CN104125199B - A kind of anonymous authentication method and system based on attribute - Google Patents
A kind of anonymous authentication method and system based on attribute Download PDFInfo
- Publication number
- CN104125199B CN104125199B CN201310148635.1A CN201310148635A CN104125199B CN 104125199 B CN104125199 B CN 104125199B CN 201310148635 A CN201310148635 A CN 201310148635A CN 104125199 B CN104125199 B CN 104125199B
- Authority
- CN
- China
- Prior art keywords
- attribute
- user
- credential
- trusted party
- anonymous
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of anonymous authentication methods based on attribute, the method include the steps that 1) trusted party TP generates a master key x and system public parameter according to the security parameter of setting;2) user U is registered to TP and is submitted attribute, is initiated attribute credential and is signed and issued request;3) TP verifies the attribute that user U is possessed, and issues attribute credential according to the attribute of U, master key x and system public parameter for it;4) user U initiates access request to service provider SP;5) SP searches the corresponding access strategy of the access request and returns to the user U;6) user U selects attribute to be used according to the access strategy, then calculates an anonymous credentials using the attribute credential and private key r, and be sent to SP;7) SP verifies the anonymous credentials, if being verified and meeting the access strategy, receives the access request, provides corresponding service and gives the user.This invention ensures that the privacy of user, supports more flexible thresholding Attributions selection to show scheme.
Description
Technical field
The invention belongs to computer technology and information security field, it is related under cloud computing environment accessing service behavior to user
The privacy method of being protected and prevented privacy leakage, be embodied in a kind of anonymous authentication method based on attribute and be
System.
Background technique
With the development of internet and mobile Internet, daily life is more next to the degree of dependence of network service
Higher, network service starts the various aspects for being related to clothing, food, lodging and transportion -- basic necessities of life.The especially proposition of cloud computing concept in recent years, so that network
Service is pooled on internet, E-Government, e-commerce, electron medical treatment, and various enterprise-level application management systems are widely applied,
Online reading, shopping is social, and the personal consumption behaviors such as game are also more and more.Real-life many activities do not need
Proof of identification is provided, and the identity management system in network application requires user to carry out authentication, and hard constraints and prison
It controls user and accesses system or application.Therefore behavior of the user in network activity, the privacy informations such as hobby may be in certification bodies
It is revealed when part, is tracked by the audit function of service provider and even analyze, so that the interests of user is come to harm, had more next
How more people avoids privacy leakage from becoming current network development urgently, it is realized that this has seriously threatened the privacy of user
Problem to be solved.
One important technology of authentication at present is the digital certificate system based on X.509 system, but with X.509 public
There are many risks in terms of secret protection for key Certification system and network ID authentication technology: first, it is needed in the registration RA stage
User submits identity information;Second, public key certificate can be disclosed and be obtained, wherein including user information;Third, public key catalogue and is removed
Pin list can reveal certain privacy informations of user;4th, identity is full disclosure when being authenticated.Traditional authenticated
The combination of journey, actually identification and certification thus has excessive user information to be supplied to service provider, causes
The leakage of privacy of user, to user brings security threat.And in practical application scene, service provider needs know it is user
The qualification that whether there is access to service, rather than the specific identity information of user.
