WO2021117904A1 - 証明書データをデジタルに利用可能にするための装置、方法及びそのためのプログラム - Google Patents

証明書データをデジタルに利用可能にするための装置、方法及びそのためのプログラム Download PDF

Info

Publication number
WO2021117904A1
WO2021117904A1 PCT/JP2020/046442 JP2020046442W WO2021117904A1 WO 2021117904 A1 WO2021117904 A1 WO 2021117904A1 JP 2020046442 W JP2020046442 W JP 2020046442W WO 2021117904 A1 WO2021117904 A1 WO 2021117904A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
attributes
attribute data
certificate
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2020/046442
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
峰史 小宮山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BitFlyer Blockchain Inc
Original Assignee
BitFlyer Blockchain Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BitFlyer Blockchain Inc filed Critical BitFlyer Blockchain Inc
Priority to CN202080094578.1A priority Critical patent/CN115004629A/zh
Priority to JP2021564079A priority patent/JPWO2021117904A1/ja
Priority to EP20898537.4A priority patent/EP4075720A4/en
Priority to US17/784,773 priority patent/US20230055866A1/en
Publication of WO2021117904A1 publication Critical patent/WO2021117904A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present invention is for digitally making available certificate data for one or more attribute data (a piece or a plurality of pieces of attribute data) representing one or more attributes of a subject including an individual. Regarding devices, methods and programs for them.
  • each institution independently manages one or more attributes, and if these personal attribute data or a part of them can be used digitally, it will be more convenient than ever. It enables the design of highly sophisticated and diverse services. For example, a graduation certificate is used to prove attributes such as the name of the university that an individual graduated from, the date of graduation, etc., but in order to use services that require confirmation of these attributes, the university that graduated You must be issued a certificate in writing from. If this can be referred to digitally on a computer network while maintaining reliability, the degree of freedom of identification in various services will be greatly increased.
  • the present invention has been made in view of such problems, and an object of the present invention is to digitally use certificate data for one or more attribute data representing one or more attributes of an entity managed by an institution.
  • the purpose is to provide a device, a method, and a program for that purpose.
  • the first aspect of the present invention is a method of providing certificate data for a plurality of attribute data representing a plurality of attributes of a subject confirmed by the institution, wherein the institution provides the certificate data.
  • a step in which the server to be used generates the certificate data in response to a request for the certificate data from a terminal capable of communicating with the server, and a step in which the server sends the certificate data and the certificate data to the terminal.
  • the certificate data includes the name of the institution that is the certifier, the public key to be certified, and the hash value associated with the content of the certification, and is based on the private key of the institution.
  • the hash value to which the signature is added and associated with the certification content is the Merkle root of the Merkle tree obtained by using a plurality of attribute data representing the plurality of attributes that are the certification content, and the verification data is (A) A plurality of attribute data representing a plurality of attributes that are proof contents accessible to the server, or at least a part of hash values thereof, or (b) adding additional data to at least a part of the plurality of attribute data. It is characterized by including a plurality of data including the obtained modified attribute data or at least a part of hash values thereof.
  • the hash value associated with the certification content is the lowest layer of each hash value of the plurality of attribute data representing the plurality of attributes that are the certification content. It is characterized by being the Merkle root of the Merkle tree which is the node of.
  • the hash value associated with the proof content adds additional data to at least a part of the plurality of attribute data representing the plurality of attributes which are the proof contents.
  • it is a Merkle root of a Merkle tree having a hash value of each of a plurality of data including the obtained modified attribute data as the lowest node.
  • a fourth aspect of the present invention is a program for causing a server to execute a method of providing certificate data for a plurality of attribute data representing a plurality of attributes of a subject confirmed by an organization using the server. Then, the step of generating the certificate data in response to the request of the certificate data from the terminal capable of communicating with the server, and the step that the server sends the certificate data and the certification to the terminal.
  • the certificate data includes the name of the institution that is the certifier, the public key to be certified, and the hash value associated with the content of the proof, including the step of transmitting the verification data corresponding to the written data, and the secret of the institution.
  • the hash value to which the signature by the key is added and associated with the certification content is the Merkle root of the Merkle tree obtained by using the attribute data representing a plurality of attributes which are the certification contents, and the verification data is (A) A plurality of attribute data representing a plurality of attributes that are proof contents accessible to the server, or at least a part of hash values thereof, or (b) adding additional data to at least a part of the plurality of attribute data. It is characterized by including a plurality of data including the obtained modified attribute data or at least a part of hash values thereof.
  • a fifth aspect of the present invention is a device that provides certificate data for a plurality of attribute data representing a plurality of attributes of a subject confirmed by an institution, and the certification from a terminal capable of communicating with the device.
  • the certificate data is generated, the certificate data and the verification data corresponding to the certificate data are transmitted to the terminal, and the certificate data is the name of the institution that is the certifier.
  • the public key to be certified, and the hash value associated with the certification content, the signature with the private key of the institution is added, and the hash value associated with the certification content has a plurality of attributes that are the certification content.
  • the verification data is (a) a plurality of attribute data representing a plurality of attributes which are proof contents accessible to the server, or a plurality of attribute data thereof. It is characterized by including at least a part of hash values or a plurality of data including modified attribute data obtained by adding additional data to the plurality of attribute data, or at least a part of the hash values thereof.
  • certificate data including a Merkle root of a Merkle tree obtained using one or more attribute data representing one or more confirmed attributes of an individual is generated and the individual.
  • the individual can partially digitally disclose the desired attributes to others as needed.
  • FIG. 1 shows an apparatus according to an embodiment of the present invention.
  • the device 100 is an institutional device used by an institution that manages one or more attributes of an individual, and can access one or more attribute data representing one or more confirmed attributes of the individual.
  • the terminal 110 used by the individual receives an issuance request or a generation request for certificate data (certificate data) for one or more attribute data representing the one or more attributes
  • the engine device 100 Generates the certificate data and transmits it to the terminal 110 via the computer network. Then, the certificate data is transmitted from the terminal 110 to the verification device 120 that requires verification of one or a plurality of attributes of the individual.
  • the engine device 100 includes a communication unit 101 such as a communication interface, a processing unit 102 such as a processor and a CPU, and a storage unit 103 including a storage device such as a memory and a hard disk or a storage medium, and is a program for performing each process.
  • the server 100 may include one or more devices, computers or servers.
  • the program may include one or more programs, and may be recorded on a computer-readable storage medium to be a non-transient program product.
  • the program can be stored in a storage device or storage medium accessible from the storage unit 103 or the device 100 via the computer network, and executed by the processing unit 102.
  • the terminal 110 and the verification device 120 may also be provided with a communication unit, a processing unit, and a storage unit.
  • the engine device 100 can further include a database 104 that stores one or a plurality of attribute data representing one or a plurality of attributes of each individual, and the database 104 uses the generated certificate data and the certificate data. Verification data and the like for attribute verification may be further stored. Hereinafter, these data will be described as being stored in the database 104, but all or a part thereof may be stored in a storage device or a storage medium accessible from the storage unit 103 or the engine device 100.
  • the transaction including the generated certificate data may be transmitted to the blockchain network 130 having a plurality of nodes at the same time as or before and after the transmission of the certificate data to the terminal 110 and stored.
  • FIG. 2 shows a method according to the first embodiment of the present invention.
  • the engine device 100 confirms one or a plurality of attributes of each individual by some method, and stores attribute data representing them in the database 104. If the operator of the institutional device 100 is a university, it is conceivable that attribute data representing attributes such as name, university name, faculty name, and graduation date are stored after confirming that the operator is a graduate. If the operator of the institutional device 100 is an exchange of cryptocurrency assets, attributes representing attributes such as name, address, date of birth, gender, country of residence, etc. confirmed by identity verification performed before starting transactions as a user. It is possible that the data is stored.
  • the engine device 100 receives the request for the certificate data from the terminal 110 (S201) and generates the certificate data (S202).
  • the request can include a public key for which certificate data is to be generated.
  • the engine device 100 acquires verification data necessary for verification of the certificate data at the same time as or before or after the generation of the certificate data (S203). The acquisition may be performed by reading from a storage device or storage medium accessible to the engine device 100, in addition to the case of performing by generation.
  • FIG. 3 schematically shows the certificate data according to the first embodiment of the present invention.
  • Certificate data 300 is an example in which University X issues a certificate.
  • "University X” is the issuer 301
  • the public key "1ABC” is the target 302
  • the hash associated with the certificate content is described as the value 303
  • the signature 310 by the University of X is added.
  • the public key described as the target 302 is owned by any individual, and possession of the public key in the public key cryptosystem means that the private key corresponding to the public key can be accessed. ..
  • the hash value 303 associated with the proof content can be the Merkle root of the Merkle tree whose nodes are the hash values of one or more attribute data representing one or more attributes to be certified.
  • FIG. 4 shows a Merkle tree including a hash value associated with the certification content of the certificate data shown in FIG. 3 as a Merkle root.
  • the hash value obtained from the name Bob Brown is "98754473”
  • the hash value obtained from the university name University X is "dfgsf3g1”
  • the hash value obtained from the faculty name Economics is "erg34gh8”
  • the value is "23308j32", which are the bottom nodes of the Merkle tree.
  • a new hash value is obtained by using the hash value obtained from the name and the hash value obtained from the university name.
  • a new hash value can be obtained by using the hash value obtained from the faculty name and the hash value obtained from the graduation date.
  • These are the nodes in the second layer of the Merkle tree.
  • a new hash value is obtained by using the hash values of the first node and the second node in the second layer, and this becomes a single node in the third layer of the Merkle tree, that is, the Merkle root.
  • a three-layer Merkle tree is illustrated, but the number of layers varies according to the number of attributes managed by the engine device 100 for each individual.
  • the verification data 400 corresponding to the certificate data 300 is the plurality of attribute data of a plurality of nodes located at the bottom layer of the Merkle tree, or at least a plurality of them. It may include some hash values or both. Even when the verification data 400 is the attribute data itself of one or more nodes located at the bottom layer of the Merkle tree, the request of the certificate data 300 is possible so that various expressions can be made simply by taking the date as an example. Since it is highly likely that the individual who uses the terminal 110 that has performed the above does not know in what data format those attribute data are stored, it is necessary for the engine device 100 to transmit such data to the terminal 110. .. Details will be described later.
  • the engine device 100 transmits the generated certificate data 300 and the verification data 400 corresponding to the certificate data 300 to the terminal 110 (S204).
  • the public key of the signer X University cannot be calculated from the signature 310, it is preferable to add the public key or the corresponding identification information to the certificate data 300 or include it in the certificate data 300.
  • the terminal 110 In addition to transmitting the certificate data 300 to the verification device 120 that requires verification of one or more attributes of the individual using the terminal 110, the terminal 110 also transmits the attribute data and verification of one or more attributes to be verified.
  • One or a plurality of hash values of the attribute data obtained by excluding the attribute data from the data 400 are transmitted with a signature on them by the private key corresponding to the public key included in the certificate data 300 (S205).
  • the signature by an individual using the terminal 110 is performed on one or a plurality of attribute data transmitted to the verification device 120 and one or a plurality of hash values of the attribute data obtained by excluding the attribute data from the verification data 400.
  • each of the verification data 400 may be performed for one or more attribute data to be proved, and each of the verification data 400 excluding those attribute data. It may be performed on data containing one or more hash values of attribute data, or may be a signature on other objects.
  • the verification device 120 when it is necessary to have the verification device 120 verify the name of an individual who uses the terminal 110, a signature is added to the attribute data "Bob Brown” and the data including the hash values "dfgsf3g1", “erg34gh8", and "23308j32". It is conceivable that the terminal 110 transmits the data to the verification device 120.
  • the verification device 120 confirms that the signature has been made by the owner of the public key which is the certification target 302 of the certificate data 300, and corresponds to one or a plurality of received attribute data.
  • the Merkle root obtained by calculating the hash value and using it in combination with the received one or more hash values matches the hash value 303 associated with the certificate content of the certificate data 300
  • the public key of the public key is obtained. It can be confirmed that one or more attributes of the owner have been confirmed by the institution that generated the certificate data 300. Further, the verification device 120 can confirm the institution that has confirmed the one or a plurality of attributes by verifying the certificate data 300 itself.
  • the Merkle root of the Merkle tree with one or more hash values for one or more attribute data representing one or more confirmed attributes of an individual as one or more nodes located at the bottom layer.
  • the individual can partially disclose the desired attribute to another person as needed.
  • One or more attributes that you do not want to disclose can be hidden by sending their hash values.
  • the hash value of one or more attribute data which is the verification data is calculated by a unidirectional hash function, it is difficult to specify the attribute data based on the hash value, but it is more deciphered.
  • one or more attributes, which are the proof contents include gender
  • the value of the attribute is either male or female, and the hash value of each can be calculated.
  • Attribute data can be specified based on the hash value. This also applies to those with more choices such as nationality, and if the hash calculation is performed by brute force, there is a possibility that the attribute data can be specified based on the hash value. Since decoding becomes extremely difficult by adding additional data, only one or a plurality of attribute data having a high decipherability should be used as modified attribute data among a plurality of attribute data representing a plurality of attributes that are proof contents. Can be considered.
  • the additional data may be referred to as nonce or salto.
  • the data transmitted from the terminal 110 with a signature added to the verification device 120 that requires verification of one or more attributes of the individual using the terminal 110 is one or a plurality of attributes to be proved. It is one or more hash values of each of the plurality of attribute data or the modified attribute data and the verification data 400 excluding the attribute data or the modified attribute data.
  • the hash value to be transmitted to the verification device 120 one or a plurality of hash values of each data excluding one or a plurality of attribute data of one or a plurality of attributes to be proved are considered as the hash value to be transmitted to the verification device 120.
  • “dfgsf3g1” and “2355234” may be used instead of the hash values “dfgsf3g1", “erg34gh8" and "23308j32".
  • the data transmitted to the verification device 120 is the hash value of all the nodes located at the bottom layer of the Merkle tree whose Merkle root is the hash value 303 associated with the certification content.
  • the hash value is transmitted to the verification device 120 with the following data structure, and the verification device 120 stores or makes available the attribute type corresponding to each position of the data structure. Therefore, it can be determined that the individual using the terminal 110 can access at least the attribute data which is the value of each attribute type without hiding and disclosing the value of each attribute type. It is possible to prove that the attribute exists.
  • the attribute type is stored or can be referred to only for a part of the attributes, it is possible to prove the existence of the attribute for the part.
  • the terminal 110 it is possible for an individual using the terminal 110 to access the name, university name, faculty name, and graduation date and determine that the hash value of their attribute data can be calculated. If it is sufficient to determine that the name and university name are accessible, the hash value of the node one level higher obtained by using the hash value of the faculty name and the hash value of the graduation date as in the previous example "2355234" May be sent.
  • a single certificate data is issued, but multiple certificate data can be issued for a certain public key.
  • attribute data representing various attributes confirmed by various institutions with the public key held by each individual
  • the public key can be digitally disclosed to the person who needs it. Functions as an ID.
  • method just in case, even if some method, program, terminal, device, server or system (hereinafter referred to as "method") has an aspect of performing an operation different from the operation described in the present specification, each of the present inventions
  • the aspect is intended to be the same operation as any of the operations described in the present specification, and the existence of an operation different from the operation described in the present specification means that the method and the like are described in each of the present inventions. It is added that it is not outside the scope of the aspect.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
PCT/JP2020/046442 2019-12-12 2020-12-13 証明書データをデジタルに利用可能にするための装置、方法及びそのためのプログラム Ceased WO2021117904A1 (ja)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN202080094578.1A CN115004629A (zh) 2019-12-12 2020-12-13 用于使证书数据能够数字利用的装置、方法及其程序
JP2021564079A JPWO2021117904A1 (https=) 2019-12-12 2020-12-13
EP20898537.4A EP4075720A4 (en) 2019-12-12 2020-12-13 DEVICE AND METHOD FOR THE DIGITAL USE OF CERTIFICATE DATA, AND ASSOCIATED PROGRAM
US17/784,773 US20230055866A1 (en) 2019-12-12 2020-12-13 Device and Method for Digital Utilization of Certificate Data, and Program Therefor

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2019224956 2019-12-12
JP2019-224956 2019-12-12

Publications (1)

Publication Number Publication Date
WO2021117904A1 true WO2021117904A1 (ja) 2021-06-17

Family

ID=76330041

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/046442 Ceased WO2021117904A1 (ja) 2019-12-12 2020-12-13 証明書データをデジタルに利用可能にするための装置、方法及びそのためのプログラム

Country Status (5)

Country Link
US (1) US20230055866A1 (https=)
EP (1) EP4075720A4 (https=)
JP (2) JP7162634B2 (https=)
CN (1) CN115004629A (https=)
WO (1) WO2021117904A1 (https=)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4160980B1 (en) * 2021-09-29 2026-01-28 AUMOVIO Germany GmbH Method of securely transitioning a life cycle stage of a product to a next stage throughout a forward-only life cycle and of verifying the integrity of data and product statuses

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001043344A1 (en) * 1999-12-13 2001-06-14 Rsa Security Inc. System and method for generating and managing attribute certificates
JP2005051734A (ja) * 2003-07-15 2005-02-24 Hitachi Ltd 電子文書の真正性保証方法および電子文書の公開システム
WO2006132143A1 (ja) * 2005-06-10 2006-12-14 Matsushita Electric Industrial Co., Ltd. 認証システム、認証装置、端末装置及び検証装置

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001011843A1 (en) * 1999-08-06 2001-02-15 Sudia Frank W Blocked tree authorization and status systems
US6802002B1 (en) * 2000-01-14 2004-10-05 Hewlett-Packard Development Company, L.P. Method and apparatus for providing field confidentiality in digital certificates
US20030233542A1 (en) * 2002-06-18 2003-12-18 Benaloh Josh D. Selectively disclosable digital certificates
US20140245020A1 (en) * 2013-02-22 2014-08-28 Guardtime Ip Holdings Limited Verification System and Method with Extra Security for Lower-Entropy Input Records
GB2564208A (en) 2016-05-13 2019-01-09 Nchain Holdings Ltd A method and system for verifying ownership of a digital asset using a distributed hash table and a peer-to-peer distributed ledger
CN109858270A (zh) * 2019-02-22 2019-06-07 江苏金智教育信息股份有限公司 一种去中心化数字身份的构建方法和系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001043344A1 (en) * 1999-12-13 2001-06-14 Rsa Security Inc. System and method for generating and managing attribute certificates
JP2005051734A (ja) * 2003-07-15 2005-02-24 Hitachi Ltd 電子文書の真正性保証方法および電子文書の公開システム
WO2006132143A1 (ja) * 2005-06-10 2006-12-14 Matsushita Electric Industrial Co., Ltd. 認証システム、認証装置、端末装置及び検証装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP4075720A4 *

Also Published As

Publication number Publication date
CN115004629A (zh) 2022-09-02
JPWO2021117904A1 (https=) 2021-06-17
US20230055866A1 (en) 2023-02-23
JP2021097392A (ja) 2021-06-24
JP7162634B2 (ja) 2022-10-28
EP4075720A1 (en) 2022-10-19
EP4075720A4 (en) 2023-11-29

Similar Documents

Publication Publication Date Title
US11777734B2 (en) Methods and systems for tracking and recovering assets stolen on distributed ledger-based networks
US11528141B2 (en) Methods and systems for enhancing privacy and efficiency on distributed ledger-based networks
CN112119610B (zh) 用于控制对资源的访问的令牌的存储、生成和验证的改进系统和方法
US11146399B2 (en) Methods and systems for retrieving zero-knowledge proof-cloaked data on distributed ledger-based networks
US11048690B2 (en) Contribution of multiparty data aggregation using distributed ledger technology
JP7381480B2 (ja) 双線形写像アキュムレータに基づく認証のためのブロックチェーン実装方法及びシステム
KR101169100B1 (ko) 비대칭 키 보안을 위한 시스템 및 방법
CN110009349B (zh) 区块链中生成和验证可链接环签名的方法及装置
WO2020029660A1 (zh) 用户的身份内容信息的认证、验证方法和装置
JP4888553B2 (ja) 電子データ認証方法、電子データ認証プログラムおよび電子データ認証システム
CN110048851B (zh) 区块链中生成和验证多层可链接环签名的方法及装置
JP7462903B2 (ja) 利用者端末、認証者端末、登録者端末、管理システムおよびプログラム
KR20220134341A (ko) 분산 id를 활용한 소유권 증명 및 이전 내역 증명 방법
Singh et al. A Digital Asset Inheritance Model to Convey Online Persona Posthumously: RG Singh et al.
CN114389810B (zh) 证明生成方法及装置、电子设备、存储介质
CN114338081B (zh) 多区块链统一身份认证方法、装置、计算机设备
CN116975937A (zh) 匿名证明方法、匿名验证方法
WO2021117904A1 (ja) 証明書データをデジタルに利用可能にするための装置、方法及びそのためのプログラム
JP2023125727A (ja) テンプレート管理システム及びテンプレート管理方法
US20250322392A1 (en) Decentralized custodial wallets for secure blockchain transactions
HK40040424B (zh) 区块链中生成和验证可链接环签名的方法及装置
CN113254731A (zh) 区块链节点连接方法、装置及电子设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20898537

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021564079

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2020898537

Country of ref document: EP

Effective date: 20220712