[go: up one dir, main page]

CN107846281B - Location-based proxy multi-signature method and system - Google Patents

Location-based proxy multi-signature method and system Download PDF

Info

Publication number
CN107846281B
CN107846281B CN201711036923.2A CN201711036923A CN107846281B CN 107846281 B CN107846281 B CN 107846281B CN 201711036923 A CN201711036923 A CN 201711036923A CN 107846281 B CN107846281 B CN 107846281B
Authority
CN
China
Prior art keywords
proxy
signer
location
signature
original
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711036923.2A
Other languages
Chinese (zh)
Other versions
CN107846281A (en
Inventor
薛庆水
李文举
陈颖
舒明磊
杨瑞君
王栋
戴酉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Institute of Technology
Original Assignee
Shanghai Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Institute of Technology filed Critical Shanghai Institute of Technology
Priority to CN201711036923.2A priority Critical patent/CN107846281B/en
Publication of CN107846281A publication Critical patent/CN107846281A/en
Application granted granted Critical
Publication of CN107846281B publication Critical patent/CN107846281B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明提供了一种基于位置的代理多重签名方法和系统,该方法包括:进行代理签名者PS、原始签名者群OSG以及位置基础设施PI的初始化;在PI的参与下完成原始签名者群OSG所在位置的真实性验证,然后通过PI来验证代理签名者PS的位置的真实性的认证,最后原始签名者群OSG完成对代理签名者PS的指定位置代理签名授权;代理签名者PS在PI的支持下完成其自己位置的认证功能,然后再执行对特定信息的代理签名功能;由代理签名验证者V来完成验证代理签名确实由指定位置的原始签名者群联合授权指定位置的代理签名者对预设信息进行了代理签名。本发明中的方法安全性高、应用范围广,实现了身份与位置的认证权力的转移。

Figure 201711036923

The present invention provides a location-based proxy multi-signature method and system. The method includes: initializing the proxy signer PS, the original signer group OSG and the location infrastructure PI; completing the original signer group OSG with the participation of the PI The authenticity of the location is verified, and then the PI is used to verify the authenticity of the location of the proxy signer PS, and finally the original signer group OSG completes the proxy signature authorization for the designated location of the proxy signer PS; the proxy signer PS is in the PI's It completes the authentication function of its own location under the support, and then performs the proxy signature function for specific information; the proxy signature verifier V completes the verification that the proxy signature is indeed authorized by the original signer group at the specified location. The preset information is proxy signed. The method in the present invention has high security and wide application range, and realizes the transfer of authentication power of identity and location.

Figure 201711036923

Description

基于位置的代理多重签名方法和系统Location-based proxy multi-signature method and system

技术领域technical field

本发明涉及网络信息安全技术领域,具体地,涉及基于位置的代理多重签名方法和系统。The present invention relates to the technical field of network information security, in particular to a location-based proxy multi-signature method and system.

背景技术Background technique

近年来,基于位置的相关服务与应用以及代理签名技术都得到了深入的研究与发展。基于位置的服务与应用能够为用户的位置实施定位,也可以为用户提供与位置相关的服务,比如旅馆服务、餐饮服务、邮政服务以及旅游服务等。代理签名技术则提供了一个用户授权另一个用户实施代理签名的能力,进而实现对消息的完整性、不可否认性以及来源进行鉴别的功能。In recent years, location-based related services and applications and proxy signature technology have been deeply researched and developed. Location-based services and applications can perform positioning for the user's location, and can also provide users with location-related services, such as hotel services, catering services, postal services, and travel services. Proxy signature technology provides the ability of one user to authorize another user to implement proxy signature, thereby realizing the function of authenticating the integrity, non-repudiation and origin of the message.

但是,现有技术还无法在移动互联网环境下,实现由位于不同位置的用户群联合向处于另一位置的单一用户授权代表用户群在指定的位置实施代理签名的功能。因此,无法保证用户位置安全以及与位置相关的消息完整性、认证性以及不可否认性。However, the prior art is still unable to realize the function of authorizing a single user in another location to perform proxy signature at a designated location on behalf of the user group by a combination of user groups located in different locations in a mobile Internet environment. Therefore, user location security and location-related message integrity, authentication, and non-repudiation cannot be guaranteed.

发明内容SUMMARY OF THE INVENTION

针对现有技术中的缺陷,本发明的目的是提供一种基于位置的代理多重签名方法和系统。In view of the defects in the prior art, the purpose of the present invention is to provide a location-based proxy multi-signature method and system.

第一方面,本发明提供一种基于位置的代理多重签名方法,包括:In a first aspect, the present invention provides a location-based proxy multi-signature method, including:

位置基础实施PI在初始化过程中获取安全参数1k、主密钥mk、公开参数pp,并分别向原始签名者群OSG中的每个原始签名者OS发送唯一对应的身份信息;其中,假设原始签名者群OSG中包含有n个原始签名者OS,第i个原始签名者记为OSi,其中i=1,2,3,…,n;则第i个原始签名者OSi对应的身份信息为IDi,n表示原始签名者的总数;The location-based implementation PI obtains the security parameter 1 k , the master key mk, and the public parameter pp during the initialization process, and sends unique corresponding identity information to each original signer OS in the original signer group OSG; The signer group OSG contains n original signers OS, and the i-th original signer is denoted as OS i , where i=1, 2, 3,...,n; the identity corresponding to the i-th original signer OS i The information is ID i , and n represents the total number of original signers;

接收来自原始签名者OSi发送的代理签名请求信息,所述代理签名请求信息中包含有该原始签名者OSi对应的位置信息

Figure BDA0001450780430000011
Receive the proxy signature request information sent from the original signer OS i , where the proxy signature request information includes the location information corresponding to the original signer OS i
Figure BDA0001450780430000011

通过位置定位协议确定每一个原始签名者OSi对应的位置信息

Figure BDA0001450780430000012
为有效信息时,向每一个原始签名者OSi发送对应的确认信息;并生成代理授权密钥包
Figure BDA0001450780430000013
i=1,2,3,…,n;
Figure BDA0001450780430000021
表示第i个原始签名者对应的代理授权密钥包;Determine the location information corresponding to each original signer OS i through the location location protocol
Figure BDA0001450780430000012
When it is valid information, send corresponding confirmation information to each original signer OS i ; and generate proxy authorization key package
Figure BDA0001450780430000013
i=1,2,3,...,n;
Figure BDA0001450780430000021
Indicates the proxy authorization key package corresponding to the i-th original signer;

向每个原始签名者发送对应的代理授权密钥包

Figure BDA0001450780430000022
Send the corresponding proxy authorization key package to each original signer
Figure BDA0001450780430000022

接收检查者侧发送的代理授权证书dw,dw中包含有所有原始签名者和代理签名者的身份、位置、可签名消息类型、有效期信息;Receive the proxy authorization certificate dw sent by the checker side, and the dw contains the identities, locations, signable message types, and validity period information of all original signers and proxy signers;

根据所述代理授权证书dw生成代理签名密钥包pskp,并发送给代理签名者PS。The proxy signature key package pskp is generated according to the proxy authorization certificate dw, and sent to the proxy signer PS.

可选地,所述代理授权密钥包中封装有位置定位协议、授权密钥、对应原始签名者的身份信息、代理签名者的身份信息、对应原始签名者的位置信息以及代理签名者的位置信息;Optionally, the proxy authorization key package is encapsulated with a location location protocol, an authorization key, the identity information of the corresponding original signer, the identity information of the proxy signer, the location information of the corresponding original signer, and the location of the proxy signer. information;

所述代理签名密钥包pskp中封装有位置定位协议、代理签名密钥、代理签名者的身份信息、代理签名者的位置信息、签名算法。The proxy signature key package pskp encapsulates a location location protocol, a proxy signature key, the identity information of the proxy signer, the location information of the proxy signer, and a signature algorithm.

可选地,所述位置定位协议包括:全球定位系统GPS协议,用于确定原始签名者、代理签名者的位置。Optionally, the location positioning protocol includes: a global positioning system GPS protocol, which is used to determine the location of the original signer and the proxy signer.

第二方面,本发明提供一种基于位置的代理多重签名方法,包括:In a second aspect, the present invention provides a location-based proxy multi-signature method, comprising:

原始签名者OSi向位置基础实施PI发送代理签名请求信息,所述代理签名请求信息中包含有该原始签名者OSi对应的位置信息

Figure BDA0001450780430000023
其中,OSi表示第i个原始签名者,
Figure BDA0001450780430000024
表示第i个原始签名者对应的位置信息,其中i=1,2,3,…,n,n表示原始签名者的总数;The original signer OS i sends proxy signature request information to the location infrastructure PI, where the proxy signature request information includes the location information corresponding to the original signer OS i
Figure BDA0001450780430000023
where OS i represents the i-th original signer,
Figure BDA0001450780430000024
Represents the location information corresponding to the i-th original signer, where i=1, 2, 3,..., n, n represents the total number of original signers;

原始签名者OSi接收位置基础实施PI发送的代理授权密钥包

Figure BDA0001450780430000025
i=1,2,3,…,n;
Figure BDA0001450780430000026
表示第i个原始签名者对应的代理授权密钥包:The original signer OS i receives the agent authorization key package sent by the location base implementation PI
Figure BDA0001450780430000025
i=1,2,3,...,n;
Figure BDA0001450780430000026
Indicates the proxy authorization key package corresponding to the i-th original signer:

根据代理授权密钥包

Figure BDA0001450780430000027
确定原始签名者OSi的位置有效时,生成相应的代理授权信息;所述代理授权信息中包含有原始签名者的身份信息、原始签名者的位置信息以及根据所述代理授权密钥包生成的签名dwi,dwi表示第i个代理授权密钥包
Figure BDA0001450780430000028
生成的签名;Authorize keybags according to the agent
Figure BDA0001450780430000027
When it is determined that the location of the original signer OS i is valid, the corresponding proxy authorization information is generated; the proxy authorization information includes the identity information of the original signer, the location information of the original signer, and the information generated according to the proxy authorization key package. Signature dw i , dw i represents the ith agent authorization key package
Figure BDA0001450780430000028
generated signature;

将所述代理授权信息发送给检查者,其中,所述检查者为原始签名者群OSG中指定的任一个原始签名者。The proxy authorization information is sent to a checker, wherein the checker is any one of the original signers specified in the original signer group OSG.

可选地,代理授权密钥包中封装有位置定位协议、授权密钥、对应原始签名者的身份信息、代理签名者的身份信息、对应原始签名者的位置信息以及代理签名者的位置信息;Optionally, the proxy authorization key package is encapsulated with a location location protocol, an authorization key, the identity information of the corresponding original signer, the identity information of the proxy signer, the location information of the corresponding original signer, and the location information of the proxy signer;

可选地,当原始签名者作为检查者时,还包括:Optionally, when the original signer is the checker, also include:

确定原始签名者群OSG中指定的任一个原始签名者作为检查者,所述检查者检查代理授权密钥包

Figure BDA0001450780430000031
生成的签名dwi是否由原始签名者OSi来生成,Determine any original signer specified in the original signer group OSG as a checker, and the checker checks the agent authorization key package
Figure BDA0001450780430000031
Whether the generated signature dwi is generated by the original signer OS i ,

若否,则无效,结束流程;If not, it is invalid, and the process ends;

若是,if,

则dwi有效,判断所有的dwi是否全部有效,i=1,2,3,…,n,若全部有效,则生成代理授权证书,令

Figure BDA0001450780430000032
dw表示代理授权证书,dw中包含有所有原始签名者和代理签名者的身份信息、位置信息、可签名消息类型信息、有效期信息;Then dwi i is valid, judge whether all dwi i are valid, i=1, 2, 3,..., n, if all are valid, generate an agency authorization certificate, let
Figure BDA0001450780430000032
dw represents the proxy authorization certificate, and dw contains the identity information, location information, signable message type information, and validity period information of all original signers and proxy signers;

向代理签名者PS发送代理授权证书。A proxy authorization certificate is sent to the proxy signer PS.

第三方面,本发明提供一种基于位置的代理多重签名方法,包括:In a third aspect, the present invention provides a location-based proxy multi-signature method, comprising:

接收位置基础实施PI发送的代理签名密钥包pskp和检查者发送的代理授权证书;Receive the proxy signature key package pskp sent by the location infrastructure PI and the proxy authorization certificate sent by the inspector;

根据代理签名密钥包pskp中封装的位置定位协议确定代理签名者PS自身的位置信息PosPS是否有效,若无效,则结束流程;Determine whether the location information Pos PS of the proxy signer PS itself is valid according to the location positioning protocol encapsulated in the proxy signature key package pskp, and if it is invalid, end the process;

若有效,If valid,

则向签名验证者V发送多重签名,所述多重签名记为:(m,s,dw,pp),(m,s,dw,pp)表示针对消息m的签名s,且签名s的有效次数为1次;Then send a multi-signature to the signature verifier V, the multi-signature is recorded as: (m,s,dw,pp), (m,s,dw,pp) represents the signature s for the message m, and the number of times the signature s is valid is 1 time;

其中,位置信息PosPS有效是指:代理签名者PS的位置信息与代理授权证书中关于代理签名者PS的位置信息一致。The validity of the location information Pos PS means that the location information of the proxy signer PS is consistent with the location information about the proxy signer PS in the proxy authorization certificate.

第四方面,本发明提供一种基于位置的代理多重签名方法,包括:In a fourth aspect, the present invention provides a location-based proxy multi-signature method, comprising:

接收代理签名者PS发送的代理多重签名(m,s,dw,pp);其中,(m,s,dw,pp)表示针对消息m的签名s,且签名s的有效次数为1次;Receive the proxy multi-signature (m, s, dw, pp) sent by the proxy signer PS; where (m, s, dw, pp) represents the signature s for the message m, and the number of times the signature s is valid is 1;

通过原始签名者的身份信息和位置信息、代理签名者的身份信息和位置信息、公开参数pp来检查代理授权证书是否有效,若无效,则结束流程;Check whether the proxy authorization certificate is valid through the identity information and location information of the original signer, the identity information and location information of the proxy signer, and the public parameter pp. If it is invalid, the process ends;

若有效,则通过预设的多重签名验证算法来验证s是否是消息m的代理多重签名,若验证成功,则确认消息m确实由代理签名者在指定的位置PosPS代表原始签名者群。If it is valid, the preset multi-signature verification algorithm is used to verify whether s is the proxy multi-signature of message m. If the verification is successful, it is confirmed that the message m is indeed represented by the proxy signer at the specified position Pos PS on behalf of the original signer group.

第五方面,本发明提供一种基于位置的代理多重签名系统,包括:位置基础设施PI、原始签名者OS、代理签名者PS以及签名验证者V;其中,In a fifth aspect, the present invention provides a location-based proxy multi-signature system, including: a location infrastructure PI, an original signer OS, a proxy signer PS, and a signature verifier V; wherein,

所述位置基础设施PI用于执行权利要求第一方面中任一项所述的基于位置的代理多重签名方法;the location infrastructure PI for performing the location-based proxy multi-signature method of any one of the first aspects of the claim;

所述原始签名者OS用于执行权利要求第二方面中任一项所述的基于位置的代理多重签名方法;The original signer OS is configured to execute the location-based proxy multi-signature method of any one of the second aspects of the claim;

所述代理签名者PS用于执行权利要求第三方面所述的基于位置的代理多重签名方法;The proxy signer PS is used to perform the location-based proxy multi-signature method described in the third aspect of claim;

所述签名验证者V用于执行权利要求第四方面所述的基于位置的代理多重签名方法。The signature verifier V is used to execute the location-based proxy multi-signature method of the fourth aspect of the claim.

与现有技术相比,本发明具有如下的有益效果:Compared with the prior art, the present invention has the following beneficial effects:

本发明提供的能够实现处于不同位置的多名用户授权处于指定位置的用户代表多名用户进行签名的功能,并确保了基于位置的消息的完整性和不可否认性,使得与位置相关的信息更加安全可靠。进一步地,在可选方案中,本发明提供的基于位置的代理多重签名方法,还对代理签名者发布的签名消息进行验证,且不限定代理签名验证者的位置,进一步保证了签名消息的可靠性和安全性。The present invention provides a function of enabling multiple users in different positions to authorize users in a designated position to sign on behalf of multiple users, and ensures the integrity and non-repudiation of the location-based message, so that the location-related information is more Safe and reliable. Further, in an optional solution, the location-based proxy multi-signature method provided by the present invention also verifies the signed message issued by the proxy signer, and does not limit the location of the proxy signature verifier, further ensuring the reliability of the signed message. sex and safety.

附图说明Description of drawings

通过阅读参照以下附图对非限制性实施例所作的详细描述,本发明的其它特征、目的和优点将会变得更明显:Other features, objects and advantages of the present invention will become more apparent by reading the detailed description of non-limiting embodiments with reference to the following drawings:

图1为本发明中方法的应用场景示意图;1 is a schematic diagram of an application scenario of the method in the present invention;

图2为本发明一实施例提供的基于位置的代理多重签名方法的流程图;2 is a flowchart of a location-based proxy multi-signature method provided by an embodiment of the present invention;

图3为本发明一实施例中代理授权密钥包的流程示意图;3 is a schematic flowchart of an agent authorization key package in an embodiment of the present invention;

图4为本发明一实施例中代理签名密钥包的流程示意图。FIG. 4 is a schematic flowchart of a proxy signing key package in an embodiment of the present invention.

具体实施方式Detailed ways

下面结合具体实施例对本发明进行详细说明。以下实施例将有助于本领域的技术人员进一步理解本发明,但不以任何形式限制本发明。应当指出的是,对本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变化和改进。这些都属于本发明的保护范围。The present invention will be described in detail below with reference to specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that, for those skilled in the art, several changes and improvements can be made without departing from the inventive concept. These all belong to the protection scope of the present invention.

应用本发明提供的基于位置的代理多重签名方法的系统包括:位置基础设施(Position Infrastructure,PI)、原始签名者(Original Signer,OS)、代理签名者(ProxySigner,PS)以及签名验证者(Verifier,V);其中,所有原始签名者构成原始签名者群(Original Signer Group,OSG)。如图1所示,原始签名者群OSG联合授权代理签名者PS,在位置基础设施PI的协助之下,完成对指定位置的代理签名者PS对特定信息的代理签名能力。The system applying the location-based proxy multi-signature method provided by the present invention includes: a location infrastructure (Position Infrastructure, PI), an original signer (Original Signer, OS), a proxy signer (ProxySigner, PS) and a signature verifier (Verifier) , V); wherein, all original signers constitute the original signer group (Original Signer Group, OSG). As shown in FIG. 1 , the original signer group OSG jointly authorizes the proxy signer PS, with the assistance of the location infrastructure PI, to complete the proxy signer capability for specific information for the proxy signer PS at the specified location.

如图2所示,根据本发明提供的基于位置的代理多重签名方法,可以包括:第一步:进行代理签名者PS、原始签名者群OSG以及位置基础设施PI的初始化;第二步:首先在PI的参与下完成原始签名者群OSG所在位置的真实性验证,然后PI来验证代理签名者PS的位置的真实性的认证,最后原始签名者群OSG完成对代理签名者PS的指定位置代理签名授权;第三步:首先代理签名者PS要在PI的支持下完成其自己位置的认证功能,然后再执行对特定信息的代理签名功能;第四步:由代理签名验证者V来完成验证代理签名确实由指定位置的原始签名者群联合授权指定位置的代理签名者对预设信息进行了代理签名。As shown in FIG. 2 , the location-based proxy multi-signature method provided by the present invention may include: the first step: initializing the proxy signer PS, the original signer group OSG and the location infrastructure PI; the second step: first With the participation of PI, the authenticity verification of the location of the original signer group OSG is completed, then PI verifies the authenticity of the location of the proxy signer PS, and finally the original signer group OSG completes the proxy signer PS's designated location proxy Signature authorization; Step 3: First, the proxy signer PS must complete the authentication function of its own location with the support of PI, and then perform the proxy signature function for specific information; Step 4: The proxy signature verifier V completes the verification The proxy signature is indeed authorized by the original signer group at the specified location to jointly authorize the proxy signer at the specified location to perform proxy signature on the preset information.

进一步地,如图3所示,原始签名者OS(原始签名者群OSG)首先在PI的协助下来判断对应的原始签名者OS是否在指定的位置,如是则生成代理授权密钥;若否,结束。其中,代理授权密钥作为代理授权生成模块的输入,并结合授权证书信息,生成代理授权证书,发送给代理签名者PS。Further, as shown in FIG. 3 , the original signer OS (original signer group OSG) first judges whether the corresponding original signer OS is in the specified position with the assistance of PI, and if so, generates a proxy authorization key; if not, Finish. The proxy authorization key is used as the input of the proxy authorization generation module, and combined with the authorization certificate information, the proxy authorization certificate is generated and sent to the proxy signer PS.

进一步地,如图4所示,代理签名者PS首先在PI的协助下来判断是否在指定的位置,如是则生成代理签名密钥,若否,则结束。其中,代理签名密钥作为代理签名生成的输入,外加待签名消息,生成代理签名,发送给代理签名验证者V。Further, as shown in FIG. 4 , the proxy signer PS firstly judges whether it is in the designated position with the assistance of PI, and if so, generates the proxy signing key, and if not, it ends. The proxy signature key is used as the input for proxy signature generation, and the message to be signed is added to generate proxy signature, which is sent to proxy signature verifier V.

本发明提供的基于位置的代理多重签名方法,能够实现处于不同位置的多名用户授权处于指定位置的用户代表多名用户进行签名的功能,并确保了基于位置的消息的完整性和不可否认性,使得与位置相关的信息更加安全可靠。The location-based proxy multi-signature method provided by the present invention can realize the function of multiple users at different locations authorize the users at the specified location to sign on behalf of multiple users, and ensure the integrity and non-repudiation of the location-based message , making location-related information more secure and reliable.

可选地,本发明提供的基于位置的代理多重签名方法,还对代理签名者发布的签名消息进行验证,且不限定代理签名验证者的位置,进一步保证了签名消息的可靠性和安全性。Optionally, the location-based proxy multi-signature method provided by the present invention also verifies the signed message issued by the proxy signer, and does not limit the location of the proxy signature verifier, further ensuring the reliability and security of the signed message.

本发明中的方法与传统基于身份验证的方法不同,实现了基于身份与位置的认证权利的转移,满足移动互联网环境下,多名不同位置的用户群对任意指定用于授权实施代理签名的安全性要求。The method of the present invention is different from the traditional method based on identity verification, and realizes the transfer of authentication rights based on identity and location, and satisfies the security of multiple user groups in different locations arbitrarily designated to authorize the implementation of proxy signatures under the mobile Internet environment. sexual requirements.

为了更加清楚地描述本发明中的方法,下面结合具体实施例进行详细的说明。具体地,位置基础设置PI侧包括如下步骤:In order to describe the method in the present invention more clearly, detailed description is given below with reference to specific embodiments. Specifically, the location-based setting on the PI side includes the following steps:

步骤A1:位置基础实施PI在初始化过程中获取安全参数1k、主密钥mk、公开参数pp,并分别向原始签名者群OSG中的每个原始签名者OS发送唯一对应的身份信息;其中,假设原始签名者群OSG中包含有n个原始签名者OS,第i个原始签名者记为OSi,其中i=1,2,3,…,n;则第i个原始签名者OSi对应的身份信息为IDiStep A1: The location infrastructure PI obtains the security parameter 1 k , the master key mk, and the public parameter pp in the initialization process, and sends the unique corresponding identity information to each original signer OS in the original signer group OSG respectively; wherein , assuming that the original signer group OSG contains n original signers OS, the i-th original signer is recorded as OS i , where i=1,2,3,...,n; then the i-th original signer OS i The corresponding identity information is ID i ;

步骤A2:接收来自原始签名者OSi发送的代理签名请求信息,所述代理签名请求信息中包含有该原始签名者OSi对应的位置信息

Figure BDA0001450780430000061
Step A2: Receive the proxy signature request information sent from the original signer OS i , where the proxy signature request information includes the location information corresponding to the original signer OS i
Figure BDA0001450780430000061

步骤A3:通过位置定位协议确定每一个原始签名者OSi对应的位置信息

Figure BDA0001450780430000062
为有效信息时,向每一个原始签名者OSi发送对应的确认信息;并生成代理授权密钥包
Figure BDA0001450780430000063
i=1,2,3,…,n;
Figure BDA0001450780430000064
表示第i个原始签名者对应的代理授权密钥包;其中,所述代理授权密钥包中封装有位置定位协议、授权密钥、对应原始签名者的身份信息、代理签名者的身份信息、对应原始签名者的位置信息以及代理签名者的位置信息;Step A3: Determine the location information corresponding to each original signer OS i through the location location protocol
Figure BDA0001450780430000062
When it is valid information, send corresponding confirmation information to each original signer OS i ; and generate proxy authorization key package
Figure BDA0001450780430000063
i=1,2,3,...,n;
Figure BDA0001450780430000064
Indicates the proxy authorization key package corresponding to the i-th original signer; wherein, the proxy authorization key package is encapsulated with a location positioning protocol, an authorization key, the identity information of the corresponding original signer, the identity information of the proxy signer, Corresponding to the location information of the original signer and the location information of the proxy signer;

步骤A4:向每个原始签名者发送对应的代理授权密钥包

Figure BDA0001450780430000065
Step A4: Send the corresponding proxy authorization key package to each original signer
Figure BDA0001450780430000065

步骤A5:接收检查者侧发送的代理授权证书dw,dw中包含有所有原始签名者和代理签名者的身份、位置、可签名消息类型、有效期信息;Step A5: Receive the proxy authorization certificate dw sent by the checker side, and the dw contains the identities, locations, signable message types, and validity period information of all original signers and proxy signers;

步骤A6:根据所述代理授权证书dw生成代理签名密钥包pskp,并发送给代理签名者PS,其中,所述代理签名密钥包pskp中封装有位置定位协议、代理签名密钥、代理签名者的身份信息、代理签名者的位置信息、签名算法等。Step A6: Generate a proxy signature key package pskp according to the proxy authorization certificate dw, and send it to the proxy signer PS, wherein the proxy signature key package pskp is encapsulated with a location location protocol, proxy signature key, proxy signature The identity information of the signer, the location information of the proxy signer, the signature algorithm, etc.

原始签名者OS侧(原始签名者群OSG侧)包括如下步骤:The OS side of the original signer (the OSG side of the original signer group) includes the following steps:

步骤B1:原始签名者OSi向位置基础实施PI发送代理签名请求信息,所述代理签名请求信息中包含有该原始签名者OSi对应的位置信息

Figure BDA0001450780430000066
其中,OSi表示第i个原始签名者,
Figure BDA0001450780430000067
表示第i个原始签名者对应的位置信息,其中i=1,2,3,…,n,n表示原始签名者的总数;Step B1: the original signer OS i sends proxy signature request information to the location infrastructure PI, where the proxy signature request information includes the location information corresponding to the original signer OS i
Figure BDA0001450780430000066
where OS i represents the i-th original signer,
Figure BDA0001450780430000067
Represents the location information corresponding to the i-th original signer, where i=1, 2, 3,..., n, n represents the total number of original signers;

步骤B2:原始签名者OSi接收位置基础实施PI发送的代理授权密钥包

Figure BDA0001450780430000068
i=1,2,3,…,n;
Figure BDA0001450780430000069
表示第i个原始签名者对应的代理授权密钥包;其中,代理授权密钥包中封装有位置定位协议、授权密钥、对应原始签名者的身份信息、代理签名者的身份信息、对应原始签名者的位置信息以及代理签名者的位置信息;Step B2: The original signer OS i receives the proxy authorization key package sent by the location infrastructure PI
Figure BDA0001450780430000068
i=1,2,3,...,n;
Figure BDA0001450780430000069
Indicates the proxy authorization key package corresponding to the i-th original signer; wherein, the proxy authorization key package contains the location location protocol, authorization key, identity information corresponding to the original signer, identity information of the proxy signer, corresponding original signer The location information of the signer and the location information of the proxy signer;

步骤B3:根据代理授权密钥包

Figure BDA00014507804300000610
确定原始签名者OSi的位置有效时,生成相应的代理授权信息;所述代理授权信息中包含有原始签名者的身份信息、原始签名者的位置信息以及根据所述代理授权密钥包生成的签名dwi,dwi表示第i个代理授权密钥包
Figure BDA00014507804300000611
生成的签名;Step B3: Authorize the key package according to the agent
Figure BDA00014507804300000610
When it is determined that the location of the original signer OS i is valid, the corresponding proxy authorization information is generated; the proxy authorization information includes the identity information of the original signer, the location information of the original signer, and the information generated according to the proxy authorization key package. Signature dw i , dw i represents the ith agent authorization key package
Figure BDA00014507804300000611
generated signature;

步骤B4:将所述代理授权信息发送给检查者(Clerk),其中,所述检查者为原始签名者群OSG中指定的任一个原始签名者。Step B4: Send the proxy authorization information to a checker (Clerk), wherein the checker is any original signer specified in the original signer group OSG.

检查者侧,包括如下步骤:Inspector side, including the following steps:

步骤C1:确定原始签名者群OSG中指定的任一个原始签名者作为检查者,所述检查者检查代理授权密钥包

Figure BDA0001450780430000071
生成的签名dwi是否由原始签名者OSi来生成,若是,则dwi有效,执行步骤C2,若否,则无效,结束流程;Step C1: Determine any original signer specified in the original signer group OSG as a checker, and the checker checks the proxy authorization key package
Figure BDA0001450780430000071
Whether the generated signature dwi is generated by the original signer OS i , if yes, then dwi is valid, and step C2 is executed, if not, it is invalid, and the process ends;

步骤C2:判断所有的dwi是否全部有效,i=1,2,3,…,n,若全部有效,则生成代理授权证书,令

Figure BDA0001450780430000072
dw表示代理授权证书,dw中包含有所有原始签名者和代理签名者的身份信息、位置信息、可签名消息类型信息、有效期信息;Step C2: Determine whether all dwi i are valid, i=1, 2, 3, ..., n, if all are valid, generate an agency authorization certificate, let
Figure BDA0001450780430000072
dw represents the proxy authorization certificate, and dw contains the identity information, location information, signable message type information, and validity period information of all original signers and proxy signers;

步骤C3:向代理签名者PS发送代理授权证书。Step C3: Send the proxy authorization certificate to the proxy signer PS.

代理签名者PS侧,包括如下步骤:The PS side of the proxy signer includes the following steps:

步骤D1:接收位置基础实施PI发送的代理签名密钥包pskp和检查者发送的代理授权证书;Step D1: Receive the proxy signature key package pskp sent by the location infrastructure PI and the proxy authorization certificate sent by the inspector;

步骤D2:根据代理签名密钥包pskp中封装的位置定位协议确定代理签名者PS自身的位置信息PosPS是否有效,若有效,则执行步骤D3;若无效,则结束流程;其中,位置信息PosPS有效是指:代理签名者PS的位置信息与代理授权证书中关于代理签名者PS的位置信息一致;Step D2: Determine whether the position information Pos PS of the proxy signer PS itself is valid according to the position positioning protocol encapsulated in the proxy signature key package pskp, if valid, execute step D3; if invalid, end the process; wherein, the position information Pos PS valid means: the location information of the proxy signer PS is consistent with the location information about the proxy signer PS in the proxy authorization certificate;

步骤D3:向签名验证者V发送多重签名,所述多重签名记为:(m,s,dw,pp),(m,s,dw,pp)表示针对消息m的签名s,且签名s的有效次数为1次。Step D3: Send a multi-signature to the signature verifier V, the multi-signature is recorded as: (m,s,dw,pp), (m,s,dw,pp) represents the signature s for the message m, and the value of the signature s is The valid number is 1 time.

签名验证者V侧,包括如下步骤:The V side of the signature verifier includes the following steps:

步骤E1:接收代理签名者PS发送的代理多重签名(m,s,dw,pp);Step E1: Receive the proxy multi-signature (m, s, dw, pp) sent by the proxy signer PS;

步骤E2:通过原始签名者的身份信息和位置信息、代理签名者的身份信息和位置信息、公开参数pp来检查代理授权证书是否有效,若有效,则执行步骤E3,若无效,则结束流程;Step E2: Check whether the proxy authorization certificate is valid through the identity information and location information of the original signer, the identity information and location information of the proxy signer, and the public parameter pp, if valid, then execute step E3, if invalid, then end the process;

步骤E3:通过预设的多重签名验证算法来验证s是否是消息m的代理多重签名,若验证成功,则确认消息m确实由代理签名者在指定的位置PosPS代表原始签名者群(在位置

Figure BDA0001450780430000073
(i=1,2,...,n))进行的签名;若验证失败,则结束流程。Step E3: Verify whether s is the proxy multi-signature of message m through the preset multi-signature verification algorithm. If the verification is successful, it is confirmed that the message m is indeed represented by the proxy signer at the designated position Pos PS on behalf of the original signer group (at the position of the original signer group).
Figure BDA0001450780430000073
(i=1,2,...,n)); if the verification fails, the process ends.

需要说明的是,本发明提供的所述基于位置的代理多重签名方法中的步骤,可以利用所述基于位置的代理多重签名系统中对应的模块、装置、单元等予以实现,本领域技术人员可以参照所述系统的技术方案实现所述方法的步骤流程,即,所述系统中的实施例可理解为实现所述方法的优选例,在此不予赘述。It should be noted that the steps in the location-based proxy multi-signature method provided by the present invention can be implemented by using the corresponding modules, devices, units, etc. in the location-based proxy multi-signature system, and those skilled in the art can Referring to the step flow of implementing the method in the technical solution of the system, that is, the embodiment in the system can be understood as a preferred example for implementing the method, which will not be repeated here.

本领域技术人员知道,除了以纯计算机可读程序代码方式实现本发明提供的系统及其各个装置以外,完全可以通过将方法步骤进行逻辑编程来使得本发明提供的系统及其各个装置以逻辑门、开关、专用集成电路、可编程逻辑控制器以及嵌入式微控制器等的形式来实现相同功能。所以,本发明提供的系统及其各项装置可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构;也可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。Those skilled in the art know that, in addition to implementing the system provided by the present invention and its respective devices in the form of pure computer-readable program codes, the system provided by the present invention and its respective devices can be made by logic gates, Switches, application-specific integrated circuits, programmable logic controllers, and embedded microcontrollers are used to achieve the same function. Therefore, the system and its various devices provided by the present invention can be regarded as a kind of hardware components, and the devices for realizing various functions included in the system can also be regarded as structures in the hardware components; The means for implementing various functions can be regarded as either a software module implementing a method or a structure within a hardware component.

以上对本发明的具体实施例进行了描述。需要理解的是,本发明并不局限于上述特定实施方式,本领域技术人员可以在权利要求的范围内做出各种变化或修改,这并不影响本发明的实质内容。在不冲突的情况下,本申请的实施例和实施例中的特征可以任意相互组合。Specific embodiments of the present invention have been described above. It should be understood that the present invention is not limited to the above-mentioned specific embodiments, and those skilled in the art can make various changes or modifications within the scope of the claims, which do not affect the essential content of the present invention. The embodiments of the present application and features in the embodiments may be combined with each other arbitrarily, provided that there is no conflict.

Claims (8)

1.一种基于位置的代理多重签名方法,其特征在于,包括:1. A location-based proxy multi-signature method, characterized in that, comprising: 位置基础实施PI在初始化过程中获取安全参数1k、主密钥mk、公开参数pp,并分别向原始签名者群OSG中的每个原始签名者OS发送唯一对应的身份信息;其中,假设原始签名者群OSG中包含有n个原始签名者OS,第i个原始签名者记为OSi,其中i=1,2,3,…,n;则第i个原始签名者OSi对应的身份信息为IDi,n表示原始签名者的总数;The location-based implementation PI obtains the security parameter 1 k , the master key mk, and the public parameter pp during the initialization process, and sends unique corresponding identity information to each original signer OS in the original signer group OSG; The signer group OSG contains n original signers OS, and the i-th original signer is denoted as OS i , where i=1, 2, 3,...,n; the identity corresponding to the i-th original signer OS i The information is ID i , and n represents the total number of original signers; 接收来自原始签名者OSi发送的代理签名请求信息,所述代理签名请求信息中包含有该原始签名者OSi对应的位置信息
Figure FDA0002727915350000011
Receive the proxy signature request information sent from the original signer OS i , where the proxy signature request information includes the location information corresponding to the original signer OS i
Figure FDA0002727915350000011
 通过位置定位协议确定每一个原始签名者OSi对应的位置信息
Figure FDA0002727915350000012
为有效信息时,向每一个原始签名者OSi发送对应的确认信息;并生成代理授权密钥包
Figure FDA0002727915350000013
i=1,2,3,…,n;
Figure FDA0002727915350000014
表示第i个原始签名者对应的代理授权密钥包;Determine the location information corresponding to each original signer OS i through the location location protocol
Figure FDA0002727915350000012
When it is valid information, send corresponding confirmation information to each original signer OS i ; and generate proxy authorization key package
Figure FDA0002727915350000013
i=1,2,3,...,n;
Figure FDA0002727915350000014
Indicates the proxy authorization key package corresponding to the i-th original signer; 向每个原始签名者发送对应的代理授权密钥包
Figure FDA0002727915350000015
Send the corresponding proxy authorization key package to each original signer
Figure FDA0002727915350000015
 接收检查者侧发送的代理授权证书dw,dw中包含有所有原始签名者和代理签名者的身份、位置、可签名消息类型、有效期信息;Receive the proxy authorization certificate dw sent by the checker side, and the dw contains the identities, locations, signable message types, and validity period information of all original signers and proxy signers; 根据所述代理授权证书dw生成代理签名密钥包pskp,并发送给代理签名者PS;其中,所述代理签名密钥包pskp是代理签名者在指定的位置时生成的,所述检查者为原始签名者群OSG中指定的任一个原始签名者。Generate a proxy signature key package pskp according to the proxy authorization certificate dw, and send it to the proxy signer PS; wherein, the proxy signature key package pskp is generated by the proxy signer at a specified location, and the checker is Any original signer specified in the original signer group OSG. 2.根据权利要求1所述的基于位置的代理多重签名方法,其特征在于,所述代理授权密钥包中封装有位置定位协议、授权密钥、对应原始签名者的身份信息、代理签名者的身份信息、对应原始签名者的位置信息以及代理签名者的位置信息;2. location-based proxy multi-signature method according to claim 1, is characterized in that, in described proxy authorization key package, is encapsulated with location location protocol, authorization key, identity information of corresponding original signer, proxy signer The identity information of the original signer, the location information of the corresponding original signer, and the location information of the proxy signer; 所述代理签名密钥包pskp中封装有位置定位协议、代理签名密钥、代理签名者的身份信息、代理签名者的位置信息、签名算法。The proxy signature key package pskp encapsulates a location location protocol, a proxy signature key, the identity information of the proxy signer, the location information of the proxy signer, and a signature algorithm. 3.根据权利要求1或2所述的基于位置的代理多重签名方法,其特征在于,所述位置定位协议包括:全球定位系统GPS协议,用于确定原始签名者、代理签名者的位置。3. The location-based proxy multi-signature method according to claim 1 or 2, wherein the location location protocol comprises: a global positioning system (GPS) protocol for determining the location of the original signer and the proxy signer. 4.一种基于位置的代理多重签名方法,其特征在于,包括:4. A location-based proxy multi-signature method, comprising: 原始签名者OSi向位置基础实施PI发送代理签名请求信息,所述代理签名请求信息中包含有该原始签名者OSi对应的位置信息
Figure FDA0002727915350000016
其中,OSi表示第i个原始签名者,
Figure FDA0002727915350000017
表示第i个原始签名者对应的位置信息,其中i=1,2,3,…,n,n表示原始签名者的总数;The original signer OS i sends proxy signature request information to the location infrastructure PI, where the proxy signature request information includes the location information corresponding to the original signer OS i
Figure FDA0002727915350000016
where OS i represents the i-th original signer,
Figure FDA0002727915350000017
Represents the location information corresponding to the i-th original signer, where i=1, 2, 3,..., n, n represents the total number of original signers; 原始签名者OSi接收位置基础实施PI发送的代理授权密钥包
Figure FDA0002727915350000021
Figure FDA0002727915350000022
表示第i个原始签名者对应的代理授权密钥包;The original signer OS i receives the agent authorization key package sent by the location base implementation PI
Figure FDA0002727915350000021
Figure FDA0002727915350000022
Indicates the proxy authorization key package corresponding to the i-th original signer; 根据代理授权密钥包
Figure FDA0002727915350000023
确定原始签名者OSi的位置有效时,生成相应的代理授权信息;所述代理授权信息中包含有原始签名者的身份信息、原始签名者的位置信息以及根据所述代理授权密钥包生成的签名dwi,dwi表示第i个代理授权密钥包
Figure FDA0002727915350000024
生成的签名;其中,所述代理签名密钥包pskp是代理签名者在指定的位置时生成的;Authorize keybags according to the agent
Figure FDA0002727915350000023
When it is determined that the location of the original signer OS i is valid, the corresponding proxy authorization information is generated; the proxy authorization information includes the identity information of the original signer, the location information of the original signer, and the information generated according to the proxy authorization key package. Signature dw i , dw i represents the ith agent authorization key package
Figure FDA0002727915350000024
The generated signature; wherein, the proxy signature key package pskp is generated when the proxy signer is in a specified position; 将所述代理授权信息发送给检查者,其中,所述检查者为原始签名者群OSG中指定的任一个原始签名者。The proxy authorization information is sent to a checker, wherein the checker is any one of the original signers specified in the original signer group OSG. 5.根据权利要求4所述的基于位置的代理多重签名方法,其特征在于,代理授权密钥包中封装有位置定位协议、授权密钥、对应原始签名者的身份信息、代理签名者的身份信息、对应原始签名者的位置信息以及代理签名者的位置信息。5. location-based proxy multi-signature method according to claim 4, is characterized in that, in the proxy authorization key package, is encapsulated with location location protocol, authorization key, the identity information of corresponding original signer, the identity of the proxy signer information, the location information of the corresponding original signer, and the location information of the proxy signer. 6.根据权利要求4或5所述的基于位置的代理多重签名方法,其特征在于,当原始签名者作为检查者时,还包括:6. The location-based proxy multi-signature method according to claim 4 or 5, characterized in that, when the original signer acts as a checker, it further comprises: 确定原始签名者群OSG中指定的任一个原始签名者作为检查者,所述检查者检查代理授权密钥包
Figure FDA0002727915350000025
生成的签名dwi是否由原始签名者OSi来生成,Determine any original signer specified in the original signer group OSG as a checker, and the checker checks the agent authorization key package
Figure FDA0002727915350000025
Whether the generated signature dwi is generated by the original signer OS i , 若否,则无效,结束流程;If not, it is invalid, and the process ends; 若是,if, 则dwi有效,判断所有的dwi是否全部有效,i=1,2,3,…,n,若全部有效,则生成代理授权证书,令
Figure FDA0002727915350000026
dw表示代理授权证书,dw中包含有所有原始签名者和代理签名者的身份信息、位置信息、可签名消息类型信息、有效期信息;Then dwi i is valid, judge whether all dwi i are valid, i=1, 2, 3,..., n, if all are valid, generate an agency authorization certificate, let
Figure FDA0002727915350000026
dw represents the proxy authorization certificate, and dw contains the identity information, location information, signable message type information, and validity period information of all original signers and proxy signers; 向代理签名者PS发送代理授权证书。A proxy authorization certificate is sent to the proxy signer PS. 7.一种基于位置的代理多重签名方法,其特征在于,包括:7. A location-based proxy multi-signature method, comprising: 接收位置基础实施PI发送的代理签名密钥包pskp和检查者发送的代理授权证书;其中,所述代理签名密钥包pskp是代理签名者在指定的位置时生成的,所述检查者为原始签名者群OSG中指定的任一个原始签名者;Receive the proxy signature key package pskp sent by PI and the proxy authorization certificate sent by the checker; wherein, the proxy signature key package pskp is generated by the proxy signer at the specified location, and the checker is the original Any original signer specified in the signer group OSG; 根据代理签名密钥包pskp中封装的位置定位协议确定代理签名者PS自身的位置信息PosPS是否有效,若无效,则结束流程;Determine whether the location information Pos PS of the proxy signer PS itself is valid according to the location positioning protocol encapsulated in the proxy signature key package pskp, and if it is invalid, end the process; 若有效,If valid, 则向签名验证者V发送多重签名,所述多重签名记为:(m,s,dw,pp),(m,s,dw,pp)表示针对消息m的签名s,且签名s的有效次数为1次;Then send a multi-signature to the signature verifier V, the multi-signature is recorded as: (m,s,dw,pp), (m,s,dw,pp) represents the signature s for the message m, and the number of times the signature s is valid is 1 time; 其中,位置信息PosPS有效是指:代理签名者PS的位置信息与代理授权证书中关于代理签名者PS的位置信息一致。The validity of the location information Pos PS means that the location information of the proxy signer PS is consistent with the location information about the proxy signer PS in the proxy authorization certificate. 8.一种基于位置的代理多重签名系统,其特征在于,包括:位置基础设施PI、原始签名者OS、代理签名者PS以及签名验证者V;其中,8. A location-based proxy multi-signature system, comprising: location infrastructure PI, original signer OS, proxy signer PS, and signature verifier V; wherein, 所述位置基础设施PI用于执行权利要求1-3中任一项所述的基于位置的代理多重签名方法;The location infrastructure PI is used to perform the location-based proxy multi-signature method of any one of claims 1-3; 所述原始签名者OS用于执行权利要求4-6中任一项所述的基于位置的代理多重签名方法;The original signer OS is used to execute the location-based proxy multi-signature method of any one of claims 4-6; 所述代理签名者PS用于执行权利要求7所述的基于位置的代理多重签名方法;The proxy signer PS is used to perform the location-based proxy multi-signature method of claim 7; 所述签名验证者V用于接收代理签名者PS发送的代理多重签名(m,s,dw,pp);其中,(m,s,dw,pp)表示针对消息m的签名s,且签名s的有效次数为1次;The signature verifier V is used to receive the proxy multi-signature (m, s, dw, pp) sent by the proxy signer PS; wherein, (m, s, dw, pp) represents the signature s for the message m, and the signature s The valid number of times is 1; 通过原始签名者的身份信息和位置信息、代理签名者的身份信息和位置信息、公开参数pp来检查代理授权证书是否有效,若无效,则结束流程;Check whether the proxy authorization certificate is valid through the identity information and location information of the original signer, the identity information and location information of the proxy signer, and the public parameter pp. If it is invalid, the process ends; 若有效,则通过预设的多重签名验证算法来验证s是否是消息m的代理多重签名,若验证成功,则确认消息m确实由代理签名者在指定的位置PosPS代表原始签名者群。If it is valid, the preset multi-signature verification algorithm is used to verify whether s is the proxy multi-signature of message m. If the verification is successful, it is confirmed that the message m is indeed represented by the proxy signer at the specified position Pos PS on behalf of the original signer group.
CN201711036923.2A 2017-10-30 2017-10-30 Location-based proxy multi-signature method and system Active CN107846281B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711036923.2A CN107846281B (en) 2017-10-30 2017-10-30 Location-based proxy multi-signature method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711036923.2A CN107846281B (en) 2017-10-30 2017-10-30 Location-based proxy multi-signature method and system

Publications (2)

Publication Number Publication Date
CN107846281A CN107846281A (en) 2018-03-27
CN107846281B true CN107846281B (en) 2020-12-08

Family

ID=61681938

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711036923.2A Active CN107846281B (en) 2017-10-30 2017-10-30 Location-based proxy multi-signature method and system

Country Status (1)

Country Link
CN (1) CN107846281B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110311791A (en) * 2019-07-03 2019-10-08 郑州师范学院 A message verification method, device, equipment and readable storage medium
CN113346992B (en) * 2021-05-27 2022-06-28 淮阴工学院 An identity-based multi-agent signature method and device for protecting private keys
CN115033912B (en) * 2022-04-20 2023-04-25 郑州轻工业大学 Medical data cross-equipment anonymous verification method, device and equipment based on blockchain
CN118761050A (en) * 2024-09-02 2024-10-11 北京华益精点生物技术有限公司 Intelligent blood pressure monitoring method and system based on multimodal identity authentication

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1503932A (en) * 2001-01-23 2004-06-09 ���������˼�빫˾ Method and system for obtaining digital signatures
CN104160653A (en) * 2012-03-08 2014-11-19 英特尔公司 Multi-factor certificate authority
WO2017027134A8 (en) * 2015-08-07 2017-09-28 Qualcomm Incorporated Validating authorization for use of a set of features of a device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4547158B2 (en) * 2002-04-15 2010-09-22 株式会社エヌ・ティ・ティ・ドコモ Signature scheme using bilinear mapping

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1503932A (en) * 2001-01-23 2004-06-09 ���������˼�빫˾ Method and system for obtaining digital signatures
CN104160653A (en) * 2012-03-08 2014-11-19 英特尔公司 Multi-factor certificate authority
WO2017027134A8 (en) * 2015-08-07 2017-09-28 Qualcomm Incorporated Validating authorization for use of a set of features of a device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Proxy Multi-Signature Binding Positioning Protocol;Qingshui Xue;《2014 IEEE/CIC International Conference on Communications in China (ICCC)》;20150115;第I节-第IV节,图1-2 *

Also Published As

Publication number Publication date
CN107846281A (en) 2018-03-27

Similar Documents

Publication Publication Date Title
CN107079037B (en) Block chain-based identity authentication method, device, node and system
CN112671720B (en) Token construction method, device and equipment for cloud platform resource access control
CN107846281B (en) Location-based proxy multi-signature method and system
CN113743921B (en) Digital asset processing method, device, equipment and storage medium
CN103167491B (en) A kind of mobile terminal uniqueness authentication method based on software digital certificate
CN104378206B (en) A USB-Key-based virtual desktop security authentication method and system
CN104753881B (en) A kind of WebService safety certification access control method based on software digital certificate and timestamp
WO2018177093A1 (en) Block chain processing method, accounting node, verification node and storage medium
CN110247884B (en) Method, device and system for updating certificate and computer readable storage medium
WO2009079916A1 (en) A method for generating a key pair and transmitting a public key or a certificate application document securely
WO2014110877A1 (en) Mobile terminal device and user authentication method based on pki technology
CN108885658B (en) Proof of device authenticity by means of credentials
CN105554004A (en) An authentication system and method for container services in a hybrid cloud computing environment
CN110798475A (en) Security authentication method, device, equipment and storage medium
CN110943844B (en) Electronic document security signing method and system based on local service of webpage client
JPWO2020010279A5 (en)
CN110636051B (en) Block chain transaction method based on multi-user CA digital certificate
CN112118229B (en) Internet of things equipment, server security authentication method and device and electronic equipment
CN111464536B (en) Block chain cross-chain method and device
CN104717217A (en) Certifiable security data possession verifying method in cloud storage based on partial delegation
WO2013135172A1 (en) Method, device, and system for authentication
CN115426197B (en) Escrow-based digital key sharing method, device, equipment and medium
CN115150093A (en) Multi-device assisted nuclear body method and system
CN112968779B (en) A security authentication and authorization control method, control system, and program storage medium
WO2025081826A1 (en) Security-enhanced authentication method and system based on mqtt protocol extension, and medium and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20180327

Assignee: Shanghai Qiyue Information Technology Co.,Ltd.

Assignor: SHANGHAI INSTITUTE OF TECHNOLOGY

Contract record no.: X2025980004401

Denomination of invention: Location based proxy multi signature method and system

Granted publication date: 20201208

License type: Common License

Record date: 20250227