- Publication number
- CN115134091A CN115134091A CN202210834230.2A CN202210834230A CN115134091A CN 115134091 A CN115134091 A CN 115134091A CN 202210834230 A CN202210834230 A CN 202210834230A CN 115134091 A CN115134091 A CN 115134091A
- Authority
- CN
- China
- Prior art keywords
- user
- private key
- key
- distributed digital
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a management method of distributed digital identity identifiers, S1, acquiring user registration information; s2, generating a main private key, a public private key and a unique DID according to the user registration information, generating a user private key through the main private key and the DID, returning the DID, the user private key and the main public key and storing; and S3, the verifying party acquires the DID of the user and verifies the label through the DID. The invention simplifies the management of the distributed digital identity, does not need to maintain the DID document, does not need to maintain the mapping relation between the DID and the public key, does not need to inquire the mapping relation between the DID and the public key in other systems when verifying the signature, and can realize off-line signature verification.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a management method of a distributed digital identity identifier.
Background
A distributed digital identity identifier (DID) is an identifier consisting of a string of characters used to represent a digital identity that can be globally unique without the need for a central registry. Typically, an entity may possess multiple identities, each assigned a unique DID value, and an asymmetric key associated therewith. There is no correlation information between different identities, thus effectively avoiding the collection of owner identity information.
Distributed identity Identifiers (DID) are Decentralized verifiable digital Identifiers, and have the characteristics of being distributed, autonomously controllable, cross-chain multiplexing and the like. The entity can autonomously complete the registration, parsing, updating or revocation operations of the DID. The DID is specifically resolved into a DID Document that includes a unique identification code of the DID, a list of public keys and detailed information of the public keys (holder, encryption algorithm, key status, etc.), and other attribute descriptions of the DID holder.
The DID is associated with a DID Document (DID Document). The DID infrastructure can be thought of as a global key-value database, where the database is a blockchain, distributed ledger or distributed network that is all DID-compatible. In this virtual database, the key is a DID and the value is a DID document. The purpose of the DID document is to describe the public key, authentication protocol and service endpoints that are necessary to direct cryptographically verifiable interactions with an identified entity. In the prior art, in the process of distributed digital identity management, a DID document needs to be maintained, and a mapping relationship between a DID and a public key needs to be maintained, that is, one or more public keys need to be bound to each DID, which makes it difficult to implement an offline signature verification process.
Therefore, how to provide a simplified management method for distributed digital identifiers is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, the present invention provides a management method for distributed digital identities, which is used to implement simplified management of distributed digital identities.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method of managing distributed digital identity identifiers, comprising the steps of:
s1, acquiring user registration information;
s2, generating a main private key, a public private key and a unique DID according to the user registration information, generating a user private key through the main private key and the DID, and returning and storing the DID, the user private key and the main public key;
and S3, the verifier acquires the DID of the user and acquires the public key of the user through the DID to realize signature verification.
Preferably, the user registration information in S1 includes a user identification number, a mobile phone number, a location and/or a company.
Preferably, in S2, the key generation center generates and stores the master private key and the public private key by using random numbers.
Preferably, when the DID is generated by the server in S2:
when the user registers the DID, the server generates a new DID, inquires whether the new DID exists in the current storage or not, and if not, associates and binds the current user and the newly generated DID.
Preferably, when the DID is generated by the user in S2:
and the user generates a DID (do it yourself) and submits the DID to the server when registering to the server, and after the server receives the DID, the server inquires whether the DID exists in the current storage, if so, returns error information, and if not, continues to execute the registration logic.
Preferably, the DID generating algorithms include self-growing ID, UUID, and snowflake algorithms.
Preferably, the specific contents of S3 include:
s31, a user signs service information by using a user private key of the user, and the service information and the signature are sent to the verifier;
and S32, the verifier acquires user DID from the service information, generates a user public key by using the main public key and the DID, and verifies by using the user public key, the service information and the signed information.
Compared with the prior art, the technical scheme of the invention has the advantages that the management method of the distributed digital identity identifier has the following advantages:
1. the invention provides a simpler and more convenient distributed digital identity management method, which does not need DID binding a public key any more, but calculates the public key by the main public key and the DID, and simplifies the steps of generating and maintaining the DID document by the digital identity management method in the prior art;
2. the invention does not need to go to other systems and then to inquire the mapping relation of the corresponding DID and the public key when the verifier verifies the signature, and can realize off-line signature verification.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic diagram illustrating a DID generation flow in a management method for a distributed digital identity provided by the present invention;
fig. 2 is a schematic diagram of a signature verification process in the management method of the distributed digital identity identifier according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a management method of a distributed digital identity identifier, which comprises the following steps:
s1, acquiring user registration information;
s2, generating a main private key, a public private key and a unique DID according to the user registration information, generating a user private key through the main private key and the DID, and returning and storing the DID, the user private key and the main public key;
and S3, the verifier acquires the DID of the user and acquires the public key of the user through the DID to realize signature verification.
It should be noted that:
in the distributed digital identity logic, the signature adding and the signature checking are involved. In asymmetric encryption, a private key is required to be used for signing to generate a signature value during signing, and the signature value and a public key are required to be used for verification during signature verification. The DID generated in the W3C standard is bound to a public key to verify whether the signature value is attributed to the DID.
In this embodiment, the distributed digital identity is managed by an elliptic curve bilinear pairing algorithm, which is used to maintain the generation of the user public and private keys through the main public and private keys.
In order to further implement the above technical solution, the user registration information in S1 includes a user identification number, a mobile phone number, a location and/or a company.
In order to further implement the above technical solution, in S2, the key generation center generates and stores the master private key and the public private key by using random numbers.
In order to further implement the above technical solution, when the DID is generated by the server in S2:
the server generates a DID (differential identification) unique to the whole network and stores the DID in a storage of the server;
when the user registers the DID, the server generates a new DID, inquires whether the new DID exists from the current storage, and if not, associates and binds the current user and the newly generated DID.
In order to further implement the above technical solution, when the DID is generated by the user in S2:
and the user generates a DID (do it yourself) and submits the DID to the server when registering to the server, and after the server receives the DID, the server inquires whether the DID exists in the current storage, if so, returns error information, and if not, continues to execute the registration logic.
In order to further implement the above technical solution, the algorithms for generating DID include self-increment ID, UUID and snowflake algorithms.
In order to further implement the above technical solution, the specific content of S3 includes:
s31, the user signs the service information by using the own user private key and sends the service information and the signature to a verifier;
and S32, the verifier acquires the user DID from the service information, generates a user public key by using the main public key and the DID, and verifies the user public key, the service information and the signature information.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (7)
1. A method for managing distributed digital identifiers, comprising the steps of:
s1, acquiring user registration information;
s2, generating a main private key, a public private key and a unique DID according to the user registration information, generating a user private key through the main private key and the DID, and returning and storing the DID, the user private key and the main public key;
and S3, the verifying party acquires the DID of the user, and acquires the public key of the user through the DID to realize signature verification.
2. The method as claimed in claim 1, wherein the user registration information in S1 includes a user identification number, a mobile phone number, a location and/or a company.
3. The method for managing distributed digital identity identifiers of claim 1, wherein the key generation center generates and stores the master private key and the public private key by random numbers in S2.
4. The method for managing distributed digital identity identifiers of claim 1, wherein when the DID is generated by the server in S2:
when the user registers the DID, the server generates a new DID, inquires whether the new DID exists from the current storage, and if not, associates and binds the current user and the newly generated DID.
5. The method for managing distributed digital identities according to claim 1, wherein when a DID is generated by a user in S2:
and the user generates a DID (do it yourself) and submits the DID to the server when registering to the server, and after the server receives the DID, the server inquires whether the DID exists in the current storage, if so, returns error information, and if not, continues to execute the registration logic.
6. The method of claim 1, wherein the DID generation algorithm comprises self-growth ID, UUID and snowflake algorithm.
7. The method for managing distributed digital identity identifiers according to claim 1, wherein the details of S3 include:
s31, a user signs service information by using a user private key of the user, and the service information and the signature are sent to the verifier;
and S32, the verifier acquires user DID from the service information, generates a user public key by using the main public key and the DID, and verifies by using the user public key, the service information and the signed information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210834230.2A CN115134091A (en) | 2022-07-14 | 2022-07-14 | Management method of distributed digital identity identifier |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210834230.2A CN115134091A (en) | 2022-07-14 | 2022-07-14 | Management method of distributed digital identity identifier |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115134091A true CN115134091A (en) | 2022-09-30 |
Family
ID=83383898
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210834230.2A Pending CN115134091A (en) | 2022-07-14 | 2022-07-14 | Management method of distributed digital identity identifier |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115134091A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116011028A (en) * | 2022-12-21 | 2023-04-25 | 蚂蚁区块链科技(上海)有限公司 | Electronic signature method, electronic signature device and electronic signature system |
-
2022
- 2022-07-14 CN CN202210834230.2A patent/CN115134091A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116011028A (en) * | 2022-12-21 | 2023-04-25 | 蚂蚁区块链科技(上海)有限公司 | Electronic signature method, electronic signature device and electronic signature system |
CN116011028B (en) * | 2022-12-21 | 2023-10-20 | 蚂蚁区块链科技(上海)有限公司 | Electronic signature method, electronic signature device and electronic signature system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11784788B2 (en) | Identity management method, device, communications network, and storage medium | |
CN110138560B (en) | Double-proxy cross-domain authentication method based on identification password and alliance chain | |
CN110268677B (en) | Cross-chain interaction using domain name scheme in blockchain system | |
CN110958111B (en) | Block chain-based identity authentication mechanism of electric power mobile terminal | |
CN110264200B (en) | Block chain data processing method and device | |
CN101286840B (en) | Key distributing method and system using public key cryptographic technique | |
CN111884815A (en) | Block chain-based distributed digital certificate authentication system | |
JP7426402B2 (en) | Method and apparatus for realizing ID-based key management in smart contracts | |
CN113824563B (en) | Cross-domain identity authentication method based on block chain certificate | |
WO2014035748A1 (en) | Method and device for dynamically updating and maintaining certificate path data across remote trust domains | |
CN111490873B (en) | Certificate information processing method and system based on block chain | |
CN112583596A (en) | Complete cross-domain identity authentication method based on block chain technology | |
CN111815321A (en) | Transaction proposal processing method, device, system, storage medium and electronic device | |
CN111586049A (en) | Lightweight key authentication method and device for mobile internet | |
CN114465817B (en) | Digital certificate system and method based on TEE predictor clusters and blockchain | |
CN113726522A (en) | Internet of things equipment processing method and device based on block chain | |
MX2012011584A (en) | Locating network resources for an entity based on its digital certificate. | |
CN111371562A (en) | Super book Fabric-SDK (Standard software development kit) cryptographic algorithm expansion and transformation method | |
CN114615642A (en) | Vehicle identity authentication method and device in vehicle-to-vehicle communication, vehicle and storage medium | |
CN115134091A (en) | Management method of distributed digital identity identifier | |
CN108632037B (en) | Public key processing method and device of public key infrastructure | |
CN114297678A (en) | Operation method, device, equipment and storage medium of union chain system | |
CN110138558A (en) | Transmission method, equipment and the computer readable storage medium of session key | |
WO2023231782A1 (en) | Data integrity verification system | |
Zheng et al. | [Retracted] An Anonymous Authentication Scheme in VANETs of Smart City Based on Certificateless Group Signature |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |