CN110311881A - A kind of authorization method, encryption method and terminal device - Google Patents
A kind of authorization method, encryption method and terminal device Download PDFInfo
- Publication number
- CN110311881A CN110311881A CN201810256498.6A CN201810256498A CN110311881A CN 110311881 A CN110311881 A CN 110311881A CN 201810256498 A CN201810256498 A CN 201810256498A CN 110311881 A CN110311881 A CN 110311881A
- Authority
- CN
- China
- Prior art keywords
- participant
- private key
- signature
- group
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
This application provides a kind of authorization method, encryption method and terminal devices, wherein the authorization method includes: to send access request to participant group;It receives the participant in the group and passes through the signature that the private key held generates;In the case where determining that the signature received meets full dose signature set, determination has obtained access authority, wherein the private key set that any N number of participant is held in the group is equal to private key complete or collected works, wherein N is less than or equal to the quantity of participant in the group.Private key distribution is set by using participant and the one-to-many mode of private key, it is excessive to solve existing private key and the limitation of usage scenario present in participant one-to-one correspondence mode, the problem of can not adapting to more scene demands, has achieved the effect that can satisfy more scene demands.
Description
Technical field
The application belongs to Internet technical field more particularly to a kind of authorization method, encryption method and terminal device.
Background technique
Currently, being generally by the way of for signature and the encryption and decryption etc. of realizing data, each participant is held certainly
Oneself private key, private key and participant are one-to-one relationships.The authentication center (CA) all trusted by all participants provides
Certificate, each participant hold the certificate of corresponding public key.
Because private key and participant are one-to-one relationships, in signature, signature is verified, to data into
Row encryption, during being encrypted to data, if there is N number of participant participates in signature or the participation encryption of N number of participant,
It so requiring N number of participant and participates in verification, N number of participant participates in decryption, can say without what strategy, but also signature,
Verification, encryption, decryption situations such as can not be adapted to it is some it is special in the case where.
In view of the above-mentioned problems, currently no effective solution has been proposed.
Summary of the invention
The application is designed to provide a kind of authorization method, encryption method and terminal device, can satisfy more scenes
Authorization and encryption and decryption demand.
On the one hand a kind of authorization method is provided, comprising:
Access request is sent to participant group;
It receives the participant in the group and passes through the signature that the private key held generates;
In the case where determining that the signature received meets full dose signature set, determination has obtained access authority, wherein described
The private key set that any N number of participant is held in group is equal to private key complete or collected works, wherein N is less than or equal to participant in the group
Quantity.
On the other hand a kind of encryption method is provided, comprising:
Resource publication request is sent to participant group;
It receives the participant in the group and passes through the signature that the private key held generates;
In the case where the signature acknowledged receipt of meets full dose signature set, determines and has obtained resource publication permission, wherein
The private key set that any N number of participant is held in the group is equal to private key complete or collected works, wherein N is less than or equal in the group join
With the quantity of side;
Encryption key is generated by the full dose signature set, resource to be released is encrypted.
A kind of terminal device, including processor and for the memory of storage processor executable instruction, the processing
Device realizes the above method when executing described instruction.
A kind of terminal device, including processor and for the memory of storage processor executable instruction, the processing
Device realizes the above method when executing described instruction.
A kind of computer readable storage medium is stored thereon with computer instruction, and it is above-mentioned that described instruction is performed realization
The step of method.
Authorization method, encryption method and terminal device provided by the present application, it is one-to-many by using participant and private key
Mode is distributed private key is arranged, and limits to solve usage scenario present in existing private key and participant one-to-one correspondence mode
It is excessive, the problem of more scene demands can not be adapted to, achieve the effect that can satisfy more scene demands.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The some embodiments recorded in application, for those of ordinary skill in the art, in the premise of not making the creative labor property
Under, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the private key distribution mode schematic diagram of the embodiment of the present application;
Fig. 2 is another schematic diagram of the private key distribution mode of the embodiment of the present application;
Fig. 3 is the another schematic diagram of the private key distribution mode of the embodiment of the present application;
Fig. 4 is the another schematic diagram of the private key distribution mode of the embodiment of the present application;
Fig. 5 is the method flow diagram of the authorization method of the embodiment of the present application;
Fig. 6 is the method flow diagram of the encryption method of the embodiment of the present application;
Fig. 7 is the configuration diagram of the terminal device of the embodiment of the present application;
Fig. 8 is the structural block diagram of the authorization device of the embodiment of the present application.
