44 results about "Implicit certificate" patented technology

A method of computing a cryptographic key to be shared between a pair of correspondents communicating with one another through a cryptographic system is provided, where one of the correspondents receives a certificate of the other correspondents public key information to be combined with private key information of the one correspondent to generate the key. The method comprises the steps of computing the key by combining the public key information and the private key information and including in the computation a component corresponding to verification of the certificate, such that failure of the certificate to verify results in a key at the one corespondent that is different to the key computed at the other correspondent.

A method and apparatus are disclosed for using a single credential request (e.g., registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A.

To mitigate the effects of a weak random number generator (RNG) in a public key cryptosystem, a public key obtained from the RNG is encrypted using a deterministic cryptographic scheme before being made publicly available. A trusted party receiving the encrypted public key can recover the public key and combine it with other information so it is not subject to direct scrutiny. In one embodiment, the trusted party incorporates the public key in a certificate, such as an implicit certificate, for use by the correspondents in other communications.

The invention relates to a light-weight authentication key negotiation method based on an implicit certificate, and belongs to the technical field of identity authentication. The method is used for establishing a secure channel between an OPC UA server and an OPC UA client and generating of a session key. Three entities, a credible certification authority (CA), the OPC UA client A and the OPC UA server B, are involved in an authentication key negotiation process. The OPC UA server B and the OPC UA client A acquire the own implicit certificates after the CA completes identity registration. Then the OPC UA server B and the OPC UA client A complete bidirectional authentication and key negotiation between the entities by using a light-weight algorithm. According to the method provided by the invention, the light-weight authentication key negotiation method based on the implicit certificate is provided aiming at the problem that an existing OPC UA security mechanism is not applicable to a resource-constrained communication environment. The method provided by the invention can be efficiently and safely applicable to an industrial network with a large amount of resource-constrained embedded OPC UA equipment.

The invention relates to a method of generating an implicit certificate and a method of generating a private key from a public key. The method involves a method generating an implicit certificate in three phases. The public key may be an entity's identity or derived from an entity's identify. Only the owner of the public key possesses complete information to generate the corresponding private key. No authority is required to nor able to generate an entity's private key.

An implicit certificate cryptosystem uses an implicit certificate that includes a pair of certificate components. One of the certificate components includes a public key reconstruction data that is the combination of ephemeral public keys of two entities, one of which is a trusted entity and the other of which is associated with the implicit certificate. The public key reconstruction data is then combined with the identity of the other entity and the combination encrypted to form a first certificate component. A second certificate component is generated by using the first certificate component as a message in a signature scheme and generating a signature of the trusted entity on the message. The two certificate components are provided to the other entity to permit the other entity to generate a private key using one of the certificate components. The corresponding public key can be derived from the remaining certificate component.

The invention discloses an SM2 digital signature-based implicit certificate key generation method, which mainly solves the problem that a user identity cannot correspond to a user public key in a public key cryptosystem in the prior art. According to the scheme, system parameters are set and initialized according to a standard cryptographic algorithm SM2; the certificate authority CA generates a key pair and sends a public key PCA to a user usr applying for a certificate; the user applying for the certificate generates a temporary key pair and sends an identity identifier IDA and a temporary public key X of the user to a certificate authority CA; the CA generates an implicit certificate cert and a signature s, and sends the cert and s to a user applying for the certificate; and the user generates a complete public key U and then verifies the complete public key U and the signature s to obtain a complete public and private key pair (u, U). The method conforms to the national cryptographic SM2 signature algorithm standard, is high in operation efficiency and short in bandwidth overhead, reduces the risk that a man-in-the-middle replaces a public key, and can be used for a resource-limited Internet of Things environment.

The invention relates to an acentric digital currency transaction method based on public and private key pair derivation; a receiver can scan on a public account book to calculate collection public and private key pairs according to the transfer time, thus reducing data storage; each transaction forms a new collection address, thus enhancing the digital currency anonymous property; only one time elliptical curve scalar multiplication calculation is added on the computational complexity in an implicit certificate generation process, thus easily reducing stronger anonymous property; a transaction initiator actively forms a new collection address in the process instead of using the new collection address issued by the receiver; each person only processes a long term public key, and new publicand private key pairs can be calculated according to the public messages on the public account book and the long term public and private key pairs, thus reducing the public and private key pair storage space; transaction graph analysis is hard to receive.

There are disclosed systems and methods for reducing the number of computations performed by a computing device constructing a public key from an implicit certificate associated with a certificate authority in an implicit certificate scheme. In one embodiment, the device first operates on the implicit certificate to derive an integer e. The device then derives a pair of integers (e₁, e₂) from the integer e, such that each of the pair of integers (e₁, e₂) has a bit length less than the bit length of the integer e, and such that the ratio of the pair of integers (e₁, e₂) corresponds to the integer e. The device then computes the public key by combining the integers e₁ and e₂ with public key contribution data derived from the implicit certificate and a public key of the certificate authority.

The invention relates to an anti-quantum computing implicit certificate issuing method and system based on an alliance chain implemented among alliance chain members communicating with each other. Thealliance member comprises a client and a server. The invention is characterized in that each party is configured with a key fob; algorithm parameters and server public key pools are stored in secretkey cards; the secret key cards of the server store a server secret sharing private key pool and a client public key pool. Client units in one-to-one correspondence with clients are stored in the client public key pool. Each client unit comprises a user name, an identity label, a public key updating state and an implicit certificate of the corresponding client, private key parameters are stored in a secret sharing mode, and safety is further improved.

The invention relates to an anti-quantum calculation distributed Internet of Vehicles method and system based on identity secret sharing and an implicit certificate, wherein the client parts and the server parts communicate with each other. The server part comprises a third-party trust mechanism for providing corresponding services and a roadside unit, wherein the client part comprises a vehicle-mounted unit, and is characterized in that each party is configured with a key card, a public key, a private key and algorithm parameters of the own party are stored in all the key cards, and the server part is also configured with a key management server, so that the safety of the identity recognition of the vehicle-mounted unit in the communication process of each party in the Internet of Vehicles is further improved.

The invention relates to an anti-quantum computing cloud storage method and system based on an alliance chain and an implicit certificate. The method is implemented among alliance chain members communicating with each other. The alliance chain members comprise client members and server members; the server side members comprise an Endorser, an Orderer and a Committer which are used for providing corresponding services; each party is configured with a key fob; a server public key pool, a server secret sharing private key pool and a client public key pool are stored in the server secret key card.Client private keys, private key parameters, server public keys and client public key pointer random numbers are stored in the client secret key cards; and an identity label and an implicit certificate are stored in the client secret key card. According to the method, file query is carried out on the cloud storage server based on the alliance chain and the implicit certificate, corresponding filetransmission is carried out according to the query result, the file transmission comprises uploading and downloading from the cloud storage server, and the file storage security is further improved.

The invention relates to a blockchain method and system based on an asymmetric key pool and an implicit certificate. A quantum computer cannot crack a private key through signature information in a process that a user transmits the signature information to other members through employing a public key in a public key pool as an offset to encrypt the signature information; however, the conventionalmethod is that symmetric encryption calculation is performed on the signature, and the calculated amount is much higher than the offset calculation of the patent. Therefore, the offset calculation ofthe patent is a better anti-quantum calculation mode. In the blockchain system, digital signatures are numerous in calculation, so that the calculation amount of the whole blockchain system in the aspect of digital signature encryption and decryption can be greatly reduced.

The invention relates to an implicit certificate distribution method and an implicit certificate distribution system, belongs to the technical field of intelligent Internet of Vehicles and digital currencies, and realizes implicit certificate distribution which can adapt to different elliptic curves and is wider in application. The method comprises the following steps of using an authentication center to generate the system parameters; generating a random number r according to temporary public and private keys generated by the user and the authentication center; calculating coordinates Y of the user on the elliptic curve according to the random number r, the temporary public key of the user and the generation element G; generating an authentication result s of the user according to information including the coordinates of the user on the elliptic curve, the public key and the private key of the authentication center and the identity of the user; and sending the authentication result sand the user coordinate Y to the user for the user to generate a new user public key and a new private key. The method is suitable for a common Weierstrass elliptic curve equation and can also be usedfor an Edwards curve which is high in current recognition degree and wide in application range, randomness does not depend on an authentication center, and the small subgroup attacks can be resisted.

The invention discloses a batch authentication method for an elliptic curve digital signature algorithm under an implicit certificate. The method mainly comprises the following steps: judging whetherthe sum of the first parameters of the signatures of the to-be-authenticated data is equal to the sum of the products of the inverse of the second parameters of the signatures of the to-be-authenticated data and the abstract values of the to-be-authenticated data and the products of the base points on the corresponding elliptic curves plus the inverse of the second parameters of the signatures ofthe to-be-authenticated data and the signatures; the sum of the product of the x coordinate value of the first parameter, the abstract value of the to-be-signed part of the implicit certificate and the reconstruction factor of the public key of the data sender plus the result obtained by the product of the sum of the product of the inverse of the second parameter of the signature of each piece ofto-be-authenticated data and the x coordinate value of the first parameter of the signature and the public key of the certificate center. if yes, the data packets of the batch are all legal and pass the authentication, otherwise, the authentication is not passed. The batch authentication method provided by the invention can obviously improve the throughput rate of the system.

The embodiment of the invention provides a digital identity authentication method and device, equipment and a storage medium, and the method comprises the steps: obtaining a system certificate and a terminal user certificate issued by a certificate authority, the system certificate being a certificate of the certificate authority, the type of the system certificate being a display certificate, and the type of the terminal user certificate being the display certificate; the type of the terminal user certificate comprises an implicit certificate or a certificateless certificate. And obtaining an intermediate public key corresponding to the terminal user certificate based on a terminal user private key. And according to the intermediate public key and a system public key, a target public key is generated, the system public key is a public key corresponding to the system certificate, and the target public key is used for authenticating the digital identity of a terminal user. In the scheme, the advantages of the display certificate and other certificates are fused, the establishment of the existing public key infrastructure trust system can be effectively met, the storage space of the terminal equipment can be effectively reduced, the bandwidth overhead is reduced, and the communication efficiency is effectively improved.

The invention relates to a QKD network authentication key generation method and system based on an alliance chain and an implicit certificate. The method is implemented among alliance chain members communicating with each other. The alliance chain members comprise client members and server members; it is characterized in that each member is configured with a key fob; a server public key pool, a server secret sharing private key pool and a client public key pool are stored in the server secret key card; client private keys, private key parameters, server public keys and client public key pointer random numbers are stored in the client secret key cards, and the server public keys comprise a first public key and a second public key; public key units in one-to-one correspondence with the client members are stored in the client public key pool, and identity identifiers and implicit certificates are stored in the public key units. During communication of each party, encryption communicationis carried out by using the key fob based on the alliance chain and the implicit certificate, so that the security is further improved.

The invention provides an implicit certificate key expansion method and device, and the method comprises the steps that a first user side generates a first symmetric key, a second symmetric key, a first key pair and a second key pair, and transmits a certificate application request to a certificate application registration center; the certificate application registration center expands a first public key according to the first symmetric key and expands a second public key according to the second symmetric key to obtain a third public key and a fourth public key corresponding to each certificate index, and sends a certificate issuing request to a certificate authorization center for each certificate index; and the certificate authorization center generates a corresponding implicit certificate according to the third public key corresponding to each certificate index, encrypts the corresponding implicit certificate according to the fourth public key corresponding to each certificate index, and sends the encrypted implicit certificate corresponding to each certificate index to the certificate application registration center. According to the scheme, multiple implicit certificates can be obtained by sending the certificate application request once based on key extension, and the certificate generation efficiency is effectively improved.