[go: up one dir, main page]

CN102546173B - Digital signature system and signature method based on certificate - Google Patents

Digital signature system and signature method based on certificate Download PDF

Info

Publication number
CN102546173B
CN102546173B CN201110426475.3A CN201110426475A CN102546173B CN 102546173 B CN102546173 B CN 102546173B CN 201110426475 A CN201110426475 A CN 201110426475A CN 102546173 B CN102546173 B CN 102546173B
Authority
CN
China
Prior art keywords
user
certificate
signature
module
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201110426475.3A
Other languages
Chinese (zh)
Other versions
CN102546173A (en
Inventor
李继国
王芝伟
张亦辰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hohai University HHU
Original Assignee
Hohai University HHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hohai University HHU filed Critical Hohai University HHU
Priority to CN201110426475.3A priority Critical patent/CN102546173B/en
Publication of CN102546173A publication Critical patent/CN102546173A/en
Application granted granted Critical
Publication of CN102546173B publication Critical patent/CN102546173B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开一种基于证书的数字签名系统,包括系统参数设置模块、用户密钥产生模块、用户证书认证模块、签名模块和验证模块;系统参数设置模块生成系统主密钥和系统公开参数,公开参数发送给其它模块;用户密钥产生模块生成各个用户的公钥和私钥对;用户证书认证模块对用户的身份和公钥进行签名,产生用户的证书并发送给签名模块;签名模块对消息进行签名并发送给验证模块;验证模块对签名模块产生的签名的有效性进行验证。此系统可在保证安全性的前提下具有较小的计算代价和通信代价,提高系统的运行效率;可降低基于证书的数字签名方法的计算代价和通信代价,提高基于证书的数字签名方法的运算效率。本发明还公开一种基于证书的数字签名方法。

The invention discloses a certificate-based digital signature system, which includes a system parameter setting module, a user key generation module, a user certificate authentication module, a signature module and a verification module; the system parameter setting module generates a system master key and system public parameters, and discloses The parameters are sent to other modules; the user key generation module generates the public key and private key pair of each user; the user certificate authentication module signs the user's identity and public key, generates the user's certificate and sends it to the signature module; the signature module Make a signature and send it to the verification module; the verification module verifies the validity of the signature generated by the signature module. This system can have a small calculation cost and communication cost under the premise of ensuring security, and improve the operating efficiency of the system; it can reduce the calculation cost and communication cost of the certificate-based digital signature method, and improve the operation of the certificate-based digital signature method efficiency. The invention also discloses a certificate-based digital signature method.

