71 results about "Proxy signature" patented technology

A system and method are disclosed for providing proxy signature to user documents comprised of an identification and authentication system, input means to enable providing identification information by the user to the identification and authentication system, authentication input means to enable providing authentication information by the user to the system, an electronic signature system, and a documents server for receiving documents from the user for electronic signature The system may comprise a storage device, an identification sub-system adapted to receive identification information from said user via said information input means and store the identification information in the storage device, an authentication sub-system adapted to authenticate the identity of the user based on information stored in said storage device and information provided by the user during authentication process via said authentication information input means The electronic signature system is adapted to apply a signature to documents provided by the user.

A method and apparatus for generating a proxy signature on a right object, and a method and apparatus for issuing a proxy signature certificate. The right object proxy signature method includes receiving a proxy signature certificate in which authority for right object conversion is specified, from a right issuer; receiving a right object from a first apparatus; signing the right object; and transmitting the signed right object and the proxy signature certificate to a second apparatus. Accordingly, by allowing a right object to be signed by a third right object proxy signature apparatus, not by a right issuer, users can freely share their own content between a variety of apparatuses, and the right issuer can reduce the load associated with the conversion and signature of right objects.

The invention solves issues that disadvantages of poor operability and difficulty for implementing undeniable characteristic of server exist in current technique. The disclosed method for proxy signature includes steps: initializing system parameters; based on system parameters to generate private key of proxy signer; original signer generates proxy key of proxy signer; proxy signer generates proxy signature for message; validating proxy signature. The invention also discloses a system of proxy signature. The system includes module for initializing system parameters, private key generation module, proxy key generation module, proxy signature generation module, module for validating signature, and module for picking up Id of proxy signer. The invention satisfies undeniable characteristic of server, protects proxy signer, and the security is based on RSA.

The invention provides a vehicle-mounted network message authentication protocol. A vehicle-mounted ad-hoc network comprises a trusted authentication center, a vehicle-mounted unit and roadside units, the message authentication protocol uses a threshold proxy re-signature algorithm to protect vehicle privacy information, the signature of a message by a vehicle-mounted communication unit is converted into the signature of the same message by an authentication center, thereby reducing the risk that the signature tracks the vehicle-mounted unit and realizing the anonymity of communication messages. Re-signature keys are dispersed to a plurality of roadside communication units in a threshold mode for management, thereby reducing the decoding success rate of the re-signature keys and preventing the roadside communication units from abusing the proxy signature right. The authentication center traces a real vehicle releasing a false message to solve the problem of calling back illegal vehicles. The protocol has relatively high security and a relatively low storage cost, has unforgeability, robustness, message authentication, replay attack resistance and traceability, and can greatly improve the privacy of network member information.

A computer-implemented method is described for generating a encryption public key on a blockchain network and enabling access to a corresponding encryption private key after a specified time period. The method comprising constructing a digital time-lock contract between an agent and a client on the blockchain network, the agent having an agent address on the blockchain network and an associated agent signature, and the client having a client address on the blockchain network and an associated client signature. The digital time-lock contract specifies that the agent holds the encryption private key corresponding to the encryption public key on the blockchain network and then releases the encryption private key to the blockchain network within a specified time window. The agent provides a first cryptographic asset for holding and then releasing the encryption private key to the blockchain network within the specified time window, the first cryptographic asset being transferrable to the agent address on the blockchain network when the encryption private key is released to the blockchain network within the specified time window. The client provides a second cryptographic asset to the agent for holding and then releasing the encryption private key to the blockchain network within the specified time window, the second cryptographic asset being transferrable to the agent address on the blockchain network when the encryption private key is released to the blockchain network within the specified time window. If the encryption private key is released prior to the time window opening then the second cryptographic asset is transferrable to the client address on the blockchain network. If the encryption private key is not released prior to the time window closing then the second cryptographic asset is transferrable to the client address on the blockchain network. The digital time-lock contract can be broadcast to the blockchain network for mining onto the blockchain.

The invention belongs to the technical field of information safety, and in particular relates to a lattice-based cloud storage data safety auditing method supporting data proxy uploading. The auditing method provided by the invention helps a data owner authorize a proxy signature generating data to a proxy signer and upload the proxy signature to a cloud server, and also helps a credible auditor to audit completeness of the cloud storage data. The auditing method provided by the invention achieves construction of a random mask code based on an original image sampling algorithm on the lattice, so that the credible auditor can be effectively prevented from recovering original data block information of an original signer from a data file. The credible auditor only needs to compute a linear combination with limited a computation amount instead of computing bilinear pairings with higher cost and modular exponentiation during a cloud storage data completeness verification process, so that the auditing method is very beneficial to the credible auditor in the aspect of computing efficiency. Meanwhile the method provided by the invention can effectively resist attacks of a quantum computer, and thus have very important application value in cloud computing environment of post-quantum communication security.

According to the DNS system based on the block chain technology, a main chain is adopted to record a small amount of important information and is mainly responsible for storing requests on a top-leveldomain and Hash values of sub-chains; wherein the plurality of sub-chains are respectively connected with the main chain, can be expanded, migrated and properly discarded, and are mainly responsiblefor storing all operation requests under a specific TLD, different sub-chains store records under different TLDs, and all the sub-chains and the main chain maintain the same block height; the nodes are distributed on the main chain and the sub-chains and allow only the main chain and part of the sub-chains to be stored; anonymity of voting process alliance nodes is ensured by utilizing a linkablering signature technology; the node processes the operation on the sub-chain which is not stored by using the proxy signature, the throughput of the system is improved by using the fragmentation technology, the technical problems of poor security, limited performance, poor expansibility and low throughput in the prior art are solved, and the technical effects of higher security, higher expandability, higher throughput and better anonymity are achieved.

A plurality of users is assumed in which user A is the owner of content providing the source of a link, user B is the owner of the content providing the destination of the link, and user C is a viewer. Each user has a private key and a public key, and the public keys are shared by the users. User B selects user C in advance as a viewer. User B creates data including a value in which an encryption key with a proxy signature generated on the basis of the public key of user C and its own private key is encrypted using the public key of user A, and distributes the data to user A, which is the owner of the content providing the source of the link. User A decrypts the received data including the value using its own private key. This makes a function available based on encryption with the proxy signature. User A converts the link information using this function, signs the information using its own private key, and sends it to user C. User C verifies the signature by checking the received information using the public key of user A and the public key of user B, extracts the link information generated by user A using the function, decrypts it using its own private key, and obtains the link information.

A method, a proxy and a host are provided for securing neighbor discovery (ND) signaling between hosts when the hosts are connected through the proxy. A first host sends an original ND message comprising a first signature based on an address of the first host. The proxy removes the address of the first host and substitutes its own address in a modified ND message. The proxy then places a copy of the address of the first host in a new field and builds a proxy signature based on the own address of the proxy and on the new field. The new field and the proxy signature are added to the modified ND message. A second host receives the modified ND message from the proxy and verifies the proxy signature. The second host reconstructs the original ND message content and then verifies the first signature.

The invention provides a proxy signature method and system based on a lattice. The proxy signature method includes the steps of secret key generation, proxy signature secret key generation, proxy verification, proxy signature, verification and the like. The proxy signature method and system based on the lattice have the advantages that the proxy signature method based on a small integer problem on the lattice is disclosed, and the size of a proxy signature private key is reduced by reducing the dimension of the proxy signature private key. Besides, matrix multiplication is mainly used in the aspect of calculation. Compared with the methods of discrete logarithm and big integer problem factorization, modular exponentiation and match operation are not used, and accordingly computation complexity is lower.

The invention relates to a distributed signature method and system based on identity. The distributed signature method comprises a user registration phase and a distributed signature phase, the user registration phase comprises: a client maintains two pairs of public and private keys at first, one pair is fixed public and private keys, and the other pair is temporary public and private keys; a server also maintains two pairs of fixed public and private keys, one pair is fixed public and private keys, and the other pair is temporary public and private keys generated after signature activity is initiated; the client sends user identity and the fixed public keys to the server, the server calculates a part of private keys and a part of corresponding public keys by using its own fixed public and private keys, and opens a part of public keys; and the distributed signature phase comprises: the server accomplishes signature preprocessing work and sends proxy signature to the client, and the client performs signature authorization work at last to obtain a signature message. By adoption of the distributed signature method and system provided by the invention, the defect that key generation center PKG cannot be trusted is overcome, and meanwhile, if the security of the client cannot be guaranteed, the private keys are not leaked.

A domain management apparatus and method using a proxy signature is provided. A domain management apparatus which manages a device domain being a set of at least one user device, the apparatus including: a registration performing unit for performing a registration procedure for registering the domain management apparatus in a service providing apparatus; a license issuance authority receiving unit for receiving a license issuance authority for content use from the service providing apparatus; and a service providing unit for providing the at least one user device with a content service and a license generated by the license issuance authority.

The invention belongs to the technical field of Internet of Vehicles, and discloses a motorcade-oriented safe mobility management method based on aggregation certification. An Internet of Vehicle-cellular network architecture which defines the network based on software is used, a vehicle enters into a road network and takes participate in the architecture, and then chooses to build a group; when amotorcade enters into the network, a new access point is detected by the vehicle, and the motorcade and a new access network perform mutual authentication; a group head accesses to the network, and the network returns back a response message; a motorcade member calculates a proxy signature thereof according to the response message; the group head collects signatures of all members in the same motorcade and aggregates into a new signature; then, the message and the new signature are sent to the network; the network verifies the new signature and authenticates all the member vehicles; and the member vehicles authentication the network. In combination with MIPv6-based mobility management, the method provided by the invention can realize safe and efficient motorcade-oriented mobility management, reduce authentication signaling overhead and switching delay and simultaneously guarantee data security of vehicle users.

The invention relates to an anti-quantum computing proxy digital signature method and an anti-quantum computing proxy digital signature system based on an asymmetric key pool, and computer equipment.The anti-quantum computing proxy digital method comprises the steps that: an original signature party uses a signature private key of the original signature party to generate a proxy key, and transmits an original text to be signed, the proxy key and a public key pointer random number corresponding to a signature public key of the original signature party to a proxy signature party; the proxy signature party obtains the signature public key of the original signature party from a secret key card of the proxy signature party according to the public key pointer random number, and utilizing the signature public key to verify the proxy key; performing signature operation on the original text by utilizing the proxy key to generate a file signature by the proxy signature party after the verification passes, and transmitting the original text, the file signature and the public key pointer random number to a verification party; and the verification party obtains a signature public key of the original signature party from a secret key card of the verification party according to the public key pointer random number, and verifies file the signature by utilizing the signature public key.

The invention discloses a high non-camouflage realization method of a revocable proxy signature, for solving the problem of poor security of a conventional method capable of revoking a proxy signature. The technical scheme comprises an original singer authorization process, an authorization verification process, a proxy signature generation process, a signature validity verification process and a proxy revoking process. According to the invention, by use of the same method, the authorization of an original signer to a proxy singer is generated, and a proxy signature is generated through introducing an anti-bump Hash function, so that an attacker is prevented from signature forgery in case that the attacker does not have the secret key of a user, thus the high-camouflage of a revocable proxy signature is realized, and it is proved that the proxy signature improves the security of the revocable proxy signature in a standard model.

The invention discloses a quantum agent blind signature method and system based on a cluster state. The cluster state is used as a carrier of a quantum blind signature. The GHZ state is only used forkey distribution. The method comprises five communication parties, respectively a message owner Alice holding to-be-signed information, an initial signing party Bob which cannot sign normally, an agent signing party Bob1, an agent signing party Bob2 and a trusted receiver Charlie. Bob can authorize a proxy signature crowd group, and during the Bob vacancy period, an agent signature person represents the Bob to execute signature. Only when two agent signers Bob1 and Bob2 cooperate with each other, can the Bob be represented to generate a signature, the Charlie is an authorized and credible receiver, and the Charlie receives an Alice file and verifies whether the signature on the file is completed by the cooperation of the two agent signers. According to the quantum agent blind signature method based on the cluster state provided by the invention, on the basis of keeping the GHZ state and the W state of the cluster state, greater entanglement continuity is achieved, and the safety is higher.

The invention provides a sensitive data anonymous access method based on knowledge signatures. The method comprises the steps of: generating the knowledge signatures corresponding to sensitive data access clients based on secret values; and acquiring a data access request with a knowledge signature and an identity identifier sent by a sensitive data access client, generating a reply ciphertext sent to the sensitive data access client based on the secret value and the timestamp, and adding the identity identifier to an access information list, wherein the sensitive data access client encrypts the proxy signature by using a public key of the sensitive data server to generate a ciphertext, and the sensitive data server identifies the access authority based on the ciphertext of the sensitive data access client and the knowledge signature. The sensitive data access client and the sensitive data server can complete identity verification and authorization processes without intervention of a management platform, are flexible and efficient, and are suitable for cross-domain multi-party sensitive data access scenes. In the authorization process, the sensitive data access client can perform anonymous access, and the privacy of the sensitive data access client is also protected.

The invention relates to a block chain trusteeship transaction method and system for multi-party collaborative privacy protection, and the method comprises the steps: initiating a deposit request to a trusteeship center through a user node, and enabling the trusteeship center to distribute a signature public key and identity information of a legally registered proxy signature service provider for the user node; then providing self-signature components for the user node by a service provider through negotiation, and aggregating the signature components which contain the self-signature of the user and are not less than a threshold number so as to obtain a threshold signature with a collaborative protection characteristic, so that the independent signature of the user node is completely hidden in the threshold signature; a personal signature of a user node is prevented from being directly exposed to a hosting center under the condition that a signature validity verification function is ensured, so that a digital currency input address and a signer identity cannot be associated; in addition, the trusteeship center isolates the user deposit transaction from the payment service fee transaction, and the deposit address of the user node is transparent to the service provider, so that the user anonymization is completely realized.