Specific embodiment
In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with the application reality
The attached drawing in example is applied, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described implementation
Example is merely a part but not all of the embodiments of the present application.Based on the embodiment in the application, this field is common
The application protection all should belong in technical staff's every other embodiment obtained without creative efforts
Range.
In view of why the authorization of existing signature, cipher mode have that adaptation range is not wide, is primarily due to
Participant and private key are one-to-one relationships, if it is desired to completing decryption either signature check, it is necessary to participate in encryption and label
Name is involved in into the decryption and authorization that can be just illustrated.
If for this purpose, one private key corresponds only in view of not corresponding only to a private key according to a this participant
The mode of one participant distributes private key, and can correspond to one or more private keys using a participant, or without private
Key, a private key can be possessed by one or more participants, then sign there is no need to be limited to N number of people, that
This N number of people is needed just to can be carried out signature check together, just to complete to authorize.
For example, A has private key 1,2 and 3, and B has private key 1 and 2, and C has private key 2 and 3, and D has private key 3.So B and D pass through
In the case that private key 1, private key 2 and private key 3 are signed, A oneself can realize signature check, and B and C also may be implemented to sign
Verification, as long as gathering out private key 1, the such set of private key 2 and private key 3, so that it may realize the verification to the signature, without
The people for being defined as only signing, which gathers, just can be carried out signature check.
Based on the above thinking, a kind of authorization based on signature is provided in this example, is described as follows:
In the authorization based on signature of this example, one group of private key Kn (wherein, the sum that n indicates private key) is in all ginsengs
Can distribute as follows with square Pm (wherein, the sum that m indicates participant): a participant may be held wherein more
Piece private key, it is also possible to without any private key, one piece of private key may only one participant hold, it is also possible to held by multiple participants
Have.Each participant holds the corresponding public key Cn of all private keys.
Wherein, for participant, the process of authorization is exactly that all private keys held with oneself sign to data
Process, the process for verifying permission is exactly to verify the process of all signatures, and obtain and as private key quantity and do not repeat
Signature Sn.
Based on the above-mentioned private key method of salary distribution, the processes such as authorization, verification, encryption, decryption are described as follows:
1) (signature), verification (signature check) are authorized
Some resource R is held by P (wherein, P can be resource management participant, be also possible to third party), and is existed more
The participant (P1 ... Pn) of a resource management, wherein P1 ... Pn held through consultation provide private key (that is,
Wherein more pieces of private keys may be held according to a participant, it is also possible to which, without any private key, one piece of private key may only one ginseng
With Fang Chiyou, it is also possible to private key allocation strategy be arranged by the mode that multiple participants are held).
When the visitor U (can be the participant of resource management, be also possible to third party) of resource needs to access resource R
When, visitor U can first construct access request G, and access request G is sent to the participant of resource managements more as far as possible
(P1……Pn)。
For the participant (P1 ... Pn) of resource management, all private keys oneself held can be used, to access
Request G signs, and is signed (S1 ... Sn) with generating, and signature (S1 ... Sn) is sent back visitor U.
Since the sum of public and private key is disclosed in disclosed and all public key (certificate) is also, therefore, to work as visitor
In the case that U is collected into sufficient amount of signature (S1 ... Sn, after removing repetition signature), signature is verified, thus
Determine the permission for itself having obtained access resource R.
Access request and sufficient amount of signature (S1 ... Sn) are sent to P by visitor U, and P passes through disclosed public and private key
Sum and disclosed public key, the signature (S1 ... Sn) of access request is verified, for example, it may be verifying quantity whether
Enough, if by verifying, so that it is determined that whether visitor U has permission to access resource R.
2) it encrypts, decrypt
Some resource pool P is managed, wherein multiple participants (P1 ... Pn) are by multiple participants (P1 ... Pn)
The private key provided is held through consultation, and all private keys have the sequence provided.