Description

Digital signature system based on certificate and endorsement method
Technical field
The present invention relates to the digital signature technology of network security, refer to especially a kind of digital signature system based on certificate and digital signature method safely and efficiently.
Background technology
Along with the develop rapidly of computer network and the communication technology, the mankind progressively march toward informationized society, and digitlization, networking will become the basic platform that global IT application is new.In social informatization process, the development of the Internet is very easy to people's study, work and life, and computer application has been penetrated into the every field of the societies such as politics, economy, military affairs, science and culture and family life.Unconsciously, information becomes most important a kind of resource and wealth, but because the processes such as the transmission of information, storage, processing are carried out often on open communication network, so information is easily subject to the threat of the various attack means such as eavesdropping, intercepting, amendment, forgery, playback.
Digital signature is as ensureing one of means of the network information security, can effectively solve in network information transfer and forge, deny, pretend to be and distort problem, it is one of core technology realizing electronic safety transaction, there is important effect at aspects such as the fail safe, authenticity and the non repudiations that ensure to conclude the business, because of but one of information security core technology all has important using value in fields such as encryption key distribution, e-bank, electronics security, e-commerce and e-governments.
Traditional digital signature system is based on PKIX, what adopt is the authentication mode of certificate, the certificate of issuing by authenticating authority mechanism (CA) is realized the binding of client public key and identity information, thereby ensures the authentic and valid of client public key.Certificate management comprises the cancelling of certificate, stores, renewal etc., needs very large amount of calculation and storage capacity, particularly certificate revocation problem.In addition, traditional PKI technology also exists third party to inquire problem.So-called third party's inquiry, refers to that third party is before certain user's of use PKI, and the certificate status that need to inquire to CA this user, with the true and validity of verification public key.This method expends the plenty of time, space and calculating, is once becoming the obstacle of common key cryptosystem development.
In order to simplify the problems such as the administration overhead of digital certificate, first Shamir in 1984 have proposed the concept of the cryptographic system based on identity.Based on the cryptographic system of identity, do not need to preserve each user's public key certificate, also store all users' PKI without the need for a public file, each user's PKI is directly to be generated by his identity, user's identity can be his name, telephone number, ID card No., mailing address or E-mail address etc., and user's private key is to produce by trusted party (PKG) is unified.Although the cryptographic system based on identity has overcome the certificate management problem existing in conventional public-key cryptographic system, but owing to still needing a trusted party to produce and issue user's private key, thereby exist intrinsic key escrow, it is the private key that trusted party is known any user, thereby can eavesdrop any user's communication, and then can decipher any user's ciphertext or forge any user's signature.
In order to overcome the key escrow in the cryptographic system based on identity, Gentry has proposed the public-key cryptosystem (CBC:Certificate-based Cryptography) of the system of a new public key cryptography-based on certificate in European cryptography meeting in 2003, this system is by the advantages of traditional public-key cryptosystem and the cryptographic system based on identity, eliminate the certification authentication process of high cost, and do not had the hidden danger of key escrow.Certificate in public-key cryptosystem based on certificate has the repertoire of certificate in conventional public-key cryptographic system, and in deciphering and signature process as the part of private key, thereby encrypt and signature-verification process in do not exist the third party of certificate status inquired.And in the public-key cryptosystem based on certificate, the transmission of certificate does not need by safe lane, does not have the problem of key distribution.Although the research of the digital signature scheme based on certificate makes progress to some extent, more or less there are some problem and shortage at the aspect such as security intensity, operational efficiency in the current digital signature method based on certificate.
Based on above analysis, the inventor carries out Improvement for the existing digital signature method based on certificate, and this case produces thus.
Summary of the invention
Object of the present invention, be to provide a kind of digital signature system and endorsement method based on certificate, it does not use traditional bilinearity to mapping in signature process and proof procedure, under the prerequisite that ensures fail safe, has less calculation cost and communication cost, has improved the operational efficiency of system.
Another object of the present invention, is to provide a kind of digital signature system and endorsement method based on certificate, and it can reduce calculation cost and the communication cost of the digital signature method based on certificate, improves the operation efficiency of the digital signature method based on certificate.
In order to reach above-mentioned purpose, solution of the present invention is:
Based on a digital signature system for certificate, comprise system parameter setting module, user key generation module, user certificate authentication module, signature blocks and authentication module;