Therefore the research of the secret protection for user, anonymous credentials and its authentication techniques becomes a hot spot, and anonymity is recognized
The core concept of card is to separate the qualification of user and identification in verification process, i.e., user is only verified in verification process
It is the member in a certain set, without revealing its specific identity.Traditional anonymous authentication scheme such as ring signatures, group ranking etc. is
Refer to that user can prove that the identity documents that it possesses belong to some specific use to ISP according to the requirement of concrete scene
Family set (set of qualified access service), but it is in specific user set that ISP, which can not identify user actually,
Which particular user, therefore the technology is by realizing personal privacy protection to the hiding of user identity.However as
Based on emergence and development with secret protection property signature technology such as attribute signatures, proposed for the design of anonymous authentication scheme
A kind of new thinking.Include in the key of user in signature (Atrribute Based Signature, ABS) based on attribute
Several attribute informations, its private key can be used to sign message for user later.It is similar with ring signatures, the label of ABS schemes generation
Name, which can be verified to be, to be met the user of association attributes combination and is generated, but can not determine the specific generator of signature.ABS scheme is
User role, relationship, personal information etc., are abstracted into attribute by anonymous credentials and authentication system framework centered on attribute, clothes
Business can formulate resource access control policy according to user property;And customer-side also can establish the security strategy of oneself, if
Whether allow attributes extraction, realize the user anonymity access based on attribute in this way if setting.Due to ABS signature scheme itself
User anonymity and the proof to attribute are had been realized in, therefore can be relatively easy to be converted into anonymous authentication scheme.With biography
The anonymous authentication scheme of system is compared, and (thresholding ABS scheme can realize constant to ABS scheme efficiency with higher under certain condition
The signature length and checking procedure of complexity, similar anonymous authentication side will be far smaller than by calculating cost with message-length
Case), and can prove more complicated security strategy (thresholding etc.).In conclusion research hideing based on New Signature Schemes such as ABS
Name voucher scheme and anonymous authentication demonstrate,prove the feasible research direction of system.
Currently, having there is some research projects using anonymous authentication the relevant technologies as the key content of research, including Oasis
Shibboleth project and the Liberty project of Liberty Alliance of tissue etc., but the core technology of these projects is to communicate
Pseudonymity in journey makes third party that can not obtain the personal information of user, however service provider can still obtain user's
True identity, and user behavior can be associated, to destroy the individual privacy of user., the present invention in service provider
Attribute needed for service can only be obtained, and obtain less than other attributes, so that activity association can not be carried out, and then use can not be obtained
Family true identity.
Summary of the invention
It is an object of the present invention to overcoming problems of the prior art, a kind of anonymity based on attribute is provided and is recognized
Demonstrate,prove method and system.Specifically, the present invention includes the important aspect of following two: first devises a kind of label based on attribute
The anonymous authentication algorithm of name;Second devises a kind of anonymous authentication system based on attribute.
One, based on the anonymous authentication method of attribute
The purpose of the present invention is to provide a kind of anonymous authentication systems based on attribute to reinforce the secret protection to user,
User is authenticated by trusted party and issues attribute credential for user, and user shows attribute to service side, and is verified and belonged to by service side
The mode of property voucher completes verification process.Anonymous authentication method based on attribute of the invention mainly includes one based on attribute
Signature scheme, anonymous credentials show and verify system for run anonymous authentication agreement system showing for anonymous credentials is provided
And authentication function, it provides anonymous credentials and shows realization with verification algorithm, can support to assert the thresholding of user property and show.
Attribute shows the fundamental property of scheme:
● anonymity
● independent
● the selection of attribute is shown: application can not obtain the attribute information unrelated with strategy
The signature scheme includes three main algorithms, and the function of each algorithm is as follows: (only simply introducing each algorithm herein
The parameter and calculating process of algorithm will be described in detail in function in a specific embodiment)
A.System setup algorithm: the algorithm was calculated by the probabilistic polynomial time that attribute authority (aa) (i.e. trusted party) is completed
Method, security parameter that algorithm input trusted party defines (security parameter is chosen by trusted party, and the security parameter of each operation is different,
The master key then generated is different with open parameter, for example is chosen according to the time), master key and system public parameter are exported, master is close
Key is saved by trusted party, system public parameter then external disclosure, its other party is made to be easy to obtain (for example being published in official website);
B.User Grant algorithm: as shown in Fig. 2, the algorithm is multinomial by the probability of attribute authority (aa) (i.e. trusted party) completion
Formula time algorithm, (attribute set of user is that user registers in trusted party to the property set of algorithm one user of input, and trusted party is logical
The mode crossed under line is verified to obtain), master key and system public parameter, algorithm export the private key of corresponding attribute, composition attribute with
Card, and this is sent to by hidden passageway (such as mode under line, scene handover etc.) safety between trusted party and user
User;A pair of of public private key pair is generated for user in trusted party simultaneously, and is sent to user by the channel of safety.
C.User Prove algorithm: it as shown in figure 3, the algorithm is the probabilistic polynomial time algorithm completed by user, uses
Family obtain first trusted party publication open parameter, algorithm input system disclose parameter (trusted party announcement), message (with to be visited
The relevant message of the service asked), the attribute credential of user, secret random number r(be used to generate the private keys of anonymous credentials) and mesh
Mark service request access have needed for the user of the service attribute conditions (such as the user of the service need to have it is n listed
K attribute in attribute, the information are obtained from service provider), anonymous credentials are exported, then send the anonymous credentials of generation
To service provider;
D.User Verify algorithm: as shown in figure 4, the algorithm is the certainty completed by verifier i.e. service provider
Polynomial time algorithm, service provider obtains the open parameter of trusted party announcement first, when needing the access qualification to user
When being verified, the algorithm is called, inputs that (the related of service to user to be accessed disappears for system public parameter, message
Breath), attribute conditions (for example the user of the service needs to have k attribute in listed n attribute) and anonymous credentials, according to
UserVerify algorithm (algorithm is described in detail in specific embodiment) is verified, and is exported judgment value " receiving " or " refused
Absolutely ".
Two, the anonymous authentication system based on attribute
The main participant of system is by trusted party (Trust Provider, TP), user agent (User Agent, UA)
(user is interacted by user agent and trusted party and service provider) and service provider (Service
Provider, SP) three parts, wherein trusted party TP can audit user property, and be responsible for user and issue attribute credential;
User agent UA represents user and is calculated accordingly, the mapping including user property, and attribute credential calculates, and voucher proves to calculate
Deng.Service provider SP can define access, and it services the attribute having required for user, obtains the attribute credential of user, and verifying is used
The operation such as the voucher at family.
Its framework is as shown in fig. 1, is a TP in figure, and a user U(user is communicated by UA with TP or SP), one
Service provider SP, necessarily multiple user U, multiple service provider SP in application process, naturally it is also possible to there are it is multiple can
Letter side TP.The main composition of system: the voucher service of signing and issuing, user agent's plug-in unit, application service three parts.Each section it is main
It forms as follows:
A. the voucher service of signing and issuing
● subscriber authentication
● voucher is signed and issued
B. user agent's plug-in unit
● request for credentials
● credential management
● voucher shows
C. application service
● tactical management
● credential verification
Voucher signs and issues service operation at the end trusted party TP, wherein subscriber authentication function, using public key cryptography, really
Recognizing user has legal public and private key to (public private key pair is raw for user according to the identity of user by trust authority such as public security bureau
At), verify the legitimacy of user;It is to submit attribute to trusted party in user, and propose attribute credential request that voucher, which signs and issues function,
Executive review and validation is carried out to the applied attribute of user by trusted party, after being verified, signs and issues correspondence for user
Attribute credential, the attribute credential be to user by certification attribute carry out processing, can be used to carry out cryptographic operation.
User agent's plug-in component operation represents operation and matching that user completes some complexity in user terminal.It first can
The attribute for the application authentication that user is submitted distributes an attribute-bit, and (distribution method is provided by TP first, and makes its other party
It is easy to obtain, it is therefore an objective to attribute be converted to the integer that can carry out cryptographic operation, for example " age=1 " is mapped as " 1 "), generation
The application request for proposing attribute credential to trusted party for user, is sent to TP for the corresponding value of attribute that user to be applied.Voucher
Management function is that all attribute credentials applied of user are safeguarded a list, executes the lookup to attribute credential, add
Add, deletes, the operation such as replacement.Voucher, which shows function, to be selected after getting service provider SP and requiring the attribute provided
Corresponding attribute credential out is hidden after carrying out the hiding attribute calculating of selectivity according to content of the requirement of SP to voucher as one
Name voucher is presented to service provider.According to the difference of challenging value after challenge (the random number challenge) issued to service provider
Response is calculated, proves that user possesses hiding attribute to SP.
Application service is mainly the end SP, property policy required for policy management capability, mainly maintenance access service;With
Results card is the attribute credential sended over to user terminal, and according to the access strategy of corresponding with service, (service is different, and access strategy is not
Together, be maintained in the end SP) and TP parameter is disclosed to verifying, (specific verification algorithm is in embodiments specifically
It is bright), judge whether the requirement for meeting access strategy.If by verifying, the certification that user passes through the service.
Compared with prior art, the advantages of the present invention are mainly reflected in:
1) using the anonymous credentials algorithm signed based on attribute, compared with existing general anonymous credentials system, user can be with
The hiding attribute of selectivity, more flexible thresholding Attributions selection can be supported to show scheme.
2) the attribute signature length in the present invention is constant, therefore the message-length of anonymous authentication agreement transmission is constant,
Improve the communication efficiency of agreement.
3) while guaranteeing privacy, it ensure that the unforgeable and not of voucher using the signature technology based on attribute
Property can be lent, to realize that the certification of high privacy high security of user-center provides guarantee with access control process.
4) relatively independent with frame to being realized based on specific algorithm in attribute anonymous credentials scheme, can under Unified frame into
Row easily extension, to support a greater variety of algorithms.
5) unlinkability, that is service or multiple services the activity association of user is got up together be calculate it is tired
Difficult, that is to say, that no matter it accesses a service how many times to a user, will all keep anonymity.
6) it is tired that least privilege, service or multiple services calculate attribute of the user in addition to attribute needed for the service together
Difficult.That is, authenticating the process of user every time, service can only obtain the session needs and user authorizes the category shown
Property, and other attribute informations of user cannot be obtained.
Detailed description of the invention
Fig. 1 anonymous credentials system assumption diagram;
Fig. 2 anonymous authentication system credential signs and issues agreement;
Fig. 3 anonymous authentication system credential shows agreement;
Fig. 4 anonymous authentication system module and interface.
Specific embodiment
Below by specific embodiment, the present invention will be described in more detail.Wherein embodiment 1 is given involved by the system
And the anonymous credentials algorithm based on attribute signature, embodiment 2 provides the specific function mode of anonymous credentials system.
Anonymous authentication algorithm of the embodiment 1. based on attribute
The specific example of a signature algorithm based on attribute of the invention is given below:
IfWithBe rank be p Prime Orders cyclic group (t be used to indicate, explanationWithIt is two different groups, i.e.,
The present invention needs to set two groups, and two different Prime Orders cyclic groups are distinguished with footmark t), g isGeneration member.ForIt arrivesOn bilinear map.
A.System setup algorithm
The algorithm is executed by trusted party, defines the maximum attribute number n that may include in voucher first, is then each possibility
The user property i distributive property value ω usedi(according to the method for salary distribution predetermined), and in addition select n-1 redundant attributes dj
Redundant attributes collection D is formed, (distribution of redundant attributes needs to guarantee to repeat with user property, if will construct in voucher
User property less than n when, trusted party can select redundant attributes to be supplemented to n), these redundant attributes will not be presented to
Any user.Next member g, h are generated in random selection, random selection is used as private key, i.e. master key, calculates a part of the common parameter as system, then scheme TP finally gives birth to
It is at common parameterThe master of TP
Key is x.(common parameter includes that user property set omega and redundant attributes set D, redundant attributes set D need externally announcement)
B.User Grant algorithm
When user U application and attribute set ΩU(wherein Ω is the set of all properties, Ω when the attribute credential of ∈ ΩUFor
User property set), TP executes following operation:
It examines first
If it is not, then refusing to execute, that is to say, that comprising redundant attributes in the attribute submitted when user's application, then refusal is held
Row.
If intersection is sky, TP random selection one generates member, then to ΩUThe attribute value ω of middle ith attributeUi
(calculating each attribute) calculates medianCalculate output attribute voucher cre={ gU, { Ui}(ωUi∈
ΩU)}。
C.User Prove algorithm
When user will access a service, need to prove that the attribute that it possesses meets defined in SP corresponding to the service
Strategy, strategy herein is thresholding strategy, i.e. an application service user property must satisfy: being belonged to k in property set A
At least t attribute in property is consistent, i.e. Γ=(t, A) (1≤t≤k=| A |≤n, | A | ∩ ΩU| >=t), user agent UA from
The attribute set that can satisfy SP strategy is selected in its attribute setThen choice set
Close D={ diIn preceding n+t-k-1 element, the set of these elements is denoted as Dn+t-k-1.User can be used in its voucher cre
Ui(each attribute has a U in cre for calculatingiValue, the voucher value of corresponding each attribute):
Next, due to | Dn+t-k-1∩(A-Ω′U) |=(n+t-k-1)+(k-t)=n-1, therefore user can be usedIt calculates(wherein A1,
A2, A3 are the medians calculated).Finally, UA randomly chooses secret value, for calculating anonymous credentials (π1, π2, π3, π4) it is sent to SP.
D.User Verify algorithm
Verifier SP obtains (π1, π2, π3, π4) after, first confirm that gU=π4It is whether true, (gUIt is in user anonymity voucher
First element, π4It is the last one element that UA in step C is sent in the anonymous attestation of SP), if so, explanation should
The user of anonymous credentials belongs to the user's set for having signed and issued voucher, then usesIt calculatesAnd it verifies:And e (h, π2)=e (g, π3) whether at
It is vertical, if so, then illustrate that the attribute that user is possessed meets thresholding strategy Γ.
Anonymous authentication system of the embodiment 2. based on attribute
The present embodiment is intended to provide a specific example of the anonymous authentication system the present invention is based on attribute.
The system include three main bodys: trusted party (Trust Provider, TP), user agent (User Agent, UA),
And service provider (Service Provider, SP) three parts.By network connection between three parts, trusted party is responsible for recognizing
User is demonstrate,proved, and issues attribute credential for user.The groundwork of user side is completed by user agent, and mainly attribute credential connects
It receives, stores, inquiry, and generate verifying and assert, assist the verifying for completing application service provider.User is before request service
It needs to trusted party application attribute credential, request only needs to show what application service provider needed to be certified when service
Attribute, such as network game company only need be greater than lawful age user certificate age in next year, and country origin belongs to specified country etc..Service provides
Side verifies the attribute that user shows, and is verified, gives corresponding access authority.
Specific implementation process is four sections: system initialization, voucher sign and issue agreement, and voucher shows agreement and credential verification
Agreement.System initialization process is that the operation of agreement generates necessary common parameter.Voucher, which signs and issues process mainly, trusted party TP
It is completed with user's joint consultation.Voucher shows agreement to be completed jointly by user and service provider SP.
The present embodiment is set based on following scene: after user U obtains the attribute credential that trusted party TP is issued, access application
The resource of provider SP, SP specify access strategy Γ, allow user to access if U meets the access strategy, detailed process is as follows:
1) TP runs the setup algorithm in embodiment 1, saves the master key of generation, and by system public parameter with other
The mode that Fang Rongyi is obtained is issued out
2) user U initiates attribute credential to TP by user agent UA and signs and issues request, i.e. attribute is submitted in registration;
3) TP and U executes authentication protocol, verifies the attribute that user is possessed, and according to the attribute of U, master key x and system
Open parameter issues attribute credential cre for it;
4) user U initiates access request to service provider SP by user agent UA, includes the service to be accessed
Mark;
5) (strategy is to customize in advance to access strategy needed for application service provider SP searches the resource of user's access
, and strategy needed for different services is different, SP need to only search corresponding strategy herein), and return to the agency of user U
UA;
6) user agent prompts user U to select attribute to be used, and user uses the attribute credential of itself according to the attribute
Calculating anonymous credentials for generating the private key r of anonymous credentials with one (is to handle the attribute credential that TP is issued, enables SP
Attribute required by destination service is decrypted, and the occurrence of other attributes in attribute credential cannot be obtained, but is known that
Obtain TP certification, specific algorithm C algorithm in example 1), and SP is sent to by user agent;
7) application service provider SP verifies the anonymous attestation of user, will if being verified and meeting the access strategy
Resource returns to user (specific algorithm in example 1 D-algorithm).
Claims (9)
1. a kind of anonymous authentication method based on attribute, the steps include:
1) trusted party TP generates a master key x and system public parameter according to the security parameter of setting;Wherein, master key x be can
The private key of letter side TP;
2) user U is registered to TP and is submitted attribute, is initiated attribute credential and is signed and issued request;
3) TP verifies the attribute that user U is possessed, and generates and issue for it according to the attribute of U, master key x and system public parameter
Send out attribute credential cre;
4) user U initiates access request to service provider SP;
5) service provider SP searches the corresponding access strategy of the access request, returns to the user U;
6) user U selects attribute to be used according to the access strategy, is then hidden using attribute credential cre and one for generating
The private key r of name voucher calculates an anonymous credentials, and is sent to SP;
7) service provider SP verifies the anonymous credentials, if being verified and meeting the access strategy, receives the access request,
Corresponding service is provided and gives the user;
Wherein, the generation method of the master key x and system public parameter are as follows:
11) the Prime Orders cyclic group that two ranks are p is arranged in trusted partyWithG isGeneration member,ForIt arrives
On bilinear map;
12) the maximum attribute number that may include in attribute credential is set as n, is then each user property i that may be used points
Properties value ωi, and in addition select n-1 redundant attributes djForm a redundant attributes collection D;Wherein each redundant attributes djNot with
User property repeats;
13) it randomly choosesMiddle generation member g, h randomly choose x ∈ ZpAs the private key of TP, i.e. master key, probabilistic polynomial is utilized
Time algorithm generates common parameterΩ={ ωi, D={ dj}。
2. the method as described in claim 1, it is characterised in that the method for generating the attribute credential cre are as follows: trusted party utilizes
Probabilistic polynomial time algorithm, the property set inputted using user, master key x and system public parameter, generate the attribute with
Card.
3. the method as described in claim 1, it is characterised in that the method for generating the anonymous credentials are as follows: user obtains trusted party
The system public parameter of publication, then by probabilistic polynomial time algorithm according to system public parameter, message, user attribute
Voucher, one generate the anonymous credentials for generating the private key r and selection attribute to be used of anonymous credentials.
4. the method as described in claim 1, it is characterised in that the method that service provider SP verifies the anonymous credentials are as follows: service
Provider utilizes certainty polynomial time algorithm, according to system public parameter, message, predicate and to the signature verification of message
The anonymous credentials.
5. the method as described in claim 1, it is characterised in that trusted party utilizes probabilistic polynomial time algorithm, according to trusted party
The security parameter of setting generates master key x and system public parameter.
6. the method as described in claim 1, it is characterised in that the generation method of the attribute credential are as follows: when user U application with
Attribute set ΩUWhen the attribute credential of ∈ Ω, wherein Ω is the set of all properties, ΩUFor the attribute set of user U;Trusted party
Whether comprising redundant attributes in the attribute submitted when examining user U application first, refuse to generate attribute credential if including, it is no
Then trusted party random selection one generates memberThen to ΩUThe attribute value ω of middle ith attributeUi, calculate medianTo calculate output attribute voucher cre={ gU,{Ui}(ωUi∈ΩU)}。
7. method as claimed in claim 6, it is characterised in that the method for generating the anonymous credentials are as follows:
81) when user will access a service of service provider, user passes through user agent UA from the user property set
Middle selection one can satisfy the attribute set of the corresponding service strategy of the serviceWherein should
Service strategy are as follows: at least t attribute in k attribute in user property set property set A corresponding with the service is consistent;
82) user selects set D={ diIn preceding n+t-k-1 element, the set of these elements is denoted as Dn+t-k-1;
83) user uses the median U in its attribute credential creiIt calculates ω is redundant attributes;
84) it randomly choosesAs the private key r for generating anonymous credentials, calculate
Obtain the anonymous credentials (π1,π2,π3,π4)。
8. the method as described in claim 1, it is characterised in that each attribute that user terminal submits user distributes one by can
Letter side sets attribute-bit, uses corresponding mark and attribute value to be sent to attribute and attribute value that user to be applied credible
Side.
9. a kind of anonymous authentication system based on attribute, it is characterised in that including passing through network trusted party TP interconnected, use
Act on behalf of UA and service provider SP in family;Wherein,
Trusted party is responsible for authenticating user, according to the security parameter of setting, generates a master key x and system public parameter;Wherein, main
Key x is the private key of trusted party TP;The attribute that verifying user U is possessed, and ginseng is disclosed according to the attribute of U, master key x and system
Number generates for it and issues attribute credential cre;
User agent registers application, reception, storage, the inquiry of attribute and attribute credential for user U to trusted party, to clothes
Business provider SP initiates access request, and generates anonymous credentials and show service provider;
Service provider verifies the anonymous credentials that user agent shows, and is verified and meets corresponding access strategy,
Then give corresponding access authority
Wherein, the generation method of the master key x and system public parameter are as follows:
11) the Prime Orders cyclic group that two ranks are p is arranged in trusted partyWithG isGeneration member,ForIt arrives
On bilinear map;
12) the maximum attribute number that may include in attribute credential is set as n, is then each user property i that may be used points
Properties value ωi, and in addition select n-1 redundant attributes djForm a redundant attributes collection D;Wherein each redundant attributes djNot with
User property repeats;
13) it randomly choosesMiddle generation member g, h randomly choose x ∈ ZpAs the private key of TP, i.e. master key, probabilistic polynomial is utilized
Time algorithm generates common parameterΩ={ ωi, D={ dj}。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310148635.1A CN104125199B (en) | 2013-04-25 | 2013-04-25 | A kind of anonymous authentication method and system based on attribute |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310148635.1A CN104125199B (en) | 2013-04-25 | 2013-04-25 | A kind of anonymous authentication method and system based on attribute |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104125199A CN104125199A (en) | 2014-10-29 |
CN104125199B true CN104125199B (en) | 2019-04-02 |
Family
ID=51770465
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310148635.1A Expired - Fee Related CN104125199B (en) | 2013-04-25 | 2013-04-25 | A kind of anonymous authentication method and system based on attribute |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104125199B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023056352A1 (en) * | 2021-10-01 | 2023-04-06 | Changefly Inc. | Anonymous authentication systems for obscuring authentication information |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102014105244A1 (en) * | 2013-12-05 | 2015-06-11 | Deutsche Post Ag | Method for deactivating the locking of at least one door of a housing |
CN106533681B (en) * | 2015-09-11 | 2019-09-17 | 中国科学院软件研究所 | A kind of attribute method of proof and system that support section is shown |
CN107959931B (en) * | 2017-12-18 | 2021-05-14 | 中国人民解放军战略支援部队信息工程大学 | Wireless network anonymous switching method, device and system based on attribute signature |
CN108833373B (en) * | 2018-05-29 | 2021-03-16 | 东北大学 | Instant messaging and anonymous access method for relation privacy protection social network |
CN108769020B (en) * | 2018-05-29 | 2021-07-13 | 东北大学 | Privacy-protecting identity attribute certification system and method |
CN109450916A (en) * | 2018-11-28 | 2019-03-08 | 济南浪潮高新科技投资发展有限公司 | A kind of authentication attribute identification protocol system based on eID |
CN112600851B (en) * | 2020-12-21 | 2022-05-03 | 暨南大学 | Link traceable anonymous authentication method for event |
CN112614545B (en) * | 2020-12-29 | 2022-11-01 | 暨南大学 | Gene sequence safety comparison method and system supporting multi-attribute anonymous authentication |
CN114792004A (en) * | 2021-01-26 | 2022-07-26 | 华为云计算技术有限公司 | Identity information processing method, equipment and system |
CN113743926B (en) * | 2021-08-26 | 2024-04-12 | 如般量子科技有限公司 | Anonymous communication and charging system and method based on chargeable ID |
CN114169011B (en) * | 2021-12-16 | 2024-06-04 | 福州大学 | Privacy protection electronic bill system based on attribute certificates |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101977380A (en) * | 2010-11-15 | 2011-02-16 | 天津工业大学 | Wireless Mesh network identification method |
CN102685092A (en) * | 2011-11-29 | 2012-09-19 | 河海大学 | Remote proofing method for proofing security attribute of remote platform |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060143695A1 (en) * | 2004-12-27 | 2006-06-29 | Amiram Grynberg | Anonymous Spoof resistant authentication and enrollment methods |
US8583932B2 (en) * | 2009-05-29 | 2013-11-12 | Nec Corporation | Signature device, signature verification device, anonymous authetication system, signing method, signature authentication method, and programs therefor |
-
2013
- 2013-04-25 CN CN201310148635.1A patent/CN104125199B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101977380A (en) * | 2010-11-15 | 2011-02-16 | 天津工业大学 | Wireless Mesh network identification method |
CN102685092A (en) * | 2011-11-29 | 2012-09-19 | 河海大学 | Remote proofing method for proofing security attribute of remote platform |
Non-Patent Citations (2)
Title |
---|
匿名凭证方案研究进展;张严等;《信息网络安全》;20120110;正文第1-6页 * |
基于PMI属性证书的匿名认证方案;贺靖靖等;《计算机安全》;20130115;正文第1-4页 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023056352A1 (en) * | 2021-10-01 | 2023-04-06 | Changefly Inc. | Anonymous authentication systems for obscuring authentication information |
Also Published As
Publication number | Publication date |
---|---|
CN104125199A (en) | 2014-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104125199B (en) | A kind of anonymous authentication method and system based on attribute | |
Lim et al. | Blockchain technology the identity management and authentication service disruptor: a survey | |
CN111046352B (en) | Identity information security authorization system and method based on block chain | |
US11271926B2 (en) | System and method for temporary password management | |
Windley | Digital identity | |
CN109617692B (en) | Anonymous login method and system based on block chain | |
US20190303929A1 (en) | Using out-of-band mobile device possession attestation to release verified user identity attributes during internet transactions | |
CN111835526B (en) | Method and system for generating anonymous credential | |
CN105376064B (en) | A kind of anonymity message authentication system and its message signing method | |
CN105187405A (en) | Reputation-based cloud computing identity management method | |
Alzuwaini et al. | An Efficient Mechanism to Prevent the Phishing Attacks. | |
Gao et al. | A Privacy‐Preserving Identity Authentication Scheme Based on the Blockchain | |
CN109902508A (en) | A kind of method for authenticating entities and system of the anonymity of voucher label originator | |
Shahraki et al. | Attribute-based data access control for multi-authority system | |
Gulati et al. | Self-sovereign dynamic digital identities based on blockchain technology | |
KR20200016506A (en) | Method for Establishing Anonymous Digital Identity | |
CN106533681B (en) | A kind of attribute method of proof and system that support section is shown | |
Meshram et al. | An efficient remote user authentication with key agreement procedure based on convolution-Chebyshev chaotic maps using biometric | |
Buccafurri et al. | Ethereum Transactions and Smart Contracts among Secure Identities. | |
Lax et al. | A lightweight scheme exploiting social networks for data minimization according to the GDPR | |
Bertino et al. | Digital identity protection-concepts and issues | |
KR20120028159A (en) | A electron vote method for an individual information protection | |
US20220237601A1 (en) | WebAuthn+JSON DLT ˜the internet of value | |
Liang et al. | An efficient blockchain-based anonymous authentication and supervision system | |
CN114866255A (en) | Multi-factor authentication method oriented to multi-IDP aggregation by taking user as center |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190402 Termination date: 20210425 |