WO2020024993A1 - Method and system for generating public-private key pair - Google Patents
Method and system for generating public-private key pair Download PDFInfo
- Publication number
- WO2020024993A1 WO2020024993A1 PCT/CN2019/098669 CN2019098669W WO2020024993A1 WO 2020024993 A1 WO2020024993 A1 WO 2020024993A1 CN 2019098669 W CN2019098669 W CN 2019098669W WO 2020024993 A1 WO2020024993 A1 WO 2020024993A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- password
- private key
- server
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Definitions
- the present application relates to the field of information technology, and in particular, to a method and a system for generating a private key.
- the public-private key generation in the prior art generally generates a private key through a random number, and then generates the public key through a hash operation.
- the role of the private key is very important.
- private keys often appear Lost or obtained by others, this is very detrimental to the security of the user's account.
- a public and private key pair generation method that can securely generate and ensure that the private key cannot be easily obtained by others is needed.
- the present invention provides a public-private key pair generation method, including:
- the first encrypted information is decrypted by the first private key to obtain the first user information, and the first user information is encrypted by the second public key to generate the second encrypted information; wherein the second public key is held by the server The public key corresponding to the second private key of
- the second password encryption information is decrypted by the first private key to obtain a second password, and a third private key and a third public key are generated based on the second password.
- receiving the second password encryption information includes: receiving a verification code through a contact method stipulated in the contact information, sending the verification code for the server to send the second password encryption information after passing the verification, and receiving the second password encryption information.
- receiving the second password encryption information includes: directly receiving the second password encryption information through a contact manner stipulated in the contact information.
- generating the third private key and the third public key according to the second password includes: performing a specified first operation on the first private key and the second password, and performing a hash operation on the operation result to generate the third private key and the third public key.
- generating the third private key and the third public key according to the second password includes: hashing the second password to generate the third private key and the third public key.
- the first encrypted information returned by the receiving server after the verification passes includes: receiving unregistered information sent by the server, sending the registration information to the server for the server to associate the registration information with the first public key after the verification is passed, and, Hash the public key, registration information, and random number to obtain a third hash value, and store the third hash value on the blockchain, where the registration information includes contact information and identity information;
- the signature information includes a hash value of the latest block header on the blockchain.
- the first hash value is signed with the first private key held, and the signature is sent to the blockchain.
- the present invention provides a public-private key pair generation system, including:
- a first password generating unit configured to generate a first password, and generate a first private key and a first public key according to the first password
- the first encrypted information receiving unit is configured to send the signature information to the server for the server to verify the identity, and receive the first encrypted information returned by the server after the verification is passed; wherein the signature information is generated by the signature of the first private key, and the first encryption The information is generated by encrypting the first user information by using the first public key, and the first user information includes contact information;
- the second encrypted information generating unit is configured to decrypt the first encrypted information by using the first private key to obtain the first user information, and encrypt the first user information by using the second public key to generate the second encrypted information;
- the second public key is the public key corresponding to the second private key held by the server;
- the information sending unit is configured to send the second encrypted information to the server for the server to decrypt through the second private key, and hash the decryption result of the second encrypted information to obtain a second hash value, and obtain a record
- the first hash value on the blockchain verifies whether the first hash value and the second hash value are the same: Yes, the second password encryption information is issued through the contact information in the decryption result; wherein the first hash value The value is a hash value of the first user information, and the second password encryption information is generated by encrypting the second password with the first public key;
- the public-private key pair generation unit is configured to receive the second password encryption information, decrypt the second password encryption information by using the first private key, obtain a second password, and generate a third private key and a third public key according to the second password.
- the public-private key pair generation unit includes: a second password receiving subunit configured to receive a verification code through a contact method agreed in the contact information, and send a verification code for the server to send the second password encryption information after passing the verification, and receive the second password Encrypted information.
- the public-private key pair generating unit includes: a password receiving subunit configured to directly receive the second password encrypted information through a contact method agreed in the contact information.
- the public-private key pair generation unit includes a first public-private key generation subunit configured to perform a specified first operation on the first private key and a second password, and perform a hash operation on the operation result to generate a third private key. And the third public key.
- the public-private key pair generation unit includes a second public-private key generation subunit configured to perform a hash operation on the second password to generate a third private key and a third public key.
- the present invention sends a second password to the client after the server-to-user identity verification is passed, thereby generating a public-private key pair based on the second password. This ensures that the public-private key pair cannot obtain the second key without the first password.
- the password generates a public-private key pair based on the obtained second password, thereby ensuring the security and privacy of the public-private key pair.
- FIG. 1 is a flowchart of a public-private key pair generation method according to an embodiment of the present invention.
- FIG. 2 is a scene diagram of a preferred implementation provided by an embodiment of the present invention.
- FIG. 3 is a scene diagram of another preferred embodiment of the present invention.
- FIG. 4 is a flowchart of step S15 of a preferred embodiment of the method shown in FIG. 1.
- FIG. 5 is a flowchart of step S15 of another preferred embodiment of the method shown in FIG. 1.
- FIG. 6 is a flowchart of another preferred embodiment of the present invention.
- FIG. 7 is a schematic structural diagram of a public-private key pair generation system provided by the present invention.
- FIG. 1 is a flowchart of a public-private key pair generation method according to an embodiment of the present invention.
- the present invention provides a public-private key pair generation method, including:
- the second password encryption information is decrypted by the first private key Ska to obtain a second password, and a third private key and a third public key are generated according to the second password.
- step S11 the user locally generates a first password Ka, and generates a first private key Ska and a first public key Pka from the first password Ka.
- the first password Ka may have a limited number of digits, and may also be a number, a letter, a symbol, or any combination of the three.
- step S12 the client obtains the latest block header hash value on the blockchain, signs it with the first private key Ska, and sends it to the server.
- the server uses the client's first public key Pka to perform the signature information. Verification. After the verification is passed, the server sends the first encrypted information m of the contact information encrypted by the first public key Pka to the client.
- the contact information was hashed to obtain a first hash value x, and The hash value is stored on the blockchain.
- the registered identity information can be hashed to obtain a hash value.
- the first two private keys Ska signatures are sent to the blockchain to ensure that Immutable data.
- the signature information sent by the user here includes the hash value of the latest block header on the blockchain, which can ensure that the signature information is up to date.
- the content of the signature information can also be other contents, as long as the server can verify the signature as the user himself That is, the above manner is a preferable choice.
- step S13 after receiving the first encrypted information m sent by the server, the user terminal decrypts it with the first private key Ska to obtain the first user information, and encrypts the first user information with the second public key of the server to generate Second encrypted information n.
- step S14 the user sends the second encrypted information n to the server, and the server decrypts the second encrypted information n with the second private key, and hashes the decrypted contact information to obtain the second hash value and the existence area.
- the first hash value x of the blockchain is compared. If the two hashes are the same, it proves that the second encrypted information n received by the server is correct.
- step S15 after the server verifies that the second encrypted information n is correct, the server sends a second password Kb encrypted by the first public key Pka to the client. After receiving the second password encrypted information, the user uses the first password held by the user. The private key Ska is decrypted to obtain a second password Kb, and a third private key and a third public key are generated according to Kb.
- FIG. 2 is a scene diagram of a preferred implementation manner provided by an embodiment of the present invention, as shown in FIG. 2:
- the client After the client generates the first private key Ska and the first public key Pka according to the first password Ka, it sends signature information to the server.
- the signature information is generated by the first private key Ska signing the hash value of the latest block header of the blockchain. This ensures that the signature is up-to-date.
- the server After receiving the signature information sent by the user, the server uses the user's first public key Pka to pass the verification, and then sends to the user the first encrypted information m stored on the server by the user, and the user uses the first public key Pka to the mobile phone The encrypted number is generated.
- the user After receiving the encrypted mobile phone number, the user decrypts it with the first private key Ska to obtain the mobile phone number, and then encrypts the mobile phone number with the second public key of the server, sends it to the server, and the server uses its second private key.
- the decrypted mobile phone number is obtained, and the mobile phone number is hashed to obtain a second hash value y.
- the first hash value x of the mobile phone number hash that is stored on the blockchain by the user is obtained, and It ’s worth comparing with y. If the comparison is the same, then send a verification code to the user.
- the user returns the verification code to the server.
- the server After the server passes the verification, it sends the user the second password Kb encrypted information encrypted by the first public key Pka.
- the user uses the first private key Ska to decrypt the encrypted information to obtain a second password Kb, and generates a third private key and a third public key through the second password.
- the mobile phone number described is only a specific manifestation of contact information, and may also be other schemes such as a mailbox that can implement receiving a user verification code, and is not limited by this embodiment.
- FIG. 3 is a scene diagram of another preferred embodiment of the method of the present invention. As shown in Figure 3,
- the client After the client generates the first private key Ska and the first public key Pka according to the first password Ka, it sends signature information to the server.
- the signature information is generated by the first private key Ska signing the hash value of the latest block header of the blockchain. This ensures that the signature is up-to-date.
- the server After receiving the signature information sent by the user, the server uses the user's first public key Pka to pass the verification, and sends to the user the first encrypted information m stored on the server by the user.
- the encrypted information is used by the user to use the first public key Pka to the mobile phone.
- the encrypted number is generated.
- the user After receiving the encrypted mobile phone number, the user decrypts it with the first private key Ska to obtain the mobile phone number, and then encrypts the mobile phone number with the second public key of the server, sends it to the server, and the server uses its second private key.
- the decrypted mobile phone number is obtained, and the mobile phone number is hashed to obtain a second hash value y.
- the first hash value x of the mobile phone number hash that is stored on the blockchain by the user is obtained, and It ’s worth comparing with y. If the comparison is the same, it will verify that the information sent is correct, and directly send the user the second password Kb encrypted information encrypted by the first public key Pka, and the user decrypts with the first private key Ska to obtain the second password Kb. And generate a third private key and a third public key through the second password.
- the mobile phone number described is only a specific expression form of contact information, and may also be another scheme such as a mailbox that can implement receiving a user verification code, and is not limited by this embodiment.
- FIG. 4 is a flowchart of step S15 of another preferred embodiment of the method shown in FIG. 1. As shown in FIG. 4, step S15 includes:
- the user After the user receives the second encrypted information n (the foregoing process is consistent with any of the methods in FIGS. 1-3, and is not repeated here), the user obtains the second password Kb after decrypting it using the first private key Ska held, Then, the first private key Ska and the second password Kb are serially connected, and then a hash operation is performed on the serialized result, and finally a third private key and a third public key are obtained.
- the specified first operation described in step S152 here may refer to the serial connection of the first private key Ska and the second password Kb, or the serial connection of Kb first and Ska, or other arithmetic algorithms. Limitations of this embodiment.
- FIG. 5 is a flowchart of another preferred embodiment of the present invention. As shown in FIG. 5, step S15 includes:
- the user After the user receives the second encrypted information n (the foregoing process is consistent with any of the methods in FIGS. 1-3, and is not repeated here), the user obtains the second password Kb after decrypting it using the first private key Ska held, Then directly hash the second password Kb, and finally obtain a third private key and a third public key.
- FIG. 6 is a flowchart of another preferred embodiment of the present invention. As shown in FIG. 6, in a preferred embodiment, in step S12, after the user sends the signature information to the server, the server further includes:
- the server After the server passes the verification, it is determined whether the user is registered with the third hash value of the first public key Pka. If it is not registered, it receives the unregistered information sent by the server and sends the registration information to the server for server verification.
- the registration information is associated with the first public key Pka, and the first public key Pka, the registration information, and a random number are hashed to obtain a fourth hash value, and the fourth hash value is stored in the blockchain, where
- the registration information includes the contact information and identity information of the user;
- the server verifies the signature information. After the verification is passed, the server checks whether the third hash value of the first public key Pka is registered. If it is not registered, it sends unregistered information to the user. The user After receiving the unregistered information, provide the server with identity information (such as identity information, fingerprint information, voiceprint information, face information, GPS location, login IP and other characteristic information) and contact information (such as phone number, email, and other contact information) ) Register, the server associates the user's first public key Pka with the registration information, and hashes the first public key Pka, the registration information, and a random number to obtain a fourth hash value, and saves the hash value to On the blockchain.
- identity information such as identity information, fingerprint information, voiceprint information, face information, GPS location, login IP and other characteristic information
- contact information such as phone number, email, and other contact information
- the server may also sign the fourth hash value with a second private key, and send the signature to the blockchain.
- the server After the user is registered, the server sends the first encrypted information m to the user.
- the server After the user is registered, the server sends the first encrypted information m to the user.
- FIG. 7 is a schematic structural diagram of a public-private key pair generation system provided by the present invention. As shown in FIG. 7, in a preferred embodiment, a public-private key pair generation system 7 includes:
- a first password generating unit 701 configured to generate a first password, and generate a first private key Ska and a first public key Pka according to the first password;
- the first encrypted information receiving unit 702 is configured to send the signature information to the server for the server to verify the identity, and receive the first encrypted information returned by the server after the verification is passed; wherein the signature information is generated by the signature of the first private key Ska, the first An encrypted information m is generated by encrypting the first user information by using the first public key Pka, and the first user information includes contact information;
- the second encrypted information n generating unit 703 is configured to decrypt the first encrypted information m by using the first private key Ska to obtain the first user information, and encrypt the first user information by using the second public key to generate a second Encrypted information n; wherein the second public key is the public key corresponding to the second private key held by the server;
- the information sending unit 704 is configured to send the second encrypted information n to the server for the server to decrypt using the second private key, and hash the decrypted result of the second encrypted information n to obtain a second hash value y. And, the first hash value x recorded on the blockchain is obtained, and it is verified whether the first hash value x and the second hash value y are the same: Yes, the second password encryption information is issued through the contact information in the decryption result Wherein, the first hash value x is a hash value of the first user information, and the second password encryption information is generated by encrypting the second password by the first public key Pka;
- the public-private key pair generation unit 705 is configured to receive the second password encryption information, decrypt the second password encryption information by using the first private key Ska, obtain a second password, and generate a third private key and a third public key according to the second password. key.
- the public-private key pair generation unit 705 includes: a second password receiving subunit 7051 configured to receive a verification code through a contact method stipulated in the contact information, and send the verification code for the server to send the second password encrypted information after passing the verification, Receive the second password encryption message.
- the public-private key pair generating unit 705 includes: a password receiving subunit 7052 configured to directly receive the second password encrypted information through a contact manner agreed in the contact information.
- the public-private key pair generation unit 705 includes: a first public-private key generation subunit 7053 configured to perform a specified first operation on the first private key Ska and a second password, and perform a hash operation on the operation result to Generate a third private key and a third public key.
- the public-private key pair generation unit 705 includes: a second public-private key generation sub-unit 7054 configured to perform a hash operation on the second password to generate a third private key and a third public key.
- each block in the flowchart or block diagram may represent a module, a program segment, or a part of code, which contains one or more functions to implement a specified logical function Executable instructions.
- the functions noted in the blocks may also occur in a different order than those marked in the drawings. For example, two blocks represented one after the other may actually be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending on the functions involved.
- each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts can be implemented by a dedicated hardware-based system that performs the specified function or operation , Or it can be implemented by a combination of dedicated hardware and computer instructions.
- each unit may be a software program provided in a computer or a mobile smart device, or may be a separately configured hardware device.
- the names of these units or modules do not in any way constitute a limitation on the units or modules themselves.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
本申请涉及信息技术领域,具体涉及一种私钥生成方法及系统。The present application relates to the field of information technology, and in particular, to a method and a system for generating a private key.
现有技术的公私钥生成一般是通过一个随机数生成私钥,然后再通过哈希运算生成公钥,对于用户交易,私钥的作用至关重要,然而,在现实情况中经常会出现私钥丢失或者被其他人拿到的情况,这样对用户的账户安全性是非常不利的,需要有一种能够安全的生成并保证私钥不能轻易被别人拿到的公私钥对生成方法。The public-private key generation in the prior art generally generates a private key through a random number, and then generates the public key through a hash operation. For user transactions, the role of the private key is very important. However, in reality, private keys often appear Lost or obtained by others, this is very detrimental to the security of the user's account. A public and private key pair generation method that can securely generate and ensure that the private key cannot be easily obtained by others is needed.
发明内容Summary of the invention
鉴于现有技术中的上述缺陷或不足,期望提供一种安全的公私钥对生成方法及系统。In view of the above defects or deficiencies in the prior art, it is desirable to provide a secure method and system for generating public and private key pairs.
第一方面,本发明提供一种公私钥对生成方法,包括:In a first aspect, the present invention provides a public-private key pair generation method, including:
生成第一密码,并根据第一密码生成第一私钥和第一公钥;Generating a first password, and generating a first private key and a first public key according to the first password;
将签名信息发送至服务器以供服务器验证身份,接收服务器在验证通过后返回的第一加密信息;其中,签名信息由第一私钥签名生成,第一加密信息通过第一公钥对第一用户信息加密生成,第一用户信息包括联系信息;Send the signature information to the server for the server to verify the identity, and receive the first encrypted information returned by the server after the verification is passed; wherein the signature information is generated by the signature of the first private key, and the first encrypted information is sent to the first user by the first public key The information is encrypted and generated, and the first user information includes contact information;
通过第一私钥对第一加密信息进行解密,得到第一用户信息,并通过第二公钥对第一用户信息进行加密,生成第二加密信息;其中,第二公钥为服务器所持有的第二私钥对应的公钥;The first encrypted information is decrypted by the first private key to obtain the first user information, and the first user information is encrypted by the second public key to generate the second encrypted information; wherein the second public key is held by the server The public key corresponding to the second private key of
发送第二加密信息至服务器,以供服务器通过第二私钥进行解密,并对第二加密信息的解密结果进行哈希,得到第二哈希值,以及,获取记录在区块链上的第一哈希值,验证第一哈希值和第二哈希值是否相同:是,则通过解密结果中的联系信息发放第二密码加密信息;其中,第一哈希值为第一用户信息的哈希值,第二密码加密信息通过第一公钥对第二密码加密生成;Send the second encrypted information to the server for the server to decrypt by the second private key, and hash the decryption result of the second encrypted information to obtain the second hash value, and obtain the first record recorded on the blockchain. A hash value to verify whether the first hash value and the second hash value are the same: yes, the second password encryption information is issued through the contact information in the decryption result; wherein the first hash value is the first user information A hash value, and the second password encryption information is generated by encrypting the second password with the first public key;
接收第二密码加密信息,通过第一私钥对第二密码加密信息进行 解密,得到第二密码,根据第二密码生成第三私钥和第三公钥。After receiving the second password encryption information, the second password encryption information is decrypted by the first private key to obtain a second password, and a third private key and a third public key are generated based on the second password.
进一步,接收第二密码加密信息包括:通过联系信息约定的联系方式接收验证码,发送验证码以供服务器验证通过后发送第二密码加密信息,接收第二密码加密信息。Further, receiving the second password encryption information includes: receiving a verification code through a contact method stipulated in the contact information, sending the verification code for the server to send the second password encryption information after passing the verification, and receiving the second password encryption information.
进一步,接收第二密码加密信息包括:直接通过联系信息约定的联系方式接收第二密码加密信息。Further, receiving the second password encryption information includes: directly receiving the second password encryption information through a contact manner stipulated in the contact information.
进一步,根据第二密码生成第三私钥和第三公钥包括:对第一私钥和第二密码进行指定的第一运算,并对运算结果进行哈希运算以生成第三私钥和第三公钥。Further, generating the third private key and the third public key according to the second password includes: performing a specified first operation on the first private key and the second password, and performing a hash operation on the operation result to generate the third private key and the third public key. Three public keys.
进一步,根据第二密码生成第三私钥和第三公钥包括:将第二密码进行哈希运算以生成第三私钥和第三公钥。Further, generating the third private key and the third public key according to the second password includes: hashing the second password to generate the third private key and the third public key.
进一步,接收服务器在验证通过后返回的第一加密信息包括:接收服务器发送的未注册信息,发送注册信息至服务器以供服务器验证通过后将注册信息与第一公钥关联,以及,将第一公钥,注册信息及随机数进行哈希,得到第三哈希值,并将第三哈希值存到区块链上,其中注册信息包括联系信息和身份信息;Further, the first encrypted information returned by the receiving server after the verification passes includes: receiving unregistered information sent by the server, sending the registration information to the server for the server to associate the registration information with the first public key after the verification is passed, and, Hash the public key, registration information, and random number to obtain a third hash value, and store the third hash value on the blockchain, where the registration information includes contact information and identity information;
接收服务器返回的第一加密信息。Receiving the first encrypted information returned by the server.
进一步,签名信息包括区块链上的最新区块头的哈希值。Further, the signature information includes a hash value of the latest block header on the blockchain.
进一步,对第一哈希值用持有的第一私钥签名,并将签名发送到区块链。Further, the first hash value is signed with the first private key held, and the signature is sent to the blockchain.
第二方面,本发明提供一种公私钥对生成系统,包括:In a second aspect, the present invention provides a public-private key pair generation system, including:
第一密码生成单元,配置用于生成第一密码,并根据第一密码生成第一私钥和第一公钥;A first password generating unit configured to generate a first password, and generate a first private key and a first public key according to the first password;
第一加密信息接收单元,配置用于将签名信息发送至服务器以供服务器验证身份,接收服务器在验证通过后返回的第一加密信息;其中,签名信息由第一私钥签名生成,第一加密信息通过第一公钥对第一用户信息加密生成,第一用户信息包括联系信息;The first encrypted information receiving unit is configured to send the signature information to the server for the server to verify the identity, and receive the first encrypted information returned by the server after the verification is passed; wherein the signature information is generated by the signature of the first private key, and the first encryption The information is generated by encrypting the first user information by using the first public key, and the first user information includes contact information;
第二加密信息生成单元,配置用于通过第一私钥对第一加密信息进行解密,得到第一用户信息,并通过第二公钥对第一用户信息进行加密,生成第二加密信息;其中,第二公钥为服务器所持有的第二私 钥对应的公钥;The second encrypted information generating unit is configured to decrypt the first encrypted information by using the first private key to obtain the first user information, and encrypt the first user information by using the second public key to generate the second encrypted information; , The second public key is the public key corresponding to the second private key held by the server;
信息发送单元,配置用于发送第二加密信息至服务器,以供服务器通过第二私钥进行解密,并对第二加密信息的解密结果进行哈希,得到第二哈希值,以及,获取记录在区块链上的第一哈希值,验证第一哈希值和第二哈希值是否相同:是,则通过解密结果中的联系信息发放第二密码加密信息;其中,第一哈希值为第一用户信息的哈希值,第二密码加密信息通过第一公钥对第二密码加密生成;The information sending unit is configured to send the second encrypted information to the server for the server to decrypt through the second private key, and hash the decryption result of the second encrypted information to obtain a second hash value, and obtain a record The first hash value on the blockchain verifies whether the first hash value and the second hash value are the same: Yes, the second password encryption information is issued through the contact information in the decryption result; wherein the first hash value The value is a hash value of the first user information, and the second password encryption information is generated by encrypting the second password with the first public key;
公私钥对生成单元,配置用于接收第二密码加密信息,通过第一私钥对第二密码加密信息进行解密,得到第二密码,根据第二密码生成第三私钥和第三公钥。The public-private key pair generation unit is configured to receive the second password encryption information, decrypt the second password encryption information by using the first private key, obtain a second password, and generate a third private key and a third public key according to the second password.
进一步,公私钥对生成单元包括:第二密码接收子单元,配置用于通过联系信息约定的联系方式接收验证码,发送验证码以供服务器验证通过后发送第二密码加密信息,接收第二密码加密信息。Further, the public-private key pair generation unit includes: a second password receiving subunit configured to receive a verification code through a contact method agreed in the contact information, and send a verification code for the server to send the second password encryption information after passing the verification, and receive the second password Encrypted information.
进一步,公私钥对生成单元包括:密码接收子单元,配置用于直接通过联系信息约定的联系方式接收第二密码加密信息Further, the public-private key pair generating unit includes: a password receiving subunit configured to directly receive the second password encrypted information through a contact method agreed in the contact information.
进一步,公私钥对生成单元包括:第一公私钥生成子单元,配置用于对第一私钥和第二密码进行指定的第一运算,并对运算结果进行哈希运算以生成第三私钥和第三公钥。Further, the public-private key pair generation unit includes a first public-private key generation subunit configured to perform a specified first operation on the first private key and a second password, and perform a hash operation on the operation result to generate a third private key. And the third public key.
进一步,公私钥对生成单元包括:第二公私钥生成子单元,配置用于将第二密码进行哈希运算以生成第三私钥和第三公钥。Further, the public-private key pair generation unit includes a second public-private key generation subunit configured to perform a hash operation on the second password to generate a third private key and a third public key.
本发明的有益效果:The beneficial effects of the present invention:
本发明通过服务器端对用户端身份验证通过后,向用户端发送第二密码,从而根据第二密码生成公私钥对,这样保证了该公私钥对在没有第一密码的前提下无从获取第二密码,根据得到的第二密码生成公私钥对,从而保证了公私钥对的安全性与隐秘性。The present invention sends a second password to the client after the server-to-user identity verification is passed, thereby generating a public-private key pair based on the second password. This ensures that the public-private key pair cannot obtain the second key without the first password. The password generates a public-private key pair based on the obtained second password, thereby ensuring the security and privacy of the public-private key pair.
通过阅读参照以下附图所作的对非限制性实施例所作的详细描述,本申请的其它特征、目的和优点将会变得更明显:Other features, objects, and advantages of the present application will become more apparent by reading the detailed description of the non-limiting embodiments with reference to the following drawings:
图1为本发明一实施例提供的一种公私钥对生成方法的流程图。FIG. 1 is a flowchart of a public-private key pair generation method according to an embodiment of the present invention.
图2为本发明一实施例提供的优选实施方式场景图。FIG. 2 is a scene diagram of a preferred implementation provided by an embodiment of the present invention.
图3为本发明另一优选实施方式的场景图。FIG. 3 is a scene diagram of another preferred embodiment of the present invention.
图4为图1所示方法的一优选实施方式的步骤S15的流程图。FIG. 4 is a flowchart of step S15 of a preferred embodiment of the method shown in FIG. 1.
图5为图1所示方法的另一优选实施方式步骤S15的流程图。FIG. 5 is a flowchart of step S15 of another preferred embodiment of the method shown in FIG. 1.
图6为本发明另一优选实施方式流程图。FIG. 6 is a flowchart of another preferred embodiment of the present invention.
图7为本发明提供的一种公私钥对生成系统结构示意图。FIG. 7 is a schematic structural diagram of a public-private key pair generation system provided by the present invention.
下面结合附图和实施例对本申请作进一步的详细说明。可以理解的是,此处所描述的具体实施例仅仅用于解释相关发明,而非对该发明的限定。另外还需要说明的是,为了便于描述,附图中仅示出了与发明相关的部分。The following describes the present application in detail with reference to the accompanying drawings and embodiments. It can be understood that the specific embodiments described herein are only used to explain the related invention, rather than limiting the invention. It should also be noted that, for convenience of description, only the parts related to the invention are shown in the drawings.
需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本申请。It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other. The application will be described in detail below with reference to the drawings and embodiments.
图1为本发明一实施例提供的一种公私钥对生成方法的流程图。FIG. 1 is a flowchart of a public-private key pair generation method according to an embodiment of the present invention.
如图1所示,在本实施例中,本发明提供一种公私钥对生成方法,包括:As shown in FIG. 1, in this embodiment, the present invention provides a public-private key pair generation method, including:
S11、生成第一密码,并根据第一密码生成第一私钥Ska和第一公钥Pka;S11. Generate a first password, and generate a first private key Ska and a first public key Pka according to the first password;
S12、将签名信息发送至服务器以供服务器验证身份,接收服务器在验证通过后返回的第一加密信息m;其中,签名信息由第一私钥Ska签名生成,第一加密信息m通过第一公钥Pka对第一用户信息加密生成,第一用户信息包括联系信息;S12. Send the signature information to the server for the server to verify the identity, and receive the first encrypted information m returned by the server after the verification is passed; wherein the signature information is generated by the signature of the first private key Ska, and the first encrypted information m is passed through the first public The key Pka is generated by encrypting the first user information, and the first user information includes contact information;
S13、通过第一私钥Ska对第一加密信息m进行解密,得到第一用户信息,并通过第二公钥对第一用户信息进行加密,生成第二加密信息n;其中,第二公钥为服务器所持有的第二私钥对应的公钥;S13. Decrypt the first encrypted information m by the first private key Ska to obtain the first user information, and encrypt the first user information by the second public key to generate the second encrypted information n. Among them, the second public key The public key corresponding to the second private key held by the server;
S14、发送第二加密信息n至服务器,以供服务器通过第二私钥进行解密,并对第二加密信息n的解密结果进行哈希,得到第二哈希值,以及,获取记录在区块链上的第一哈希值,验证第一哈希值和第二哈希值是否相同:是,则通过解密结果中的联系信息发放第二密码加密信息;其中,第一哈希值为第一用户信息的哈希值,第二密码加密信 息通过第一公钥Pka对第二密码Kb加密生成;S14. Send the second encrypted information n to the server for the server to decrypt through the second private key, and hash the decrypted result of the second encrypted information n to obtain a second hash value, and obtain the record in the block. The first hash value on the chain verifies whether the first hash value and the second hash value are the same: Yes, the second password encryption information is issued through the contact information in the decryption result; wherein the first hash value is the first A hash value of user information, and the second password encryption information is generated by encrypting the second password Kb with the first public key Pka;
接收第二密码加密信息,通过第一私钥Ska对第二密码加密信息进行解密,得到第二密码,根据第二密码生成第三私钥和第三公钥。After receiving the second password encryption information, the second password encryption information is decrypted by the first private key Ska to obtain a second password, and a third private key and a third public key are generated according to the second password.
具体地,步骤S11中,用户在本地生成一个第一密码Ka,并由第一密码Ka生成第一私钥Ska和第一公钥Pka。其中该第一密码Ka可以有位数限制,也可以是数字,字母,符号或者三者地任意组合。Specifically, in step S11, the user locally generates a first password Ka, and generates a first private key Ska and a first public key Pka from the first password Ka. The first password Ka may have a limited number of digits, and may also be a number, a letter, a symbol, or any combination of the three.
步骤S12中,用户端获取区块链上最新区块头哈希值,用第一私钥Ska签名,发送至服务器,服务器获取该签名信息后,用用户端的第一公钥Pka对该签名信息进行验证,验证通过后,服务器发送由第一公钥Pka加密过的联系信息的第一加密信息m给用户端,此前用户在注册时,将联系信息哈希,得到第一哈希值x,并将哈希值存到区块链上,同时,可以将注册身份信息进行哈希得到哈希值,将对上述两个哈希值的用第一私钥Ska签名发送到区块链上,保证数据的不可篡改性。In step S12, the client obtains the latest block header hash value on the blockchain, signs it with the first private key Ska, and sends it to the server. After the server obtains the signature information, it uses the client's first public key Pka to perform the signature information. Verification. After the verification is passed, the server sends the first encrypted information m of the contact information encrypted by the first public key Pka to the client. Previously, when the user registered, the contact information was hashed to obtain a first hash value x, and The hash value is stored on the blockchain. At the same time, the registered identity information can be hashed to obtain a hash value. The first two private keys Ska signatures are sent to the blockchain to ensure that Immutable data.
这里用户发出的签名信息包括区块链上最新区块头的哈希值,能确保签名信息都是最新的,另外,该签名信息的内容也可以是其他内容,只要能让服务器验证签名为用户本人即可,上述方式是一种优选地选择。The signature information sent by the user here includes the hash value of the latest block header on the blockchain, which can ensure that the signature information is up to date. In addition, the content of the signature information can also be other contents, as long as the server can verify the signature as the user himself That is, the above manner is a preferable choice.
步骤S13中,用户端收到服务器端发送的第一加密信息m后,用第一私钥Ska解密,得到第一用户信息,并用服务器的第二公钥对该第一用户信息进行加密,生成第二加密信息n。In step S13, after receiving the first encrypted information m sent by the server, the user terminal decrypts it with the first private key Ska to obtain the first user information, and encrypts the first user information with the second public key of the server to generate Second encrypted information n.
步骤S14中,用户将第二加密信息n发送给服务器,服务器用第二私钥对该第二加密信息n进行解密,并将解密后的联系信息哈希后得到第二哈希值与存在区块链第一哈希值x进行对比,若两个哈希相同,则证明服务器收到的第二加密信息n是对的。In step S14, the user sends the second encrypted information n to the server, and the server decrypts the second encrypted information n with the second private key, and hashes the decrypted contact information to obtain the second hash value and the existence area. The first hash value x of the blockchain is compared. If the two hashes are the same, it proves that the second encrypted information n received by the server is correct.
步骤S15中,服务器验证第二加密信息n是对的以后,向用户端发送由第一公钥Pka加密过的第二密码Kb,用户收得到第二密码加密信息后,用持有的第一私钥Ska解密得到第二密码Kb并根据Kb生成第三私钥和第三公钥。In step S15, after the server verifies that the second encrypted information n is correct, the server sends a second password Kb encrypted by the first public key Pka to the client. After receiving the second password encrypted information, the user uses the first password held by the user. The private key Ska is decrypted to obtain a second password Kb, and a third private key and a third public key are generated according to Kb.
图2为本发明一实施例提供的优选实施方式场景图,如图2所示:FIG. 2 is a scene diagram of a preferred implementation manner provided by an embodiment of the present invention, as shown in FIG. 2:
用户端根据第一密码Ka生成第一私钥Ska和第一公钥Pka后, 向服务器发送签名信息,该签名信息由第一私钥Ska对区块链最新区块头的哈希值签名生成,从而保证签名是最新的。服务器收到用户发送的签名信息后,用用户的第一公钥Pka验证通过后,向用户发送由用户存在服务器上的第一加密信息m,该加密信息由用户用第一公钥Pka对手机号加密生成,用户收到加密的手机号后用第一私钥Ska解密获得手机号,并将该手机号再用服务器的第二公钥加密,发送给服务器,服务器用它的第二私钥解密后的到手机号,并对该手机号进行哈希得到第二哈希值y,获取用户存在区块链上的对该手机号哈希的第一哈希值x,并于第二哈希值y对比,如果对比一致则发送验证码给用户,用户将收到的验证码返回给服务器,服务器验证通过后,向用户发送由第一公钥Pka加密过的第二密码Kb加密信息,用户用第一私钥Ska对该加密信息解密得到第二密码Kb,并通过第二密码生成第三私钥和第三公钥。After the client generates the first private key Ska and the first public key Pka according to the first password Ka, it sends signature information to the server. The signature information is generated by the first private key Ska signing the hash value of the latest block header of the blockchain. This ensures that the signature is up-to-date. After receiving the signature information sent by the user, the server uses the user's first public key Pka to pass the verification, and then sends to the user the first encrypted information m stored on the server by the user, and the user uses the first public key Pka to the mobile phone The encrypted number is generated. After receiving the encrypted mobile phone number, the user decrypts it with the first private key Ska to obtain the mobile phone number, and then encrypts the mobile phone number with the second public key of the server, sends it to the server, and the server uses its second private key. The decrypted mobile phone number is obtained, and the mobile phone number is hashed to obtain a second hash value y. The first hash value x of the mobile phone number hash that is stored on the blockchain by the user is obtained, and It ’s worth comparing with y. If the comparison is the same, then send a verification code to the user. The user returns the verification code to the server. After the server passes the verification, it sends the user the second password Kb encrypted information encrypted by the first public key Pka. The user uses the first private key Ska to decrypt the encrypted information to obtain a second password Kb, and generates a third private key and a third public key through the second password.
这里,描述的手机号只是作为联系信息的一种具体的表现形式,还可以是邮箱等其他能实现接收用户验证码的方案,并不受本实施例的限制。Here, the mobile phone number described is only a specific manifestation of contact information, and may also be other schemes such as a mailbox that can implement receiving a user verification code, and is not limited by this embodiment.
图3为本发明方法的另一优选实施方式的场景图。如图3所示,FIG. 3 is a scene diagram of another preferred embodiment of the method of the present invention. As shown in Figure 3,
用户端根据第一密码Ka生成第一私钥Ska和第一公钥Pka后,向服务器发送签名信息,该签名信息由第一私钥Ska对区块链最新区块头的哈希值签名生成,从而保证签名是最新的。服务器收到用户发送的签名信息后,用用户的第一公钥Pka验证通过后,向用户发送由用户存在服务器上的第一加密信息m,该加密信息由用户用第一公钥Pka对手机号加密生成,用户收到加密的手机号后用第一私钥Ska解密获得手机号,并将该手机号再用服务器的第二公钥加密,发送给服务器,服务器用它的第二私钥解密后的到手机号,并对该手机号进行哈希得到第二哈希值y,获取用户存在区块链上的对该手机号哈希的第一哈希值x,并于第二哈希值y对比,如果对比一致则验证发送的信息为正确的,直接向用户发送由第一公钥Pka加密过的第二密码Kb加密信息,用户用第一私钥Ska解密得到第二密码Kb,并通过第二密码生成第三私钥和第三公钥。After the client generates the first private key Ska and the first public key Pka according to the first password Ka, it sends signature information to the server. The signature information is generated by the first private key Ska signing the hash value of the latest block header of the blockchain. This ensures that the signature is up-to-date. After receiving the signature information sent by the user, the server uses the user's first public key Pka to pass the verification, and sends to the user the first encrypted information m stored on the server by the user. The encrypted information is used by the user to use the first public key Pka to the mobile phone. The encrypted number is generated. After receiving the encrypted mobile phone number, the user decrypts it with the first private key Ska to obtain the mobile phone number, and then encrypts the mobile phone number with the second public key of the server, sends it to the server, and the server uses its second private key. The decrypted mobile phone number is obtained, and the mobile phone number is hashed to obtain a second hash value y. The first hash value x of the mobile phone number hash that is stored on the blockchain by the user is obtained, and It ’s worth comparing with y. If the comparison is the same, it will verify that the information sent is correct, and directly send the user the second password Kb encrypted information encrypted by the first public key Pka, and the user decrypts with the first private key Ska to obtain the second password Kb. And generate a third private key and a third public key through the second password.
这里,描述的手机号只是作为联系信息的一种具体的表现形式, 还可以是邮箱等其他能实现接收用户验证码的方案,并不受本实施例的限制。Here, the mobile phone number described is only a specific expression form of contact information, and may also be another scheme such as a mailbox that can implement receiving a user verification code, and is not limited by this embodiment.
图4为图1所示方法的另一优选实施方式步骤S15的流程图。如图4所示,步骤S15包括:FIG. 4 is a flowchart of step S15 of another preferred embodiment of the method shown in FIG. 1. As shown in FIG. 4, step S15 includes:
S151、接收第二密码加密信息,通过第一私钥Ska对第二密码加密信息进行解密,得到第二密码;S151. Receive the second password encryption information, and decrypt the second password encryption information by using the first private key Ska to obtain a second password.
S152、对第一私钥Ska和第二密码进行指定的第一运算,并对运算结果进行哈希运算以生成第三私钥和第三公钥。S152. Perform a specified first operation on the first private key Ska and the second password, and perform a hash operation on the operation result to generate a third private key and a third public key.
具体地,在用户收到第二加密信息n后(前面过程与图1-图3任意方法一致,在此不在赘述),用户用持有的第一私钥Ska解密后得到第二密码Kb,然后将第一私钥Ska和第二密码Kb先后串联起来,然后再对串联后的结果进行哈希运算,最后得到第三私钥和第三公钥。Specifically, after the user receives the second encrypted information n (the foregoing process is consistent with any of the methods in FIGS. 1-3, and is not repeated here), the user obtains the second password Kb after decrypting it using the first private key Ska held, Then, the first private key Ska and the second password Kb are serially connected, and then a hash operation is performed on the serialized result, and finally a third private key and a third public key are obtained.
这里步骤S152所述的指定的第一运算可以指将第一私钥Ska和第二密码Kb先后串联,也可以是将Kb在前,Ska在后先后串联,还可以是其他运算算法,不受本具体实施方式的限制。The specified first operation described in step S152 here may refer to the serial connection of the first private key Ska and the second password Kb, or the serial connection of Kb first and Ska, or other arithmetic algorithms. Limitations of this embodiment.
图5为本发明另一优选实施方式流程图。如图5所示,步骤S15包括:FIG. 5 is a flowchart of another preferred embodiment of the present invention. As shown in FIG. 5, step S15 includes:
S151、接收第二密码加密信息,通过第一私钥Ska对第二密码加密信息进行解密,得到第二密码Kb;S151. Receive the second password encryption information, and decrypt the second password encryption information by using the first private key Ska to obtain a second password Kb.
S152’、将第二密码Kb进行哈希运算以生成第三私钥和第三公钥。S152 ': Hash the second password Kb to generate a third private key and a third public key.
具体地,在用户收到第二加密信息n后(前面过程与图1-图3任意方法一致,在此不在赘述),用户用持有的第一私钥Ska解密后得到第二密码Kb,然后直接对第二密码Kb进行哈希运算,最后得到第三私钥和第三公钥。Specifically, after the user receives the second encrypted information n (the foregoing process is consistent with any of the methods in FIGS. 1-3, and is not repeated here), the user obtains the second password Kb after decrypting it using the first private key Ska held, Then directly hash the second password Kb, and finally obtain a third private key and a third public key.
图6为本发明另一优选实施方式的流程图。如图6所示,在一优选实施例中,步骤S12中,用户将签名信息发送给服务器后,服务器对签名验证通过后还包括:FIG. 6 is a flowchart of another preferred embodiment of the present invention. As shown in FIG. 6, in a preferred embodiment, in step S12, after the user sends the signature information to the server, the server further includes:
S121、服务器验证通过后判断用户是否用第一公钥Pka的第三哈希值注册,若未注册,则接收服务器发送的未注册信息,发送注册信息至服务器以供服务器验证,验证通过后将注册信息与第一公钥Pka关联,以及,将第一公钥Pka,注册信息及随机数进行哈希,得到第 四哈希值,并将第四哈希值保存到区块链,其中所述注册信息包括用户的所述联系信息和身份信息;S121. After the server passes the verification, it is determined whether the user is registered with the third hash value of the first public key Pka. If it is not registered, it receives the unregistered information sent by the server and sends the registration information to the server for server verification. The registration information is associated with the first public key Pka, and the first public key Pka, the registration information, and a random number are hashed to obtain a fourth hash value, and the fourth hash value is stored in the blockchain, where The registration information includes the contact information and identity information of the user;
S122、接收服务器返回的第一加密信息m。S122. Receive the first encrypted information m returned by the server.
具体地,用户发出签名信息给服务器后,服务器验证该签名信息,验证通过后,服务器检查第一公钥Pka的第三哈希值是否注册,若没有注册,则向用户发送未注册信息,用户收到未注册信息后,向服务器提供身份信息(如身份证号,指纹信息,声纹信息,人脸信息,GPS位置,登录IP等特征信息)和联系信息(如手机号,邮箱等联系方式)进行注册,服务器将用户的第一公钥Pka与注册信息相关联,并将第一公钥Pka,注册信息和随机数进行哈希得到第四哈希值,并将该哈希值保存到区块链上。Specifically, after the user sends the signature information to the server, the server verifies the signature information. After the verification is passed, the server checks whether the third hash value of the first public key Pka is registered. If it is not registered, it sends unregistered information to the user. The user After receiving the unregistered information, provide the server with identity information (such as identity information, fingerprint information, voiceprint information, face information, GPS location, login IP and other characteristic information) and contact information (such as phone number, email, and other contact information) ) Register, the server associates the user's first public key Pka with the registration information, and hashes the first public key Pka, the registration information, and a random number to obtain a fourth hash value, and saves the hash value to On the blockchain.
此外,进一步优选地,服务器还可以对该第四哈希值用第二私钥进行签名,并将该签名发送到区块链上。In addition, further preferably, the server may also sign the fourth hash value with a second private key, and send the signature to the blockchain.
用户注册完之后,服务器向用户发送第一加密信息m。其他步骤流程参照图1至图5任一所述方法,在此不再赘述。After the user is registered, the server sends the first encrypted information m to the user. For other steps, refer to any one of the methods in FIG. 1 to FIG. 5, and details are not described herein again.
图7为本发明提供的一种公私钥对生成系统结构示意图。如图7所示,在一优选实施例中,一种公私钥对生成系统7,包括:FIG. 7 is a schematic structural diagram of a public-private key pair generation system provided by the present invention. As shown in FIG. 7, in a preferred embodiment, a public-private key
第一密码生成单元701,配置用于生成第一密码,并根据第一密码生成第一私钥Ska和第一公钥Pka;A first
第一加密信息接收单元702,配置用于将签名信息发送至服务器以供服务器验证身份,接收服务器在验证通过后返回的第一加密信息;其中,签名信息由第一私钥Ska签名生成,第一加密信息m通过第一公钥Pka对第一用户信息加密生成,第一用户信息包括联系信息;The first encrypted
第二加密信息n生成单元703,配置用于通过第一私钥Ska对第一加密信息m进行解密,得到第一用户信息,并通过第二公钥对第一用户信息进行加密,生成第二加密信息n;其中,第二公钥为服务器所持有的第二私钥对应的公钥;The second encrypted information
信息发送单元704,配置用于发送第二加密信息n至服务器,以供服务器通过第二私钥进行解密,并对第二加密信息n的解密结果进行哈希,得到第二哈希值y,以及,获取记录在区块链上的第一哈希值x,验证第一哈希值x和第二哈希值y是否相同:是,则通过解密 结果中的联系信息发放第二密码加密信息;其中,第一哈希值x为第一用户信息的哈希值,第二密码加密信息通过第一公钥Pka对第二密码加密生成;The
公私钥对生成单元705,配置用于接收第二密码加密信息,通过第一私钥Ska对第二密码加密信息进行解密,得到第二密码,根据第二密码生成第三私钥和第三公钥。The public-private key
进一步优选地,公私钥对生成单元705包括:第二密码接收子单元7051,配置用于通过联系信息约定的联系方式接收验证码,发送验证码以供服务器验证通过后发送第二密码加密信息,接收第二密码加密信息。Further preferably, the public-private key
进一步优选地,公私钥对生成单元705包括:密码接收子单元7052,配置用于直接通过联系信息约定的联系方式接收第二密码加密信息。Further preferably, the public-private key
进一步优选地,公私钥对生成单元705包括:第一公私钥生成子单元7053,配置用于对第一私钥Ska和第二密码进行指定的第一运算,并对运算结果进行哈希运算以生成第三私钥和第三公钥。Further preferably, the public-private key
进一步优选地,公私钥对生成单元705包括:第二公私钥生成子单元7054,配置用于将第二密码进行哈希运算以生成第三私钥和第三公钥。Further preferably, the public-private key
附图中的流程图和框图,图示了按照本发明各种实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分,该模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个接连地表示的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这根据所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以通过执行规定的功能或操作的专用的基于硬件的系统来实现,或者可以通过专用硬件与计算机指令的组合来实现。The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagram may represent a module, a program segment, or a part of code, which contains one or more functions to implement a specified logical function Executable instructions. It should also be noted that in some alternative implementations, the functions noted in the blocks may also occur in a different order than those marked in the drawings. For example, two blocks represented one after the other may actually be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented by a dedicated hardware-based system that performs the specified function or operation , Or it can be implemented by a combination of dedicated hardware and computer instructions.
描述于本申请实施例中所涉及到的单元或模块可以通过软件的方 式实现,也可以通过硬件的方式来实现。所描述的单元或模块也可以设置在处理器中,例如,各单元可以是设置在计算机或移动智能设备中的软件程序,也可以是单独配置的硬件装置。其中,这些单元或模块的名称在某种情况下并不构成对该单元或模块本身的限定。The units or modules described in the embodiments of the present application may be implemented by software, or by hardware. The described units or modules may also be provided in the processor. For example, each unit may be a software program provided in a computer or a mobile smart device, or may be a separately configured hardware device. Among them, the names of these units or modules do not in any way constitute a limitation on the units or modules themselves.
以上描述仅为本申请的较佳实施例以及对所运用技术原理的说明。本领域技术人员应当理解,本申请中所涉及的发明范围,并不限于上述技术特征的特定组合而成的技术方案,同时也应涵盖在不脱离本申请构思的情况下,由上述技术特征或其等同特征进行任意组合而形成的其它技术方案。例如上述特征与本申请中公开的(但不限于)具有类似功能的技术特征进行互相替换而形成的技术方案。The above description is only a preferred embodiment of the present application and an explanation of the applied technical principles. Those skilled in the art should understand that the scope of the invention involved in this application is not limited to the technical solution of the specific combination of the above technical features, but should also cover the above technical features or Other technical solutions formed by arbitrarily combining their equivalent features. For example, a technical solution formed by replacing the above features with technical features disclosed in the present application (but not limited to) with similar functions.
