Generating method and system of trusted application identification, application method and application end device

Abstract

A method and system for generating a trusted application identifier, an application method and an application-side device. A method for generating a trusted application identifier is characterized incomprising a management domain attribute obtaining step of acquiring a management domain attribute associated with an entity by the trusted application identifier management system; an application domain attribute obtaining step of obtaining an application domain attribute associated with the entity and the application by the trusted application identification management system; an entity identification generation step of combining the management domain attribute and the application domain attribute to generate an entity identification by the trusted application identification management system; and a trusted application identification generation step of calculating and generating an identification key for the entity identification by the trusted application identification management system and signing to generate a trusted application identification. The invention also includes generating a security domain code and adding the security domain code to the entity identifier. The invention can effectively expand the application method, the range and the efficacy of the identification key system, effectively make up the defect and the deficiency of the CA certificate system, and is also the innovation and the expansion of the identification cryptosystem.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a method and system for generating a trusted application identifier, an application method and an application terminal device. Background technique [0002] The existing electronic certification system adopts an asymmetric key system, which usually checks the basic information of registered entity users through a third-party trusted organization—the certification center CA (Certificate Authority), and realizes entity identity and security by issuing digital certificates through the CA center. Binding of public keys. [0003] In the CA certificate authentication system, the private key is a random number, and the public key is generated by calculation of the private key. The public key has no calculation relationship with the entity identity (hereinafter also referred to as the entity identification EID), and a trusted third-party CA center is required for...

AI Technical Summary

Problems solved by technology

[0003] In the CA certificate authentication system, the private key is a random number, and the public key is generated by calculation of the private key. The public key has no calculation relationship with the entity identity (hereinafter also referred to as the entity identification EID), and a trusted third-party CA center is required for authentication. The center needs to maintain a large number of certificates in a unified manner, which is difficult to support large-scale applications. An entity usually holds certificates from multiple CA centers and it is difficult to communicate with each other. The center conducts data query or regularly synchronizes data; at the same time, the basic information of the entity users audited and registered when the digital certificate is issued adopts a standard (such as X.500) format in the certificate, which is out of touch with the application, has poor practicability, and has the possibility of privacy leakage. risk; in addition, all digital certificates are issued by the private key of the CA center, there is a large systemic risk, once the central root key is leaked, the entire system will be destroyed

[0004] Identity-Based Cryptograph (Identity-Based Cryptograph) is the latest development based on the CA certification system. It was first proposed by Israeli cryptographer Shamir. The main idea is to use the identity as the public key to technically simplify the public key management and certificate exchange process of the CA center. , but the existing identification cryptographic system still has defects or deficiencies such as complex algorithms, low efficiency, and key escrow

[0005] With the rapid development of the network and the popularization and application of electronic certification, especially the development of the mobile Internet, Internet of Things, and blockchain networks, the existing CA certification system has been difficult to meet the requirements, and its drawbacks and shortcomings in the application have gradually emerged. The cryptographic system also needs to change from pure technical simplification to practicality

Images