System parameter setting module, for generation system master key and the open parameter of system, and system master key is sent to user certificate authentication module, open system parameter is sent to user key generation module, user certificate authentication module, signature blocks and authentication module;
User key generation module, for generating each user's PKI and private key pair, and sends to user certificate authentication module and authentication module by user's PKI, and user's private key is sent to signature blocks;
User certificate authentication module, the open parameter of the system master key sending by system parameter setting module and system, identity and PKI to user are signed, and produce user's certificate, and user's certificate is sent to signature blocks;
Signature blocks, the user certificate that the private key for user sending by user key generation module and user certificate authentication module are issued, signs to message, and the signature of generation is sent to authentication module;
Authentication module, the client public key that the open parameter of the system sending by system parameter setting module and user key generation module send, the validity of the signature that signature blocks is produced is verified.
Based on a digital signature method for certificate, comprise the following steps:
A: the master key msk of the open parameter p arams of initialization system and system;
B: the PKI PK that generates user according to the open parameter p arams of described system iDwith private key usk iD;
C: according to the open parameter p arams of described system, user's identity ID, system master key msk and user's PKI PK iDproduce user's certificate Cert iD;
D: according to user's private key usk iDcertificate Cert with user iDmessage m is signed and obtained σ;
E: according to the open parameter p arams of described system and user's PKI PK iDthe validity of the signature sigma to message m is verified.
Above-mentioned steps A specifically comprises:
A1: choose two large prime number p and q and meet q|p-1;
A2: choose at random a generator g, choose a crash-resistant hash hash function H;
A3: choose at random x computing system Your Majesty key y=g xmodp;
The open parameter p arams of system is < p, q, and g, y, H >, system master key msk is x.
In above-mentioned steps A2, selected hash hash function H selects hash function MD-5, SHA-1, SHA-2 or SHA-3.
Above-mentioned steps B specifically comprises:
B1: choose at random x iD as user's private key usk iD;
B2: calculate as user's PKI.
Above-mentioned steps C specifically comprises:
C1: choose at random s calculate W=g smodp;
C2: calculate R=s+xH (ID, PK iD, W) and modq, obtain user's certificate Cert iD=< W, R >.
Above-mentioned steps D specifically comprises:
D1: choose at random r calculate U=g rmodp;
D2: calculate h 1=H (m, PK iD, U, W) and h 2=H (m, ID, PK iD, U, W);
D3: calculate z=R+x iDh 1+ rh 2modq, obtaining signature corresponding to message m is σ=< U, W, z >.
Above-mentioned steps E specifically comprises:
E1: calculate h 0=H (ID, PK iD, W), h 1=H (m, PK iD, U, W) and h 2=H (m, ID, PK iD, U, W);
E2: checking equation whether set up, if equation is set up, accept signature, otherwise, refusal signature.
Adopt after such scheme, the present invention, in the situation that ensureing signature safety, has reduced calculation cost and the communication cost of signature scheme, has improved the treatment effeciency of signature server, having saved the calculation resources of signature server, is a kind of new digital signature method safely and efficiently.
Brief description of the drawings
Fig. 1 is the digital signature system schematic diagram that the present invention is based on certificate;
Fig. 2 is the flow chart that the present invention is based on the digital signature method of certificate;
Fig. 3 is that the present invention is applied to the schematic diagram based on component property remote proving system.
Embodiment
Below with reference to accompanying drawing, technical scheme of the present invention is elaborated.
As shown in Figure 1, comprise system parameter setting modules A, user key generation module B, user certificate authentication module C, signature blocks D and authentication module E according to the digital signature system that the present invention is based on certificate.
Wherein, system parameter setting modules A is for generation system master key msk and the open parameter p arams of system, and system master key msk is sent to user certificate authentication module C, open system parameter p arams is sent to respectively to user key generation module B, user certificate authentication module C, signature blocks D and authentication module E.
User key generation module B is for generating each user's PKI PK iDwith private key usk iD, and by user's PKI PK iDsend to user certificate authentication module C and authentication module E, by user's private key usk iDsend to signature blocks D.
The system master key msk that user certificate authentication module C sends by system parameter setting modules A and system open parameter p arams, the identity ID to validated user and PKI PK iDsign, produce user's certificate Cert iD, and by user's certificate Cert iDsend to signature blocks.
The private key for user usk that signature blocks D sends by user key generation module B iDthe user certificate Cert issuing with user certificate authentication module C iD, message m is signed, and the signature sigma of generation is sent to authentication module E.
The client public key PK that the open parameter p arams of system that authentication module E sends by system parameter setting modules A and user key generation module B send iD, the validity of the signature sigma that signature blocks D is produced is verified.
Flow chart below in conjunction with digital signature method is specifically described the operation of the modules in this digital signature system.
As shown in Figure 2, this system parameter setting modules A is carried out following steps:
A1: choose two large prime number p and q and meet q|p-1, wherein p is the integer of 1024, and q is the integer of 160;
A2: choose at random a generator g, choose SHA-1 as crash-resistant hash function H ();
A3: choose at random x computing system Your Majesty key y=g xmodp.
Comprehensive above-mentioned information, the open parameter p arams of system parameter setting modules A retrieval system is < p, q, g, y, H >, system master key msk is x.
This user key generation module B carries out following steps:
B1: choose at random xID as user's private key usk iD;
B2: calculate as user's PKI.
This user certificate authentication module C carries out following steps:
C1: choose at random s calculate W=g smodp;
C2: calculate R=s+xH (ID, PK iD, W) and modq, obtain user's certificate Cert iD=< W, R >.
This signature blocks D carries out following steps:
D1: choose at random r calculate U=g rmodp;
D2: calculate h 1=H (m, PK iD, U, W) and h 2=H (m, ID, PK iD, U, W);
D3: calculate z=R+x iDh 1+ rh 2modq, obtaining signature corresponding to message m is σ=< U, W, z >.
This authentication module E carries out following steps:
E1: calculate h 0=H (ID, PK iD, W), h 1=H (m, PK iD, U, W), h 2=H (m, ID, PK iD, U, W);
E2: checking equation whether set up, if equation is set up, accept signature, otherwise, refusal signature.
To the situation being applied in the remote proving system based on component property trusted terminal according to the digital signature system based on certificate of the present invention as above be described below.
To prove one of valuable feature function that the credible remote proving as target of computing platform is credible calculating, be subjected to the extensive concern of domestic and international scientific research institution.Along with the development of remote proving, there is the remote proving scheme (component property-based attestation is called for short CPBA) based on component property.
In the remote proving based on component property (CPBA) method, issuing, cancel and verifying of component property certificate all used traditional PKI method to realize.Therefore, the efficiency that component property proves is lower, and when particularly the attribute of large quantity assembly proof, calculating and communication cost are larger, are not particularly suitables.According to the digital signature method based on certificate efficiently of the present invention, not only can and cancel for the certificate issued of credible platform (TPM) new method is provided, and to can be used for credible calculating platform proof of identification method be the structure of privacy CA (Pricacy-CA), thereby can form more practical remote certification method.
As shown in Figure 3, the improved remote proving system based on component property comprises assembly production firm, user platform, ISP, these 4 roles of certificate issuance authoritative institution.Except assembly production firm, the remote proving process that other 3 participation of roles component propertys prove.We represent each participant in system with following symbol:
CA: certificate issuance authoritative institution (Certificate Authority), the algorithm in main execution graph 1 system parameter setting modules A and user certificate authentication module C, be responsible for system parameters generation and issue, cancel component property certificate;
USER: user platform, comprise main frame (HOST) and credible platform module (TPM) two parts, the algorithm in main execution graph 1 user key generation module B and signature blocks D, belongs to the certifier in identification protocol;
SP: ISP (Service Provider), the algorithm in main execution graph 1 authentication module E, proposes attribute demand of proof, and Verification Components attribute proves.
The remote proving scheme (CPBA) based on component property of credible calculating platform is that attribute authority (aa) mechanism is the Attribute certificate that various types of components is issued, Attribute certificate and the common issue of soft and hardware binding, platform certifier proves that to ISP its current operation configuration status meets certain security attribute according to the component property certificate of configuration and the integrity measurement of TPM.The improved remote proving scheme based on component property does not need third party to inquire, has improved the efficiency of the remote proving system based on component property.Architecture by Fig. 3 can find out, improved CPBA proves to be made up of following steps:
Initialization (Setup): by the algorithm in certificate issuance authoritative institution (CA) execution graph 1 system parameter setting modules A, the open parameter p arams of generation system master key msk and system, and open system parameter p arams is sent to respectively to USER and SP;
Registration (Register): by the algorithm in user platform (USER) execution graph 1 user key generation module B, generate the PKI PK of user platform iDwith private key usk iD, and by PK iDsend to CA and SP with platform component property, then CA carries out the algorithm in user certificate authentication module C, for user platform component property is issued certificate Cert iD;
Prove (Attest): user platform (comprising HOST and TPM) is according to ISP's (SP) proof request, and the algorithm in execution graph 1 signature blocks D, with the private key usk of oneself iDwith certificate Cert iDcomputing platform component property signature sigma, then sends signature sigma to SP and carries out remote proving;
Checking (Verify): by the algorithm in ISP (SP) execution graph 1 authentication module E, with the open parameter p arams of system and user platform PKI PK iDplatform assembly attribute signature sigma is verified.
The improved remote proving system based on component property trusted terminal has been introduced the digital signature scheme based on certificate, has eliminated third party's inquiry of certificate, has reduced calculation cost and the communication cost of system, has improved the efficiency of remote proving system.
Concerning those skilled in the art, can associate easily other advantage and distortion according to above implementation type.Therefore, the present invention is not limited to above-mentioned specific embodiment, and it carries out detailed, exemplary explanation as just example to a kind of form of the present invention.Not deviating from the scope of aim of the present invention, those of ordinary skill in the art can according to above-mentioned specific embodiment by various be equal to that technical scheme that replacement obtains all should be included in the scope of claim of the present invention and the scope that is equal within.

Claims (5)

1.一种基于证书的数字签名方法,其特征在于包括以下步骤:1. A certificate-based digital signature method, characterized in that comprising the following steps: A:设定系统公开参数params和系统的主密钥msk;A: Set system public parameters params and system master key msk; B:根据所述系统公开参数params生成用户的公钥PKID和私钥uskIDB: generate the user's public key PK ID and private key usk ID according to the system public parameters params; C:根据所述系统公开参数params,用户的身份ID,系统主密钥msk和用户的公钥PKID产生用户的证书CertIDC: according to the system public parameter params, the identity ID of the user, the public key PK ID of the system master key msk and the user produces the certificate Cert ID of the user; D:根据用户的私钥uskID和用户的证书CertID对消息m进行签名得到σ;D: Sign the message m according to the user's private key usk ID and the user's certificate Cert ID to obtain σ; E:根据所述系统公开参数params和用户的公钥PKID对消息m的签名σ的有效性进行验证;E: Verify the validity of the signature σ of the message m according to the system public parameters params and the user's public key PK ID ; 所述步骤A具体包括:Described step A specifically comprises: A1:选取两个大素数p和q且满足q|p-1,其中p为1024位的整数,q为160位的整数;A1: Select two large prime numbers p and q and satisfy q|p-1, where p is a 1024-bit integer, and q is a 160-bit integer; A2:随机选取的一个生成元g,选取一个抗碰撞的杂凑哈希函数H;A2: Random selection A generator g of , choose a collision-resistant hash function H; A3:随机选取计算系统主公钥y=gxmodp;A3: Random selection Calculate system master public key y=g x modp; 系统公开参数params为<p,q,g,y,H>,系统主密钥msk为x;The system public parameter params is <p,q,g,y,H>, and the system master key msk is x; 所述步骤B具体包括:Described step B specifically comprises: B1:随机选取作为用户的私钥uskIDB1: randomly selected As the user's private key usk ID ; B2:计算作为用户的公钥。B2: Calculate as the user's public key. 2.如权利要求1所述的基于证书的数字签名方法,其特征在于,所述步骤A2中,所选的杂凑哈希函数H选用哈希函数MD-5、SHA-1、SHA-2或SHA-3。2. the certificate-based digital signature method as claimed in claim 1, is characterized in that, in described step A2, the selected hash function H selects hash function MD-5, SHA-1, SHA-2 or SHA-3. 3.如权利要求1所述的基于证书的数字签名方法,其特征在于所述步骤C具体包括:3. The certificate-based digital signature method according to claim 1, wherein said step C specifically comprises: C1:随机选取计算W=gsmodp;C1: randomly selected Calculate W = g s modp; C2:计算R=s+xH(ID,PKID,W)modq,得到用户的证书CertID=<W,R>。C2: Calculate R=s+xH(ID, PK ID , W) modq to obtain the user's certificate Cert ID =<W, R>. 4.如权利要求3所述的基于证书的数字签名方法,其特征在于所述步骤D具体包括:4. The certificate-based digital signature method according to claim 3, wherein said step D specifically comprises: D1:随机选取计算U=grmodp;D1: randomly selected Compute U = g r mod p; D2:计算h1=H(m,PKID,U,W)和h2=H(m,ID,PKID,U,W);D2: Calculate h 1 =H(m,PK ID ,U,W) and h 2 =H(m,ID,PK ID ,U,W); D3:计算z=R+xID·h1+r·h2modq,得到消息m对应的签名为σ=<U,W,z>。D3: Calculate z=R+x ID ·h 1 +r·h 2 modq, and obtain the signature corresponding to message m as σ=<U,W,z>. 5.如权利要求4所述的基于证书的数字签名方法,其特征在于所述步骤E具体包括:5. The certificate-based digital signature method according to claim 4, wherein said step E specifically comprises: E1:计算h0=H(ID,PKID,W),h1=H(m,PKID,U,W)和h2=H(m,ID,PKID,U,W);E1: Calculate h 0 =H(ID,PK ID ,W), h 1 =H(m,PK ID ,U,W) and h 2 =H(m,ID,PK ID ,U,W); E2:验证等式是否成立,若等式成立,则接受签名,否则,拒绝签名。E2: Verification Equation Whether it is established, if the equality is established, the signature is accepted, otherwise, the signature is rejected.
CN201110426475.3A 2011-12-19 2011-12-19 Digital signature system and signature method based on certificate Expired - Fee Related CN102546173B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110426475.3A CN102546173B (en) 2011-12-19 2011-12-19 Digital signature system and signature method based on certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110426475.3A CN102546173B (en) 2011-12-19 2011-12-19 Digital signature system and signature method based on certificate

Publications (2)

Publication Number Publication Date
CN102546173A CN102546173A (en) 2012-07-04
CN102546173B true CN102546173B (en) 2014-09-10

Family

ID=46352190

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110426475.3A Expired - Fee Related CN102546173B (en) 2011-12-19 2011-12-19 Digital signature system and signature method based on certificate

Country Status (1)

Country Link
CN (1) CN102546173B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209743A (en) * 2015-05-06 2016-12-07 广州星海智慧家庭系统集成有限公司 A kind of digital home integrated system authentication method of identity-based signature
CN104868993A (en) * 2015-05-15 2015-08-26 河海大学 Two-side authentication key negotiation method and system based on certificate
CN105281910A (en) * 2015-06-26 2016-01-27 浙江巨联科技股份有限公司 Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method
CN105376064B (en) * 2015-11-23 2018-08-28 河海大学 A kind of anonymity message authentication system and its message signing method
CN107979459A (en) * 2016-10-24 2018-05-01 福建凯特信息安全技术有限公司 A kind of digital signature applications method based on electronics license
CN110768799B (en) * 2019-12-30 2020-04-14 中国银联股份有限公司 Digital signature method, device, equipment and medium, system
CN112073173A (en) * 2020-09-07 2020-12-11 中国人民解放军战略支援部队信息工程大学 Illegal signer determination system facing block chain PKI
CN114598455B (en) * 2020-12-04 2024-10-29 华为技术有限公司 Method, device, terminal entity and system for issuing digital certificate
CN113541972B (en) * 2021-09-17 2021-12-17 杭州天谷信息科技有限公司 Digital certificate generation method and electronic signature method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697513A (en) * 2009-10-26 2010-04-21 深圳华为通信技术有限公司 Digital signature method, device and system as well as digital signature verification method
CN101873307A (en) * 2010-03-19 2010-10-27 上海交通大学 Identity-based forward security digital signature method, device and system
CN102420691B (en) * 2011-12-16 2014-04-16 河海大学 Certificate-based forward security signature method and system thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Improvement of Threshold Signature Scheme Using Self-Certified Public Key;Jiguo Li 等;《Innovative Computing, Information and Control, 2006》;20060901;第480-483页 *
Jiguo Li 等.Improvement of Threshold Signature Scheme Using Self-Certified Public Key.《Innovative Computing, Information and Control, 2006》.2006,第480-483页.

Also Published As

Publication number Publication date
CN102546173A (en) 2012-07-04

Similar Documents

Publication Publication Date Title
CN102546173B (en) Digital signature system and signature method based on certificate
CN107733648B (en) An identity-based RSA digital signature generation method and system
Wang et al. Security analysis of a single sign-on mechanism for distributed computer networks
CN104270249B (en) It is a kind of from the label decryption method without certificate environment to identity-based environment
EP2302834B1 (en) System and method for providing credentials
CN111010272B (en) Identification private key generation and digital signature method, system and device
CN108667626A (en) A Secure Two-Party Collaborative SM2 Signature Method
Toorani et al. LPKI-a lightweight public key infrastructure for the mobile environments
CN102420691B (en) Certificate-based forward security signature method and system thereof
CN104301108B (en) It is a kind of from identity-based environment to the label decryption method without certificate environment
CN103746811B (en) Anonymous signcryption method from identity public key system to certificate public key system
CN103297241B (en) Close building method is signed in a kind of One-off public key anonymity
CN107342859A (en) Anonymous authentication method and application thereof
JP2002534701A (en) Auto-recoverable, auto-encryptable cryptosystem using escrowed signature-only keys
CN114615280B (en) Anonymous credential based power block chain privacy protection method and system
CN113300856B (en) Heterogeneous mixed signcryption method capable of proving safety
CN108881279A (en) A kind of mobile health medical treatment sensing data method for secret protection based on no certificate double authentication protection aggregate signature
Yuen et al. How to construct identity-based signatures without the key escrow problem
Kwon Privacy preservation with X. 509 standard certificates
CN107888380A (en) A kind of the RSA digital signature generation method and system of two sides distribution identity-based
CN117041961A (en) SM2 certificate-free internet of vehicles terminal authentication method and system
CN108449326A (en) A heterogeneous deniable authentication method and system
CN111917550A (en) Certificateless cluster signature bilinear-free authentication method and system
Seo et al. Identity-based universal designated multi-verifiers signature schemes
CN109617700A (en) One-way multi-hop proxy re-signature method based on certificateless

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20140910

Termination date: 20181219

CF01 Termination of patent right due to non-payment of annual fee