When resource publisher U (can be the participant of resource management, be also possible to third party) needs to issue a data D
When, resource publisher U first can execute a digest algorithm Z to data D, generate abstract H (that is, request H).Resource publisher U
H can will be requested to be sent to participants (P1 ... Pn) more as far as possible.Participant (P1 ... Pn) is held all using oneself
Private key signs to request H, generates signature (S1 ... Sn), and signature (S1 ... Sn) is sent back resource publisher U.
It is also disclosed since the sum of public and private key is disclosed and all public key (certificate).Therefore, when resource is sent out
After cloth side U is collected into sufficient amount of signature (S1 ... Sn, after removing repetition signature), signature can be verified, with
Determine the permission for itself having got publication data.
Resource publisher U according to the sequence of prespecified private key, is sequentially arranged all signatures (S1 ... Sn),
To obtain a unique sequence, which can be previewed into the algorithm F of definition by some, generate one symmetrically
Encryption key S.Data D is encrypted by symmetric cryptographic key S, generates encrypted data E.It will request H and encryption
Data E afterwards is published to resource pool P, to complete the data publication of encryption.
For the side of checking of data C, if necessary to ciphertext data, then just needing to take out request H from resource pool P
With encrypted data E.And request H is sent to participants (P1 ... Pn) more as far as possible.Participant (P1 ... Pn) uses
All private keys oneself held sign to request H, generate signature (S1 ... Sn), and signature (S1 ... Sn) is sent
Return the data side of checking C.It is also disclosed since the sum of public and private key is disclosed and all public key (certificate).Work as data
The side of checking C is collected into sufficient amount of signature (S1 ... Sn, after removing repetition signature), and verifies to signature, just
Know the ability for oneself having obtained ciphertext data.
The data side of checking C arranges all signatures (S1 ... Sn) according to the sequence of preset private key, and available one
Unique sequence.For this unique sequence, the algorithm F of definition can be previewed by some, and it is close to generate a symmetric cryptography
Key S, the data side of checking C decrypt data E using the symmetric cryptographic key to obtain data D, and can be produced with data D by algorithm Z
Whether raw new abstract H' determines whether abstract H is consistent with H', legal with verify data.
I.e., it is contemplated that validity check and encryption and decryption cannot use same group of private key to can be generated to realize encryption and decryption
Symmetric cryptographic key can control what this group of private key was ordered into, the signature generated in this way is also to have in the case where encryption and decryption
Sequence, the sequence of the duplicate removal signature obtained every time is also consistent, and it is close thus can to obtain symmetric cryptography based on this sequence
Key SK, so as to complete encryption and decryption.
For example, determine the fixed sequence program of key in advance are as follows: private key 1, private key 2, private key 5, private key 3, private key 7, private key 4,
Private key 6, then the sequence of the symmetric cryptographic key generated is namely based on private key 1, private key 2, private key 5, private key 3, private key 7, private key
4, such a private key sequence of private key 6 generates, and carries out data encryption based on this, correspondingly, when decryption, also according to this
A rule, so that it may obtain key and be decrypted.
When realizing, private key can be by arbitrary policy definition holder, and is sent to other holders.Public key
It can be generated by the generation side of public private key pair, to prevent ambiguity.And when realizing, all participants can be allowed all to trust
CA endorsement, concurrent cloth include the certificate of public key.
The above method is illustrated below with reference to several concrete scenes, it is important to note, however, that the concrete scene is only
It is not constituted an undue limitation on the present application in order to which the application is better described.
As shown in Figure 1, business scenario are as follows: participant has X and Y, and X holds private key K1 and all certificate C1 and C2, and Y holds private
Key K2 and certificate C1 and C2.
So, SX is exactly the signature that private key K1 is generated, then SY is exactly the signature that private key K2 is generated, X and Y together can groups
At private key and certificate complete or collected works: the verification of signature thus may be implemented in K1, K2, C1 and C2.
As shown in Fig. 2, business scenario are as follows: participant has that X and Y:X hold private key K1 and certificate C1, Y also hold K1 and certificate
C1, SX and SY are identical, are all the signatures that K1 is generated.
So by X and Y either side, complete or collected works can be formed: K1.Therefore, X and Y either side can realize label
The verification of name.
As shown in figure 3, business scenario are as follows: X holds private key K1 and K2, and Y holds private key K2 and K3, and Z holds private key K1 and K3.
All participants all hold certificate C1, C2 and C3.
Correspondingly, signature SX includes the signature S1 and S2 that K1 and K2 is generated, signature SY includes the signature S2 that K2 and K3 is generated
And S3, signature SZ include the signature S1 and S3 that K1 and K3 is generated.
So, the signature set that SX and SY include are as follows: the signature set that S1, S2 and S3, SY and SZ include be S1, S2 and
The signature set that S3, SX and SZ include is S1, S2 and S3.
Therefore, also Y can complete signature check to X, and X and Z can complete signature check, and Y and Z can complete signature check,
Because any two side can form complete or collected works.
As shown in figure 4, being a schematic scene, M participant altogether, wherein N number of participant can form a private
Key complete or collected works.I.e., it is only necessary to by setting rule, find reasonable layout of the private key between this M participant, guarantee to have and only
The set for the private key for having any N number of or N number of above participant to hold is equal to the complete or collected works of private key, then passing through any N number of ginseng
Verification can be realized with side.
This application provides a kind of authorization methods, as shown in figure 5, may include steps of:
Step 501: sending access request to participant group;
Step 502: receiving the participant in the group and pass through the signature that the private key held generates;
Step 503: in the case where determining that the signature received meets full dose signature set, determination has obtained access authority,
Wherein, the private key set that any N number of participant is held in the group is equal to private key complete or collected works, wherein N is less than or equal to the group
The quantity of middle participant.
That is, access request is sent to participant group for authorization requests side, so that triggering participant is based on itself
The private key held generates signature, as long as authorization requests side obtains enough signatures, that is, the signature set of full dose turns out
Through obtaining access mandate.
After determination has obtained access authority, authorization requests side can be by the access request and full dose signature collection
It closes and sends the participant request, to request access to.
Participant in above-mentioned group can include but is not limited to: resource management participant, above-mentioned access request can
To include but is not limited to: resource access request.
A kind of encryption method is additionally provided in this application, as shown in fig. 6, may include steps of:
Step 601: sending resource publication request to participant group;
Step 602: receiving the participant in the group and pass through the signature that the private key held generates;
Step 603: in the case where the signature acknowledged receipt of meets full dose signature set, determination has obtained resource release right
Limit, wherein the private key set that any N number of participant is held in the group is equal to private key complete or collected works, wherein N is less than or equal to described
The quantity of participant in group;
Step 604: encryption key being generated by the full dose signature set, resource to be released is encrypted.
That is, needing to encrypt resource when thering is resource to be issued, it at this moment can send and provide to participant group
Source posting request is obtaining enough signatures so that triggering obtains the signature that participant is generated according to own private key, that is, label
In the case where name complete or collected works, determines and obtained resource publication permission, so that it may resource be encrypted and be sent out based on the signature of full dose
Cloth.
In one embodiment, encryption key is generated by the full dose signature set, resource to be released is carried out
It encrypts, may include:
S1: the signature in the full dose signature set is ranked up according to preset private key sequence;
S2: according to preset algorithm, ranking results are generated into symmetric cryptographic key;
S3: the resource to be released is encrypted by the symmetric cryptographic key.
When sending resource publication request to participant group, can be includes: to hold to the data to be released
Row digest algorithm generates abstract;It regard abstract as resource publication request, is sent to the participant group.
Encryption key is being generated by full dose signature set, after encrypting to resource to be released, the method is also
It include: to make a summary described with encrypted data publication into resource pool.
Embodiment of the method provided by the present application can execute in terminal device.Fig. 7 is that one kind of the embodiment of the present invention is awarded
The hardware block diagram of power method/encryption method terminal device.As shown in fig. 7, terminal device 10 may include one or more
(processor 102 can include but is not limited to Micro-processor MCV or programmable logic to a (one is only shown in figure) processor 102
The processing unit of device FPGA etc.), memory 104 for storing data and the transmission module 106 for communication function.
It will appreciated by the skilled person that structure shown in Fig. 7 is only to illustrate, the structure of above-mentioned electronic device is not made
At restriction.For example, terminal device 10 may also include than shown in Fig. 7 more perhaps less component or have with shown in Fig. 7
Different configurations.
Memory 104 can be used for storing the software program and module of application software, such as the authorization in the embodiment of the present invention
Corresponding program instruction/the module of method/encryption method, the software program that processor 102 is stored in memory 104 by operation
And module realizes authorization method/encryption of above-mentioned application program thereby executing various function application and data processing
Method.Memory 104 may include high speed random access memory, may also include nonvolatile memory, such as one or more magnetism
Storage device, flash memory or other non-volatile solid state memories.In some instances, memory 104 can further comprise phase
The memory remotely located for processor 102, these remote memories can pass through network connection to terminal 10.On
The example for stating network includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Transmission module 106 is used to that data to be received or sent via a network.Above-mentioned network specific example may include
The wireless network that the communication providers of terminal 10 provide.In an example, transmission module 106 includes that a network is suitable
Orchestration (Network Interface Controller, NIC), can be connected by base station with other network equipments so as to
Internet is communicated.In an example, transmission module 106 can be radio frequency (Radio Frequency, RF) module,
For wirelessly being communicated with internet.
Referring to FIG. 8, it may include: first that the authorization device, which is applied in request method, apparatus, in Software Implementation
Sending module 801, receiving module 802, determining module 803.Wherein:
First sending module 801, for sending access request to participant group;
Receiving module 802 passes through the signature that the private key held generates for receiving the participant in the group;
Determining module 803, in the case where determining that the signature received meets full dose signature set, determination to have obtained visit
Ask permission, wherein the private key set that any N number of participant is held in the group is equal to private key complete or collected works, wherein N is less than or equal to
The quantity of participant in the group.
In one embodiment, above-mentioned authorization device can also include: the second sending module, for having obtained in determination
After access authority, the access request and the full dose signature set are sent into the participant and requested, to request access to.
In one embodiment, the participant in above-mentioned group may include: resource management participant.
In one embodiment, above-mentioned access request may include: resource access request.
In Software Implementation, which is applied in request method, apparatus, may include: sending module, receives
Module, determining module and encrypting module.Wherein:
Sending module, for sending resource publication request to participant group;
Receiving module passes through the signature that the private key held generates for receiving the participant in the group;
Determining module, in the case where for meeting full dose signature set in the signature acknowledged receipt of, determination has obtained resource
Issue permission, wherein the private key set that any N number of participant is held in the group be equal to private key complete or collected works, wherein N less than etc.
The quantity of participant in the group;
Encrypting module encrypts resource to be released for generating encryption key by the full dose signature set.
In one embodiment, encryption key is generated by the full dose signature set, resource to be released is carried out
Encryption may include: to be ranked up according to preset private key sequence to the signature in the full dose signature set;According to preset
Ranking results are generated symmetric cryptographic key by algorithm;The resource to be released is added by the symmetric cryptographic key
It is close.
In one embodiment, resource publication request is sent to participant group, may include: to described to be released
Data executive summary algorithm generates abstract;It regard the abstract as resource publication request, is sent to the participant group.
In one embodiment, by the full dose signature set generate encryption key, to resource to be released into
After row encryption, the method can also include: to make a summary described with encrypted data publication into resource pool.
Authorization method provided by the present application and encryption method are arranged by using the participant mode one-to-many with private key
Private key distribution, thus solve existing private key and usage scenario present in participant one-to-one correspondence mode limitation it is excessive, can not
The problem of adapting to more scene demands has achieved the effect that can satisfy more scene demands.
Although this application provides the method operating procedure as described in embodiment or flow chart, based on conventional or noninvasive
The labour for the property made may include more or less operating procedure.The step of enumerating in embodiment sequence is only numerous steps
One of execution sequence mode, does not represent and unique executes sequence.It, can when device or client production in practice executes
To execute or parallel execute (such as at parallel processor or multithreading according to embodiment or method shown in the drawings sequence
The environment of reason).
The device or module that above-described embodiment illustrates can specifically realize by computer chip or entity, or by having
The product of certain function is realized.For convenience of description, it is divided into various modules when description apparatus above with function to describe respectively.
The function of each module can be realized in the same or multiple software and or hardware when implementing the application.It is of course also possible to
Realization the module for realizing certain function is combined by multiple submodule or subelement.
Method, apparatus or module described herein can realize that controller is pressed in a manner of computer readable program code
Any mode appropriate is realized, for example, controller can take such as microprocessor or processor and storage can be by (micro-)
The computer-readable medium of computer readable program code (such as software or firmware) that processor executes, logic gate, switch, specially
With integrated circuit (Application Specific Integrated Circuit, ASIC), programmable logic controller (PLC) and embedding
Enter the form of microcontroller, the example of controller includes but is not limited to following microcontroller: ARC 625D, Atmel AT91SAM,
Microchip PIC18F26K20 and Silicone Labs C8051F320, Memory Controller are also implemented as depositing
A part of the control logic of reservoir.It is also known in the art that in addition to real in a manner of pure computer readable program code
Other than existing controller, completely can by by method and step carry out programming in logic come so that controller with logic gate, switch, dedicated
The form of integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc. realizes identical function.Therefore this controller
It is considered a kind of hardware component, and hardware can also be considered as to the device for realizing various functions that its inside includes
Structure in component.Or even, it can will be considered as the software either implementation method for realizing the device of various functions
Module can be the structure in hardware component again.
Part of module in herein described device can be in the general of computer executable instructions
Upper and lower described in the text, such as program module.Generally, program module includes executing particular task or realization specific abstract data class
The routine of type, programs, objects, component, data structure, class etc..The application can also be practiced in a distributed computing environment,
In these distributed computing environment, by executing task by the connected remote processing devices of communication network.In distribution
It calculates in environment, program module can be located in the local and remote computer storage media including storage equipment.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can
It is realized by the mode of software plus required hardware.Based on this understanding, the technical solution of the application is substantially in other words
The part that contributes to existing technology can be embodied in the form of software products, and can also pass through the implementation of Data Migration
It embodies in the process.The computer software product can store in storage medium, such as ROM/RAM, magnetic disk, CD, packet
Some instructions are included to use so that a computer equipment (can be personal computer, mobile terminal, server or network are set
It is standby etc.) execute method described in certain parts of each embodiment of the application or embodiment.
Each embodiment in this specification is described in a progressive manner, the same or similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.The whole of the application or
Person part can be used in numerous general or special purpose computing system environments or configuration.Such as: personal computer, server calculate
Machine, handheld device or portable device, mobile communication terminal, multicomputer system, based on microprocessor are at laptop device
System, programmable electronic equipment, network PC, minicomputer, mainframe computer, the distribution including any of the above system or equipment
Formula calculates environment etc..
Although depicting the application by embodiment, it will be appreciated by the skilled addressee that the application there are many deformation and
Variation is without departing from spirit herein, it is desirable to which the attached claims include these deformations and change without departing from the application's
Spirit.
Claims (11)
1. a kind of authorization method characterized by comprising
Access request is sent to participant group;
It receives the participant in the group and passes through the signature that the private key held generates;
In the case where determining that the signature received meets full dose signature set, determination has obtained access authority, wherein the group
In the private key set held of any N number of participant be equal to private key complete or collected works, wherein N is less than or equal to the number of participant in the group
Amount.
2. the method according to claim 1, wherein the method is also after determination has obtained access authority
Include:
The access request and the full dose signature set are sent into the participant request, to request access to.
3. the method according to claim 1, wherein the participant in the group includes: that resource management participates in
Side.
4. according to the method described in claim 3, it is characterized in that, the access request includes: resource access request.
5. a kind of encryption method characterized by comprising
Resource publication request is sent to participant group;
It receives the participant in the group and passes through the signature that the private key held generates;
In the case where the signature acknowledged receipt of meets full dose signature set, determines and obtained resource publication permission, wherein is described
The private key set that any N number of participant is held in group is equal to private key complete or collected works, wherein N is less than or equal to participant in the group
Quantity;
Encryption key is generated by the full dose signature set, resource to be released is encrypted.
6. according to the method described in claim 5, it is characterized in that, by the full dose signature set generate encryption key, it is right
Resource to be released is encrypted, comprising:
The signature in the full dose signature set is ranked up according to preset private key sequence;
According to preset algorithm, ranking results are generated into symmetric cryptographic key;
The resource to be released is encrypted by the symmetric cryptographic key.
7. according to the method described in claim 5, it is characterized in that, sending resource publication request to participant group, comprising:
To the data executive summary algorithm to be released, abstract is generated;
It regard the abstract as resource publication request, is sent to the participant group.
8. the method according to the description of claim 7 is characterized in that by the full dose signature set generate encryption key,
After being encrypted to resource to be released, the method also includes:
By the abstract and encrypted data publication into resource pool.
9. a kind of terminal device, which is characterized in that including processor and for the memory of storage processor executable instruction,
The processor realizes method described in any one of Claims 1-4 when executing described instruction.
10. a kind of terminal device, which is characterized in that including processor and for the storage of storage processor executable instruction
Device, the processor realize method described in any one of claim 6 to 8 when executing described instruction.
11. a kind of computer readable storage medium is stored thereon with computer instruction, described instruction, which is performed, realizes that right is wanted
The step of seeking any one of 6 to 8 the method.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810256498.6A CN110311881B (en) | 2018-03-27 | 2018-03-27 | Authorization method, encryption method and terminal equipment |
| CN202111337963.7A CN114205114B (en) | 2018-03-27 | 2018-03-27 | Authorization method and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810256498.6A CN110311881B (en) | 2018-03-27 | 2018-03-27 | Authorization method, encryption method and terminal equipment |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111337963.7A Division CN114205114B (en) | 2018-03-27 | 2018-03-27 | Authorization method and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110311881A true CN110311881A (en) | 2019-10-08 |
| CN110311881B CN110311881B (en) | 2022-01-14 |
Family
ID=68073519
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111337963.7A Active CN114205114B (en) | 2018-03-27 | 2018-03-27 | Authorization method and terminal equipment |
| CN201810256498.6A Active CN110311881B (en) | 2018-03-27 | 2018-03-27 | Authorization method, encryption method and terminal equipment |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111337963.7A Active CN114205114B (en) | 2018-03-27 | 2018-03-27 | Authorization method and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN114205114B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112184960A (en) * | 2020-09-28 | 2021-01-05 | 杭州安恒信息技术股份有限公司 | Intelligent lock control method and device, intelligent lock system and storage medium |
| CN115632890A (en) * | 2022-12-23 | 2023-01-20 | 北京锘崴信息科技有限公司 | Secure decryption method and device for private data and financial private data |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008186064A (en) * | 2007-01-26 | 2008-08-14 | Nec Corp | Distributed authentication system, distributed authentication method, and distributed authentication program |
| CN101610514A (en) * | 2009-07-23 | 2009-12-23 | 中兴通讯股份有限公司南京分公司 | Authentication method, Verification System and certificate server |
| CN103095697A (en) * | 2013-01-09 | 2013-05-08 | 华东师范大学 | Multiple signature generation and verification system and method thereof |
| CN105406964A (en) * | 2015-12-25 | 2016-03-16 | 河南城建学院 | Group-oriented practical re-signature method with forward security |
| CN106506156A (en) * | 2016-12-15 | 2017-03-15 | 北京三未信安科技发展有限公司 | A kind of distributed Threshold Signature method based on elliptic curve |
| CN106533698A (en) * | 2016-12-15 | 2017-03-22 | 北京三未信安科技发展有限公司 | RSA-based distributed threshold signature method and system |
| CN106961336A (en) * | 2017-04-18 | 2017-07-18 | 北京百旺信安科技有限公司 | A kind of key components trustship method and system based on SM2 algorithms |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140115327A1 (en) * | 2012-10-22 | 2014-04-24 | Microsoft Corporation | Trust services data encryption for multiple parties |
-
2018
- 2018-03-27 CN CN202111337963.7A patent/CN114205114B/en active Active
- 2018-03-27 CN CN201810256498.6A patent/CN110311881B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008186064A (en) * | 2007-01-26 | 2008-08-14 | Nec Corp | Distributed authentication system, distributed authentication method, and distributed authentication program |
| CN101610514A (en) * | 2009-07-23 | 2009-12-23 | 中兴通讯股份有限公司南京分公司 | Authentication method, Verification System and certificate server |
| CN103095697A (en) * | 2013-01-09 | 2013-05-08 | 华东师范大学 | Multiple signature generation and verification system and method thereof |
| CN105406964A (en) * | 2015-12-25 | 2016-03-16 | 河南城建学院 | Group-oriented practical re-signature method with forward security |
| CN106506156A (en) * | 2016-12-15 | 2017-03-15 | 北京三未信安科技发展有限公司 | A kind of distributed Threshold Signature method based on elliptic curve |
| CN106533698A (en) * | 2016-12-15 | 2017-03-22 | 北京三未信安科技发展有限公司 | RSA-based distributed threshold signature method and system |
| CN106961336A (en) * | 2017-04-18 | 2017-07-18 | 北京百旺信安科技有限公司 | A kind of key components trustship method and system based on SM2 algorithms |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112184960A (en) * | 2020-09-28 | 2021-01-05 | 杭州安恒信息技术股份有限公司 | Intelligent lock control method and device, intelligent lock system and storage medium |
| CN112184960B (en) * | 2020-09-28 | 2022-08-02 | 杭州安恒信息技术股份有限公司 | Intelligent lock control method and device, intelligent lock system and storage medium |
| CN115632890A (en) * | 2022-12-23 | 2023-01-20 | 北京锘崴信息科技有限公司 | Secure decryption method and device for private data and financial private data |
| CN115632890B (en) * | 2022-12-23 | 2023-04-07 | 北京锘崴信息科技有限公司 | Secure decryption method and device for private data and financial private data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114205114B (en) | 2023-12-29 |
| CN110311881B (en) | 2022-01-14 |
| CN114205114A (en) | 2022-03-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112804064B (en) | Attribute encryption access control system and method based on block chain | |
| CN109450877B (en) | Block chain-based distributed IDaaS identity unified authentication system | |
| CN111797415A (en) | Block chain based data sharing method, electronic device and storage medium | |
| CN108632045A (en) | A kind of block chain data processing method, device, processing equipment and system | |
| CN108600272A (en) | A kind of block chain data processing method, device, processing equipment and system | |
| CN110601816B (en) | Lightweight node control method and device in block chain system | |
| CN109474430B (en) | Cluster key generation method and device and storage medium thereof | |
| CN110197082A (en) | Data processing method, data processing equipment and computer system | |
| CN110800250A (en) | Controlled distribution of encrypted private keys | |
| CN110365662B (en) | Business approval method and device | |
| CN104735087A (en) | Public key algorithm and SSL (security socket layer) protocol based method of optimizing security of multi-cluster Hadoop system | |
| CN112528250A (en) | System and method for realizing data privacy and digital identity through block chain | |
| CN109815747A (en) | Offline auditing method, electronic device and readable storage medium storing program for executing based on block chain | |
| CN111865917B (en) | Block chain-based safe delivery method, system and medium for Internet of things equipment | |
| CN109818754B (en) | Method and equipment for generating keys for multiple clients and single server by client | |
| CN110311881A (en) | A kind of authorization method, encryption method and terminal device | |
| CN109728901A (en) | Digital signature authentication method, device and system | |
| Tian et al. | Accountable fine-grained blockchain rewriting in the permissionless setting | |
| CN104202317A (en) | Cloud platform data management method and system | |
| CN110492997B (en) | Encryption system, method, device and storage medium based on super account book | |
| CN111245594B (en) | Homomorphic operation-based collaborative signature method and system | |
| CN115396087B (en) | Identity authentication method, device, equipment and medium based on temporary identity certificate | |
| CN103490890A (en) | Combination public key authentication password method based on conic curves | |
| Kaaniche et al. | Id-based user-centric data usage auditing scheme for distributed environments | |
| CN109818753A (en) | Selecting a client is the method and apparatus that multi-client multiserver generates key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |