CN1897518A - Distributed identity-card signature method - Google Patents
Distributed identity-card signature method Download PDFInfo
- Publication number
- CN1897518A CN1897518A CN 200510084151 CN200510084151A CN1897518A CN 1897518 A CN1897518 A CN 1897518A CN 200510084151 CN200510084151 CN 200510084151 CN 200510084151 A CN200510084151 A CN 200510084151A CN 1897518 A CN1897518 A CN 1897518A
- Authority
- CN
- China
- Prior art keywords
- node
- identity
- letter
- signature
- factor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The method comprises: new node initiates an identification letter issuing request to all authorization node; after receiving the responses for agreeing to participate in issuing identification letter from at least t authorization nodes, the new node selects t authorization nodes from them; the selected authorization nodes use a hop-by-hop signature approach to incorporate with the new node to generate the group signature and to generate identification letter.
Description
Technical field
The present invention relates to network security technology, refer to a kind of distributed identity-card signature method especially.
Background technology
Mobile ad-hoc network (Mobile Ad hoc Network, MANET) be a kind of special, mobile network of not having wired foundation structure to support, the no base station multi-hop provisional autonomous networks of step that it is made up of one group of portable terminal that has a wireless transceiver.Therefore, have the unexistent characteristics of general communication network, for example, the limitation of the self-organization of network, dynamic network topology structure, limited wireless transmission bandwidth, portable terminal, the multi-hop of route and vulnerable or the like.
Authentication to the mobile node identity in the mobile ad-hoc network is the important component part that guarantees the network operate as normal, and authentication can prevent impersonation attack effectively.Legacy network needs a believable authentication center that signing and issuing of letter of identity and authentication service are provided usually, but because mobile ad-hoc network is an acentric distributed network, all users are equality, therefore can't guarantee that certain user can fixedly serve as believable authentication center, particularly when mobile ad-hoc network is used for military purposes, single believable authentication center can become the key point of whole network, has reduced the survivability of network.Therefore in mobile ad-hoc network, realize distributed letter of identity sign and issue and authentication is the matter of utmost importance of required solution in the network.
With a kind of distributed identity-card signature method of the prior art is example, introduces the detailed process of distributed identity-card signature.(t, n) method of Threshold Group signature is signed and issued letter of identity for each initiate node, finishes the authentication process in this method employing.
Described (t, n) the Threshold Group signature is meant: form the group by n authorization node, replace believable authentication center to sign and issue group's signature to unauthorized node, have only and in n authorization node, exist more than or equal to t authorization node fellowship signature process, legal signature could be generated, anyly all legal signature can't be generated jointly less than t authorization node.Claim that in the present invention forming the group by n authorization node trusts the group.
This distributed identity-card signature method specifically comprises three phases: initial phase, letter of identity generation phase, authentication stage.Wherein, initial phase is generated by existing trusted key generation center in the network and is used for the system parameters of identity-card signature, and distributes to each authorization node sub-key separately.At first participate in the two-wheeled key agreement by all authorization nodes at the letter of identity generation phase, in this process, each authorization node produces the share that is used for the generating portion signature, and then by each authorization node basis share generation separately part signature separately.After each authorization node is finished separately part signature, when existing when agreeing to sign to newly added node greater than t authorization node, below newly added node is called new node, could be by uniting the group's signature that generates new node according to the part signature of oneself with any t+1 authorization node in the authorization node that means the new node signature, and then the generation letter of identity, and send to new node.At this moment, new node then can use the letter of identity of signing and issuing to carry out authentication.
In the implementation procedure of this method, at the generation phase of partly signing, all authorization nodes in the network have all been carried out key agreement twice, and each cipher key agreement process all is accompanied by bigger operand, cause the significant wastage of Internet resources, brought white elephant for the node in the network.In addition, when carrying out authentication, in a single day certificate shows, and has just revealed the confidential information of certificate, and loses efficacy, and the service efficiency of letter of identity is reduced.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of distributed identity-card signature method, can sign and issue letter of identity for new node in distributed network, and then realizes the authentication between the network node.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of distributed identity-card signature method, this method may further comprise the steps:
A, the new node that needs to add network are initiated identity-card signature requests to all definite authorization nodes of key generation center, after receiving the response of agreeing participation new node identity-card signature more than or equal to t authorization node, select wherein t, and all authorization nodes of selecting are sorted;
The signature that B, first authorization node calculate self transmits composing factor as the signature transmission factor, and the transmission factor of will signing passes to second authorization node, second authorization node to the t authorization node transmits composing factor according to the signature that calculates separately successively and upgrades the signature transmission factor of receiving, signature transmission factor after will upgrading again passes to adjacent next node, and the next node of t authorization node is a new node;
C, new node produce letter of identity according to the signature transmission factor generated group signature of receiving.
Wherein, this method further comprises step D: use the letter of identity that is produced to finish authentication.
Wherein, further comprise before the step B: new node calculates unidirectional value and generates the factor, and will comprise that the signature transmission parameter of the unidirectional value generation factor passes to first authorization node; First authorization node transmits composing factor according to the unidirectional value part compute signature of the letter of identity that is calculated again according to the unidirectional value part of letter of identity of the signature transmission calculation of parameter of receiving self; Wherein, the method for the unidirectional value generation of the described calculating factor is:
K wherein
iThe random number that each self-supporting new node sends when agreeing to participate in identity-card signature for the authorization node in the selected authorization node.
Wherein, the method for calculating the unidirectional value part of letter of identity described in the step B is: and hash (M, R), wherein R is that unidirectional value generates the factor, M is the letter of identity content.
Wherein, the method for the signature of renewal described in step B transmission factor is: the signature of this authorization node that will calculate transmits the signature transmission factor after composing factor upgrades with the long-pending conduct of the signature transmission factor of the upstream node of being received.
Wherein, the method for described compute signature transmission composing factor is:
g
aThe random number that produces when sending the letter of identity request for new node, two random numbers that used r and k generate when agreeing to participate in identity-card signature for each authorization node, S is the sub-key that authorization node has, h is the unidirectional value part of letter of identity, and t represents the serial number of authorization node in trusting the group.
Wherein, the group's signature generating method described in the step C is:
Wherein Z is the signature transmission factor that sends to new node among the step B, g
RiReturn to the random number of new node when agreeing to participate in identity-card signature for authorization node, a is that new node is signed and issued the random number that letter of identity is generation in request.
Wherein, describedly finish authentication and specifically comprise:
D11, certified node send to authentication node with the letter of identity of self;
D12, authentication node calculate the certificate effect factor, calculate certificate effect value according to the certificate effect factor and letter of identity content, judge the certificate effect value that calculates whether with letter of identity in unidirectional value part equate, if equate authentication success; Otherwise, authentification failure.
Wherein, describedly finish authentication and specifically comprise:
D21, authentication node send random number to certified node;
D22, certified node generate the new unidirectional value part of letter of identity and group's signature according to the random number of receiving, and new letter of identity is sent to authentication node;
D23, authentication node calculate the certificate effect factor, and calculate certificate effect value according to the certificate effect factor and letter of identity content, judge whether certificate effect value equates with the unidirectional value part of letter of identity, if equate authentication success; Otherwise, authentification failure.
Wherein, the method for the described calculating certificate effect factor is: R '=C
vy
hMod N, v wherein, y is the open parameter of network, and h is the unidirectional value part of letter of identity, and C is group's signature.
Wherein, the method for the new unidirectional value part of letter of identity of described generation is: h=hash (M, R
uMod N), wherein M is the letter of identity content, and R is that unidirectional value generates the factor, and u is a random number; The method of the letter of identity group signature that described generation is new is: C=C
uMod N, wherein C is the former signature of letter of identity, u is a random number.
Wherein, the method for the described calculating certificate effect factor is: R '=C
vy
UhMod N, v wherein, y is the open parameter of network, and h is the unidirectional value part of letter of identity, and u is a random number, and C is group's signature.
Wherein, the method for described calculating certificate effect value is: h=hash (M, R '), and wherein M is the letter of identity content, R ' is the certificate effect factor.
Wherein, this method further comprises: letter of identity is signed and issued for the authorization node of determining in key generation center, generate simultaneously and divide to be used in and sign and issue the new node letter of identity and finish authentication process parameters needed, determine to generate the rule of identify label number and letter of identity content; Need to add the rule generation letter of identity content of the new node of network according to the generation letter of identity content of determining.
A kind of distributed identity-card signature method provided by the present invention is for the new node that adds distributed network, based on (the trust group who is made up of authorization node finishes the signing and issuing of letter of identity of new adding network node for t, n) Threshold Group signature.In the method, only in trusting the group when meaning authorization node number that new node signs and issues letter of identity more than or equal to t, could finish the process of signing and issuing letter of identity for new node jointly by t authorization node wherein.Therefore, avoided in distributed network, signing and issuing the security breaches that letter of identity brings by a node.Simultaneously, for the distributed identity-card signature method of the realization of being mentioned in the background technology, identity-card signature stage in the present invention, adopt the identity-card signature method of hop-by-hop formula by authorization node selected from trust the group, each authorization node passes to its downstream node by the signature transmission factor that will oneself produce, downstream node upgrades upstream node and transmits the signature transmission factor, until t node, and then generation group signature, generate letter of identity, the group signature method of this hop-by-hop formula brings bigger burden can for the authorization node in the network.And, using letter of identity to carry out in the process of authentication, realized reusing of letter of identity by using disposable random number, improved the service efficiency of letter of identity.
Description of drawings
Fig. 1 is an identity-card signature process schematic diagram of the present invention;
Fig. 2 is a hop-by-hop formula signature process schematic diagram of the present invention;
Fig. 3 carries out authentication process schematic diagram for the disposable use letter of identity of the present invention;
Fig. 4 carries out authentication process schematic diagram for the present invention reuses letter of identity.
Embodiment
Method proposed by the invention, its process is: at first, network is finished netinit under off-line state, determine authorization node, and sign and issue letter of identity for authorization node, generate simultaneously and divide to be used in and sign and issue the new node letter of identity and finish the required parameter of authentication process; After initialization is finished, mass-sended identity certificate issuance process by new node to trust, select any t the authorization node of agreeing the participation identity-card signature to form the identity-card signature group by new node, adopt the mode of hop-by-hop to produce group's signature by the authorization node in the identity-card signature group; At last, new node generates letter of identity according to group's signature of identity-card signature group, and then the node that has letter of identity in the network then can use the letter of identity of acquisition to finish authentication.Wherein, described trust group is made up of all authorization nodes.
The inventive method is applicable to signing and issuing of letter of identity in any distributed network, and the authentication process, below is example to implement this method in MANET, introduces the specific implementation process of the inventive method, as shown in Figure 1, may further comprise the steps:
Step 101: determine that by believable key generation center the initial node of forming MANET is an authorization node, and be respectively the unique separately identify label number i of these authorization nodes distribution according to rule, this identify label number can the different authorization node of unique identification.
Wherein, key generation center can be that the key under the off-line state generates server, is used for the system parameters of identity-card signature and authentication for the MANET system assignment that is about to form.The authorization node of the initial MANET of composition all needs this key to generate server registers, obtains letter of identity and the system parameters of oneself.
Here, the rule of key generation central dispense identify label number can be: generate the center by key and select a random number arbitrarily; Or, distribute as employed net card number of node device etc. according to the feature of node.Before these authorization nodes are formed MANET, generate network is finished at the center under off-line state initialization by key, produce the parameter that is used for letter of identity generation and authentication, and sign and issue letter of identity for each authorization node, detailed process is as follows:
P, q are selected in key generation center, make Integer N=pq, and wherein p and q are big prime number.Obtain two other big prime number p ' and q ' according to p, q, p ', q ' satisfy p=2p '+1, and q=2q '+1 makes integer m=p ' q '.
Then, two random number d and the v coprime with m are selected in key generation center, and utilize two random number d and the v that selects, and calculate the group cipher of trusting the group:
x=g
dmod?N,
And according to x
vY=1mod N calculates the group's PKI y that trusts the group, wherein
Be subgroup Q
NGenerator, Z
N *Be the least residue system of N, Q
NExpression Z
N *In the multiplication subgroup that constitutes of all quadratic residue numbers.
Then, the multinomial that number of times is t-1 is selected at key generation center:
f(x)=a
t-1x
t-1+…+a
1x
1+d,
Parameter a wherein
1..., a
tGenerating the center by key selects arbitrarily.
Key generates the center according to this multinomial be the identify label number i of each authorization node distribution, calculates the sub-key s of each authorization node
i=g
F (i) mOdm mod N.
Key generation center finish distribute sub-key into each authorization node after, a certain public information of authorization node as letter of identity content M, is generated letter of identity.This this authorization node of letter of identity content energy unique identification, corresponding, the rule that generates letter of identity can be: the net card number of equipment that node uses, the identity card of node users or E-mail address etc.After having determined the letter of identity content of authorization node, a unidirectional hash function hash () is selected at key generation center, and preferable can select a strong unidirectional hash function, and is each authorization node selection random number b
i, generate the factor by calculating unidirectional value
And generate the factor according to unidirectional value and obtain the unidirectional value part h of letter of identity
i=hash (M
i, R
i), and then obtain signature
Form each authorization node letter of identity (M separately
i, C
i, h
i), each authorization node then can use the letter of identity of signing and issuing to carry out authentication.
So far, key generates the center under off-line state, has finished the initialization of network, has produced the system parameters of network, comprising: open parameter N, g, v, y, hash (); Secret parameter p, q, m, p ', q ', d, x, bi; And authorization node confidential information separately: sub-key s
i, letter of identity (M
i, C
i, h
i).Wherein, the open parameter of network is the node information in common knowledge in the whole network, secret parameter is only to be the information known to the key generation center, when netinit is finished at key generation center, can be with secret preservation of secret parameter or safety deletion, the confidential information of authorization node is to generate the center by key to send each authorization node to by secured fashion.Here the secured fashion of indication can be: transmit by modes such as encryption or dedicated channels.The initialization of network has been finished at key generation center, can exit network.At this moment, the trust group who is made up of authorization node then can be under complete acentric state, for new node is signed and issued letter of identity.
Step 102: new node is the rule generation letter of identity content M that authorization node generates letter of identity according to key generation center, and sign and issue letter of identity to trusting group's request, following new node is represented with W, because the particularity of MANET, usually all authorization nodes that can communicate by letter send the identity-card signature request message to W to it, comprise integer g in the request message
aMod N, wherein, a is the random number that W produces.
When new node added network, new node can be learnt the open parameter of system by broadcast, and the rule that is used to generate identify label number and letter of identity generation; Perhaps by new node from from open parameter of its nearest authorization node acquisition system and the rule that is used to produce identify label number and letter of identity content.
After W receives that message is participated in the agreement of returning more than or equal to t authorization node, enter step 105; If W does not receive the agreement participation message of returning more than or equal to t authorization node, then turn back to step 102, continue to send the identity-card signature request message.
Step 105: in the authorization node of agreeing participation new node identity-card signature, select wherein t to consist of the identity-card signature group of oneself signing and issuing letter of identity arbitrarily by new node, A represents with group, and to the authorization node ordering among the group A, sortord is any, also can be according to the jumping figure of authorization node apart from new node, perhaps the equipment performance of authorization node sorts.With the ordering after the result with 1 ..., t is numbered, and uses P
1..., P
tAuthorization node in the expression group starts group's signature of hop-by-hop formula, at this with P
T-1Be called P
tUpstream node, P
tBe called P
T-1Downstream node.
Step 106:W calculates unidirectional value and generates the factor
To sign, (M, { A} R) sends to P to the transmission parameter
1, K wherein
iThe random number that sends to W when agreeing to participate in the W identity-card signature for the authorization node in the identity-card signature group, { A} represents the serial number of authorization node in the set A, P
1For serial number in group A is 1 authorization node.Group's signature detailed process as shown in Figure 2.
P
1After receiving the message that W sends, generate factor R according to unidirectional value and calculate the unidirectional value part h=hash of letter of identity (M R), and transmits composing factor according to the unidirectional value part compute signature of the letter of identity that calculates
Wherein, calculate d
1Used g
aFor, the random number that W produces when sending the letter of identity request; Used r
1And k
1For, P
1Two random numbers that generate when agreeing to participate in identity-card signature; S
1Expression P
1The sub-key that has.And then, P
1Transmission factor Z=d obtains signing
1
Follow P
1To sign and transmit parameter ({ A} R) sends to its downstream node P for Z, M
2, P
2Be that serial number comes deputy authorization node in trusting the group, it according to P
1Same method is calculated the unidirectional value part h=hash of letter of identity, and (M R) transmits composing factor with signature
G wherein
aThe random number that produces when being the request of W transmission letter of identity, r
2And k
2Be P
2The random number that is used to generate two integers when agreeing to participate in identity-card signature, S
2Expression P
2The sub-key that has.P
2Transmit composing factor d according to the signature that calculates
2Upgrade the signature transmission factor.P
2And the method for its downstream node renewal signature transmission factor is: will multiply by this signature that calculates from the signature transmission factor Z that the upstream authorization node receives and transmit composing factor d
i(i=2,3 ... t) obtain new signature transmission factor Z, so P
2The signature transmission factor that renewal obtains is Z=d
2D
1, and the signature after will upgrading transmits parameter, and ({ A} R) passes to the downstream authorization node P of ordering after it in trusting the group for Z, M
3P
3Transmit composing factor according to identical method compute signature, upgrade the signature transmission factor, authorization node P to the last successively goes on
t, P
tCompute signature is transmitted composing factor
Upgrade the signature transmission factor
And Z returned to W.
Here, P
1For serial number in group A is 1 authorization node, the hop-by-hop formula group signature mode of employing is: ({ A} R), upgrades signature transmission factor Z to order, is the authorization node of t up to serial number for Z, M to the downstream node transmission signature transmission parameter of each authorization node.In actual applications, also can from serial number be the authorization node of t begin order to the upstream node transmission signature of each authorization node transmit parameter (Z, M, A} R), upgrades signature transmission factor Z, and up to serial number be 1 authorization node till.
New node W receives P
tThe signature transmission factor Z that returns calculates and obtains legal signature
Therefore produce W letter of identity (M, C, h).So far, the MANET system relies on the trust group to finish the process of signing and issuing letter of identity for new node W at complete acentric state.
By step 101~106, the authorization node among the MANET has been finished the process of signing and issuing letter of identity for new node, and at this moment, new node just can use the letter of identity of oneself to carry out authentication.Because in a single day letter of identity showed, just revealed its confidential information and inefficacy, so the present invention has further designed the method that certificate is reused.Here, node i is an authentication node, and node j is certified node.Below be example with the identity of node i authentication node j, when the disposable use letter of identity of node j, carry out process as shown in Figure 3; When node j need reuse letter of identity, carry out process as shown in Figure 4.Below respectively these two processes are elaborated.
Be illustrated in figure 3 as the process of node i authentication node j identity, wherein, the disposable use letter of identity of node j, node i and node j can be authorization node or the new node that obtains letter of identity.
Step 301: node j is with the letter of identity (M of oneself
j, C
j, h
j) send to node i.In order to distinguish the letter of identity of node i and node j, added subscript in the parameter in letter of identity respectively.
Step 302: node i is received after the letter of identity that node j sends, and calculates the certificate effect factor
Obtain certificate effect value hash (M
j, R
j'), v wherein, y is the open parameter of network.Equate with unidirectional value part in the letter of identity if judge certificate effect value, i.e. hash (M
j, R
j')=h
j, then prove letter of identity (M
j, C
j, h
j) be the legal identity certificate that the trust group of MANET signs and issues, the identity of node i success identity node j then, node j is legal node, the return authentication successful information; If the unidirectional value part in certificate effect value and the letter of identity is unequal, i.e. hash (M
j, R
j') ≠ h
j, then node i is to the authentication failure of node j, and node j is illegal node, returns authentication failed information.
When node j reuses letter of identity, realize reusing of letter of identity according to as shown in Figure 4 process, finish authentication.At first node j generates new letter of identity with the random number that node i produces, and the new letter of identity of node i utilization generation is finished the authentication to node j then.
Step 401: node i produces random number u
i, send to node j.
Step 402: node j receives the random number u that node i is sent
i, the unidirectional value part that generates new letter of identity is
Letter of identity group signature is
If certified node j is an authorization node, unidirectional value generates factor R
jFor
B wherein
jBe that netinit stage key generation center is the parameter that authorization node is produced when signing and issuing letter of identity, v is the open parameter of network system; If node j is when obtaining the new node of letter of identity, R
jBy in step 106, being used unidirectional value to generate the factor.New letter of identity (the M that node j will generate
j, C
j', h
j') send to node i.
Step 403: node i is calculated the certificate effect factor after receiving the new letter of identity that node j sends
Obtain certificate effect value hash (M
j, R
j').If certificate effect value equates with unidirectional value part in the letter of identity, i.e. h
j'=hash (M
j, R
j'), the identity of node i success identity node j then, node j is legal node, returns success the information of authentication; If the unidirectional value part in certificate effect value and the letter of identity is unequal, i.e. h
j' ≠ hash (M
j, R
j'), then node i authentication node j identity failure, node j is illegal node, the information of return authentication failure.
Fig. 3, process shown in Figure 4 are to be certified node at node j, node i is the authentication process of authentication node, when node j need authenticate the identity of node i, node j equally can be by authenticating as Fig. 3 or the process as shown in Figure 4 identity to node i, this moment, then node j was an authentication node, and node i is certified node.
In actual applications, when the node in the network only needs disposable use letter of identity, then carry out process as shown in Figure 3; When the node in the network need be reused letter of identity, then carry out process as shown in Figure 4.
Claims (14)
1, a kind of distributed identity-card signature method is characterized in that, this method may further comprise the steps:
A, the new node that needs to add network are initiated identity-card signature requests to all definite authorization nodes of key generation center, after receiving the response of agreeing participation new node identity-card signature more than or equal to t authorization node, select wherein t, and all authorization nodes of selecting are sorted;
The signature that B, first authorization node calculate self transmits composing factor as the signature transmission factor, and the transmission factor of will signing passes to second authorization node, second authorization node to the t authorization node transmits composing factor according to the signature that calculates separately successively and upgrades the signature transmission factor of receiving, signature transmission factor after will upgrading again passes to adjacent next node, and the next node of t authorization node is a new node;
C, new node produce letter of identity according to the signature transmission factor generated group signature of receiving.
2, method according to claim 1 is characterized in that, this method further comprises step D: use the letter of identity that is produced to finish authentication.
3, method according to claim 1 is characterized in that, further comprises before the step B: new node calculates unidirectional value and generates the factor, and will comprise that the signature transmission parameter of the unidirectional value generation factor passes to first authorization node; First authorization node transmits composing factor according to the unidirectional value part compute signature of the letter of identity that is calculated again according to the unidirectional value part of letter of identity of the signature transmission calculation of parameter of receiving self; Wherein, the method for the unidirectional value generation of the described calculating factor is:
K wherein
iThe random number that each self-supporting new node sends when agreeing to participate in identity-card signature for the authorization node in the selected authorization node.
4, method according to claim 3 is characterized in that, the method for calculating the unidirectional value part of letter of identity described in the step B is: and hash (M, R), wherein R is that unidirectional value generates the factor, M is the letter of identity content.
5, method according to claim 1, it is characterized in that the method for upgrading the signature transmission factor described in the step B is: the signature transmission composing factor of this authorization node that will calculate is long-pending as the signature transmission factor after upgrading with the signature transmission factor of the upstream node of being received.
6, method according to claim 1 is characterized in that, the method that described compute signature is transmitted composing factor is:
g
aThe random number that produces when sending the letter of identity request for new node, two random numbers that used r and k generate when agreeing to participate in identity-card signature for each authorization node, S is the sub-key that authorization node has, h is the unidirectional value part of letter of identity, and t represents the serial number of authorization node in trusting the group.
7, method according to claim 1 is characterized in that, the group's signature generating method described in the step C is:
Wherein Z is the signature transmission factor that sends to new node among the step B, g
RiReturn to the random number of new node when agreeing to participate in identity-card signature for authorization node, a is that new node is signed and issued the random number that letter of identity is generation in request.
8, method according to claim 2 is characterized in that, describedly finishes authentication and specifically comprises:
D11, certified node send to authentication node with the letter of identity of self;
D12, authentication node calculate the certificate effect factor, calculate certificate effect value according to the certificate effect factor and letter of identity content, judge the certificate effect value that calculates whether with letter of identity in unidirectional value part equate, if equate authentication success; Otherwise, authentification failure.
9, method according to claim 2 is characterized in that, describedly finishes authentication and specifically comprises:
D21, authentication node send random number to certified node;
D22, certified node generate the new unidirectional value part of letter of identity and group's signature according to the random number of receiving, and new letter of identity is sent to authentication node;
D23, authentication node calculate the certificate effect factor, and calculate certificate effect value according to the certificate effect factor and letter of identity content, judge whether certificate effect value equates with the unidirectional value part of letter of identity, if equate authentication success; Otherwise, authentification failure.
10, method according to claim 8 is characterized in that, the method for the described calculating certificate effect factor is: R '=C
vy
hMod N, v wherein, y is the open parameter of network, and h is the unidirectional value part of letter of identity, and C is group's signature.
11, method according to claim 9 is characterized in that, the method for the unidirectional value part of letter of identity that described generation is new is: h=hash (M, R
uMod N), wherein M is the letter of identity content, and R is that unidirectional value generates the factor, and u is a random number; The method of the letter of identity group signature that described generation is new is: C=C
uMod N, wherein C is the former signature of letter of identity, u is a random number.
12, method according to claim 9 is characterized in that, the method for the described calculating certificate effect factor is: R '=C
ry
UhMod N, v wherein, y is the open parameter of network, and h is the unidirectional value part of letter of identity, and u is a random number, and C is group's signature.
13, according to Claim 8 or 9 described methods, it is characterized in that the method for described calculating certificate effect value is: h=hash (M, R '), wherein M is the letter of identity content, R ' is the certificate effect factor.
14, method according to claim 1, it is characterized in that, this method further comprises: letter of identity is signed and issued for the authorization node of determining in key generation center, generate simultaneously and divide to be used in and sign and issue the new node letter of identity and finish authentication process parameters needed, determine to generate the rule of identify label number and letter of identity content; Need to add the rule generation letter of identity content of the new node of network according to the generation letter of identity content of determining.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2005100841510A CN100563150C (en) | 2005-07-14 | 2005-07-14 | A kind of distributed identity-card signature method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2005100841510A CN100563150C (en) | 2005-07-14 | 2005-07-14 | A kind of distributed identity-card signature method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1897518A true CN1897518A (en) | 2007-01-17 |
CN100563150C CN100563150C (en) | 2009-11-25 |
Family
ID=37609907
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2005100841510A Active CN100563150C (en) | 2005-07-14 | 2005-07-14 | A kind of distributed identity-card signature method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100563150C (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100550738C (en) * | 2007-02-06 | 2009-10-14 | 上海交通大学 | A kind of authentication method of distributed network and system |
CN102263787A (en) * | 2011-07-08 | 2011-11-30 | 西安电子科技大学 | Dynamic distributed certification authority (CA) configuration method |
CN102904927A (en) * | 2011-09-01 | 2013-01-30 | 微软公司 | Distributed computer systems with time-dependent credentials |
CN103813324A (en) * | 2012-11-07 | 2014-05-21 | 中国移动通信集团公司 | Node signature method and mobile node access method of hierarchical MIPv6 |
CN104184584A (en) * | 2013-05-27 | 2014-12-03 | 华为技术有限公司 | Multi-signature method and apparatus |
CN102299791B (en) * | 2008-08-28 | 2014-12-24 | 华为技术有限公司 | Autonomous management method, system and equipment for public key certificate |
US9032492B2 (en) | 2011-09-01 | 2015-05-12 | Microsoft Corporation | Distributed computer systems with time-dependent credentials |
US9058467B2 (en) | 2011-09-01 | 2015-06-16 | Microsoft Corporation | Distributed computer systems with time-dependent credentials |
WO2017012089A1 (en) * | 2015-07-22 | 2017-01-26 | 华为技术有限公司 | Communication method, device and system based on data link layer |
CN107659395A (en) * | 2017-10-30 | 2018-02-02 | 武汉大学 | The distributed authentication method and system of identity-based under a kind of environment of multi-server |
CN108140099A (en) * | 2015-10-02 | 2018-06-08 | 谷歌有限责任公司 | The newer signature exchanged in binary data synchronous protocol |
CN109547206A (en) * | 2018-10-09 | 2019-03-29 | 深圳壹账通智能科技有限公司 | The processing method and relevant apparatus of digital certificate |
US11138161B2 (en) | 2015-10-02 | 2021-10-05 | Google Llc | Single table multi-schema data store in a key value store |
US11223677B2 (en) | 2015-10-02 | 2022-01-11 | Google Llc | Peer-to-peer syncable storage system |
CN114168922A (en) * | 2022-02-10 | 2022-03-11 | 亿次网联(杭州)科技有限公司 | User CA certificate generation method and system based on digital certificate |
-
2005
- 2005-07-14 CN CNB2005100841510A patent/CN100563150C/en active Active
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100550738C (en) * | 2007-02-06 | 2009-10-14 | 上海交通大学 | A kind of authentication method of distributed network and system |
CN102299791B (en) * | 2008-08-28 | 2014-12-24 | 华为技术有限公司 | Autonomous management method, system and equipment for public key certificate |
CN102263787A (en) * | 2011-07-08 | 2011-11-30 | 西安电子科技大学 | Dynamic distributed certification authority (CA) configuration method |
CN102263787B (en) * | 2011-07-08 | 2014-04-16 | 西安电子科技大学 | Dynamic distributed certification authority (CA) configuration method |
US9058467B2 (en) | 2011-09-01 | 2015-06-16 | Microsoft Corporation | Distributed computer systems with time-dependent credentials |
CN102904927A (en) * | 2011-09-01 | 2013-01-30 | 微软公司 | Distributed computer systems with time-dependent credentials |
CN102904927B (en) * | 2011-09-01 | 2015-06-17 | 微软公司 | Distributed computer systems with time-dependent credentials |
US9032492B2 (en) | 2011-09-01 | 2015-05-12 | Microsoft Corporation | Distributed computer systems with time-dependent credentials |
CN103813324A (en) * | 2012-11-07 | 2014-05-21 | 中国移动通信集团公司 | Node signature method and mobile node access method of hierarchical MIPv6 |
CN103813324B (en) * | 2012-11-07 | 2017-02-22 | 中国移动通信集团公司 | Node signature method and mobile node access method of hierarchical MIPv6 |
CN104184584A (en) * | 2013-05-27 | 2014-12-03 | 华为技术有限公司 | Multi-signature method and apparatus |
WO2017012089A1 (en) * | 2015-07-22 | 2017-01-26 | 华为技术有限公司 | Communication method, device and system based on data link layer |
CN107005430A (en) * | 2015-07-22 | 2017-08-01 | 华为技术有限公司 | A kind of communication means based on data link layer, equipment and system |
US11153207B2 (en) | 2015-07-22 | 2021-10-19 | Huawei Technologies Co., Ltd. | Data link layer-based communication method, device, and system |
US10560378B2 (en) | 2015-07-22 | 2020-02-11 | Huawei Technologies Co., Ltd. | Data link layer-based communication method, device, and system |
CN107005430B (en) * | 2015-07-22 | 2020-03-31 | 华为技术有限公司 | Communication method, device and system based on data link layer |
CN108140099A (en) * | 2015-10-02 | 2018-06-08 | 谷歌有限责任公司 | The newer signature exchanged in binary data synchronous protocol |
US11240298B2 (en) | 2015-10-02 | 2022-02-01 | Google Llc | Peer-to-peer syncable storage system |
US11677820B2 (en) | 2015-10-02 | 2023-06-13 | Google Llc | Peer-to-peer syncable storage system |
US11632250B2 (en) | 2015-10-02 | 2023-04-18 | Google Llc | Signatures of updates exchanged in a binary data synchronization protocol |
US10972285B2 (en) | 2015-10-02 | 2021-04-06 | Google Llc | Signatures of updates exchanged in a binary data synchronization protocol |
US11487719B2 (en) | 2015-10-02 | 2022-11-01 | Google Llc | Single table multi-schema data store in a key value store |
US11138161B2 (en) | 2015-10-02 | 2021-10-05 | Google Llc | Single table multi-schema data store in a key value store |
CN108140099B (en) * | 2015-10-02 | 2019-11-19 | 谷歌有限责任公司 | The signature of the update exchanged in binary data synchronous protocol |
US11223677B2 (en) | 2015-10-02 | 2022-01-11 | Google Llc | Peer-to-peer syncable storage system |
CN107659395A (en) * | 2017-10-30 | 2018-02-02 | 武汉大学 | The distributed authentication method and system of identity-based under a kind of environment of multi-server |
CN107659395B (en) * | 2017-10-30 | 2021-09-24 | 武汉大学 | Identity-based distributed authentication method and system in multi-server environment |
CN109547206B (en) * | 2018-10-09 | 2020-11-06 | 深圳壹账通智能科技有限公司 | Digital certificate processing method and related device |
CN109547206A (en) * | 2018-10-09 | 2019-03-29 | 深圳壹账通智能科技有限公司 | The processing method and relevant apparatus of digital certificate |
CN114168922A (en) * | 2022-02-10 | 2022-03-11 | 亿次网联(杭州)科技有限公司 | User CA certificate generation method and system based on digital certificate |
Also Published As
Publication number | Publication date |
---|---|
CN100563150C (en) | 2009-11-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1897518A (en) | Distributed identity-card signature method | |
CN101192928B (en) | Mobile ad hoc authentication method and system | |
KR101301609B1 (en) | Apparatus and method for generating secret key, and recording medium storing program for executing method of the same in computer | |
CN102970679B (en) | The secure signing method of identity-based | |
CN1191703C (en) | Safe inserting method of wide-band wireless IP system mobile terminal | |
CN109687976A (en) | Fleet's establishment and management method and system based on block chain and PKI authentication mechanism | |
CN101030859A (en) | Method and system for verifying distributed network | |
CN109412816A (en) | A kind of vehicle-mounted net anonymous communication system and method based on ring signatures | |
CN1902853A (en) | Method and apparatus for verifiable generation of public keys | |
CN101814991B (en) | Mutual authentication method and system based on identity | |
CA2423636A1 (en) | Methods for authenticating potential members invited to join a group | |
CN1399490A (en) | Safe access method of mobile terminal to radio local area network | |
CN102223629B (en) | Distribution method of threshold keys of mobile Ad hoc network | |
CN108337092B (en) | Method and system for performing collective authentication in a communication network | |
CN104703178A (en) | Machine type communication authenticating and key negotiating method based on group anonymous proxy | |
CN112039660B (en) | Internet of things node group identity security authentication method | |
CN110336664B (en) | SM2 cryptographic algorithm-based cross-domain authentication method for information service entity | |
CN101977380A (en) | Wireless Mesh network identification method | |
CN115499119A (en) | PUF-based vehicle authentication method with privacy protection function | |
CN101820626B (en) | Wireless MESH network ID based partially blind signature method without credible PKG (Private Key Generator) | |
Dwivedi et al. | Design of blockchain and ECC-based robust and efficient batch authentication protocol for vehicular ad-hoc networks | |
CN113472734B (en) | Identity authentication method and device | |
CN1917422A (en) | Implementation method for reducing amount of calculation for managing cipher key of MANET network | |
Van Der Merwe et al. | Fully self-organized peer-to-peer key management for mobile ad hoc networks | |
KR20080026263A (en) | Key generation method for self-configuration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |