WO2023010688A1 - 一种密钥管理方法及装置 - Google Patents

一种密钥管理方法及装置 Download PDF

Info

Publication number
WO2023010688A1
WO2023010688A1 PCT/CN2021/124670 CN2021124670W WO2023010688A1 WO 2023010688 A1 WO2023010688 A1 WO 2023010688A1 CN 2021124670 W CN2021124670 W CN 2021124670W WO 2023010688 A1 WO2023010688 A1 WO 2023010688A1
Authority
WO
WIPO (PCT)
Prior art keywords
identity information
pseudo
user node
node
bloom filter
Prior art date
Application number
PCT/CN2021/124670
Other languages
English (en)
French (fr)
Inventor
姚苏
关建峰
徐恪
李雪涛
程玄
范瑞彬
张开翔
苏小康
李传庆
李成博
Original Assignee
深圳前海微众银行股份有限公司
清华大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司, 清华大学 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2023010688A1 publication Critical patent/WO2023010688A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present invention relates to the field of financial technology (Fintech), in particular to a key management method and device.
  • the current authentication mechanisms mainly include identity-based encryption and certificate-less public key encryption.
  • the mechanism based on certificateless public key encryption is to generate a public key and a private key by the user node.
  • the public key is determined by the user node according to the selected secret value
  • the private key is generated by the user node according to the secret value and the key generation center.
  • Part of the private key is determined, and part of the private key is determined by the key generation center based on the identity information of the user node.
  • the user node signs the message to be disseminated, and then the authentication node verifies the security and validity of the signature.
  • the authentication node verifies the security and validity of the signature.
  • the key generation center updates some private keys of other user nodes, so that other user nodes update their own private keys, so as to prevent the above attacks, but this The method needs to update some private keys of other user nodes in the whole network, which greatly increases the calculation burden of the key generation center.
  • Embodiments of the present invention provide a key management method and device, which are used to prevent attackers from disseminating false information through invalid public keys, while avoiding excessive calculation burdens on user nodes and key generation centers.
  • an embodiment of the present invention provides a key management method, including:
  • the tracking agency obtains the identity verification information sent by the authentication node; the identity verification information includes the pseudo-identity information of the user node; the pseudo-identity information is determined by the tracking agency according to the real identity information of the user node;
  • the tracking agency determines whether the pseudo-identity information is valid pseudo-identity information according to the first block chain and the second block chain; the first block chain is used to record valid pseudo-identity information; the second block chain The chain is used to record invalid pseudo-identity information;
  • the authentication node before the authentication node sends the message of the user node, it is determined whether the user node is a valid user node by verifying the pseudo-identity information of the user node, so as to prevent the attacker from sending false messages. Specifically, by determining the pseudo-identity information Whether it is recorded on the first block chain and/or the second block chain, that is to say, whether the pseudo-identity information is valid can be determined through the first block chain and the second block chain, and then the pseudo-identity information can be determined Whether the public key corresponding to the identity information is a valid public key, so as to prevent attackers from spreading false news through invalid public keys, and the invalid public key can be determined without updating the private key of the user node and part of the private key of the key generation center.
  • the key generation center and user nodes can avoid excessive calculation burdens. Further, using pseudo-identity information to verify the corresponding user nodes can improve the security and privacy of user nodes. Through the first blockchain and the second Using the blockchain to determine whether the pseudo-identity information is valid can increase the accuracy of determining whether the pseudo-identity information is valid, prevent the pseudo-identity information from being tampered with, and improve the accuracy of the pseudo-identity information.
  • the tracking agency determines whether the pseudo-identity information is valid pseudo-identity information according to the first block chain and the second block chain, including:
  • the second counting Bloom filter determines that the pseudo-identity information is not recorded on the second block chain, and then determines that the pseudo-identity information is valid pseudo-identity information
  • the tracking agency determines that the pseudo-identity information is not recorded on the first blockchain according to the first counting Bloom filter in the first blockchain, and according to the The second counting Bloom filter determines that the pseudo-identity information is recorded on the second block chain, and then determines that the pseudo-identity information is invalid pseudo-identity information;
  • the first counting Bloom filter is the counting Bloom filter of the latest block on the first block chain;
  • the second counting Bloom filter is the counting Bloom filter of the latest block on the second block chain Count Bloom filter.
  • the first counting Bloom filter and the second counting Bloom filter it is determined whether the pseudo-identity information is recorded on the first block chain and/or the second block chain, so as to improve the validity of the pseudo-identity information.
  • the efficiency of the two counting Bloom filters can also reduce the problem of false positives of the Bloom filter, and improve the accuracy of determining the validity of pseudo-identity information.
  • the method also includes:
  • the tracking agency determines that the pseudo-identity information is recorded on the first block chain according to the first counting Bloom filter, and determines that the pseudo-identity information is recorded according to the second counting Bloom filter
  • On the second blockchain determine whether the pseudo-identity information is recorded on the second blockchain according to the block height corresponding to the pseudo-identity information
  • the tracking agency determines that the pseudo-identity information is recorded on the second block chain according to the block height corresponding to the pseudo-identity information, it determines that the pseudo-identity information is invalid pseudo-identity information.
  • the first counting Bloom filter and the second counting Bloom filter determines whether the pseudo-identity information is recorded on both the first block chain and the second block chain.
  • a second counting Bloom filter in the block chain determines that the pseudo-identity information is not recorded on the second block chain, comprising:
  • the tracking agency determines each hash value of the pseudo-identity information according to each preset hash function
  • the tracking mechanism determines, based on the hash values, that each hash value corresponds to each slot value on the first counting Bloom filter array and corresponds to each slot value on the second counting Bloom filter array.
  • the tracking mechanism determines that each slot value on the first counting Bloom filter array is not 0, then determine that the pseudo-identity information exists in the first counting Bloom filter; the first counting The Bloom filter is used to characterize whether the pseudo-identity information is recorded on the first block chain;
  • the second counting Bloom filter is used to characterize whether the pseudo-identity information is recorded on the second block chain.
  • determining the false identity information according to the real identity information of the user node includes:
  • the tracking agency obtains the creation instruction sent by the user node; the creation instruction includes the real identity information of the user node, the first information and the first verification value; the first information is the user node based on the real identity information and a first secret value; the first secret value is selected by the user node; the first verification value is determined by the user node according to the first secret value and the first information;
  • the tracking organization After the tracking organization passes the verification of the first information according to the first verification value, based on the real identity information, the second information is determined according to the master key of the tracking organization; Let the elliptic curve be determined;
  • the tracking agency determines the first information and the second information as the pseudo-identity information.
  • the first information is determined by the first secret value selected by the user node, which is equivalent to the user node encrypting the real identity information for the first time
  • the second information is determined by the master secret key of the tracking agency, which is equivalent to the tracking agency
  • the real identity information is encrypted for the second time to obtain pseudo-identity information, so as to improve the security of pseudo-identity information.
  • the tracking agency obtains the identity verification information sent by the authentication node, it also includes:
  • the tracking agency generates pseudo-identity information of the user node based on the creation instruction sent by the user node;
  • the tracking organization constructs a first transaction based on the pseudo-identity information, and links the first block containing the first transaction to the first block chain; the block header of the first block sets There is a first counting Bloom filter, and the first transaction is recorded in the block body of the first block; the value of each slot in the first counting Bloom filter is based on the first block determined by the first counting Bloom filter in the previous block and the hash values of the pseudo-identity information under the preset hash functions.
  • uploading the determined pseudo-identity information to the first block chain is to record the pseudo-identity information in the first counting Bloom filter to improve the efficiency of determining the validity of the pseudo-identity information.
  • the pseudo-identity information is recorded on the first blockchain to ensure that the pseudo-identity information cannot be tampered with, and to improve the security and accuracy of the pseudo-identity information.
  • the method also includes:
  • the tracking agency constructs a second transaction and uploads a second block containing the second transaction to the second blockchain based on the revocation instruction sent by the user node with pseudo-identity information;
  • a second counting Bloom filter is set in the block header of the second block, and the second transaction is recorded in the block body of the second block; each slot value in the second counting Bloom filter It is determined according to the second counting Bloom filter in the previous block of the second block and each hash value of the pseudo-identity information under each preset hash function.
  • the second counting Bloom filter is obtained, and the pseudo-identity information in the revocation instruction is uploaded to the second blockchain, which can reduce the false positive problem of the Bloom filter on the one hand, and on the other hand
  • the second blockchain can guarantee the accuracy of determining that the pseudo-identity information is invalid pseudo-identity information.
  • an embodiment of the present invention provides a key management method, including:
  • the first authentication node obtains the sending message of the user node; the sending message includes pseudo-identity information; the pseudo-identity information is determined by the tracking agency according to the real identity information of the user node;
  • the first authentication node sends the pseudo-identity information to the tracking agency, and receives the verification result of the pseudo-identity information from the tracking agency; the verification result is that the tracking agency according to the first block chain and the second blockchain; the first blockchain is used to record valid pseudo-identity information; the second blockchain is used to record invalid pseudo-identity information;
  • the first authentication node sends the sending message after the verification result is passed.
  • the first authentication node after the first authentication node obtains the message sent by the user node, before verifying the signature of the sent message, it also verifies whether the user node is a valid user node, so as to prevent attackers from disseminating information through invalid user public keys. False messages, and then verify the signature of the sent message to ensure the accuracy of the sent message.
  • the sending message also includes the public key and signature of the user node
  • sending the sending message includes:
  • the first authentication node verifies the signature according to the public key of the user node
  • the first authentication node sends the sending message after the verification result is verified and the signature is verified; the signature is determined by the user node according to the user node's public key and private key ;
  • the public key of the user node is determined according to the pseudo-identity information;
  • the private key of the user node is generated according to a part of the private key;
  • the part of the private key is generated by the key generation center according to the pseudo-identity information of.
  • the public key and private key of the user node are determined based on the pseudo-identity information, and the pseudo-identity information is obtained through the encryption of the tracking agency and the encryption of the user node, so as to increase the difficulty for the attacker to generate the private key and improve Security of public and private keys of user nodes.
  • the first authentication node verifies the signature according to the public key of the user node, including:
  • the first authentication node receives the sending message from at least one user node, then generate an aggregate signature for the signature of the at least one user node;
  • the first authentication node verifies the aggregated signature according to the public key of the at least one user node.
  • the sending message also includes a time stamp of the pseudo-identity information
  • the valid time of the pseudo-identity information can prevent attackers from using invalid pseudo-identity information to carry out attacks, thereby improving the security of the pseudo-identity information.
  • the method also includes:
  • the first authentication node sends an authentication request to the second authentication node; the authentication request is used to instruct the authentication node switching authentication for the user node group under the first authentication node; the user node group is based on each user node The physical address of the node is divided;
  • the first authentication node receives an authentication confirmation message sent by the second authentication node; the authentication confirmation message is generated after the second authentication node passes the authentication request;
  • the first authentication node broadcasts the verification result in the authentication confirmation message to each user node group in the first authentication node.
  • the switched authentication node and the user node perform interactive verification, that is, the switched authentication node verifies the legitimacy of the user node, and the user node verifies the legitimacy of the switched authentication node.
  • the authentication node switching is realized through the authentication between the first authentication node and the second authentication node, so that after the authentication node switching, the user node does not need to verify the switched authentication node legitimacy, so as to reduce the delay of the authentication node switching, and the switching of the authentication node is based on the user node group instead of a single user node, so as to reduce the signaling overhead of the authentication node switching and save computing resources. Improve the switching efficiency of authentication nodes.
  • the method also includes:
  • the first authentication node receives a node switching instruction sent by any user node in the user node group
  • the first authentication node modifies the status identifier of the user node group to dormant
  • the first authentication node switches the user node group to the second authentication node.
  • the status flag of the user node group is changed to dormancy, so that the user nodes in the user node group do not send messages temporarily to prevent message loss.
  • an embodiment of the present invention provides a key management device, including:
  • An acquisition module configured to acquire identity verification information sent by an authentication node; the identity verification information includes pseudo-identity information of a user node; the pseudo-identity information is determined by the tracking agency based on the real identity information of the user node;
  • a processing module configured to determine whether the pseudo-identity information is valid pseudo-identity information according to the first block chain and the second block chain; the first block chain is used to record valid pseudo-identity information; the second area The block chain is used to record invalid pseudo-identity information;
  • processing module is specifically used for:
  • the long filter determines that the pseudo-identity information is not recorded on the second block chain, and then determines that the pseudo-identity information is effective pseudo-identity information
  • the first counting Bloom filter is the counting Bloom filter of the latest block on the first block chain;
  • the second counting Bloom filter is the counting Bloom filter of the latest block on the second block chain Count Bloom filter.
  • processing module is also used for:
  • processing module is specifically used for:
  • each hash value corresponds to each slot value on the first counting Bloom filter array and each slot value corresponds to each slot on the second counting Bloom filter array. value
  • each slot value on the first counting Bloom filter array is not 0, then it is determined that the pseudo-identity information exists in the first counting Bloom filter; the first counting Bloom filter uses To characterize whether the pseudo-identity information is recorded on the first block chain;
  • the second counting Bloom filter A two-count Bloom filter is used to characterize whether the pseudo-identity information is recorded on the second block chain.
  • processing module is specifically used for:
  • the creation instruction sent by the user node includes the real identity information of the user node, first information and a first verification value; the first information is the user node based on the real identity information and the first verification value determined by a secret value; the first secret value is selected by the user node; the first verification value is determined by the user node according to the first secret value and the first information;
  • the second information is determined according to the master key of the tracking organization; the master key is determined according to a preset elliptic curve of;
  • processing module is also used for:
  • processing module is also used for:
  • an embodiment of the present invention provides a key management device, including:
  • An acquisition unit configured to acquire a message sent by a user node; the message sent includes pseudo-identity information; the pseudo-identity information is determined by a tracking agency based on the real identity information of the user node;
  • a processing unit configured to send the pseudo-identity information to the tracking agency, and receive a verification result of the pseudo-identity information from the tracking agency; the verification result is obtained by the tracking agency according to the first block chain and Determined by the second blockchain; the first blockchain is used to record valid pseudo-identity information; the second blockchain is used to record invalid pseudo-identity information;
  • the sending message is sent.
  • the sending message also includes the public key and signature of the user node
  • the processing unit is also used for:
  • the sending message is sent; the signature is determined by the user node according to the user node's public key and private key; the user node's The public key is determined according to the pseudo-identity information; the private key of the user node is generated according to a part of the private key; the part of the private key is generated by the key generation center according to the pseudo-identity information.
  • processing unit is specifically used for:
  • an aggregate signature is generated for the signature of the at least one user node
  • the aggregated signature is verified according to the public key of the at least one user node.
  • the sending message also includes a time stamp of the pseudo-identity information
  • the processing unit is also used for:
  • the pseudo-identity information Before sending the sending message, it is determined according to the time stamp that the pseudo-identity information is in a valid state.
  • processing unit is also used for:
  • the authentication request is used to instruct the user node group located under the first authentication node to perform authentication node switching authentication; the user node group is divided according to the physical address of each user node ;
  • the authentication confirmation message is generated after the second authentication node passes the authentication request;
  • processing unit is also used for:
  • the embodiment of the present invention also provides a computer device, including:
  • the processor is configured to call the program instructions stored in the memory, and execute the above key management method according to the obtained program.
  • an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, and the computer-executable instructions are used to cause a computer to execute the above key management method.
  • FIG. 1 is a schematic diagram of a system architecture provided by an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a key management method provided by an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a block provided by an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of a block chain provided by an embodiment of the present invention.
  • Fig. 5 is a schematic diagram of a first transaction provided by an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a counting Bloom filter provided by an embodiment of the present invention.
  • Fig. 7 is a schematic diagram of a second transaction provided by an embodiment of the present invention.
  • FIG. 8 is a schematic flowchart of a key management method provided by an embodiment of the present invention.
  • FIG. 9 is a schematic flowchart of a key management method provided by an embodiment of the present invention.
  • the public key is generated by the secret value selected by the user node
  • the private key is composed of the secret value selected by the user node and a part of the private key generated by the key generation center KGC
  • the part The private key is determined by the key generation center KGC according to the real identity information of the user.
  • the key generation center cannot know the user's complete private key, so there is no need for the key escrow problem in the identity-based encryption system.
  • an attacker A generates a public key to replace the public key of user B, even if attacker A obtains part of the private key generated by the key generation center for user B based on user B's identity information, attacker A cannot All private keys of user B are generated through partial private keys, so attacker A cannot pretend that user B signs a message or decrypts the ciphertext sent to user B. Therefore, certificateless public key cryptography has no key escrow problem.
  • the user's public key is generated according to the user's identity information (such as the user's ID number, email address, phone number, etc.), and no public key certificate is required.
  • the certificateless public key encryption mechanism is a technology that does not rely on certificates for key distribution, so the key problem it faces is key management. If the expired or revoked identity is stolen, that is, the public key corresponding to the invalid identity is stolen, it will pose a huge threat to information security. At present, there are two main technical solutions for revocation management in the certificateless public key encryption mechanism:
  • the key generation center needs to update some of the private keys of all user nodes, and the user nodes also need to update their own private keys, resulting in the computation of user nodes and the key generation center If the amount of increase is too large, the burden on computing resources will be increased.
  • FIG. 1 exemplarily shows a system architecture applicable to the embodiment of the present invention
  • the system architecture includes an authentication node 110 , a tracking agency 120 , a user node 130 and a key generation center 140 .
  • the authentication node 110 is used to receive the sending message from the user node 130, and perform signature verification on the sending message. After the signature verification is passed, use its own private key to encrypt the sending message and then send it; the private key of the authentication node 110 is Generated according to the partial private key of the authentication node sent by the key generation center 140 .
  • the tracking mechanism 120 is used to determine whether the pseudo-identity information is valid pseudo-identity information or invalid pseudo-identity information according to the first counting Bloom filter in the first blockchain and the second counting Bloom filter in the second blockchain , and according to the real identity information sent by the user node 130, determine the corresponding pseudo-identity information, and send the pseudo-identity information to the user node 130 and the key generation center 140.
  • the user node 130 is configured to send the real identity information and the first information determined based on the real identity information to the tracking agency 120, so that the tracking agency 120 generates pseudo-identity information.
  • the key generation center 140 is used to obtain the fake identity information sent by the tracking agency 120, generate a part of the private key of the user node, obtain the real identity information of the authentication node 110, and generate a part of the private key of the authentication node.
  • FIG. 1 is only an example, which is not limited in this embodiment of the present invention.
  • FIG. 2 exemplarily shows a schematic flowchart of a key management method provided by an embodiment of the present invention, and the process can be executed by a key management device.
  • the process specifically includes:
  • Step 210 the tracking agency obtains the identity verification information sent by the authentication node; the identity verification information includes the pseudo-identity information of the user node.
  • the false identity information is determined by the tracking agency based on the real identity information of the user node.
  • Step 220 the tracking agency determines whether the pseudo-identity information is valid pseudo-identity information according to the first block chain and the second block chain.
  • the first block chain is used to record valid pseudo-identity information; the second block chain is used to record invalid pseudo-identity information. Specifically, it can be determined whether the pseudo-identity information is recorded on the first block chain and/or the second block chain according to the counting Bloom filter, and it is also possible to directly search the block on the block chain to determine whether the pseudo-identity information is Recorded on the first blockchain and/or the second blockchain.
  • Step 230 if yes, generate a verification result of the fake identity information, and send the verification result to the authentication node.
  • the verification result is sent to the authentication node, wherein the verification result is used for Indicates that the public key corresponding to the pseudo-identity information of the authentication node is valid, and signature verification can be performed on the sent message corresponding to the pseudo-identity information.
  • Blockchain its essence is a distributed ledger, which ensures that data cannot be tampered or forged through a chain structure, and has the characteristics of decentralization, tamper-proof and traceability. Any node in the blockchain network stores a complete copy of the data to ensure the integrity of the data. The consensus of the data is reached between the nodes through a consensus algorithm that does not require a trusted third party, such as practical Byzantine fault tolerance, non- Symmetric encryption technology, etc.
  • blockchains can be divided into three types, namely, public blockchains, consortium blockchains, and private blockchains.
  • the public blockchain has the characteristics of complete openness and transparency, uncontrolled reading and writing of data, and tampering.
  • the transaction cost of the private blockchain is low, but the authority is controlled by a small number of nodes, and the data on the private blockchain may be manipulated.
  • the blockchain transaction speed is between the two, and has the characteristics of controllability and manageability, which is more suitable for the Internet of Things.
  • the embodiment of the present invention takes the consortium blockchain as an example, but this is not limited.
  • the embodiment of the present invention uses PBFT (Practical Byzantine Fault Tolerance, Practical Byzantine Fault Tolerance), and the complexity of the PBFT algorithm is at the polynomial level.
  • a consensus can be reached in a scenario where a small number of nodes do evil (such as forged messages).
  • the system can reach consensus, and cryptographic algorithms such as hashing and signature verification ensure the integrity of the message delivery process. Tamper-proof, counterfeit-proof and non-repudiation.
  • Fig. 3 exemplarily shows a schematic diagram of a block.
  • the block includes version number, block header, previous block hash value, time Information such as stamps, counting bloom filters, and block numbers. This information serves as proof that transaction data cannot be tampered with or forged.
  • the false identity information is determined by the tracking agency according to the real identity information sent by the user node, the first information and the second information generated by itself.
  • the tracking agency obtains the creation instruction sent by the user node; the creation instruction includes the real identity information of the user node, first information, and a first verification value; the first information is the user node based on the real determined by the identity information and the first secret value; the first secret value is selected by the user node; the first verification value is determined by the user node according to the first secret value and the first information ; After the first information is verified according to the first verification value, based on the real identity information, the second information is determined according to the master secret key of the tracking organization; the master secret key is based on a preset elliptic curve Determined: determining the first information and the second information as the pseudo-identity information.
  • the public key of the key generation center, P pub is used by the user node to verify part of the private key.
  • the tracking agency and the key generation center will also select multiple hash functions for verification and determination of the public key and private key of the user node and other calculations. For example, three hash functions H 1 , H 2 and H 3 are selected, and H 1 , H 2 and H 3 : ⁇ 0, 1 ⁇ Zp *.
  • the user node randomly selects the first secret value, t i ⁇ Z p *, based on the real identity information RID i , calculates Wherein, PID i1 is the first information, and K i is the first verification value. Then send the real identity information RID i , the first information PID i1 and the first verification value K i to the tracking agency.
  • the tracking agency verifies the real identity information RID i according to the first verification value K i , specifically, when determining , confirm that the verification is passed, and then calculate Wherein, PID i2 is the second information, ⁇ T i is the time stamp, and then the tracking agency determines the first information PID i1 and the second information PID i2 as the pseudo-identity information PID i .
  • the master key can also be determined according to a preset bilinear curve, for example, E is a bilinear curve of G 1 ⁇ G 1 ⁇ G 2 , where G 1 is a cyclic group of order q, G 2 is a p-order cyclic group, P is the generator of G 1 , and then the tracking agency and the key generation center respectively select the master secret key to determine the pseudo-identity information.
  • E is a bilinear curve of G 1 ⁇ G 1 ⁇ G 2 , where G 1 is a cyclic group of order q, G 2 is a p-order cyclic group, P is the generator of G 1 , and then the tracking agency and the key generation center respectively select the master secret key to determine the pseudo-identity information.
  • step 220 the tracking agency determines whether the pseudo-identity information is valid pseudo-identity information according to the first counting Bloom filter in the first blockchain and the second counting Bloom filter in the second blockchain.
  • the tracking organization determines that the pseudo-identity information is recorded on the first blockchain according to the first counting Bloom filter in the first blockchain, and according to the second counting Bloom filter in the second blockchain Determine that the pseudo-identity information is not recorded on the second block chain, then determine that the pseudo-identity information is valid pseudo-identity information, if it is determined that the pseudo-identity information is not recorded in the first block chain according to the first counting Bloom filter in the first block chain On the block chain, and according to the second counting Bloom filter in the second block chain, it is determined that the pseudo-identity information is recorded on the second block chain, then it is determined that the pseudo-identity information is invalid pseudo-identity information, wherein the first count The Bloom filter is the counting Bloom filter of the latest block on the first blockchain; the second counting Bloom filter is the counting Bloom filter of the latest block on the second blockchain.
  • the blockchain is obtained after the blocks are connected in the order of time stamps.
  • the counting Bloom filter of the latest block in order to ensure the accuracy and real-time performance of the verification results, it is necessary to use the counting Bloom filter of the latest block as the first counting Bloom filter or the second counting Bloom filter for checking pseudo-identity information filters, that is, one or more counting Bloom filters are included in any block.
  • the counting Bloom filter is a data structure composed of an array with a length of e bits and preset w hash functions, the array includes multiple slots, and the value of the slot is determined according to w hash functions Yes, w hash functions can disperse the input data and insert it into the corresponding slot, so as to assign a value to the slot and determine the slot value, so that the data itself does not need to be stored, and the storage space is saved and the efficiency is high.
  • the first counting Bloom filter and the second counting Bloom filter are determined by the tracking agency based on the pseudo-identity information sent by the user.
  • the counting distribution in the latest block on the blockchain The Bloom filter is determined based on the Bloom filter count of the previous block of the latest block and all pseudo-identity information in the latest block, that is, transactions.
  • the tracking organization generates pseudo-identity information of the user node based on the creation instruction sent by the user node, constructs the first transaction based on the pseudo-identity information, and uploads the first block containing the first transaction to the first blockchain;
  • a first counting Bloom filter is set in the block header of the first block, and the first transaction is recorded in the block body of the first block; each of the first counting Bloom filters
  • the slot value is determined according to the first counting Bloom filter in the previous block of the first block and each hash value of the pseudo-identity information under each preset hash function.
  • Fig. 4 exemplarily shows a schematic diagram of a block chain, as shown in Fig. 4, wherein block f is equivalent to the first block, and block f-1 is equivalent to the first block
  • Figure 5 exemplarily shows a schematic diagram of a first transaction, as shown in Figure 5, the first transaction includes the first random number, pseudo-identity information, real identity information, tracking agency information, The time stamp of the pseudo-identity information and the validity period of the pseudo-identity information are determined.
  • the slot value in the counting Bloom filter is calculated based on the hash operation of the pseudo-identity information, inserted into the corresponding slot, and then added.
  • the tracking agency based on the first pseudo-identity information indicated by the creation Determine each first hash value of the first pseudo-identity information, and determine the first slot corresponding to each first hash value on the counting Bloom filter array in the previous block of the latest block on the first block chain and add 1 to the value of the first slot to determine the value of each first slot to obtain the first counting Bloom filter.
  • FIG. 6 exemplarily shows a schematic diagram of a counting Bloom filter.
  • the preset hash functions are w1, w2 and w3 respectively.
  • the slots sz2, sz5, and sz8 of the counting Bloom filter in block 1 all have slot values of 1, where block 1 is equivalent to the previous block of the latest block on the first block chain, and the tracking agency is based on
  • After creating the instruction to determine the first pseudo-identity information determine the first hash values of the first pseudo-identity information according to the preset hash functions w1, w2, and w3 to be hash1, hash2, and hash3 respectively, and determine the corresponding hash values of hash1, hash2, and hash3.
  • the first slots are sz2, sz6, and sz9, and then add 1 to the values of the first slots sz2, sz6, and sz9 in block 1 to obtain the first counting Bloom filter, which is the counting Bloom in blockchain 2 filter.
  • the first counting Bloom filter is not limited to one transaction in the block.
  • the preset hash functions used by the counting Bloom filters may be the same or different, and are not specifically limited here.
  • the counting Bloom filter not only allows the insertion of pseudo-identity information, but also allows the deletion of pseudo-identity information.
  • the tracking organization constructs the second transaction based on the revocation instruction with pseudo-identity information sent by the user node And the second block containing the second transaction is linked to the second block chain; the second counting Bloom filter is set in the block header of the second block, and the second counting Bloom filter is recorded in the block body of the second block Two transactions; the value of each slot in the second counting Bloom filter is based on the second counting Bloom filter in the previous block of the second block and the pseudo-identity information under each preset hash function The Greek value is determined.
  • Fig. 7 exemplarily shows a schematic diagram of a second transaction.
  • the second transaction includes the second random number, pseudo identity information, real identity information, tracking organization information, validity period of pseudo identity information, pseudo The revocation time of the identity information and the reason for the revocation of the false identity information.
  • the random number in the transaction is used to determine the unique identifier of the transaction
  • the reason for revocation of the user's identity is used to give different restrictions when applying for pseudo-identity information next time, such as refusing to assign pseudo-identity information to it, setting a smaller timestamp, etc. .
  • the second counting Bloom filter can be determined in the latest block on the second blockchain, as in the example shown in Figure 6 above, based on the same technology
  • the tracking agency determines each second hash value of the second pseudo-identity information based on the second pseudo-identity information indicated by the revocation, and the counting Bloom filter array in the previous block of the latest block on the second blockchain Determine the second slot corresponding to each second hash value, and add 1 to the value of the second slot, determine the value of each second slot, and obtain the second counting Bloom filter.
  • the tracking agency will also update the first counting Bloom filter. Specifically, the tracking agency determines the second hashes of the second pseudo-identity information based on the second pseudo-identity information indicated by the revocation. Value, determine the third slot corresponding to each second hash value on the counting Bloom filter array in the previous block of the latest block on the first blockchain, and subtract 1 from the value of the third slot , determine the value of each third slot, and obtain the first counting Bloom filter.
  • the pseudo-identity information For verifying whether the pseudo-identity information is recorded on the first block chain and/or the second block chain, it is necessary to first determine whether the pseudo-identity information is inserted into the first counting Bloom filter array and/or the second counting Bloom on the filter array.
  • the tracking organization determines each hash value of the pseudo-identity information according to each preset hash function, and determines each slot value corresponding to each hash value on the first counting Bloom filter array and Corresponding to each slot value on the second counting Bloom filter array;
  • the first counting Bloom filter is used to represent the pseudo-identity Whether the information is recorded on the first block chain; if it is determined that any slot value in each slot value on the second counting Bloom filter array is 0, then it is determined that the pseudo-identity information does not exist in the second counting cloth Long filter; the second counting Bloom filter is used to characterize whether the pseudo-identity information is recorded on the second block chain.
  • the verification method for the second counting Bloom filter is the same as the verification method for the first counting Bloom filter, and will not be repeated here.
  • the counting Bloom filter there is a false positive problem in the counting Bloom filter, that is, when verifying whether the pseudo-identity information is recorded on the first blockchain and/or on the second blockchain, it is determined that the pseudo-identity information inserted in the first counting
  • the Bloom filter is inserted into the second counting Bloom filter. To solve this problem, it is determined whether the pseudo-identity information is recorded on the second block chain through the block corresponding to the pseudo-identity information.
  • the tracking agency determines that the pseudo-identity information is recorded on the first blockchain according to the first counting Bloom filter, and determines that the pseudo-identity information is recorded on the second blockchain according to the second counting Bloom filter, then Determine whether the pseudo-identity information is recorded on the second blockchain according to the block height corresponding to the pseudo-identity information; if it is determined that the pseudo-identity information is recorded on the second blockchain according to the block height corresponding to the pseudo-identity information, then determine the pseudo-identity The information is invalid pseudo-identity information.
  • any pseudo-identity information is uploaded to the block chain by constructing a transaction, so the corresponding transaction can be obtained through the pseudo-identity information, as shown in Figure 5 and Figure 7 above, any transaction also includes the block height , so the block height of the corresponding transaction can be found according to the pseudo-identity information, so that it can be determined whether the pseudo-identity information is recorded on the second blockchain, thereby eliminating the problem of counting false positives of the Bloom filter.
  • FIG. 8 exemplarily shows a schematic flowchart of a key management method. As shown in FIG. 8, the process includes:
  • Step 810 acquiring identity verification information.
  • the tracking agency obtains the identity verification information sent by the authentication node, and the identity verification information includes the fake identity information PID i of the real identity information RID i .
  • Step 820 determine whether it is in the second counting Bloom filter.
  • the pseudo-identity information PID i is hashed to obtain the hash values hash1, hash2 and hash3, and the hash values hash1, hash2 and hash3 are determined to correspond to the second count Bloom filter
  • the slots on the filter array are sz3, sz4, and sz5 respectively, determine whether the slot values of the slots sz3, sz4, and sz5 in the second counting Bloom filter array are 0, if any of the slots sz3, sz4, and sz5 If the slot value of the slot is 0, it is determined that the pseudo-identity information PID i is not inserted into the second counting Bloom filter, that is, the pseudo-identity information PID i is not recorded on the second blockchain.
  • Step 830 determine whether it is in the first counting Bloom filter.
  • the hash values hash1, hash2, and hash3 correspond to the first counting Bloom filter
  • the slot positions on the filter array are respectively sz7, sz8 and sz9, and further according to the values of the slot positions sz7, sz8 and sz9 on the first counting Bloom filter array to determine whether the pseudo-identity information PID i is inserted in the first counting Bloom filter array In the filter, that is to say, it is determined whether the pseudo-identity information PID i is recorded on the first block chain.
  • pseudo-identity information PID i is recorded on the first blockchain and not recorded on the second blockchain, then it is determined that the pseudo-identity information PID i is valid pseudo-identity information; if it is determined that the pseudo-identity information PID i is not recorded in the On the first blockchain and recorded on the second blockchain, it is determined that the pseudo-identity information PID i is invalid pseudo-identity information.
  • Step 840 determine whether to record on the second block chain.
  • the pseudo-identity information PID i is recorded on both the first block chain and the second block chain, then according to the block height in the transaction corresponding to the pseudo-identity information PID i , determine whether the pseudo-identity information PID i Recorded on the second block chain, if so, determine that the pseudo-identity information PID i is invalid pseudo-identity information.
  • the efficiency of the two counting Bloom filters can also reduce the problem of Bloom filter false positives, improve the accuracy of determining the validity of pseudo-identity information, through the first block chain and the second block chain can determine the Whether the pseudo-identity information is valid, and then determine whether the public key corresponding to the pseudo-identity information is a valid public key, so as to prevent attackers from spreading false information through invalid public keys, and there is no need to update the private key and key of the user node Part of the private key of the generation center can determine the invalid public key, so as to avoid the excessive calculation burden of the key generation center and user nodes.
  • the tracking agency determines that the fake identity information is illegal, it can track it based on the real identity information recorded in the first blockchain or the second blockchain, and impose preset penalties on it, such as pulling it into Blacklist etc.
  • the application scenario where the authentication node verifies the pseudo-identity information through the tracking mechanism is: user node A sends a message to user node B, and in the process of sending the message again, the authentication node verifies the pseudo-identity information of user node A , thus ensuring the security of pseudo-identity information.
  • FIG. 9 exemplarily shows a schematic flowchart of a key management method provided by an embodiment of the present invention, and the process can be executed by a key management device.
  • Step 910 the first authentication node acquires the sending message of the user node.
  • the message sent by the user node includes pseudo-identity information of the user node; the pseudo-identity information is determined by the tracking agency based on the real identity information of the user node.
  • Step 920 the verification result is determined by the tracking agency according to the first block chain and the second block chain; the first block chain is used to record valid pseudo-identity information; the second block chain uses To record invalid pseudo-identity information. Further, the verification result is determined by the tracking agency according to the hash value of the fake identity information, the first counting Bloom filter in the first blockchain, and the second counting Bloom filter in the second blockchain.
  • Step 930 after the verification result is that the verification is passed, the first authentication node sends the sending message.
  • the first authentication node determines that the pseudo-identity information of the user node is valid, that is, safe and correct, and then verifies the signature in the sent message to determine After the signature is verified, the send message is sent.
  • the first authentication node may send each pseudo-identity information within a preset period of time to the tracking agency for verification, so as to reduce the number of interactions between the first authentication node and the tracking agency and save transmission resources.
  • the first authentication node obtains 10 sent messages within 1 minute (preset time period), including 3 sent messages from user node A1 and 7 sent messages from user node A2, so when verifying fake identity information , the tracking agency only needs to verify the pseudo-identity information of user node A1 and user node A2 once, and does not need to verify each sent message, which reduces the number of interactions between the first authentication node and the tracking agency, and reduces the tracking agency's Repeated verification saves transmission resources and computing resources.
  • the sending message also includes the public key and signature of the user node
  • the first authentication node verifies the signature according to the public key of the user node, and sends the sending message after the verification result is verified and the signature verification is passed
  • the signature is the user node
  • the node is determined according to the public key and private key of the user node; the public key of the user node is determined according to the pseudo-identity information; the private key of the user node is generated according to a part of the private key; the part of the private key is generated by the key generation center according to Generated by false identity information.
  • the amount of computation is reduced by aggregated signatures, and computing resources are saved. Specifically, if the first authentication node receives a message sent by at least one user node, it generates an aggregated signature for the signature of at least one user node; The aggregated signature is verified according to the public key of the at least one user node.
  • the sending message further includes a time stamp of the pseudo-identity information, and before sending the sending message, it is determined that the pseudo-identity information is in a valid state according to the time stamp.
  • the first authentication node when the first authentication node sends the sending message to the tracking agency, it also sends the time stamp of the pseudo-identity information to the tracking agency, so that the tracking agency can verify the pseudo-identity information according to the valid time Whether the time stamp of the identity information is expired, for example, the validity period of the false identity information is 3 months, and it is determined whether the time stamp of the false identity information is expired according to the time interval between the time stamp of the false identity information and the verification time.
  • the tracking agency can preset the validity period of pseudo-identity information of the same specification or different specifications for pseudo-identity information.
  • the validity period of the same specification is preset as 3 months, and the validity period is sent to To the first authentication node, after the first authentication node obtains the sent message, the first authentication node will use the time interval between the time stamp of the pseudo-identity information in the sent message and the current time (that is, the verification time after acquisition) and the preset valid time. Determines if the timestamp of the pseudo-identity information has expired.
  • the interaction between the authentication node and the user node is based on a group.
  • the user node group under the first authentication node includes user node group A and user node group B
  • user node group A includes User nodes A1, ..., A10
  • user node group B includes user nodes B1, ..., B6.
  • the user node group is divided according to the physical address of each user node. For example, when a new user node B7 sends a creation instruction to the tracking agency and obtains pseudo-identity information, the user node B7 is divided according to the physical address of the user node B7. to user node group B.
  • the legitimacy of each other needs to be verified to ensure that both parties are safe and legal. Therefore, if the first authentication node interacting with the user node is switched to the second authentication node , the second authentication node and the user node are required to perform mutual authentication, and each user node needs to be authenticated once, which wastes computing resources and transmission resources.
  • the authentication nodes in order to save computing resources and reduce transmission resources, before the authentication nodes of the user nodes are switched, the authentication nodes authenticate each other, so that the user nodes do not need to authenticate the switched authentication nodes.
  • the first authentication node sends an authentication request to the second authentication node; the authentication request is used to instruct the authentication node switching authentication for the user node group under the first authentication node; the user node group is based on the receiving the authentication confirmation message sent by the second authentication node; the authentication confirmation message is generated after the second authentication node verifies that the authentication request is passed; broadcasting the verification result in the authentication confirmation message to all Each user node group in the first authentication node.
  • the user node group is used as the unit to interact with the authentication node.
  • the user node group B under the first authentication node SPA1 is switched to the second authentication node SPA2.
  • An authentication node SPA1 sends an authentication request to a second authentication node SPA2.
  • the authentication request includes the public key of SPA1, the random number a1 encrypted by the private key of SPA1, the ID of the user node group B to be switched, and key parameters.
  • the second authentication node SPA2 verifies the authentication request according to the public key of SPA1. Its verification formula is similar to the above-mentioned signature verification company, which is not specifically limited here, and then generates a random number b1, and generates a session for user node group B key SK B , and send the random number b1 signed by the private key of the second authentication node SPA2 as an authentication confirmation message to the first authentication node SPA1.
  • the first authentication node SPA1 After the first authentication node SPA1 receives the authentication confirmation message, it broadcasts the authentication confirmation message to the user node group B, so that the user nodes in the user node group B do not need to verify the second authentication node SPA2, which not only ensures the identity of the authentication node Security, and save computing resources and reduce transmission resources.
  • the switching sequence is set for each user node group. After the sequence meets the preset condition, the user node group is switched to The authentication node is switched. For example, if the switching sequence of the user node group B is to switch to the second authentication node after 3 hours, it will automatically switch to the second authentication node after 3 hours.
  • the switching instruction is sent by a user node in the user node group, specifically, the first authentication node receives the node switching instruction sent by any user node in the user node group; Modifying the status identifier of the user node group to dormant; switching the user node group to the second authentication node.
  • the authentication node includes a group identifier mapping table (for managing all groups within its coverage, GIMT) and a group member mapping table (GMMT).
  • the GIMT table is composed of information such as group ID, coverage area of the authentication node, switching sequence of the authentication node, and status identification (active or dormant) of the user node group.
  • User node B2 in user node group B detects that the data transmission status between the user node group B and the first user node is lower than the threshold, triggers a switching instruction, and sends it to the first user authentication node, and the first user authentication node transfers the data transmission status of user node group B Change the state flag to dormant to prevent the user node from losing the message sent, and then switch the user node group B to the second authentication node.
  • the second authentication node After the second authentication node obtains the ID of the user node group B, it verifies whether the user node B2 is a valid user node, if so, then modify the status identifier of the user node group B to be active, and then broadcast the session key SK B generated above to the user node group B, so that any user node in the user node group B can communicate with the second Authentication nodes interact.
  • the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本发明公开了一种密钥管理方法及装置,包括:追踪机构获取认证节点发送的身份验证信息;身份验证信息包括用户节点的伪身份信息;伪身份信息是追踪机构根据用户节点的真实身份信息确定的;追踪机构根据第一区块链和第二区块链确定伪身份信息是否为有效伪身份信息;第一区块链用于记录有效伪身份信息;第二区块链用于记录无效伪身份信息;若是,则生成伪身份信息的验证通过结果,并将验证通过结果发送至认证节点,以此防止攻击者通过无效公钥传播虚假消息,避免密钥生成中心和用户节点增加过大的计算负担,伪身份信息还提高了用户节点的安全性和隐私性,区块链还防止了伪身份信息被篡改,提升了伪身份信息的准确性。

Description

一种密钥管理方法及装置
相关申请的交叉引用
本申请要求在2021年08月04日提交中国专利局、申请号为202110890343.X、申请名称为“一种密钥管理方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本发明涉及金融科技(Fintech)领域,尤其涉及一种密钥管理方法及装置。
背景技术
随着计算机技术的发展,越来越多的技术(例如:区块链、云计算或大数据)应用在金融领域,传统金融业正在逐步向金融科技转变,大数据技术也不例外,但由于金融、支付行业的安全性、实时性要求,也对大数据技术中用户节点的密钥管理提出了更高的要求。
目前的认证机制,主要包括基于身份加密和基于无证书公钥加密的机制。其中,基于无证书公钥加密的机制是由用户节点生成公钥和私钥,公钥是用户节点根据选取的秘密值确定的,私钥是用户节点根据该秘密值和密钥生成中心产生的部分私钥确定的,部分私钥是密钥生成中心是根据用户节点的身份信息确定的。
然后用户节点将要传播的消息进行签名,再由认证节点验证签名的安全性和有效性。在现有技术中,针对上述验证过程,存在攻击者通过用户节点撤销或过期后的公钥(即无效的公钥)来传播虚假消息,也就是说,无法确定出无效的公钥。
为了防止上述攻击,目前是在确定某用户节点撤销公钥时,通过密钥生成中心更新其他用户节点的部分私钥,使其他用户节点更新自己的私钥,以此来防止上述攻击,但此方法需要对全网中其他用户节点的部分私钥进行更新,导致极大的增加了密钥生成中心的计算负担。
因此,现在需要一种密钥管理方法,来确定出撤销或过期后的公钥,防止攻击者通过撤销或过期后的公钥传播虚假消息的同时,避免用户节点和密钥生成中心增加过大的计算负担。
发明内容
本发明实施例提供一种密钥管理方法及装置,用于防止攻击者通过无效的公钥传播虚假消息的同时,避免用户节点和密钥生成中心增加过大的计算负担。
第一方面,本发明实施例提供一种密钥管理方法,包括:
追踪机构获取认证节点发送的身份验证信息;所述身份验证信息包括用户节点的伪身份信息;所述伪身份信息是所述追踪机构根据所述用户节点的真实身份信息确定的;
所述追踪机构根据第一区块链和第二区块链确定所述伪身份信息是否为有效伪身份信息;所述第一区块链用于记录有效伪身份信息;所述第二区块链用于记录无效伪身份信息;
若是,则生成所述伪身份信息的验证通过结果,并将所述验证通过结果发送至所述认证节点。
上述技术方案中,在认证节点发送用户节点的消息之前,通过验证用户节点的伪身份信息来确定该用户节点是否为有效用户节点,以防止攻击者发送虚假消息,具体的,通过确定伪身份信息是否记录在第一区块链和/或第二区块链上,也就是说,通过第一区块链和第二区块链可以确定出该伪身份信息是否为有效的,进而确定该伪身份信息对应的公钥是否为有效公钥,以此防止攻击者通过无效公钥传播虚假消息,且不需要更新用户节点的私钥和密钥生成中心的部分私钥就可以确定无效公钥,以此避免密钥生成中心和用户节点增 加过大的计算负担,进一步地,使用伪身份信息来验证对应的用户节点可以提高用户节点的安全性和隐私性,通过第一区块链和第二区块链来确定伪身份信息是否有效,可以增加确定伪身份信息是否有效的准确性,防止伪身份信息被篡改,提升伪身份信息的准确性。
可选的,所述追踪机构根据第一区块链和第二区块链确定所述伪身份信息是否为有效伪身份信息,包括:
所述追踪机构若根据所述第一区块链中的第一计数布隆过滤器确定所述伪身份信息记录在所述第一区块链上,且根据所述第二区块链中的第二计数布隆过滤器确定所述伪身份信息未记录在所述第二区块链上,则确定所述伪身份信息为有效伪身份信息;
所述追踪机构若根据所述第一区块链中的第一计数布隆过滤器确定所述伪身份信息未记录在所述第一区块链上,且根据所述第二区块链中的第二计数布隆过滤器确定所述伪身份信息记录在所述第二区块链上,则确定所述伪身份信息为无效伪身份信息;
所述第一计数布隆过滤器为所述第一区块链上最新区块的计数布隆过滤器;所述第二计数布隆过滤器为所述第二区块链上最新区块的计数布隆过滤器。
上述技术方案中,根据第一计数布隆过滤器和第二计数布隆过滤器来确定伪身份信息是否记录在第一区块链和/第二区块链上,以提升确定伪身份信息有效性的效率,通过两个计数布隆过滤器还可以降低布隆过滤器假阳性的问题,提升确定伪身份信息有效性的准确率。
可选的,所述方法还包括:
所述追踪机构若根据所述第一计数布隆过滤器确定所述伪身份信息记录在所述第一区块链上,且根据所述第二计数布隆过滤器确定所述伪身份信息记录在所述第二区块链上,则根据所述伪身份信息对应的区块高确定所述伪身份信息是否记录在所述第二区块链上;
所述追踪机构若根据所述伪身份信息对应的区块高确定所述伪身份信息记录在所述第二区块链上,则确定所述伪身份信息为无效伪身份信息。
上述技术方案中,若根据第一计数布隆过滤器和第二计数布隆过滤器确定伪身份信息既记录在第一区块链上,又记录在第二区块链上,则第一计数布隆过滤器和第二计数布隆过滤器出现了假阳性问题,此时根据伪身份信息对应的区块高在第二区块链上查询伪身份信息对应的区块,根据该区块中记录的交易确定伪身份信息是否在第二区块链上,即确定伪身份信息是否为无效伪身份信息,以此提升确定伪身份信息有效性的准确率。
可选的,所述追踪机构若根据所述第一区块链中的第一计数布隆过滤器确定所述伪身份信息记录在所述第一区块链上,且根据所述第二区块链中的第二计数布隆过滤器确定所述伪身份信息未记录在所述第二区块链上,包括:
所述追踪机构根据各预设哈希函数,确定所述伪身份信息的各哈希值;
所述追踪机构基于所述各哈希值确定所述各哈希值对应在所述第一计数布隆过滤器数组上的各槽位值和对应在所述第二计数布隆过滤器数组上的各槽位值;
所述追踪机构若确定所述第一计数布隆过滤器数组上的各槽位值不为0,则确定所述伪身份信息存在于所述第一计数布隆过滤器;所述第一计数布隆过滤器用于表征所述伪身份信息是否记录在所述第一区块链上;
所述追踪机构若确定所述第二计数布隆过滤器数组上的各槽位值中任一槽位值为0,则确定所述伪身份信息未存在于所述第二计数布隆过滤器;所述第二计数布隆过滤器用于表征所述伪身份信息是否记录在所述第二区块链上。
上述技术方案中,根据伪身份信息的各哈希值和对应的槽位值来确定伪身份信息是否存在第一计数布隆过滤器和/或第二计数布隆过滤器,以此来提升确定伪身份信息有效性的效率。
可选的,根据所述用户节点的真实身份信息确定所述伪身份信息,包括:
所述追踪机构获取用户节点发送的创建指示;所述创建指示包括所述用户节点的真实身份信息、第一信息和第一验证值;所述第一信息是所述用户节点基于所述真实身份信息 和第一秘密值确定的;所述第一秘密值是所述用户节点选择的;所述第一验证值是所述用户节点根据所述第一秘密值和所述第一信息确定的;
所述追踪机构根据所述第一验证值对所述第一信息验证通过后,基于所述真实身份信息,根据所述追踪机构的主秘钥确定第二信息;所述主秘钥是根据预设椭圆曲线确定的;
所述追踪机构将所述第一信息和第二信息确定为所述伪身份信息。
上述技术方案中,通过用户节点选择的第一秘密值确定第一信息,相当于用户节点对真实身份信息进行了第一次加密,通过追踪机构的主秘钥确定第二信息,相当于追踪机构对真实身份信息进行了第二次加密,进而得到伪身份信息,以提升伪身份信息的安全性。
可选的,所述追踪机构获取认证节点发送的身份验证信息之前,还包括:
所述追踪机构基于所述用户节点发送的创建指示,生成所述用户节点的伪身份信息;
所述追踪机构基于所述伪身份信息构建第一交易,并将包含所述第一交易的第一区块上链至所述第一区块链;所述第一区块的区块头中设置有第一计数布隆过滤器,所述第一区块的区块体中记录有所述第一交易;所述第一计数布隆过滤器中各槽位值是根据所述第一区块的前一区块中的第一计数布隆过滤器和所述伪身份信息在各预设哈希函数下的各哈希值确定的。
上述技方案中,将确定的伪身份信息上传至第一区块链上,一方面是为了将伪身份信息记录在第一计数布隆过滤器,以提升确定伪身份信息有效性的效率,另一方面将伪身份信息记录在第一区块链上,以保证伪身份信息的不可篡改,提升伪身份信息的安全性和准确性。
可选的,所述方法还包括:
所述追踪机构基于所述用户节点发送的具有伪身份信息的撤销指示,构建第二交易并将包含所述第二交易的第二区块上链至所述第二区块链;所述第二区块的区块头中设置有第二计数布隆过滤器,所述第二区块的区块体中记录有所述第二交易;所述第二计数布隆过滤器中各槽位值是根据所述第二区块的前一区块中的第二计数布隆过滤器和所述伪身份信息在各预设哈希函数下的各哈希值确定的。
上述技术方案中,针对撤销指示,得到第二计数布隆过滤器,并将撤销指示中的伪身份信息上传至第二区块链,一方面可以降低布隆过滤器的假阳性问题,另一方面,第二区块链可以保证确定伪身份信息为无效伪身份信息的准确性。
第二方面,本发明实施例提供一种密钥管理方法,包括:
第一认证节点获取用户节点的发送消息;所述发送消息包括伪身份信息;所述伪身份信息是追踪机构根据所述用户节点的真实身份信息确定的;
所述第一认证节点将所述伪身份信息发送至所述追踪机构,并接收所述追踪机构对所述伪身份信息的验证结果;所述验证结果是所述追踪机构根据第一区块链和第二区块链确定的;所述第一区块链用于记录有效伪身份信息;所述第二区块链用于记录无效伪身份信息;
所述第一认证节点在所述验证结果为验证通过后,发送所述发送消息。
上述技术方案中,第一认证节点在得到用户节点的发送消息后,在验证发送消息的签名之前,还验证了该用户节点是否为有效的用户节点,以防止攻击者通过无效用户的公钥传播虚假消息,然后在验证发送消息的签名,保证发送消息的准确性。
可选的,所述发送消息还包括所述用户节点的公钥和签名;
所述第一认证节点在所述验证结果为验证通过后,发送所述发送消息,包括:
所述第一认证节点根据所述用户节点的公钥验证所述签名;
所述第一认证节点在所述验证结果为验证通过且所述签名验证通过后将所述发送消息进行发送;所述签名是所述用户节点根据所述用户节点的公钥和私钥确定的;所述用户节点的公钥是根据所述伪身份信息确定的;所述用户节点的私钥是根据部分私钥生成的;所述部分私钥是密钥生成中心根据所述伪身份信息生成的。
上述技术方案中,用户节点的公钥和私钥都是根据伪身份信息确定的,而伪身份信息是通过追踪机构加密和用户节点进行加密得到的,以提升攻击者生成私钥的难度,提升用户节点的公钥和私钥的安全性。
可选的,所述第一认证节点根据所述用户节点的公钥验证所述签名,包括:
所述第一认证节点若收到至少一个用户节点的发送消息,则针对所述至少一个用户节点的签名,生成聚合签名;
所述第一认证节点根据所述至少一个用户节点的公钥,对所述聚合签名进行验证。
上述技术方案中,通过聚合签名来验证多个发送消息,提升了签名验证的效率。
可选的,所述发送消息还包括伪身份信息的时间戳;
发送所述发送消息之前,还包括:
根据所述时间戳确定所述伪身份信息处于有效状态。
上述技术方案中,伪身份信息的有效时间可以防止攻击者使用无效伪身份信息来实施攻击,提升了伪身份信息的安全性。
可选的,所述方法还包括:
所述第一认证节点向第二认证节点发送认证请求;所述认证请求用于指示对位于所述第一认证节点下的用户节点组进行认证节点切换认证;所述用户节点组是根据各用户节点的物理地址划分的;
所述第一认证节点接收所述第二认证节点发送的认证确认消息;所述认证确认消息是所述第二认证节点验证通过所述认证请求后生成的;
所述第一认证节点将所述认证确认消息中的验证结果广播至所述第一认证节点中各用户节点组。
现有技术中,针对认证节点的切换,通常是切换后的认证节点与用户节点进行交互验证,即切换后的认证节点验证用户节点的合法性,用户节点验证切换后的认证节点的合法性,而本发明中,在进行认证节点切换之前,是通过第一认证节点和第二认证节点之间的认证实现认证节点切换,以此实现认证节点切换后,用户节点不需要验证切换后的认证节点的合法性,以此减少认证节点切换的延迟,且对于认证节点切换是基于用户节点组为单位进行切换的,而非单个用户节点,以此减少认证节点切换的信令开销,节省计算资源,提升认证节点的切换效率。
可选的,所述方法还包括:
所述第一认证节点接收所述用户节点组中任一用户节点发送的节点切换指令;
所述第一认证节点将所述用户节点组的状态标识修改为休眠;
所述第一认证节点将所述用户节点组切换至所述第二认证节点中。
上述技术方案中,在认证节点切换时,将用户节点组的状态标识修改为休眠,以使用户节点组中的用户节点暂时不发送消息,防止消息丢失。
第三方面,本发明实施例提供一种密钥管理装置,包括:
获取模块,用于获取认证节点发送的身份验证信息;所述身份验证信息包括用户节点的伪身份信息;所述伪身份信息是所述追踪机构根据所述用户节点的真实身份信息确定的;
处理模块,用于根据第一区块链和第二区块链确定所述伪身份信息是否为有效伪身份信息;所述第一区块链用于记录有效伪身份信息;所述第二区块链用于记录无效伪身份信息;
若是,则生成所述伪身份信息的验证通过结果,并将所述验证通过结果发送至所述认证节点。
可选的,所述处理模块具体用于:
若根据所述第一区块链中的第一计数布隆过滤器确定所述伪身份信息记录在所述第一区块链上,且根据所述第二区块链中的第二计数布隆过滤器确定所述伪身份信息未记录在所述第二区块链上,则确定所述伪身份信息为有效伪身份信息;
若根据所述第一区块链中的第一计数布隆过滤器确定所述伪身份信息未记录在所述第一区块链上,且根据所述第二区块链中的第二计数布隆过滤器确定所述伪身份信息记录在所述第二区块链上,则确定所述伪身份信息为无效伪身份信息;
所述第一计数布隆过滤器为所述第一区块链上最新区块的计数布隆过滤器;所述第二计数布隆过滤器为所述第二区块链上最新区块的计数布隆过滤器。
可选的,所述处理模块还用于:
若根据所述第一计数布隆过滤器确定所述伪身份信息记录在所述第一区块链上,且根据所述第二计数布隆过滤器确定所述伪身份信息记录在所述第二区块链上,则根据所述伪身份信息对应的区块高确定所述伪身份信息是否记录在所述第二区块链上;
若根据所述伪身份信息对应的区块高确定所述伪身份信息记录在所述第二区块链上,则确定所述伪身份信息为无效伪身份信息。
可选的,所述处理模块具体用于:
根据各预设哈希函数,确定所述伪身份信息的各哈希值;
基于所述各哈希值确定所述各哈希值对应在所述第一计数布隆过滤器数组上的各槽位值和对应在所述第二计数布隆过滤器数组上的各槽位值;
若确定所述第一计数布隆过滤器数组上的各槽位值不为0,则确定所述伪身份信息存在于所述第一计数布隆过滤器;所述第一计数布隆过滤器用于表征所述伪身份信息是否记录在所述第一区块链上;
若确定所述第二计数布隆过滤器数组上的各槽位值中任一槽位值为0,则确定所述伪身份信息未存在于所述第二计数布隆过滤器;所述第二计数布隆过滤器用于表征所述伪身份信息是否记录在所述第二区块链上。
可选的,所述处理模块具体用于:
获取用户节点发送的创建指示;所述创建指示包括所述用户节点的真实身份信息、第一信息和第一验证值;所述第一信息是所述用户节点基于所述真实身份信息和第一秘密值确定的;所述第一秘密值是所述用户节点选择的;所述第一验证值是所述用户节点根据所述第一秘密值和所述第一信息确定的;
根据所述第一验证值对所述第一信息验证通过后,基于所述真实身份信息,根据所述追踪机构的主秘钥确定第二信息;所述主秘钥是根据预设椭圆曲线确定的;
将所述第一信息和第二信息确定为所述伪身份信息。
可选的,所述处理模块还用于:
获取认证节点发送的身份验证信息之前,基于所述用户节点发送的创建指示,生成所述用户节点的伪身份信息;
基于所述伪身份信息构建第一交易,并将包含所述第一交易的第一区块上链至所述第一区块链;所述第一区块的区块头中设置有第一计数布隆过滤器,所述第一区块的区块体中记录有所述第一交易;所述第一计数布隆过滤器中各槽位值是根据所述第一区块的前一区块中的第一计数布隆过滤器和所述伪身份信息在各预设哈希函数下的各哈希值确定的。
可选的,所述处理模块还用于:
基于所述用户节点发送的具有伪身份信息的撤销指示,构建第二交易并将包含所述第二交易的第二区块上链至所述第二区块链;所述第二区块的区块头中设置有第二计数布隆过滤器,所述第二区块的区块体中记录有所述第二交易;所述第二计数布隆过滤器中各槽位值是根据所述第二区块的前一区块中的第二计数布隆过滤器和所述伪身份信息在各预设哈希函数下的各哈希值确定的。
第四方面,本发明实施例提供一种密钥管理装置,包括:
获取单元,用于获取用户节点的发送消息;所述发送消息包括伪身份信息;所述伪身份信息是追踪机构根据所述用户节点的真实身份信息确定的;
处理单元,用于将所述伪身份信息发送至所述追踪机构,并接收所述追踪机构对所述 伪身份信息的验证结果;所述验证结果是所述追踪机构根据第一区块链和第二区块链确定的;所述第一区块链用于记录有效伪身份信息;所述第二区块链用于记录无效伪身份信息;
在所述验证结果为验证通过后,发送所述发送消息。
可选的,所述发送消息还包括所述用户节点的公钥和签名;
所述处理单元还用于:
根据所述用户节点的公钥验证所述签名;
在所述验证结果为验证通过且所述签名验证通过后将所述发送消息进行发送;所述签名是所述用户节点根据所述用户节点的公钥和私钥确定的;所述用户节点的公钥是根据所述伪身份信息确定的;所述用户节点的私钥是根据部分私钥生成的;所述部分私钥是密钥生成中心根据所述伪身份信息生成的。
可选的,所述处理单元具体用于:
若收到至少一个用户节点的发送消息,则针对所述至少一个用户节点的签名,生成聚合签名;
根据所述至少一个用户节点的公钥,对所述聚合签名进行验证。
可选的,所述发送消息还包括伪身份信息的时间戳;
所述处理单元还用于:
发送所述发送消息之前,根据所述时间戳确定所述伪身份信息处于有效状态。
可选的,所述处理单元还用于:
向第二认证节点发送认证请求;所述认证请求用于指示对位于所述第一认证节点下的用户节点组进行认证节点切换认证;所述用户节点组是根据各用户节点的物理地址划分的;
接收所述第二认证节点发送的认证确认消息;所述认证确认消息是所述第二认证节点验证通过所述认证请求后生成的;
将所述认证确认消息中的验证结果广播至所述第一认证节点中各用户节点组。
可选的,所述处理单元还用于:
接收所述用户节点组中任一用户节点发送的节点切换指令;
将所述用户节点组的状态标识修改为休眠;
将所述用户节点组切换至所述第二认证节点中。
第五方面,本发明实施例还提供一种计算机设备,包括:
存储器,用于存储程序指令;
处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行上述密钥管理方法。
第六方面,本发明实施例还提供一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可执行指令,所述计算机可执行指令用于使计算机执行上述密钥管理方法。
附图说明
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1为本发明实施例提供的一种系统架构示意图;
图2为本发明实施例提供的一种密钥管理方法的流程示意图;
图3为本发明实施例提供的一种区块的示意图;
图4为本发明实施例提供的一种区块链的示意图;
图5为本发明实施例提供的一种第一交易的示意图;
图6为本发明实施例提供的一种计数布隆过滤器的示意图;
图7为本发明实施例提供的一种第二交易的示意图;
图8为本发明实施例提供的一种密钥管理方法的流程示意图;
图9为本发明实施例提供的一种密钥管理方法的流程示意图。
具体实施方式
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。
现有技术中,无证书公钥加密机制的主要思想是:公钥由用户节点选择的秘密值生成,私钥由用户节点选择的秘密值和密钥生成中心KGC生成的部分私钥组成,部分私钥由密钥生成中心KGC根据用户的真实身份信息决定。显而易见,密钥生成中心无法知晓用户完整的私钥,不需要基于身份加密体制中的密钥托管问题。
例如,若一个攻击者A生成了一个公钥用以替代用户B的公钥,即使攻击者A得到密钥生成中心为用户B基于用户B的身份信息产生的部分私钥,但是攻击者A无法通过部分私钥生成用户B的全部私钥,因此攻击者A不能假装用户B对消息签名或者解密发送给用户B的密文。因此,无证书公钥密码加密机制无密钥托管问题。此外,用户的公钥是跟据用户的身份信息(如用户的身份证号码、邮箱、电话号码等)生成的,不需要使用公钥证书。
无证书公钥加密机制是不借助证书进行密钥分发的技术,因此其面临的关键问题就是密钥管理问题。如果过期或撤销的身份被盗用,即无效身份对应的公钥被盗用,将对信息安全造成巨大威胁。目前无证书公钥加密机制中的撤销管理主要有两种技术方案:
1、周期性地更新用户私钥。在用户私钥生成的过程,通过在部分私钥中增加时间密钥或更新部分私钥的方式,并将更新后的部分私钥发送至用户,以使用户根据更新后的部分私钥对私钥进行更新,以此实现对需要无效用户的公钥进行管理。
2、通过第三方对密钥进行管理。设立第三方安全中介SEM(安全事件管理器),通过限制用户的解密或签名来实现对无效用户的公钥进行管理。
但上述方法1中,对无效用户的管理,密钥生成中心需要对所有用户节点的部分私钥进行更新,用户节点也需要对自身的私钥进行更新,导致用户节点和密钥生成中心的计算增加量过大,增加了计算资源的负担。
上述方法2中,因为引入了第三方安全中介,导致在用户节点每次解密和签名过程中,都需要对用户节点进行确认,极大的增加了安全通信的计算负担,提升了通信的复杂性。
因此,现需要一种密钥管理方法,来确定无效用户的公钥,防止攻击者盗用合法用户的身份信息,增加信息通信的安全性,且避免过大的增加计算量,减轻计算负担。
图1示例性的示出了本发明实施例所适用的一种系统架构,该系统架构包括认证节点110、追踪机构120、用户节点130和密钥生成中心140。
其中,认证节点110用于接收用户节点130的发送消息,并对发送消息进行签名验证,在签名验证通过之后,使用自身的私钥将该发送消息进行加密后发送;认证节点110的私钥是根据密钥生成中心140发送的认证节点部分私钥生成的。
追踪机构120,用于根据第一区块链中的第一计数布隆过滤器和第二区块链中的第二计数布隆过滤器确定伪身份信息为有效伪身份信息或无效伪身份信息,并根据用户节点130发送的真实身份信息,确定出对应的伪身份信息,并将伪身份信息发送给用户节点130和密钥生成中心140。
用户节点130,用于将真实身份信息和基于真实身份信息确定的第一信息发送至追踪机构120,以使追踪机构120生成伪身份信息。
密钥生成中心140,用于获取追踪机构120发送的伪身份信息,生成用户节点部分私钥,获取认证节点110的真实身份信息,生成认证节点部分私钥。
需要说明的是,上述图1所示的结构仅是一种示例,本发明实施例对此不做限定。
基于上述描述,图2示例性的示出了本发明实施例提供的一种密钥管理方法的流程示意图,该流程可由密钥管理装置执行。
如图2所示,该流程具体包括:
步骤210,追踪机构获取认证节点发送的身份验证信息;所述身份验证信息包括用户节点的伪身份信息。
本发明实施例中,伪身份信息是追踪机构根据用户节点的真实身份信息确定的。
步骤220,追踪机构根据第一区块链和第二区块链确定所述伪身份信息是否为有效伪身份信息。
本发明实施例中,第一区块链用于记录有效伪身份信息;所述第二区块链用于记录无效伪身份信息。具体的,可以根据计数布隆过滤器来确定伪身份信息是否记录在第一区块链和/或第二区块链上,也可以直接在区块链上查找区块来确定伪身份信息是否记录在第一区块链和/或第二区块链上。
步骤230,若是,则生成所述伪身份信息的验证通过结果,并将所述验证通过结果发送至所述认证节点。
本发明实施例中,若确定伪身份信息是有效伪身份信息,则确定伪身份信息对应的公钥是有效的,合法的,进而将验证通过结果发送至认证节点,其中,验证通过结果用于指示认证节点伪身份信息对应的公钥是有效的,可以对伪身份信息对应的发送消息进行签名验证。
为了更好的阐述本发明的技术方案,下面对本发明实施例中可能涉及的名词进行定义和解释。
区块链:其本质是一个分布式的账本,通过链式结构确保数据的不可篡改或伪造,具有去中心化、防篡改和可追溯性等特点。区块链网络中的任一节点都存储有完整的数据副本,以保证数据的完整性,节点之间通过不需要可信第三方的一致性算法来达成数据的共识,如实用拜占庭容错、非对称加密技术等。
根据不同的应用场景,区块链可以分为三种类型,即公共区块链、联盟区块链和私有区块链。其中,公共区块链具有完全公开透明、数据读写不受控制和篡改等特点,私有区块链交易成本低,但权限被少数节点控制,且私有区块链上的数据可能被操纵,联盟区块链交易速度处于二者之间,且具有可控和可管理等特点,对于物联网中更为适用。本发明实施例以联盟区块链为例,但对此不做限定。本发明实施例以PBFT(Practical Byzantine Fault Tolerance,实用拜占庭容错),PBFT算法复杂度为多项式级别,可以在少数节点作恶(如伪造消息)的场景中达成共识,在一个由(3×j+1)个节点构成的系统中,只要有不少于(2×j+1)个非拜占庭节点正常工作,系统就可以达成一致性,通过哈希、签名验证等密码学算法确保消息传递过程中的防篡改、防伪造和不可抵赖性。
为了便于理解,结合本发明的技术方案,图3示例性的示出了一种区块的示意图,如图3所示,区块包括版本号、区块头、前一区块哈希值、时间戳、计数布隆过滤器和区块号等信息。该信息作为交易数据不可篡改、不可伪造的证明。
在步骤210中,伪身份信息是追踪机构根据用户节点发送的真实身份信息、第一信息和自身生成的第二信息确定的。
具体的,追踪机构获取用户节点发送的创建指示;所述创建指示包括所述用户节点的真实身份信息、第一信息和第一验证值;所述第一信息是所述用户节点基于所述真实身份信息和第一秘密值确定的;所述第一秘密值是所述用户节点选择的;所述第一验证值是所述用户节点根据所述第一秘密值和所述第一信息确定的;根据所述第一验证值对所述第一信息验证通过后,基于所述真实身份信息,根据所述追踪机构的主秘钥确定第二信息;所述主秘钥是根据预设椭圆曲线确定的;将所述第一信息和第二信息确定为所述伪身份信息。
本发明实施例中,预设椭圆曲线是追踪机构和密钥生成中心共同生成的,用于确定密 钥生成中心的主秘钥和追踪机构的主秘钥。举例来说,基于随机的安全参数k,追踪机构和密钥生成中心分别选择一个素数,分别为p和q,然后生成预设椭圆曲线E:y 2=x 3+ax+bmodp,其中,a和b∈Z p*,Z p*为p-1阶循环群,(4a 3+b 2)modp≠0,mod为求余算法。
追踪机构随机选择l∈Z p*,将l确定为追踪机构的主秘钥,Z p*为p-1阶循环群,计算T pub=l*P,将T pub确定为追踪机构的公钥,l仅保存在追踪机构中,以保证安全性,T pub用于用户节点生成第一信息。
密钥生成中心随机选择s∈Z q*,将s确定为密钥生成中心的主秘钥,Z q*为q-1阶循环群,计算P pub=s*P,将P pub确定为密钥生成中心的公钥,P pub用于用户节点验证部分私钥。
追踪机构和密钥生成中心还会选择多个哈希函数,用于验证和确定用户节点的公钥和私钥等计算,例如,选择三个哈希函数H 1、H 2和H 3,H 1、H 2和H 3:{0,1}→Z p*。
用户节点随机选择第一秘密值,t i∈Z p*,基于真实身份信息RID i,计算
Figure PCTCN2021124670-appb-000001
Figure PCTCN2021124670-appb-000002
其中,PID i1为第一信息,K i为第一验证值。然后将真实身份信息RID i、第一信息PID i1和第一验证值K i发送至追踪机构。
追踪机构根据第一验证值K i验证真实身份信息RID i,具体的,在确定
Figure PCTCN2021124670-appb-000003
时,确定验证通过,然后计算
Figure PCTCN2021124670-appb-000004
其中,PID i2为第二信息,ΔT i为时间戳,进而追踪机构将第一信息PID i1和第二信息PID i2确定为伪身份信息PID i
在本发明实施例中,主秘钥还可以是根据预设双线性曲线确定的,例如,E是G 1×G 1→G 2的双线性曲线,其中G 1为q阶循环群,G 2为p阶循环群,P是G 1的生成元,然后追踪机构和密钥生成中心分别选择主秘钥,确定伪身份信息。
在步骤220中,追踪机构是根据第一区块链中的第一计数布隆过滤器和第二区块链中的第二计数布隆过滤器确定伪身份信息是否为有效伪身份信息。
具体的,追踪机构若根据第一区块链中的第一计数布隆过滤器确定伪身份信息记录在第一区块链上,且根据第二区块链中的第二计数布隆过滤器确定伪身份信息未记录在第二区块链上,则确定伪身份信息为有效伪身份信息,若根据第一区块链中的第一计数布隆过滤器确定伪身份信息未记录在第一区块链上,且根据第二区块链中的第二计数布隆过滤器确定伪身份信息记录在第二区块链上,则确定伪身份信息为无效伪身份信息,其中,第一计数布隆过滤器为所述第一区块链上最新区块的计数布隆过滤器;第二计数布隆过滤器为第二区块链上最新区块的计数布隆过滤器。
众所周知的,区块链是区块按照时间戳的先后顺序连接起来后得到的。在本发明实施例中,为了保证验证结果的准确性和实时性,因此需要将最新区块的计数布隆过滤器作为检验伪身份信息的第一计数布隆过滤器或第二计数布隆过滤器,也就是说,任一区块中都包括一个或多个计数布隆过滤器。
其中,计数布隆过滤器由一个长度为e比特位的数组与预设的w个哈希函数组成的数据结构,该数组包括多个槽位,槽位的值是根据w个哈希函数确定的,w个哈希函数可以将输入数据进行分散,插入至对应的槽位中,以此对该槽位赋值,确定槽位值,从而实现不需要存储数据本身,节省存储空间且效率高。
在本发明实施例中,第一计数布隆过滤器和第二计数布隆过滤器是追踪机构基于用户发送的伪身份信息确定的,换句话说,区块链上最新区块中的计数布隆过滤器,是基于最新区块的前一区块的计数布隆过滤器以及最新区块中的所有伪身份信息,即交易确定的。
具体的,追踪机构基于用户节点发送的创建指示,生成用户节点的伪身份信息,基于伪身份信息构建第一交易,并将包含第一交易的第一区块上链至第一区块链;所述第一区块的区块头中设置有第一计数布隆过滤器,所述第一区块的区块体中记录有所述第一交易;所述第一计数布隆过滤器中各槽位值是根据所述第一区块的前一区块中的第一计数布隆过滤器和所述伪身份信息在各预设哈希函数下的各哈希值确定的。
在本发明实施例中,图4示例性的示出了一种区块链的示意图,如图4所示,其中区 块f相当于第一区块,区块f-1相当于第一区块的前一区块,图5示例性的示出了一种第一交易的示意图,如图5所示,第一交易包括第一随机数、伪身份信息、真实身份信息、追踪机构信息、确定伪身份信息的时间戳和伪身份信息的有效期。
需要说明的是,计数布隆过滤器中槽位值是根据伪身份信息哈希运算后,进行插入对应的槽位后,增加得到的,具体的,追踪机构基于创建指示的第一伪身份信息确定第一伪身份信息的各第一哈希值,在第一区块链上最新区块的前一区块中的计数布隆过滤器数组上确定各第一哈希值对应的第一槽位,并将第一槽位的数值加1,确定各第一槽位值,得到第一计数布隆过滤器。
为了更好的阐述计数布隆过滤器的作用,图6示例性的示出了一种计数布隆过滤器的示意图,如图6所示,预设哈希函数分别为w1、w2和w3,区块1中计数布隆过滤器的槽位sz2、sz5和sz8的槽位值均为1,其中,区块1相当于第一区块链上最新区块的前一区块,追踪机构基于创建指示确定第一伪身份信息后,根据预设哈希函数w1、w2和w3确定第一伪身份信息的第一哈希值分别为hash1、hash2和hash3,确定hash1、hash2和hash3对应的第一槽位分别为sz2、sz6和sz9,然后将区块1中第一槽位sz2、sz6和sz9的数值加1,得到第一计数布隆过滤器,即区块链2中的计数布隆过滤器。需要说明的是,任一区块中包括多个基于伪身份信息创建的消息,第一计数布隆过滤器不局限于区块中的一个交易,针对于第一计数布隆过滤器和第二计数布隆过滤器所用到的预设哈希函数可以是相同的,可以是不同的,在此不做具体限定。
在本发明实施例中,计数布隆过滤器既允许插入伪身份信息,同样也允许删除伪身份信息,示例性的,追踪机构基于用户节点发送的具有伪身份信息的撤销指示,构建第二交易并将包含第二交易的第二区块上链至第二区块链;第二区块的区块头中设置有第二计数布隆过滤器,第二区块的区块体中记录有第二交易;第二计数布隆过滤器中各槽位值是根据第二区块的前一区块中的第二计数布隆过滤器和伪身份信息在各预设哈希函数下的各哈希值确定的。
图7示例性的示出了一种第二交易的示意图,如图7所示,第二交易包括第二随机数、伪身份信息、真实身份信息、追踪机构信息、伪身份信息的有效期、伪身份信息的撤销时间和伪身份信息的撤销原由。其中交易中随机数用于确定交易的唯一标识,用户身份的撤销缘由用于在其下次申请伪身份信息时给予不同的限制,如拒绝为其分配伪身份信息、设置较小的时间戳等。
在本发明实施例中,基于撤销指示的伪身份信息,在第二区块链上的最新区块中可以确定第二计数布隆过滤器,如上述图6所示的示例,基于同样的技术方案,追踪机构基于撤销指示的第二伪身份信息确定第二伪身份信息的各第二哈希值,在第二区块链上最新区块的前一区块中的计数布隆过滤器数组上确定各第二哈希值对应的第二槽位,并将第二槽位的数值加1,确定各第二槽位值,得到第二计数布隆过滤器。
进一步地,基于撤销指示的伪身份信息,追踪机构还会更新第一计数布隆过滤器,具体的,追踪机构基于撤销指示的第二伪身份信息确定第二伪身份信息的各第二哈希值,在第一区块链上最新区块的前一区块中的计数布隆过滤器数组上确定各第二哈希值对应的第三槽位,并将第三槽位的数值减1,确定各第三槽位值,得到第一计数布隆过滤器。基于图6举例来说,假设第二哈希值对应的第三槽位分别为sz2、sz5和sz9,则将第三槽位sz2、sz5和sz9的数值减1,如区块3中第一计数布隆过滤器数组上的槽位sz2、sz5和sz9的数值分别为1、0、0。
对于验证伪身份信息是否记录在第一区块链上和/或第二区块链上,需要先确定伪身份信息是否插入在第一计数布隆过滤器数组上和/或第二计数布隆过滤器数组上。
具体的,追踪机构根据各预设哈希函数,确定伪身份信息的各哈希值,基于各哈希值确定各哈希值对应在第一计数布隆过滤器数组上的各槽位值和对应在第二计数布隆过滤器数组上的各槽位值;
若确定第一计数布隆过滤器数组上的各槽位值不为0,则确定伪身份信息存在于所述第一计数布隆过滤器;第一计数布隆过滤器用于表征所述伪身份信息是否记录在所述第一区块链上;若确定第二计数布隆过滤器数组上的各槽位值中任一槽位值为0,则确定伪身份信息未存在于第二计数布隆过滤器;第二计数布隆过滤器用于表征伪身份信息是否记录在第二区块链上。
进一步地,基于上述图6进行举例阐述,以区块2作为第一计数布隆过滤器进行举例,假设针对某一伪身份信息PID i,确定出伪身份信息PID i对应在第一计数布隆过滤器数组上的各槽位分别为sz2、sz5和sz9,因为区块2中第一计数布隆过滤器的槽位sz2、sz5和sz9的槽位值均不为0,因此,确定伪身份信息PID i存在于第一计数布隆过滤器,相当于确定伪身份信息PID i记录在第一区块链上;若确定出伪身份信息PID i对应在第一计数布隆过滤器数组上的各槽位分别为sz2、sz7和sz9,因为第一计数布隆过滤器数组上的槽位sz7的槽位值为0,因此可以确定伪身份信息PID i不存在于第一计数布隆过滤器,相当于确定伪身份信息PID i未记录在第一区块链上。
同理,对于第二计数布隆过滤器的校验方法与第一计数布隆过滤器的校验方法相同,在此不做赘述。
示例性的,计数布隆过滤器存在假阳性问题,即在验证伪身份信息是否记录在第一区块链上和/或第二区块链上时,既确定伪身份信息插入在第一计数布隆过滤器中,又插入在第二计数布隆过滤器中,针对此问题,通过伪身份信息对应的区块来确定伪身份信息是否记录在第二区块链上。
具体的,追踪机构若根据第一计数布隆过滤器确定伪身份信息记录在第一区块链上,且根据第二计数布隆过滤器确定伪身份信息记录在第二区块链上,则根据伪身份信息对应的区块高确定伪身份信息是否记录在第二区块链上;若根据伪身份信息对应的区块高确定伪身份信息记录在第二区块链上,则确定伪身份信息为无效伪身份信息。
本发明实施例中,任一伪身份信息通过构建交易上传至区块链,因此可以通过伪身份信息得到对应的交易,如上述图5和图7所示,任一交易中还包括区块高,因此可以根据伪身份信息来查找对应交易的区块高,如此可以确定伪身份信息是否记录在第二区块链上,以此消除计数布隆过滤器假阳性的问题。
为了更好的阐述上述技术方案,图8示例性的示出了一种密钥管理方法的流程示意图,如图8所示,流程包括:
步骤810,获取身份验证信息。
追踪机构获取认证节点发送的身份验证信息,身份验证信息中包括真实身份信息RID i的伪身份信息PID i
步骤820,确定是否在第二计数布隆过滤器中。
根据预设哈希函数w1、w2和w3对伪身份信息PID i进行哈希运算,得到哈希值hash1、hash2和hash3,确定出哈希值hash1、hash2和hash3对应在第二计数布隆过滤器数组上的槽位分别为sz3、sz4和sz5,确定第二计数布隆过滤器数组中槽位sz3、sz4和sz5的槽位值是否为0,若槽位sz3、sz4和sz5中任一槽位的槽位值为0,则确定伪身份信息PID i未插入在第二计数布隆过滤器中,也就是说,伪身份信息PID i未记录在第二区块链上。若槽位sz3、sz4和sz5的槽位值均不为0,则确定伪身份信息PID i插入在第二计数布隆过滤器中,也就是说,伪身份信息PID i记录在第二区块链上。
步骤830,确定是否在第一计数布隆过滤器中。
基于上述步骤820中的示例,假设第一计数布隆过滤器和第二计数布隆过滤器所用的哈希函数相同,然后确定出哈希值hash1、hash2和hash3对应在第一计数布隆过滤器数组上的槽位分别为sz7、sz8和sz9,进一步根据第一计数布隆过滤器数组上的槽位sz7、sz8和sz9的数值来确定伪身份信息PID i是否插入在第一计数布隆过滤器中,也就是说,确定伪身份信息PID i是否记录在第一区块链上。
若确定伪身份信息PID i记录在第一区块链上,且未记录在第二区块链上,则确定伪身份信息PID i为有效伪身份信息;若确定伪身份信息PID i未记录在第一区块链上,且记录在第二区块链上,则确定伪身份信息PID i为无效伪身份信息。
步骤840,确定是否记录在第二区块链上。
若确定伪身份信息PID i既记录在第一区块链上,且又记录在第二区块链上,则根据伪身份信息PID i对应交易中的区块高,确定伪身份信息PID i是否记录在第二区块链上,若是,则确定伪身份信息PID i为无效伪身份信息。
本发明实施例,根据第一计数布隆过滤器和第二计数布隆过滤器来确定伪身份信息是否记录在第一区块链和/第二区块链上,以提升确定伪身份信息有效性的效率,通过两个计数布隆过滤器还可以降低布隆过滤器假阳性的问题,提升确定伪身份信息有效性的准确率,通过第一区块链和第二区块链可以确定出该伪身份信息是否为有效的,进而确定该伪身份信息对应的公钥是否为有效公钥,以此防止攻击者通过无效公钥传播虚假消息,且不需要更新用户节点的私钥和密钥生成中心的部分私钥就可以确定无效公钥,以此避免密钥生成中心和用户节点增加过大的计算负担。
需要说明的是,追踪机构在确定伪身份信息不合法时,可以根据第一区块链或第二区块链中记录的真实身份信息进行追踪,对其实施预设惩罚,如将其拉入黑名单等。
本发明实施例中,认证节点通过追踪机构验证伪身份信息的应用场景为:用户节点A向用户节点B发送消息,再发送消息的过程中,由认证节点对用户节点A的伪身份信息进行验证,进而保证伪身份信息的安全性。基于此,图9示例性的示出了本发明实施例提供的一种密钥管理方法的流程示意图,该流程可由密钥管理装置执行。
如图9所示,包括:
步骤910,第一认证节点获取用户节点的发送消息。
本发明实施例中,用户节点的发送消息包括用户节点的伪身份信息;所述伪身份信息是追踪机构根据所述用户节点的真实身份信息确定的。
步骤920,所述验证结果是所述追踪机构根据第一区块链和第二区块链确定的;所述第一区块链用于记录有效伪身份信息;所述第二区块链用于记录无效伪身份信息。进一步地,验证结果是追踪机构根据伪身份信息的哈希值、第一区块链中的第一计数布隆过滤器和第二区块链中的第二计数布隆过滤器确定的。
步骤930,第一认证节点在所述验证结果为验证通过后,发送所述发送消息。
本发明实施例中,第一认证节点在所述验证结果为验证通过后,确定用户节点的伪身份信息是有效的,即安全的、正确的,然后再对发送消息中的签名进行验证,确定签名的准确性后,将该发送消息进行发送。
在步骤920中,第一认证节点可以将预设时段内的各伪身份信息发送至追踪机构进行验证,以减少第一认证节点与追踪机构的交互次数,节省传输资源。
举例来说,第一认证节点1分钟(预设时段)内获取了10条发送消息,其中包括用户节点A1的3条发送消息和用户节点A2的7条发送消息,因此在验证伪身份信息时,只需要追踪机构验证用户节点A1、用户节点A2的伪身份信息各一次就可以,不需要针对每条发送消息进行验证,减少了第一认证节点与追踪机构的交互次数,减少了追踪机构的重复验证,节省了传输资源和计算资源。
在步骤930中,发送消息还包括用户节点的公钥和签名,第一认证节点根据用户节点的公钥验证签名,在验证结果为验证通过且签名验证通过后将发送消息进行发送;签名是用户节点根据用户节点的公钥和私钥确定的;所述用户节点的公钥是根据伪身份信息确定的;用户节点的私钥是根据部分私钥生成的;部分私钥是密钥生成中心根据伪身份信息生成的。
为了更好的阐述用户节点的公钥和私钥的生成,下面将结合上述图2中所述确定伪身份信息的技术方案进行描述。
其中,用户节点的部分私钥是密钥生成中心根据用户节点的伪身份信息确定的,具体的,密钥生成中心选择随机数r i∈Z q*,确定R i=r i*P,psk=(r i+s*h 1i)modp,其中,h 1i=H 1(PID i,R i,P pub),psk为用户节点的部分私钥,密钥生成中心将{R i,psk}发送至用户节点,用户节点若确定等式psk*P=R i+h 1i*P pub成立,则确定用户节点的部分私钥psk有效。
然后,用户节点选择vsk∈Z p*为秘密值,确定X i=vsk*P,h 2i=H 2(PID i,X i),Q i=R i+h 2i*X i,将pk=(Q i,R i)作为用户节点的公钥,sk=(psk,vsk)作为用户节点的私钥。
用户节点再选择u i∈Z p*,确定U i=u i*P,h 3i=H 3(PID i,m i,U i,pk,ΔT i),S i=[u i+h 3i*(psk+h 2i*vsk)]modp,σ i(U i,S i)确定为消息内容为m i的签名。
在一种可实施的方式中,第一认证节点针对任一签名进行验证,若签名验证通过,则将签名对应的发送消息进行发送,例如,第一认证节点若确定等式S i*P=U i+h 3i*(Q i+h 1i*P pub)成立,则确定签名验证通过。
在本发明实施例中,通过聚合签名来减少计算量,节省计算资源,具体的,第一认证节点若收到至少一个用户节点的发送消息,则针对至少一个用户节点的签名,生成聚合签名;根据所述至少一个用户节点的公钥,对聚合签名进行验证。
结合上述步骤920举例来说,针对用户节点A1的3条发送消息,在用户节点A1的伪身份信息验证通过后,确定聚合签名σ agg=(U 1,U 2,U 3,S),其中
Figure PCTCN2021124670-appb-000005
然后,第一认证节点若确定等式
Figure PCTCN2021124670-appb-000006
成立,则确定聚合签名验证通过,以此实现不需要针对一个发送消息进行验证,可以批量,即多个签名统一进行验证,以此减少验证时需要的计算资源。
示例性的,发送消息还包括伪身份信息的时间戳,发送所述发送消息之前,根据所述时间戳确定所述伪身份信息处于有效状态。
在一种可实施的方式中,第一认证节点在将发送消息发送至追踪机构时,将伪身份信息的时间戳也发送至追踪机构,以使追踪机构根据该伪身份信息的有效时间验证伪身份信息的时间戳是否过期,例如,伪身份信息的有效时间为3个月,根据伪身份信息的时间戳与验证时间的时间间隔来确定伪身份信息的时间戳是否过期。
在另一种可实施的方式中,追踪机构可以针对伪身份信息预设相同规格或不同规格的伪身份信息的有效时间,例如,预设相同规格的有效时间为3个月,将有效时间发送至第一认证节点,在第一认证节点获取发送消息之后,由第一认证节点根据发送消息中伪身份信息的时间戳与当前时间(即获取后验证时间)的时间间隔与预设有效时间来确定伪身份信息的时间戳是否过期。
在本发明实施例中,认证节点与用户节点之间的交互是以组为单位,例如,第一认证节点下的用户节点组包括用户节点组A和用户节点组B,用户节点组A中包括用户节点A1、……、A10,用户节点组B中包括用户节点B1、……、B6。
其中,用户节点组是根据各用户节点的物理地址划分的,例如,当一个新用户节点B7向追踪机构发送创建指示,得到伪身份信息之后,根据用户节点B7的物理地址,将用户节点B7划分至用户节点组B。
在现有技术中,认证节点与用户节点之间进行交互之前,需要互相验证合法性,以保证双方是安全且合法的,因此,若是与用户节点交互的第一认证节点切换为第二认证节点,需要第二认证节点与用户节点进行互相验证,且每一个用户节点均需要验证一次,浪费了计算资源和传输资源。
在本发明实施例中,为了节省计算资源和降低传输资源,用户节点的认证节点切换之前,由认证节点之间相互验证,以此实现用户节点不需要对切换后的认证节点进行验证。
具体的,第一认证节点向第二认证节点发送认证请求;认证请求用于指示对位于所述第一认证节点下的用户节点组进行认证节点切换认证;所述用户节点组是根据各用户节点的物理地址划分的;接收第二认证节点发送的认证确认消息;认证确认消息是所述第二认证节点验证通过所述认证请求后生成的;将所述认证确认消息中的验证结果广播至所述第 一认证节点中各用户节点组。
本发明实施例中,以用户节点组为单位与认证节点之间进行交互,举例来说,将第一认证节点SPA1下的用户节点组B,切换至第二认证节点SPA2下,切换之前,第一认证节点SPA1向第二认证节点SPA2发送认证请求,认证请求中包括SPA1的公钥、SPA1私钥加密后的随机数a1,待切换的用户节点组B的ID以及密钥参数。
第二认证节点SPA2根据SPA1的公钥对认证请求进行验证,其验证公式与上述签名验证的公司类似,在此不做具体限定,然后生成随机数b1,并为用户节点组B生成性的会话密钥SK B,并将第二认证节点SPA2私钥签名后的随机数b1作为认证确认消息,发送至第一认证节点SPA1。
第一认证节点SPA1得到认证确认消息之后,将认证确认消息广播至用户节点组B,以此实现用户节点组B中的用户节点不需要对第二认证节点SPA2进行验证,既保证了认证节点的安全性,又节省了计算资源和降低了传输资源。
在本发明实施例中,用户节点组切换时,可以包括多种方式,在一中可实施的方式中,为每个用户节点组设置切换时序,在时序满足预设条件后,将用户节点组的认证节点进行切换。例如,用户节点组B的切换时序为3小时后切换为第二认证节点,则在3小时后,自动切换至第二认证节点。
在另一种可实施的方式中,由用户节点组中的用户节点发送切换指令来进行切换,具体的,第一认证节点接收所述用户节点组中任一用户节点发送的节点切换指令;将所述用户节点组的状态标识修改为休眠;将所述用户节点组切换至所述第二认证节点中。
结合上述所述的实施例进行举例说明,认证节点包括组标识符映射表(用于在其覆盖范围内管理所有组,GIMT)和组成员映射表(GMMT)。其中,GIMT表由组ID、认证节点的覆盖区域、认证节点的切换序列以及用户节点组的状态标识(活动或休眠)等信息构成。
用户节点组B中用户节点B2通过检测与第一用户节点之间的数据传输状态低于阈值,则触发切换指令,并发送至第一用户认证节点,第一用户认证节点将用户节点组B的状态标识修改为休眠,防止用户节点的发送消息丢失,然后将用户节点组B切换至第二认证节点下,第二认证节点在得到用户节点组B的ID之后,验证用户节点B2是否为有效用户节点,若是,则将用户节点组B的状态标识修改为活动,然后将上述生成的会话密钥SK B广播至用户节点组B,以使用户节点组B中任一用户节点都可以与第二认证节点进行交互。
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。
本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。

Claims (16)

  1. 一种密钥管理方法,其特征在于,包括:
    追踪机构获取认证节点发送的身份验证信息;所述身份验证信息包括用户节点的伪身份信息;所述伪身份信息是所述追踪机构根据所述用户节点的真实身份信息确定的;
    所述追踪机构根据第一区块链和第二区块链确定所述伪身份信息是否为有效伪身份信息;所述第一区块链用于记录有效伪身份信息;所述第二区块链用于记录无效伪身份信息;
    若是,则生成所述伪身份信息的验证通过结果,并将所述验证通过结果发送至所述认证节点。
  2. 如权利要求1所述的方法,其特征在于,所述追踪机构根据第一区块链和第二区块链确定所述伪身份信息是否为有效伪身份信息,包括:
    所述追踪机构若根据所述第一区块链中的第一计数布隆过滤器确定所述伪身份信息记录在所述第一区块链上,且根据所述第二区块链中的第二计数布隆过滤器确定所述伪身份信息未记录在所述第二区块链上,则确定所述伪身份信息为有效伪身份信息;
    所述追踪机构若根据所述第一区块链中的第一计数布隆过滤器确定所述伪身份信息未记录在所述第一区块链上,且根据所述第二区块链中的第二计数布隆过滤器确定所述伪身份信息记录在所述第二区块链上,则确定所述伪身份信息为无效伪身份信息;
    所述第一计数布隆过滤器为所述第一区块链上最新区块的计数布隆过滤器;所述第二计数布隆过滤器为所述第二区块链上最新区块的计数布隆过滤器。
  3. 如权利要求2所述的方法,其特征在于,所述方法还包括:
    所述追踪机构若根据所述第一计数布隆过滤器确定所述伪身份信息记录在所述第一区块链上,且根据所述第二计数布隆过滤器确定所述伪身份信息记录在所述第二区块链上,则根据所述伪身份信息对应的区块高确定所述伪身份信息是否记录在所述第二区块链上;
    所述追踪机构若根据所述伪身份信息对应的区块高确定所述伪身份信息记录在所述第二区块链上,则确定所述伪身份信息为无效伪身份信息。
  4. 如权利要求2所述的方法,其特征在于,所述追踪机构若根据所述第一区块链中的第一计数布隆过滤器确定所述伪身份信息记录在所述第一区块链上,且根据所述第二区块链中的第二计数布隆过滤器确定所述伪身份信息未记录在所述第二区块链上,包括:
    所述追踪机构根据各预设哈希函数,确定所述伪身份信息的各哈希值;
    所述追踪机构基于所述各哈希值确定所述各哈希值对应在所述第一计数布隆过滤器数组上的各槽位值和对应在所述第二计数布隆过滤器数组上的各槽位值;
    所述追踪机构若确定所述第一计数布隆过滤器数组上的各槽位值不为0,则确定所述伪身份信息存在于所述第一计数布隆过滤器;所述第一计数布隆过滤器用于表征所述伪身份信息是否记录在所述第一区块链上;
    所述追踪机构若确定所述第二计数布隆过滤器数组上的各槽位值中任一槽位值为0,则确定所述伪身份信息未存在于所述第二计数布隆过滤器;所述第二计数布隆过滤器用于表征所述伪身份信息是否记录在所述第二区块链上。
  5. 如权利要求1至4任一项所述的方法,其特征在于,根据所述用户节点的真实身份信息确定所述伪身份信息,包括:
    所述追踪机构获取用户节点发送的创建指示;所述创建指示包括所述用户节点的真实身份信息、第一信息和第一验证值;所述第一信息是所述用户节点基于所述真实身份信息和第一秘密值确定的;所述第一秘密值是所述用户节点选择的;所述第一验证值是所述用户节点根据所述第一秘密值和所述第一信息确定的;
    所述追踪机构根据所述第一验证值对所述第一信息验证通过后,基于所述真实身份信息,根据所述追踪机构的主秘钥确定第二信息;所述主秘钥是根据预设椭圆曲线确定的;
    所述追踪机构将所述第一信息和第二信息确定为所述伪身份信息。
  6. 如权利要求1至4任一项所述的方法,其特征在于,所述追踪机构获取认证节点发送的身份验证信息之前,还包括:
    所述追踪机构基于所述用户节点发送的创建指示,生成所述用户节点的伪身份信息;
    所述追踪机构基于所述伪身份信息构建第一交易,并将包含所述第一交易的第一区块上链至所述第一区块链;所述第一区块的区块头中设置有第一计数布隆过滤器,所述第一区块的区块体中记录有所述第一交易;所述第一计数布隆过滤器中各槽位值是根据所述第一区块的前一区块中的第一计数布隆过滤器和所述伪身份信息在各预设哈希函数下的各哈希值确定的。
  7. 如权利要求1至4任一项所述的方法,其特征在于,所述方法还包括:
    所述追踪机构基于所述用户节点发送的具有伪身份信息的撤销指示,构建第二交易并将包含所述第二交易的第二区块上链至所述第二区块链;所述第二区块的区块头中设置有第二计数布隆过滤器,所述第二区块的区块体中记录有所述第二交易;所述第二计数布隆过滤器中各槽位值是根据所述第二区块的前一区块中的第二计数布隆过滤器和所述伪身份信息在各预设哈希函数下的各哈希值确定的。
  8. 一种密钥管理方法,其特征在于,包括:
    第一认证节点获取用户节点的发送消息;所述发送消息包括伪身份信息;所述伪身份信息是追踪机构根据所述用户节点的真实身份信息确定的;
    所述第一认证节点将所述伪身份信息发送至所述追踪机构,并接收所述追踪机构对所述伪身份信息的验证结果;所述验证结果是所述追踪机构根据第一区块链和第二区块链确定的;所述第一区块链用于记录有效伪身份信息;所述第二区块链用于记录无效伪身份信息;
    所述第一认证节点在所述验证结果为验证通过后,发送所述发送消息。
  9. 如权利要求8所述的方法,其特征在于,所述发送消息还包括所述用户节点的公钥和签名;
    所述第一认证节点在所述验证结果为验证通过后,发送所述发送消息,包括:
    所述第一认证节点根据所述用户节点的公钥验证所述签名;
    所述第一认证节点在所述验证结果为验证通过且所述签名验证通过后将所述发送消息进行发送;所述签名是所述用户节点根据所述用户节点的公钥和私钥确定的;所述用户节点的公钥是根据所述伪身份信息确定的;所述用户节点的私钥是根据部分私钥生成的;所述部分私钥是密钥生成中心根据所述伪身份信息生成的。
  10. 如权利要求9所述的方法,其特征在于,所述第一认证节点根据所述用户节点的公钥验证所述签名,包括:
    所述第一认证节点若收到至少一个用户节点的发送消息,则针对所述至少一个用户节点的签名,生成聚合签名;
    所述第一认证节点根据所述至少一个用户节点的公钥,对所述聚合签名进行验证。
  11. 如权利要求8所述的方法,其特征在于,所述发送消息还包括伪身份信息的时间戳;
    发送所述发送消息之前,还包括:
    根据所述时间戳确定所述伪身份信息处于有效状态。
  12. 如权利要求8所述的方法,其特征在于,所述方法还包括:
    所述第一认证节点向第二认证节点发送认证请求;所述认证请求用于指示对位于所述第一认证节点下的用户节点组进行认证节点切换认证;所述用户节点组是根据各用户节点的物理地址划分的;
    所述第一认证节点接收所述第二认证节点发送的认证确认消息;所述认证确认消息是所述第二认证节点验证通过所述认证请求后生成的;
    所述第一认证节点将所述认证确认消息中的验证结果广播至所述第一认证节点中各用户节点组。
  13. 如权利要求12所述的方法,其特征在于,所述方法还包括:
    所述第一认证节点接收所述用户节点组中任一用户节点发送的节点切换指令;
    所述第一认证节点将所述用户节点组的状态标识修改为休眠;
    所述第一认证节点将所述用户节点组切换至所述第二认证节点中。
  14. 一种密钥管理装置,其特征在于,包括:
    获取模块,用于获取认证节点发送的身份验证信息;所述身份验证信息包括用户节点的伪身份信息;所述伪身份信息是所述追踪机构根据所述用户节点的真实身份信息确定的;
    处理模块,用于根据第一区块链和第二区块链确定所述伪身份信息是否为有效伪身份信息;所述第一区块链用于记录有效伪身份信息;所述第二区块链用于记录无效伪身份信息;
    若是,则生成所述伪身份信息的验证通过结果,并将所述验证通过结果发送至所述认证节点。
  15. 一种计算机设备,其特征在于,包括:
    存储器,用于存储程序指令;
    处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行权利要求1至7或8至13任一项所述的方法。
  16. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机可执行指令,所述计算机可执行指令用于使计算机执行权利要求1至7或8至13任一项所述的方法。
PCT/CN2021/124670 2021-08-04 2021-10-19 一种密钥管理方法及装置 WO2023010688A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110890343.X 2021-08-04
CN202110890343.XA CN113691376B (zh) 2021-08-04 2021-08-04 一种密钥管理方法及装置

Publications (1)

Publication Number Publication Date
WO2023010688A1 true WO2023010688A1 (zh) 2023-02-09

Family

ID=78578732

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/124670 WO2023010688A1 (zh) 2021-08-04 2021-10-19 一种密钥管理方法及装置

Country Status (2)

Country Link
CN (1) CN113691376B (zh)
WO (1) WO2023010688A1 (zh)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114745101A (zh) * 2022-02-21 2022-07-12 北京航空航天大学 基于多条区块链的隐蔽信息传输方法及装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020133655A1 (zh) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 边缘计算场景下支持异构终端匿名接入的轻量级认证方法
CN112261078A (zh) * 2020-09-11 2021-01-22 山东师范大学 雾计算环境下基于区块链的道路救援隐私保护系统及方法
CN112787818A (zh) * 2019-11-07 2021-05-11 顺天乡大学校产学协力团 基于匿名协议的用户认证系统及方法、以及记录介质

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10255342B2 (en) * 2017-04-12 2019-04-09 Vijay K. Madisetti Method and system for tuning blockchain scalability, decentralization, and security for fast and low-cost payment and transaction processing
CN109951279B (zh) * 2019-03-15 2022-03-29 南京邮电大学 一种基于区块链和边缘设备的匿名数据存储方法
CN111327419B (zh) * 2020-01-21 2022-11-01 南京如般量子科技有限公司 基于秘密共享的抗量子计算区块链的方法及系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020133655A1 (zh) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 边缘计算场景下支持异构终端匿名接入的轻量级认证方法
CN112787818A (zh) * 2019-11-07 2021-05-11 顺天乡大学校产学协力团 基于匿名协议的用户认证系统及方法、以及记录介质
CN112261078A (zh) * 2020-09-11 2021-01-22 山东师范大学 雾计算环境下基于区块链的道路救援隐私保护系统及方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SANG ANQI, SHEN MENG;ZHU LIEHUANG;LIU SHENG;YIN SHU;XIAO YAO: "Research on blockchain-based multi-party collaborative security authentication mechanism", JOURNAL OF NANJING UNIVERSITY OF INFORMATION SCIENCE & TECHNOLOGY(NATURAL SCIENCE EDITION), 1 January 2019 (2019-01-01), pages 581 - 589, XP093032621, [retrieved on 20230317] *

Also Published As

Publication number Publication date
CN113691376B (zh) 2022-04-26
CN113691376A (zh) 2021-11-23

Similar Documents

Publication Publication Date Title
US10903991B1 (en) Systems and methods for generating signatures
CN108989050B (zh) 一种无证书数字签名方法
Barsoum et al. Enabling dynamic data and indirect mutual trust for cloud computing storage systems
CN112039872A (zh) 基于区块链的跨域匿名认证方法及系统
US20190089546A1 (en) System and method for distribution of identity based key material and certificate
US20080133906A1 (en) Efficient security information distribution
CN112187450B (zh) 密钥管理通信的方法、装置、设备及存储介质
CN114697040B (zh) 一种基于对称密钥的电子签章方法和系统
CN113612610B (zh) 一种会话密钥协商方法
CN111934884B (zh) 一种证书管理方法及装置
CN113872760A (zh) 一种sm9秘钥基础设施及安全系统
Yang et al. Privacy-preserving cloud auditing for multiple users scheme with authorization and traceability
CN110719167B (zh) 一种基于区块链的带时效性的签密方法
CN115766028A (zh) 一种基于sm2的无证书协同签名方法
CN111049649A (zh) 一种基于标识密码的零交互密钥协商安全增强协议
Liu et al. Efficient decentralized access control for secure data sharing in cloud computing
Gao et al. An efficient certificateless public auditing scheme in cloud storage
Eltayieb et al. A certificateless proxy re-encryption scheme for cloud-based blockchain
CN114520726A (zh) 基于区块链数据的处理方法和装置、处理器及电子设备
WO2023010688A1 (zh) 一种密钥管理方法及装置
GB2543359A (en) Methods and apparatus for secure communication
CN110572257B (zh) 基于身份的数据来源鉴别方法和系统
CN116389111A (zh) 基于标识的强权限控制模式下联盟链身份认证方式
KR101256114B1 (ko) 다수의 mac검증서버에 의한 메시지인증코드 검증 방법 및 시스템
Yang et al. Public auditing scheme for cloud data with user revocation and data dynamics

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21952554

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14.05.2024)