[根据细则91更正 16.10.2019]
[已删除][Correction 16.10.2019 under Rule 91]
[deleted]
Claims (13)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810855541.0A CN109067524B (en) | 2018-07-31 | 2018-07-31 | Public and private key pair generation method and system |
| CN201810855541.0 | 2018-07-31 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2020024993A1 true WO2020024993A1 (en) | 2020-02-06 |
Family
ID=64831550
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2019/098669 Ceased WO2020024993A1 (en) | 2018-07-31 | 2019-07-31 | Method and system for generating public-private key pair |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109067524B (en) |
| WO (1) | WO2020024993A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113541967A (en) * | 2021-09-13 | 2021-10-22 | 北京深思数盾科技股份有限公司 | Information processing method, electronic equipment and Internet of things terminal system |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109067524B (en) * | 2018-07-31 | 2020-07-10 | 杭州复杂美科技有限公司 | Public and private key pair generation method and system |
| CN111444479B (en) * | 2018-12-29 | 2024-05-14 | 北京奇虎科技有限公司 | A digital fingerprint ownership verification method and system |
| CN110310176B (en) * | 2019-06-26 | 2022-07-08 | 上海迪维欧电子设备有限公司 | A method and device for data encryption based on blockchain network |
| CN113055157B (en) * | 2019-12-27 | 2023-03-10 | 京东科技控股股份有限公司 | Biological characteristic verification method and device, storage medium and electronic equipment |
| CN111260436A (en) * | 2020-01-10 | 2020-06-09 | 中国联合网络通信集团有限公司 | Method and device for screening purchasers |
| CN111314644A (en) * | 2020-03-16 | 2020-06-19 | 郭磊 | Video compression method and system based on analog video compressor |
| CN111460479B (en) * | 2020-03-31 | 2023-02-14 | 广东培正学院 | Gallery encryption management system |
| CN111478907B (en) * | 2020-04-08 | 2022-03-04 | 杭州复杂美科技有限公司 | Anti-attack method, equipment and storage medium for parallel chain private transaction |
| CN111510282A (en) * | 2020-04-28 | 2020-08-07 | 刘佳 | Information encryption algorithm and device, information decryption algorithm and device and communication method |
| CN111935075B (en) * | 2020-06-23 | 2024-08-23 | 浪潮云信息技术股份公司 | Digital identity issuing method, device and medium based on blockchain |
| CN112769789B (en) * | 2020-12-29 | 2022-06-24 | 北京天融信网络安全技术有限公司 | Encryption communication method and system |
| CN113709115B (en) * | 2021-08-10 | 2023-06-06 | 亚信科技(成都)有限公司 | Authentication method and device |
| CN115708339B (en) * | 2021-08-20 | 2024-03-12 | 清华大学 | Data processing methods, devices and storage media |
| CN114169013B (en) * | 2021-12-06 | 2022-07-01 | 镁佳(北京)科技有限公司 | User registration and verification method and system |
| CN114218534B (en) * | 2021-12-14 | 2024-07-09 | 平安国际智慧城市科技股份有限公司 | Method, device, equipment and storage medium for checking offline package |
| CN114722382A (en) * | 2022-04-08 | 2022-07-08 | 微位(深圳)网络科技有限公司 | Password management method, system, equipment and storage medium based on software environment |
| CN114978523B (en) * | 2022-04-13 | 2024-07-09 | 浙江安存云链数据技术有限公司 | Geographic position proving system based on privacy protection of blockchain computing machine |
| CN114697048B (en) * | 2022-06-01 | 2022-08-26 | 天津市普迅电力信息技术有限公司 | Block chain-based carbon emission data sharing method and system |
| CN115277074B (en) * | 2022-06-21 | 2024-03-19 | 网思科技股份有限公司 | Encryption and decryption method, device, equipment and storage medium |
| WO2024020666A1 (en) * | 2022-07-26 | 2024-02-01 | Office Irc Inc. | End to end encryption with roaming capabilities |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160330035A1 (en) * | 2015-05-05 | 2016-11-10 | ShoCard, Inc. | User Identification Management System and Method |
| CN107579827A (en) * | 2017-06-06 | 2018-01-12 | 江苏慧世联网络科技有限公司 | It is a kind of that method is signed based on the electronic document of trusted third party and facial recognition techniques |
| CN109067524A (en) * | 2018-07-31 | 2018-12-21 | 杭州复杂美科技有限公司 | A kind of public private key pair generation method and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8842833B2 (en) * | 2010-07-09 | 2014-09-23 | Tata Consultancy Services Limited | System and method for secure transaction of data between wireless communication device and server |
| CN103078742B (en) * | 2013-01-10 | 2015-04-08 | 天地融科技股份有限公司 | Generation method and system of digital certificate |
| US10402792B2 (en) * | 2015-08-13 | 2019-09-03 | The Toronto-Dominion Bank | Systems and method for tracking enterprise events using hybrid public-private blockchain ledgers |
| CN106682528B (en) * | 2016-12-31 | 2019-06-11 | 杭州复杂美科技有限公司 | Block chain encrypts search method |
| CN107579817A (en) * | 2017-09-12 | 2018-01-12 | 广州广电运通金融电子股份有限公司 | Block chain-based user authentication method, device and system |
-
2018
- 2018-07-31 CN CN201810855541.0A patent/CN109067524B/en active Active
-
2019
- 2019-07-31 WO PCT/CN2019/098669 patent/WO2020024993A1/en not_active Ceased
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160330035A1 (en) * | 2015-05-05 | 2016-11-10 | ShoCard, Inc. | User Identification Management System and Method |
| CN107579827A (en) * | 2017-06-06 | 2018-01-12 | 江苏慧世联网络科技有限公司 | It is a kind of that method is signed based on the electronic document of trusted third party and facial recognition techniques |
| CN109067524A (en) * | 2018-07-31 | 2018-12-21 | 杭州复杂美科技有限公司 | A kind of public private key pair generation method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113541967A (en) * | 2021-09-13 | 2021-10-22 | 北京深思数盾科技股份有限公司 | Information processing method, electronic equipment and Internet of things terminal system |
| CN113541967B (en) * | 2021-09-13 | 2021-12-24 | 北京深思数盾科技股份有限公司 | Information processing method, electronic equipment and Internet of things terminal system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109067524B (en) | 2020-07-10 |
| CN109067524A (en) | 2018-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020024993A1 (en) | Method and system for generating public-private key pair | |
| US11799668B2 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
| US11544367B2 (en) | Systems, apparatus and methods for secure electrical communication of biometric personal identification information to validate the identity of an individual | |
| US20230107243A1 (en) | Personal device security using cryptocurrency wallets | |
| US11093771B1 (en) | Systems and methods for liveness-verified, biometric-based encryption | |
| CN108292402B (en) | Determination of a common secret and hierarchical deterministic keys for the secure exchange of information | |
| WO2020062668A1 (en) | Identity authentication method, identity authentication device, and computer readable medium | |
| WO2018145127A1 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
| CN113826096B (en) | User authentication and signature device and method using user biometric identification data | |
| CN110955918A (en) | A contract text protection method based on RSA encryption sha-256 digital signature | |
| CN118233218B (en) | Remote authentication system and method based on distributed trusted execution environment application | |
| CN104135368A (en) | A data protection method for electronic chart | |
| CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity | |
| CN110572257B (en) | Identity-based data source identification method and system | |
| USRE49968E1 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
| CN114978549B (en) | SM2 digital signature generation method and system for signer to control signature making data | |
| Patel et al. | The study of digital signature authentication process | |
| CN111770081A (en) | Role-based authentication method for accessing confidential files in big data | |
| CN105703903A (en) | Multi-factor anti-fake method based on public key cipher and system | |
| CN114679311A (en) | Block chain-based document data security verification method | |
| CN115720137A (en) | Information management system, method and device | |
| CN117411648A (en) | Data security system and data processing method thereof | |
| CN120128384A (en) | A secure data sharing method based on proxy re-encryption and supporting bilateral access control | |
| WO2023027730A1 (en) | Authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19844128 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 19844128 Country of ref document: EP Kind code of ref document: A1 |