CN110351090B - Group signature digital certificate revoking method and device, storage medium and electronic equipment - Google Patents
Group signature digital certificate revoking method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN110351090B CN110351090B CN201910447511.0A CN201910447511A CN110351090B CN 110351090 B CN110351090 B CN 110351090B CN 201910447511 A CN201910447511 A CN 201910447511A CN 110351090 B CN110351090 B CN 110351090B
- Authority
- CN
- China
- Prior art keywords
- group signature
- target
- digital certificate
- random number
- revoke
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present disclosure relates to the field of computer technologies, and in particular, to a group signature digital certificate revoking method and apparatus, a storage medium, and an electronic device. The method comprises the following steps: responding to a target group signature digital certificate revoking request, and acquiring a target random number corresponding to the target group signature digital certificate; performing a first hash operation on the target random number to obtain a target abstract; performing group signature on the target abstract by running a group signature algorithm through a private key of a group member revoking the target group signature digital certificate to obtain a revoke group signature revoking the target group signature digital certificate; and publishing the target random number and the revoke group signature so as to revoke the target group signature digital certificate. The present disclosure provides a target group signature digital certificate revoking method which hides group members revoking target group signature digital certificates, and the method is simple and easy to implement.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a group signature digital certificate revoking method and apparatus, a storage medium, and an electronic device.
Background
With the continuous development of electronic technology and network technology, people have stronger and stronger dependence on networks, especially communication technology becomes an indispensable part of people's lives, and network and information security are increasingly concerned with the development of technology. In the group signature system, group members form a group, each group member has a different private key, and the private key corresponds to a unique group public key in the group. Any one group member of the group may issue a group-signed digital certificate on behalf of the group, and the verifier may verify the group-signed digital certificate using the group public key, but may not be able to determine the identity of the group member issuing the group-signed digital certificate.
Because the group-signed digital certificate hides the group member issuing the group-signed digital certificate, it cannot be revoked by conventional verification of the signature of the group member issuing the group-signed digital certificate.
In summary, it is a desirable problem to provide a method for anonymously revoking a group-signed digital certificate.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The present disclosure is directed to a method and an apparatus for revoking a group signature digital certificate, a storage medium, and an electronic device, and provides a method for revoking a group signature digital certificate anonymously.
According to one aspect of the present disclosure, there is provided a group signature digital certificate revoking method applied to a block chain, including:
responding to a target group signature digital certificate revoking request, and acquiring a target random number corresponding to the target group signature digital certificate;
performing a first hash operation on the target random number to obtain a target abstract;
performing group signature on the target abstract by running a group signature algorithm through a private key of a group member revoking the target group signature digital certificate to obtain a revoke group signature revoking the target group signature digital certificate;
and publishing the target random number and the revoke group signature so as to revoke the target group signature digital certificate.
In an exemplary embodiment of the present disclosure, the method further comprises:
generating a group signature digital certificate in response to a target group signature digital certificate generation request;
acquiring the target random number, and performing second hash operation on the target random number to obtain identification information;
and generating the target group signature digital certificate according to the identification information and the group signature digital certificate.
In an exemplary embodiment of the present disclosure, the method further comprises:
responding to a validity verification request of revoking the target group signature digital certificate, and acquiring the published revoke group signature and the target random number;
verifying the revoke group signature through a group public key, the revoke group signature and the target random number;
if the verification of the revoke group signature passes, performing the second hash operation on the target random number to obtain identification information to be compared;
judging whether the identification information in the target group signature digital certificate is the same as the identification information to be compared;
and if so, determining that the revoking of the target group signature digital certificate is legal.
In an exemplary embodiment of the present disclosure, the obtaining the target random number and performing a second hash operation on the target random number to obtain identification information includes:
acquiring the target random number, and performing a first sub-hash operation on the target random number to obtain first identification information;
performing a second sub-hash operation on the target random number to obtain second identification information;
the generating the target group signature digital certificate according to the identification information and the group signature digital certificate comprises:
and generating the target group signature digital certificate according to the first identification information, the second identification information and the group signature digital certificate.
In an exemplary embodiment of the present disclosure, the method further comprises:
responding to a validity verification request of revoking the target group signature digital certificate, and acquiring the published revoke group signature and the target random number;
verifying the revoke group signature through a group public key, the revoke group signature and the target random number;
if the revoke group signature passes verification, performing the first sub-hash operation on the target random number to obtain first identification information to be compared, and performing the second sub-hash operation on the target random number to obtain second identification information to be compared;
judging whether first identification information in the target group signature digital certificate is the same as the first identification information to be compared or not and whether second identification information in the target group signature digital certificate is the same as the second identification information to be compared or not;
and if the verification result is the same, determining that the revoking of the target group signature digital certificate is legal.
In an exemplary embodiment of the present disclosure, the verifying the revoke group signature by the group public key, the revoke group signature, and the target random number includes:
decrypting the revoke group signature through a group public key to obtain the target abstract;
performing the first hash operation on the target random number to obtain an abstract to be compared;
matching the target abstract with the abstract to be compared;
if the verification result is matched with the verification result, the verification result is confirmed to pass through the revoke group signature;
and if not, determining that the revoke group signature is not verified.
According to one aspect of the present disclosure, there is provided a group signature digital certificate revoking device applied to a block chain, including:
the first acquisition module is used for responding to a revoking request of a target group signature digital certificate and acquiring a target random number corresponding to the target group signature digital certificate;
the first operation module is used for performing first hash operation on the target random number to obtain a target abstract;
the signature module is used for carrying out group signature on the target abstract by running a group signature algorithm through a private key of a group member who revokes the target group signature digital certificate so as to obtain a revoke group signature which revokes the target group signature digital certificate;
and the publishing revoke module is used for publishing the target random number and the revoke group signature so as to revoke the target group signature digital certificate.
In an exemplary embodiment of the present disclosure, the apparatus further includes:
the first generation module is used for responding to a target group signature digital certificate generation request and generating a group signature digital certificate;
the second operation module is used for acquiring the target random number and performing second hash operation on the target random number to obtain identification information;
and the second generation module is used for generating the target group signature digital certificate according to the identification information and the group signature digital certificate.
According to an aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the group signature digital certificate revocation method of any one of the above.
According to an aspect of the present disclosure, there is provided an electronic device including:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the group signature digital certificate revoking method of any one of the above via execution of the executable instructions.
The disclosure provides a group signature digital certificate revoking method and device, a storage medium and electronic equipment. The method comprises the steps of carrying out first Hash operation on a target random number corresponding to a target group signature digital certificate to obtain a target abstract, carrying out group signature on the target abstract by a private key of a group member who revokes the target group signature digital certificate to obtain an revoke group signature, and publishing the revoke group signature and the target random number to realize revoke of the target group signature digital certificate. The group signature algorithm is operated by the private key of the group member who revokes the target group signature digital certificate to perform group signature on the target abstract generated by the target random number corresponding to the target group signature digital certificate so as to obtain the revoke group signature, so that the anonymous revoke of the target group signature digital certificate is realized, and the revoke mode of the target group signature digital certificate of the group member who hides the revoke target group signature digital certificate is provided, and is simple and easy to execute.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The above and other features and advantages of the present disclosure will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty. In the drawings:
FIG. 1 is a flow chart of a group signature digital certificate revocation method provided in an exemplary embodiment of the present disclosure;
FIG. 2 is a flow chart of generating a target group signature digital certificate as provided in an exemplary embodiment of the present disclosure;
FIG. 3 is a first flowchart illustrating a method for verifying the legitimacy of a target group signed digital certificate revocation provided in an exemplary embodiment of the present disclosure;
FIG. 4 is a flowchart II of verifying the legitimacy of a target group signed digital certificate revocation, as provided in an exemplary embodiment of the present disclosure;
FIG. 5 is a block diagram of a group signature digital certificate revocation apparatus provided in an exemplary embodiment of the present disclosure;
FIG. 6 is a block diagram of an electronic device in an exemplary embodiment of the present disclosure;
fig. 7 is a schematic diagram of a program product in an exemplary embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the embodiments of the disclosure can be practiced without one or more of the specific details, or with other methods, components, materials, devices, steps, and so forth. In other instances, well-known structures, methods, devices, implementations, materials, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. That is, these functional entities may be implemented in the form of software, or in one or more software-hardened modules, or in different networks and/or processor devices and/or microcontroller devices.
First, in this exemplary embodiment, a group signature digital certificate revoking method is disclosed, which is applied to a blockchain, where the blockchain may be deployed in a plurality of servers, and referring to fig. 1, the group signature digital certificate revoking method may include the following steps:
step S110, responding to a revoking request of a target group signature digital certificate, and acquiring a target random number corresponding to the target group signature digital certificate;
step S120, performing a first hash operation on the target random number to obtain a target abstract;
step S130, performing group signature on the target abstract by using a group signature algorithm operated by a private key of a group member revoking the target group signature digital certificate to obtain a revoke group signature revoking the target group signature digital certificate;
step S140, publishing the target random number and the revoke group signature to revoke the target group signature digital certificate.
According to the group signature digital certificate revoking method in the exemplary embodiment, since the group signature is performed on the target digest generated by the target random number corresponding to the target group signature digital certificate by the group signature algorithm run by the private key of the group member revoking the target group signature digital certificate to obtain the revoke group signature, the anonymous revoke of the target group signature digital certificate is realized, and a target group signature digital certificate revoking manner of the group member hiding the revoke target group signature digital certificate is provided, and the manner is simple and easy to execute.
Next, referring to fig. 1, the group signature digital certificate revoking method in the present exemplary embodiment will be further explained.
In step S110, a target random number corresponding to the target group signature digital certificate is acquired in response to the target group signature digital certificate revoke request.
In the embodiment of the present application, first, a process of generating a target group signature digital certificate is described with reference to fig. 2, and as shown in fig. 2, the process of generating a target group signature digital certificate may include the following steps:
step S210 is to generate a group signature digital certificate in response to the target group signature digital certificate generation request.
In an embodiment of the present application, the blockchain invokes an intelligent contract to run a group construction algorithm to generate a group public key and a group administrator private key. Each group member obtains its own private key by registering with the group administrator. When a group member issues a target group-signed digital certificate to a user, the blockchain generates a group-signed digital certificate by the group member's CA (e-commerce certificate authority).
Step S220, the target random number is obtained, and second hash operation is carried out on the target random number to obtain identification information.
In this embodiment, the block chain obtains a target random number, and the specific content of the target random number may be set by itself, which is not particularly limited in this exemplary embodiment. The specific type of the second hash operation may be set by a developer, and this is not particularly limited in this exemplary embodiment. For example, the second hash operation may be SHA256 or SM3, and the exemplary embodiment is not particularly limited in this respect. And determining data obtained after the second hash operation is performed on the target random number as identification information.
Step S230, generating the target group signature digital certificate according to the identification information and the group signature digital certificate.
In an embodiment of the present application, the identification information may be stored in an extended field of the group-signed digital certificate to generate the target group-signed digital certificate. The group signature digital certificate can also be marked through the identification information, and the marked group signature digital certificate is determined as a target group signature digital certificate. After the target group signature digital certificate is generated, the target group signature digital certificate is associated with the target random number and then published.
Based on this, when the block link receives the target group signature digital certificate revoke request, the published target random number corresponding to the target group signature digital certificate is obtained in response to the target group signature digital certificate revoke request.
In step S120, a first hash operation is performed on the target random number to obtain a target digest.
In this embodiment, a specific type of the first hash operation may be set by itself, and this is not particularly limited in this exemplary embodiment. And determining data obtained after the first hash operation is carried out on the target random number as a target abstract.
In step S130, a group signature algorithm is run by a private key of a group member revoking the target group signature digital certificate to perform group signature on the target digest, so as to obtain an revoke group signature revoking the target group signature digital certificate.
In the embodiment of the application, a private key of a group member of the revoke target group signature digital certificate is obtained, and a group signature algorithm is called and operated through the private key to perform group signature on the target abstract, so that the revoke group signature of the revoke target group signature digital certificate is obtained.
It is noted that the group signature algorithm is performed by the private key of the group member to obtain the group signature, which is not the group member's own signature here. The private keys of all group members are different, the group members only call the group signature algorithm according to the private keys of the group members, and the final signature is not the own signature of the group members but the signatures of all the group members, namely the group signature. The group signature may be decrypted with the group public key, while the identity of the group members who run the group signature algorithm with the private key to perform the revoke may be hidden.
In step S140, the target random number and the revoke group signature are published to revoke the target group signature digital certificate. In the embodiment of the application, the target random number and the revoke group signature are associated and then published so as to complete revoking of the target group signature digital certificate.
Further, to verify the validity of the revocation of the target group signed digital certificate, as shown in fig. 3, the method may further include:
step S310, responding to the validity verification request of revoking the target group signature digital certificate, and acquiring the published revoke group signature and the target random number. In an embodiment of the present application, the published target random number is a target random number associated with an revoke group signature.
Step S320, verifying the revoke group signature through the group public key, the revoke group signature, and the published target random number.
In the embodiment of the application, firstly, the revoke group signature is decrypted through a group public key to obtain the target abstract, then, the first hash operation is carried out on the published target random number to obtain a to-be-compared abstract, and finally, the target abstract is matched with the to-be-compared abstract; if the verification result is matched with the verification result, the verification result is confirmed to pass through the revoke group signature; and if not, determining that the revoke group signature is not verified.
And step S330, if the revoke group signature passes the verification, performing the second hash operation on the published target random number to obtain identification information to be compared. In the embodiment of the application, if the revoke group signature passes verification, a second hash operation is performed on the published target random number, and an obtained result is determined as the identification information to be compared.
Step S340, determining whether the identification information in the target group signature digital certificate is the same as the identification information to be compared. In the embodiment of the application, the identification information in the target group signature digital certificate is matched with the identification information to be compared, whether the identification information in the target group signature digital certificate is the same as the identification information to be compared is judged according to a matching result, if the identification information in the target group signature digital certificate is matched with the identification information to be compared, the identification information in the target group signature digital certificate is the same as the identification information to be compared, and if the identification information in the target group signature digital certificate is not matched with the identification information to be compared, the identification information in the target group signature digital certificate is not the same as the identification information to be compared.
And step S350, if the verification result is the same, determining that the revoking of the target group signature digital certificate is legal. In the embodiment of the application, if the identification information in the group signature digital certificate is the same as the identification information to be compared, it is determined that revoking of the target group signature digital certificate is legal.
As can be seen from the above, in the process of verifying the validity of revoking the target group signature digital certificate, the revoke group signature is verified through the group public key, the second hash operation is performed on the published target random number to obtain the identification information to be compared, and the validity of revoking the target group signature digital certificate is verified according to the identification information to be compared and the identification information in the target group signature digital certificate, so that on the basis of verifying the validity of revoking the target group signature digital certificate, the group members who revoke the target group signature digital certificate are also hidden, that is, the group members who revoke the target group signature digital certificate cannot verify the group members in the verification process.
Further, in order to ensure the security and the validity of the revoking operation of the target group signature digital certificate, the obtaining the target random number and performing a second hash operation on the target random number to obtain the identification information may include: acquiring the target random number, and performing a first sub-hash operation on the target random number to obtain first identification information; and performing second sub-hash operation on the target random number to obtain second identification information. It should be noted that the first sub-hash operation and the second sub-hash operation are different in type. Based on this, the generating the target group-signed digital certificate from the identification information and the group-signed digital certificate may include: and generating the target group signature digital certificate according to the first identification information, the second identification information and the group signature digital certificate. In an embodiment of the present application, the first identification information and the second identification information may be stored in an extended field of the group-signed digital certificate to generate the target group-signed digital certificate. The group signature digital certificate can be marked by the first identification information and the second identification information, and the marked group signature digital certificate is determined as a target group signature digital certificate. After the target group signature digital certificate is generated, the target group signature digital certificate is associated with the target random number and then published.
According to the method, the first Hash sub-operation and the second Hash sub-operation are respectively carried out on the target random number to obtain the first identification information and the second identification information, the digital certificate in front of the target group is generated according to the first identification information, the second identification information and the group signature digital certificate, the difficulty of decoding the first identification information and the second identification information is greatly increased due to the adoption of two different Hash operations, and the safety and the legality of the revoking operation of the target group signature digital certificate are guaranteed.
Based on this, as shown in fig. 4, the process of verifying the validity of the target group signature digital certificate revocation may include the steps of:
step S410, responding to the validity verification request of revoking the target group signature digital certificate, and acquiring the published revoke group signature and the target random number. Since this step has already been explained above, it is not described here in detail.
Step S420, the revoke group signature is verified through the group public key, the revoke group signature and the published target random number. Since this step has already been explained above, it is not described here in detail.
Step S430, if the revoke group signature passes the verification, performing the first sub-hash operation on the published target random number to obtain first identification information to be compared, and performing the second sub-hash operation on the published target random number to obtain second identification information to be compared. The first sub-hash operation and the second sub-hash operation are of different types.
Step S440, determining whether the first identification information in the target group signature digital certificate is the same as the first identification information to be compared, and whether the second identification information in the target group signature digital certificate is the same as the second identification information to be compared. In the embodiment of the present application, the first identification information in the target group signature digital certificate is matched with the first identification information to be compared, so as to determine whether the first identification information in the target group signature digital certificate is the same as the first identification information to be compared. And judging whether the second identification information in the target group signature digital certificate is the same as the second identification information to be compared or not by matching the second identification information in the target group signature digital certificate with the second identification information to be compared.
And S450, if the verification result is the same, determining that the revoking of the target group signature digital certificate is legal.
In this embodiment of the present application, if first identification information in the target group signature digital certificate is the same as first identification information to be compared, and second identification information in the target group signature digital certificate is the same as second identification information to be compared, it is determined that revoking of the target group signature digital certificate is legal.
In summary, the group signature algorithm is operated by the private key of the group member who revokes the target group signature digital certificate to perform group signature on the target digest generated by the target random number corresponding to the target group signature digital certificate so as to obtain the revoke group signature, that is, the group member who revokes the target group signature digital certificate is hidden, so that anonymous revoke of the target group signature digital certificate is realized, and a method for revoking the target group signature digital certificate of the group member who hides the revoke target group signature digital certificate is provided, and the method is simple and easy to implement.
It should be noted that although the various steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that these steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
In an exemplary embodiment of the present disclosure, there is also provided a group signature digital certificate revoking apparatus, as shown in fig. 5, the group signature digital certificate revoking apparatus 500 may include: a first obtaining module 501, a first operation module 502, a signature module 503, and a publishing revoke module 504, wherein:
a first obtaining module 501, configured to respond to a target group signature digital certificate revoke request, and obtain a target random number corresponding to the target group signature digital certificate;
a first operation module 502, configured to perform a first hash operation on the target random number to obtain a target digest;
the signature module 503 is configured to perform group signature on the target digest by running a group signature algorithm through a private key of a group member revoking the target group signature digital certificate, so as to obtain a revoke group signature revoking the target group signature digital certificate;
a publishing revoke module 504, configured to publish the target random number and the revoke group signature, so as to revoke the target group signature digital certificate.
In an exemplary embodiment of the present disclosure, the apparatus 500 may further include:
the first generation module is used for responding to a target group signature digital certificate generation request and generating a group signature digital certificate;
the second operation module is used for acquiring the target random number and performing second hash operation on the target random number to obtain identification information;
and the second generation module is used for generating the target group signature digital certificate according to the identification information and the group signature digital certificate.
In an exemplary embodiment of the present disclosure, the apparatus 500 may further include:
the second acquisition module is used for responding to a validity verification request for revoking the target group signature digital certificate and acquiring the published revoke group signature and the target random number;
the first verification module is used for verifying the revoke group signature through a group public key, the revoke group signature and the published target random number;
the third operation module is used for performing the second hash operation on the published target random number to obtain identification information to be compared if the revoke group signature passes the verification;
the first judgment module is used for judging whether the identification information in the target group signature digital certificate is the same as the identification information to be compared;
and the first determining module is used for determining that the revoking of the target group signature digital certificate is legal if the target group signature digital certificate is the same as the target group signature digital certificate.
In an exemplary embodiment of the present disclosure, the second operation module may include:
the first operation unit is used for acquiring the target random number and performing first sub-hash operation on the target random number to obtain first identification information;
the second operation unit is used for performing second sub-hash operation on the target random number to obtain second identification information;
the second generating module is specifically configured to generate the target group-signed digital certificate according to the first identification information, the second identification information, and the group-signed digital certificate.
In an exemplary embodiment of the present disclosure, the apparatus 500 may further include:
a third obtaining module, configured to respond to a validity verification request for revoking the target group signature digital certificate, and obtain the published revoke group signature and the target random number;
the second verification module is used for verifying the revoke group signature through the group public key, the revoke group signature and the published target random number;
the fourth operation module is used for performing the first sub-hash operation on the published target random number to obtain first identification information to be compared if the revoke group signature passes the verification, and performing the second sub-hash operation on the published target random number to obtain second identification information to be compared;
a second judging module, configured to judge whether first identification information in the target group signature digital certificate is the same as the first identification information to be compared, and whether second identification information in the target group signature digital certificate is the same as the second identification information to be compared;
and the second determining module is used for determining that the revoking of the target group signature digital certificate is legal if the target group signature digital certificate is the same as the target group signature digital certificate.
In an exemplary embodiment of the present disclosure, the second authentication module and the first authentication module may each include:
the decryption unit is used for decrypting the revoke group signature through a group public key to obtain the target abstract;
the operation unit is used for performing the first hash operation on the target random number to obtain an abstract to be compared;
the matching unit is used for matching the target abstract with the abstract to be compared;
the first determining unit is used for determining that the revoke group signature passes verification if the revoke group signature is matched with the revoke group signature;
and the second determination unit is used for determining that the suspension pin group signature is not verified if the suspension pin group signature is not matched.
The specific details of each group signature digital certificate revoking device module are already described in detail in the corresponding group signature digital certificate revoking method, and therefore are not described herein again.
It should be noted that although in the above detailed description several modules or units of the apparatus for performing are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
In an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 600 according to this embodiment of the invention is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 6, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: the at least one processing unit 610, the at least one memory unit 620, a bus 630 connecting different system components (including the memory unit 620 and the processing unit 610), and a display unit 640.
Wherein the storage unit stores program code that is executable by the processing unit 610 to cause the processing unit 610 to perform steps according to various exemplary embodiments of the present invention as described in the above section "exemplary methods" of the present specification. For example, the processing unit 610 may execute step S110 shown in fig. 1, in response to a target group signature digital certificate revoke request, acquiring a target random number corresponding to the target group signature digital certificate; step S120, performing a first hash operation on the target random number to obtain a target abstract; step S130, performing group signature on the target abstract by using a group signature algorithm operated by a private key of a group member revoking the target group signature digital certificate to obtain a revoke group signature revoking the target group signature digital certificate; step S140, publishing the target random number and the revoke group signature to revoke the target group signature digital certificate.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 600 may also communicate with one or more external devices 670 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. As shown, the network adapter 660 communicates with the other modules of the electronic device 600 over the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
Referring to fig. 7, a program product 700 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is to be limited only by the terms of the appended claims.
Claims (8)
1. A group signature digital certificate revoking method is applied to a block chain and is characterized by comprising the following steps:
generating a group signature digital certificate in response to a target group signature digital certificate generation request;
acquiring a target random number, and performing second hash operation on the target random number to obtain identification information;
generating a target group signature digital certificate according to the identification information and the group signature digital certificate;
responding to a target group signature digital certificate revoking request, and acquiring a target random number corresponding to the target group signature digital certificate;
performing a first hash operation on the target random number to obtain a target abstract;
performing group signature on the target abstract by running a group signature algorithm through a private key of a group member revoking the target group signature digital certificate to obtain a revoke group signature revoking the target group signature digital certificate;
and publishing the target random number and the revoke group signature so as to revoke the target group signature digital certificate.
2. The group signature digital certificate revocation method of claim 1, wherein said method further comprises:
responding to a validity verification request of revoking the target group signature digital certificate, and acquiring the published revoke group signature and the target random number;
verifying the revoke group signature through a group public key, the revoke group signature and the published target random number;
if the verification of the revoke group signature passes, performing the second hash operation on the published target random number to obtain identification information to be compared;
judging whether the identification information in the target group signature digital certificate is the same as the identification information to be compared;
and if so, determining that the revoking of the target group signature digital certificate is legal.
3. The method of claim 1, wherein the obtaining the target random number and performing a second hash operation on the target random number to obtain identification information comprises:
acquiring the target random number, and performing a first sub-hash operation on the target random number to obtain first identification information;
performing a second sub-hash operation on the target random number to obtain second identification information;
the generating the target group signature digital certificate according to the identification information and the group signature digital certificate comprises:
and generating the target group signature digital certificate according to the first identification information, the second identification information and the group signature digital certificate.
4. The group signature digital certificate revocation method of claim 3, wherein said method further comprises:
responding to a validity verification request of revoking the target group signature digital certificate, and acquiring the published revoke group signature and the target random number;
verifying the revoke group signature through a group public key, the revoke group signature and the published target random number;
if the revoke group signature passes verification, performing the first sub-hash operation on the published target random number to obtain first identification information to be compared, and performing the second sub-hash operation on the published target random number to obtain second identification information to be compared;
judging whether first identification information in the target group signature digital certificate is the same as the first identification information to be compared or not and whether second identification information in the target group signature digital certificate is the same as the second identification information to be compared or not;
and if the verification result is the same, determining that the revoking of the target group signature digital certificate is legal.
5. The group signature digital certificate revocation method according to claim 2 or 4, wherein said verifying the revocation group signature by a group public key, the revocation group signature, and the published target random number comprises:
decrypting the revoke group signature through a group public key to obtain the target abstract;
performing the first hash operation on the published target random number to obtain an abstract to be compared;
matching the target abstract with the abstract to be compared;
if the verification result is matched with the verification result, the verification result is confirmed to pass through the revoke group signature;
and if not, determining that the revoke group signature is not verified.
6. The utility model provides a group signature digital certificate revokes device, is applied to the block chain, its characterized in that includes:
the first generation module is used for responding to a target group signature digital certificate generation request and generating a group signature digital certificate;
the second operation module is used for acquiring a target random number and performing second hash operation on the target random number to obtain identification information;
the second generation module is used for generating a target group signature digital certificate according to the identification information and the group signature digital certificate;
the first acquisition module is used for responding to a revoking request of a target group signature digital certificate and acquiring a target random number corresponding to the target group signature digital certificate;
the first operation module is used for performing first hash operation on the target random number to obtain a target abstract;
the signature module is used for carrying out group signature on the target abstract by running a group signature algorithm through a private key of a group member who revokes the target group signature digital certificate so as to obtain a revoke group signature which revokes the target group signature digital certificate;
and the publishing revoke module is used for publishing the target random number and the revoke group signature so as to revoke the target group signature digital certificate.
7. A computer-readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the group signature digital certificate revocation method of any of claims 1 to 5.
8. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the group signature digital certificate revocation method of any of claims 1-5 via execution of the executable instructions.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910447511.0A CN110351090B (en) | 2019-05-27 | 2019-05-27 | Group signature digital certificate revoking method and device, storage medium and electronic equipment |
| PCT/CN2019/103431 WO2020237879A1 (en) | 2019-05-27 | 2019-08-29 | Method and apparatus for revoking group-signed digital certificate, storage medium, and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910447511.0A CN110351090B (en) | 2019-05-27 | 2019-05-27 | Group signature digital certificate revoking method and device, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110351090A CN110351090A (en) | 2019-10-18 |
| CN110351090B true CN110351090B (en) | 2021-04-27 |
Family
ID=68174075
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910447511.0A Active CN110351090B (en) | 2019-05-27 | 2019-05-27 | Group signature digital certificate revoking method and device, storage medium and electronic equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110351090B (en) |
| WO (1) | WO2020237879A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114172668B (en) * | 2022-02-10 | 2022-07-05 | 亿次网联(杭州)科技有限公司 | Group member management method and system based on digital certificate |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001006701A1 (en) * | 1999-07-15 | 2001-01-25 | Sudia Frank W | Certificate revocation notification systems |
| WO2001011843A1 (en) * | 1999-08-06 | 2001-02-15 | Sudia Frank W | Blocked tree authorization and status systems |
| FR2940726A1 (en) * | 2008-12-30 | 2010-07-02 | France Telecom | GROUP SIGNATURE WITH LOCAL REVOCATION CHECK WITH ANONYMAT LIFTING CAPACITY |
| CN101977110B (en) * | 2010-10-09 | 2012-08-29 | 北京航空航天大学 | Group signature method based on elliptic curve |
| DE102014204044A1 (en) * | 2014-03-05 | 2015-09-10 | Robert Bosch Gmbh | Procedure for revoking a group of certificates |
| US10326602B2 (en) * | 2015-09-18 | 2019-06-18 | Virginia Tech Intellectual Properties, Inc. | Group signatures with probabilistic revocation |
| CN106453222B (en) * | 2016-07-15 | 2020-01-17 | 海智(天津)大数据服务有限公司 | Electronic license management method based on ELA electronic license node network system |
| CN109064169B (en) * | 2018-07-13 | 2020-11-06 | 杭州复杂美科技有限公司 | Transaction method, apparatus and storage medium |
| CN109344257B (en) * | 2018-10-24 | 2024-05-24 | 平安科技(深圳)有限公司 | Text emotion recognition method and device, electronic equipment and storage medium |
| CN109740321B (en) * | 2018-12-25 | 2020-03-31 | 北京深思数盾科技股份有限公司 | Method for revoking manager lock of encryption machine, encryption machine and manufacturer server |
-
2019
- 2019-05-27 CN CN201910447511.0A patent/CN110351090B/en active Active
- 2019-08-29 WO PCT/CN2019/103431 patent/WO2020237879A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| CN110351090A (en) | 2019-10-18 |
| WO2020237879A1 (en) | 2020-12-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108259438B (en) | Authentication method and device based on block chain technology | |
| US8954732B1 (en) | Authenticating third-party programs for platforms | |
| US8898764B2 (en) | Authenticating user through web extension using token based authentication scheme | |
| US8875269B2 (en) | User initiated and controlled identity federation establishment and revocation mechanism | |
| US9455838B2 (en) | Creating a digital certificate for a service using a local certificate authority having temporary signing authority | |
| CN111291339B (en) | Method, device, equipment and storage medium for processing blockchain data | |
| US20130031371A1 (en) | Software Run-Time Provenance | |
| US10990428B2 (en) | Virtual machine integrity | |
| US10447467B2 (en) | Revocable PKI signatures | |
| US20090288155A1 (en) | Determining an identity of a third-party user in an saml implementation of a web-service | |
| US9118485B2 (en) | Using an OCSP responder as a CRL distribution point | |
| KR20130114651A (en) | Trustworthy device claims as a service | |
| CN114172663B (en) | Business right determining method and device based on block chain, storage medium and electronic equipment | |
| US9166970B1 (en) | Dynamic framework for certificate application configuration | |
| CN115361233A (en) | Block chain-based electronic document signing method, device, equipment and medium | |
| CN115460019B (en) | Method, apparatus, device and medium for providing digital identity-based target application | |
| CN112887080B (en) | SM 2-based key generation method and system | |
| CN113360217A (en) | Rule engine SDK calling method and device and storage medium | |
| CN110351090B (en) | Group signature digital certificate revoking method and device, storage medium and electronic equipment | |
| CN116132071B (en) | Identity authentication method and device for identification analysis node based on blockchain | |
| CN115964733B (en) | Block chain-based data sharing method and device, electronic equipment and storage medium | |
| CN111598544A (en) | Method and apparatus for processing information | |
| CN114567446B (en) | Login authentication method and device, electronic equipment and storage medium | |
| CN114978551B (en) | Access token issuing method, access token obtaining method, access token issuing device, access token obtaining system, access token issuing equipment and access token issuing medium | |
| US12003655B1 (en) | Cryptographic assertions for certificate issuance |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |