[go: up one dir, main page]

CN114091009B - Method for establishing safety link by using distributed identity mark - Google Patents

Method for establishing safety link by using distributed identity mark Download PDF

Info

Publication number
CN114091009B
CN114091009B CN202111375918.0A CN202111375918A CN114091009B CN 114091009 B CN114091009 B CN 114091009B CN 202111375918 A CN202111375918 A CN 202111375918A CN 114091009 B CN114091009 B CN 114091009B
Authority
CN
China
Prior art keywords
equipment
identity
distributed identity
manufacturer
distributed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111375918.0A
Other languages
Chinese (zh)
Other versions
CN114091009A (en
Inventor
陈若禹
翟栋
黄德俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Cric Technology Co ltd
Original Assignee
Sichuan Cric Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Cric Technology Co ltd filed Critical Sichuan Cric Technology Co ltd
Priority to CN202111375918.0A priority Critical patent/CN114091009B/en
Publication of CN114091009A publication Critical patent/CN114091009A/en
Application granted granted Critical
Publication of CN114091009B publication Critical patent/CN114091009B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method for establishing a secure link by using a distributed identity, which comprises the following steps: a method for establishing a secure link using distributed identity, comprising: registering the distributed identity identification DID of the manufacturer on the blockchain by each manufacturer; registering a distributed identity identifier DID of the device on the blockchain by each device; each device receives a verification statement VC issued by a manufacturer to which the device belongs, wherein the verification statement VC comprises at least one of factory information and use information of the device, and the like, so that the attack of a man-in-the-middle can be prevented, and information is prevented from being stolen and tampered.

Description

Method for establishing safety link by using distributed identity mark
Technical Field
The invention relates to the technical field of blockchain technology and an encryption method, in particular to a method and a system for establishing a secure link by using a distributed identity.
Background
With the development of the internet of things, in an industrial internet scene, equipment is more and more cooperated, and more communication and cooperation are needed between machines, so that identity authentication between the equipment is more and more important. However, devices in factories often come from different brands and different manufacturers, and inter-brand and inter-manufacturer data exchange, collaboration and sharing are all needed, so how to realize inter-device inter-domain identity mutual authentication is a great problem.
The traditional identity authentication method is usually a centralized unified authentication method, equipment under a platform is authenticated by the same platform, equipment identities (and data corresponding to the equipment) of different platforms are not communicated, equipment opening cost under all different brands is high through one unified platform, if the unified platform is invaded, user privacy under the platform is leaked in a large scale, and the number of events of user privacy leakage of the network platform in history is countless. Most factory solutions enable different brands of devices to trust each other to complete identity authentication by employing PKI technology, i.e., issuing certificates through a third party digital certificate issuing platform (CA platform), but such PKI technology that relies on third party certificates has some problems:
1. Single point failure problem
CA is a central trust point in PKI technology, which once controlled, may result in the issuance of false certificates, which in turn results in the CA root certificates and certificates that have been issued by the CA no longer being trusted. And will affect users using the digital certificates of the corresponding CA authorities once some services cannot be provided due to the CA authorities themselves or due to security attacks or the like.
2. Supervising audit problems
The CA mechanism is an authoritative and reliable third party in the public key system, and needs to have perfect supervision audit measures, so that once the authority is lost, external security attacks and internal security events can possibly occur, and the public trust of the CA mechanism is reduced.
3. Certificate batch configuration inefficiency
When a user configures and uses a certificate, the user needs to apply for the certificate to a CA mechanism first, and after the CA mechanism signs the certificate, the user needs to configure or install the signed certificate into a target device or a server. In the traditional internet, the application and configuration of certificates are both performed manually. However, in the scenes of the mobile internet, the internet of things, the internet of vehicles and the like, the requirement of batch configuration of private keys and certificates is urgent due to the huge number of network devices and terminal devices.
4. Multi-CA mutual trust
The user certificate can only be verified by the root certificate of the affiliated CA, and different CAs cannot mutually verify.
Disclosure of Invention
The invention aims to provide a method and a system for establishing a secure link by using a distributed identity. In order to solve the technical problems existing in the background art.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
a method for establishing a secure link using distributed identity, comprising:
Registering the distributed identity identification DID of the manufacturer on the blockchain by each manufacturer;
Registering a distributed identity identifier DID of the device on the blockchain by each device;
each device receives a verification statement VC issued by a manufacturer to which the device belongs, wherein the verification statement VC comprises at least one of factory information and use information of the device;
The first equipment sends a request for acquiring the distributed identity identifier DID of the second equipment to the second equipment;
the second device feeds back the distributed identity identifier DID, the verification statement VC and the random number signed by the private key to the first device;
the first equipment searches a corresponding DID document on the blockchain based on the received distributed identity identification DID, finds a public key PUB_B corresponding to the distributed identity identification DID of the second equipment, and performs signature verification on a private key signature of the second equipment through the public key PUB_B to verify the identity of the second equipment;
if the identity verification is passed, further verifying a verification statement VC of the second equipment, and confirming a manufacturer to which the second equipment belongs;
If the manufacturer to which the second device belongs is a preset manufacturer, the first device generates a temporary key KA, encrypts the KA by using a public key PUB_B of the second device to obtain C (KA), and sends the C (KA) to the second device together with a distributed identity DID of the first device and a random number signed by a private key;
The second device searches a corresponding DID document on the blockchain based on the received distributed identity identification DID, finds a public key PUB_A corresponding to the distributed identity identification DID of the first device, and performs signature verification on a private key signature of the first device through the public key PUB_A to verify the identity of the first device;
if the identity verification is passed, further verifying a verification statement VC of the first equipment, and confirming a manufacturer to which the first equipment belongs;
If the manufacturer to which the first device belongs is a preset manufacturer, the second device generates a temporary key KB, encrypts the KB by using the public key of the first device to obtain C (KB), and sends the C (KB) to the first device;
the first equipment receives C (KB) for decryption to obtain KB, the KA and the KB are exclusive-or to obtain a symmetric session key SessionKey, and the second equipment performs exclusive-or on the KA and the KB to obtain the SessionKey;
and finishing the mutual authentication and key negotiation of the first device and the second device.
In some embodiments, the method further comprises: the transmission of content between the first device and the second device uses a symmetric cryptographic algorithm to encrypt communications.
In some embodiments, one of the distributed identification DID corresponds to one DID document.
In some embodiments, the DID document includes at least one of a DID identifier, a public key, authentication, and a service.
In some embodiments, the service includes a service type of the device advertisement corresponding to the distributed identity DID, where the service type includes an off-center avatar management service for further discovery, authentication, authorization, or interaction.
In some embodiments, the validation declaration VC contains VC metadata, declarations, and certificates.
In some embodiments, the VC metadata includes vendor, date of release, type of statement.
In some embodiments, the claim is one or more of a description of the subject, the claim comprising: device number, device type, date of manufacture, shelf life, device serial number.
In some embodiments, the proof is a digital signature of the issuer.
Meanwhile, the invention also discloses a device for establishing the safety link by using the distributed identity, wherein the device comprises a processor and a memory; the memory is configured to store instructions that, when executed by the processor, cause the apparatus to implement any of the methods for establishing a secure link using distributed identity.
Meanwhile, the invention also discloses a computer readable storage medium, wherein the storage medium stores computer instructions, and when the computer reads the computer instructions in the storage medium, the computer runs the method for establishing the secure link by using the distributed identity mark.
Advantageous effects
Compared with the prior art, the invention has the remarkable advantages that:
The invention ensures the high security of the session key negotiation process by the mode of bidirectional identity authentication based on DID and asymmetric key encryption means, ensures the transmission efficiency by using the session key obtained after negotiation for symmetric encryption transmission of subsequent contents, ensures the security of communication and authentication flow without introducing CA and digital certificates in the authentication process, and also achieves the effect of preventing man-in-the-middle attack, stealing and tampering keys or information.
Drawings
Fig. 1 is a schematic diagram of a bidirectional authentication and key agreement flow according to the present embodiment;
FIG. 2 is a schematic diagram of a distributed identity mutual authentication and key agreement procedure according to the present embodiment;
FIG. 3 is a diagram showing the structure of a DID document according to the present embodiment;
fig. 4 is a schematic diagram of the structure of a verifiable claim VC according to this embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
On the contrary, the application is intended to cover any alternatives, modifications, equivalents, and variations as may be included within the spirit and scope of the application as defined by the appended claims. Further, in the following detailed description of the present application, certain specific details are set forth in order to provide a better understanding of the present application. The present application will be fully understood by those skilled in the art without the details described herein.
A method and system for establishing a secure link using distributed identity according to embodiments of the present application will be described in detail below with reference to fig. 1-4. It is noted that the following examples are only for explaining the present application and are not to be construed as limiting the present application.
Example 1
As shown in fig. 1, a method for establishing a secure link by using a distributed identity identifier includes:
Registering the distributed identity identification DID of the manufacturer on the blockchain by each manufacturer;
Registering a distributed identity identifier DID of the device on the blockchain by each device;
each device receives a verification statement VC issued by a manufacturer to which the device belongs, wherein the verification statement VC comprises at least one of factory information and use information of the device;
The first equipment sends a request for acquiring the distributed identity identifier DID of the second equipment to the second equipment;
the second device feeds back the distributed identity identifier DID, the verification statement VC and the random number signed by the private key to the first device;
the first equipment searches a corresponding DID document on the blockchain based on the received distributed identity identification DID, finds a public key PUB_B corresponding to the distributed identity identification DID of the second equipment, and performs signature verification on a private key signature of the second equipment through the public key PUB_B to verify the identity of the second equipment;
if the identity verification is passed, further verifying a verification statement VC of the second equipment, and confirming a manufacturer to which the second equipment belongs;
If the manufacturer to which the second device belongs is a preset manufacturer, the first device generates a temporary key KA, encrypts the KA by using a public key PUB_B of the second device to obtain C (KA), and sends the C (KA) to the second device together with a distributed identity DID of the first device and a random number signed by a private key;
The second device searches a corresponding DID document on the blockchain based on the received distributed identity identification DID, finds a public key PUB_A corresponding to the distributed identity identification DID of the first device, and performs signature verification on a private key signature of the first device through the public key PUB_A to verify the identity of the first device;
if the identity verification is passed, further verifying a verification statement VC of the first equipment, and confirming a manufacturer to which the first equipment belongs;
If the manufacturer to which the first device belongs is a preset manufacturer, the second device generates a temporary key KB, encrypts the KB by using the public key of the first device to obtain C (KB), and sends the C (KB) to the first device;
the first equipment receives C (KB) for decryption to obtain KB, the KA and the KB are exclusive-or to obtain a symmetric session key SessionKey, and the second equipment performs exclusive-or on the KA and the KB to obtain the SessionKey;
and finishing the mutual authentication and key negotiation of the first device and the second device.
In some embodiments, the method further comprises: the transmission of content between the first device and the second device uses a symmetric cryptographic algorithm to encrypt communications.
In some embodiments, one of the distributed identification DID corresponds to one DID document.
In some embodiments, as shown in fig. 3, the DID document includes at least one of a DID identifier, a public key, authentication, and a service. In some embodiments, the service includes a service type of the device advertisement corresponding to the distributed identity DID, where the service type includes an off-center avatar management service for further discovery, authentication, authorization, or interaction.
In some embodiments, as shown in fig. 4, the validation declaration VC (Verifiable Credential) contains VC metadata, declarations, and certificates. In some embodiments, the VC metadata includes vendor, date of release, type of statement. In some embodiments, the claim is one or more of a description of the subject, the claim comprising: device number, device type, date of manufacture, shelf life, device serial number. In some embodiments, the proof is a digital signature of the issuer.
Example 2
As shown in fig. 2, a process of defending against attack of a third party by a man-in-the-middle can be performed without CA and certificate, and the main process is as follows:
1. Industrial equipment A is equipment of manufacturer 1, industrial equipment B is equipment of manufacturer 2, and manufacturer 1 and manufacturer 2 register their DIDs in the chain
2. Firstly, a device A registers DID (including public key) on a chain, and a verifiable statement VC issued by a manufacturer 1 includes factory information, use information and the like of A, a device B also registers DID on the chain, and a verifiable statement VC issued by a manufacturer 2 includes factory information, use information and the like of B, then the devices A, B are respectively provided with identity marks of di_ A, DID _B
3. If device A and device B want to communicate, device A requests device B's DID from device B
4. Device B sends its own DID did_B, the issued VC, and the random number signed by the private key to device A
5. The equipment A searches the identity of the equipment B on the chain through the did_B, searches the corresponding DID document, finds the public key PUB_B in the identity B, and performs signature verification on the private key signature of the B through the public key PUB_B to verify the identity of the B. The identity verification proves that the identity of the equipment B is true, the VC of the equipment B is verified, and the equipment B is confirmed to belong to manufacturer 2.
6. If the verification is passed, device A generates a temporary key KA, encrypts KA with device B's public key PUB_B to obtain C (KA), and sends to device B along with device A's DID did_A and the private key signed random number.
7. The equipment B searches the identity of the equipment A through the did_A on the chain, searches the corresponding DID document, finds the public key PUB_A in the identity A, and if the public key PUB_A is matched, performs signature verification on the private key signature of the equipment A to verify the identity of the A. The identity verification proves that the identity of the equipment A is true, the VC of the equipment A is verified, and the equipment A is confirmed to belong to manufacturer 1.
8. If the verification is passed, device B generates a temporary key KB, encrypts KB with device A's public key to obtain C (KB), and sends C (KB) to device A.
9. The device A receives the C (KB) to decrypt and obtain the KB, the KA and the KB are exclusive-or to obtain a symmetric session key SessionKey, and the device B also carries out exclusive-or on the KA and the KB to obtain the SessionKey.
10. The mutual authentication and key negotiation between the devices A and B is completed, and the transmission content between the subsequent devices A and B is encrypted and communicated by using a symmetric cryptographic algorithm.
Specifically, each DID identifier in the present invention corresponds to a DID Document (DID Document), including a DID identifier, a public key, authentication, and services: the DID identifier is the DID of the device described by the DID document. Because of the globally unique nature of DIDs, there can be only one DID in a DID document. Public keys are used for digital signing and other cryptographic operations that are the basis for authentication and establishing secure communications with service endpoints. Authentication is to cryptographically prove that the DID Document is associated with the DID. The service may represent any type of service that the DID wishes to advertise, including an off-center avatar management service for further discovery, authentication, authorization, or interaction.
The verifiable claim VC in the present invention contains VC metadata, claims and certificates: VC metadata mainly contains information such as the issuer, date of issue, and type of statement. Statement, one or more instructions regarding the subject. The VC issued to the device by the manufacturer here will contain in declaration: information such as device number, device type, date of manufacture, shelf life, device serial number, etc. The digital signature of the issuer is proved, so that the VC can be verified, the VC content is prevented from being tampered, and the issuer of the VC is verified.
Meanwhile, the invention also discloses a device for establishing the safety link by using the distributed identity, wherein the device comprises a processor and a memory; the memory is configured to store instructions that, when executed by the processor, cause the apparatus to implement any of the methods for establishing a secure link using distributed identity.
Meanwhile, the invention also discloses a computer readable storage medium, wherein the storage medium stores computer instructions, and when the computer reads the computer instructions in the storage medium, the computer runs the method for establishing the secure link by using the distributed identity mark.
In summary, the technical scheme of the invention designs a decentralised and distributed device authentication mode in an industrial internet scene, and the authentication method can carry out identity authentication and key negotiation between devices across manufacturers without depending on CA and certificates. The present invention introduces a Distributed Identification (DID) technique. Through distributed identity identification (DID), the equipment has uniform identity no matter which platform the equipment belongs to, and the information of the equipment is governed by the equipment, and other platforms can be used after verification through signature verification, so that the safety of authentication negotiation is effectively ensured. Each DID identity corresponds to a DID Document (DID Document) that contains the following information: DID topics, public keys, authentication, authorization, service endpoints, and time stamps. In the general case, the DID identifier is used as a Key, the DID document is stored in the blockchain as a Value, and the characteristics that the blockchain is not tamperable and data access is shared are utilized to realize that the trusted data can be quickly accessed and acquired when the identity is verified. The invention provides a method for establishing an end-to-end safety link without participation of a third party on the basis of distributed identity identification, which can prevent the attack of a middleman so as to avoid information from being stolen and tampered.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention.

Claims (10)

1. A method for establishing a secure link using distributed identity, comprising:
Registering the distributed identity identification DID of the manufacturer on the blockchain by each manufacturer;
Registering a distributed identity identifier DID of the device on the blockchain by each device;
each device receives a verification statement VC issued by a manufacturer to which the device belongs, wherein the verification statement VC comprises at least one of factory information and use information of the device;
The first equipment sends a request for acquiring the distributed identity identifier DID of the second equipment to the second equipment;
the second device feeds back the distributed identity identifier DID, the verification statement VC and the random number signed by the private key to the first device;
the first equipment searches a corresponding DID document on the blockchain based on the received distributed identity identification DID, finds a public key PUB_B corresponding to the distributed identity identification DID of the second equipment, and performs signature verification on a private key signature of the second equipment through the public key PUB_B to verify the identity of the second equipment;
if the identity verification is passed, further verifying a verification statement VC of the second equipment, and confirming a manufacturer to which the second equipment belongs;
If the manufacturer to which the second device belongs is a preset manufacturer, the first device generates a temporary key KA, encrypts the KA by using a public key PUB_B of the second device to obtain C (KA), and sends the C (KA) to the second device together with a distributed identity DID of the first device and a random number signed by a private key;
The second device searches a corresponding DID document on the blockchain based on the received distributed identity identification DID, finds a public key PUB_A corresponding to the distributed identity identification DID of the first device, and performs signature verification on a private key signature of the first device through the public key PUB_A to verify the identity of the first device;
if the identity verification is passed, further verifying a verification statement VC of the first equipment, and confirming a manufacturer to which the first equipment belongs;
If the manufacturer to which the first device belongs is a preset manufacturer, the second device generates a temporary key KB, encrypts the KB by using the public key of the first device to obtain C (KB), and sends the C (KB) to the first device;
the first equipment receives C (KB) for decryption to obtain KB, the KA and the KB are exclusive-or to obtain a symmetric session key SessionKey, and the second equipment performs exclusive-or on the KA and the KB to obtain the SessionKey;
and finishing the mutual authentication and key negotiation of the first device and the second device.
2. The method for establishing a secure link using a distributed identity of claim 1, further comprising: the transmission of content between the first device and the second device uses a symmetric cryptographic algorithm to encrypt communications.
3. The method of claim 1, wherein one of the distributed identities DID corresponds to one of the DID documents.
4. A method of establishing a secure link using distributed identification as recited in claim 3, wherein the DID document includes at least one of a DID identifier, a public key, authentication, and a service.
5. The method of claim 4, wherein the service includes a service type of a device advertisement corresponding to the distributed identity DID, the service type including an off-center avatar management service for further discovery, authentication, authorization, or interaction.
6. A method of establishing a secure link using distributed identity according to claim 1, wherein said validation claim VC contains VC metadata, claims and certificates.
7. A method of establishing a secure link using a distributed identity as defined in claim 6, wherein the VC metadata comprises issuer, date of issue, type of statement.
8. The method for establishing a secure link using a distributed identity according to claim 6, wherein the claims are one or more specifications about the principal, and wherein the claims include: device number, device type, date of manufacture, shelf life, device serial number.
9. The method for establishing a secure link using a distributed identity of claim 6, wherein the certificate is a digital signature of an issuing vendor.
10. A computer readable storage medium storing computer instructions which, when read by a computer in the storage medium, perform a method of establishing a secure link using a distributed identity as claimed in any one of claims 1 to 9.
CN202111375918.0A 2021-11-19 2021-11-19 Method for establishing safety link by using distributed identity mark Active CN114091009B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111375918.0A CN114091009B (en) 2021-11-19 2021-11-19 Method for establishing safety link by using distributed identity mark

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111375918.0A CN114091009B (en) 2021-11-19 2021-11-19 Method for establishing safety link by using distributed identity mark

Publications (2)

Publication Number Publication Date
CN114091009A CN114091009A (en) 2022-02-25
CN114091009B true CN114091009B (en) 2024-07-23

Family

ID=80302242

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111375918.0A Active CN114091009B (en) 2021-11-19 2021-11-19 Method for establishing safety link by using distributed identity mark

Country Status (1)

Country Link
CN (1) CN114091009B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115102710B (en) * 2022-05-06 2024-08-27 广州运通数达科技有限公司 Internet of things equipment security access method and equipment for digital RMB consumption scene
CN115913771B (en) * 2022-12-20 2024-04-26 四川启睿克科技有限公司 Internet of things equipment cross-domain authentication method based on distributed digital identity
CN116232737A (en) * 2023-03-06 2023-06-06 中钞信用卡产业发展有限公司 Point-to-point distributed digital identity connection establishment method, device, equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107809311A (en) * 2017-09-30 2018-03-16 飞天诚信科技股份有限公司 The method and system that a kind of unsymmetrical key based on mark is signed and issued
CN109905380A (en) * 2019-02-15 2019-06-18 腾讯科技(深圳)有限公司 Node control method and related device in distributed system

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7426750B2 (en) * 2000-02-18 2008-09-16 Verimatrix, Inc. Network-based content distribution system
US11165862B2 (en) * 2017-10-24 2021-11-02 0Chain, LLC Systems and methods of blockchain platform for distributed applications
US11153069B2 (en) * 2018-02-27 2021-10-19 Bank Of America Corporation Data authentication using a blockchain approach
SG11202104293RA (en) * 2018-11-02 2021-05-28 Verona Holdings Sezc A tokenization platform
CN110069918B (en) * 2019-04-11 2020-12-04 苏州同济区块链研究院有限公司 Efficient double-factor cross-domain authentication method based on block chain technology
CN110768782B (en) * 2019-09-26 2022-11-15 如般量子科技有限公司 Anti-quantum computation RFID authentication method and system based on asymmetric key pool and IBS
CN112395356A (en) * 2020-11-13 2021-02-23 浙江数秦科技有限公司 Distributed identity authentication and verification method, equipment and storage medium
CN112732832B (en) * 2021-01-06 2024-02-13 上海泰砥科技有限公司 Block chain supply chain financial supply method and system based on DID and zero knowledge proof
CN112861157A (en) * 2021-03-01 2021-05-28 北京欧凯联创网络科技有限公司 Data sharing method based on decentralized identity and proxy re-encryption
CN113438088B (en) * 2021-06-28 2024-08-09 湖南天河国云科技有限公司 Social network credit monitoring method and device based on blockchain distributed identity

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107809311A (en) * 2017-09-30 2018-03-16 飞天诚信科技股份有限公司 The method and system that a kind of unsymmetrical key based on mark is signed and issued
CN109905380A (en) * 2019-02-15 2019-06-18 腾讯科技(深圳)有限公司 Node control method and related device in distributed system

Also Published As

Publication number Publication date
CN114091009A (en) 2022-02-25

Similar Documents

Publication Publication Date Title
CN108270571B (en) Blockchain-based Internet of Things identity authentication system and its method
CN112671798B (en) Service request method, device and system in Internet of vehicles
CN106878318B (en) Block chain real-time polling cloud system
CN1708942B (en) Secure implementation and utilization of device-specific security data
US8724819B2 (en) Credential provisioning
CN114091009B (en) Method for establishing safety link by using distributed identity mark
CN109687965B (en) A real-name authentication method for protecting user identity information in the network
US20060206433A1 (en) Secure and authenticated delivery of data from an automated meter reading system
JP2020530726A (en) NFC tag authentication to remote servers with applications that protect supply chain asset management
AU2003202511A1 (en) Methods for authenticating potential members invited to join a group
CN103312691A (en) Method and system for authenticating and accessing cloud platform
CN114036539A (en) Blockchain-based secure and auditable IoT data sharing system and method
CN115277168A (en) Method, device and system for accessing server
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
CN118199866A (en) Method for synchronously distributing quantum key and digital certificate and related equipment
CN112738761B (en) Automobile electronic identification and V2X authentication combination method
US20100223464A1 (en) Public key based device authentication system and method
CN111224784A (en) A Distributed Authentication and Authorization Method Based on Hardware Root of Trust Role Separation
CN115515127B (en) A privacy protection method for Internet of Vehicles communication based on blockchain
CN120474752A (en) Access security verification method for Internet of things equipment
CN113676330B (en) Digital certificate application system and method based on secondary secret key
CN113722749A (en) Data processing method and device for block chain BAAS service based on encryption algorithm
CN116318637A (en) Method and system for secure network access communication of equipment
CN114422266A (en) IDaaS system based on dual verification mechanism
KR19990038925A (en) Secure Two-Way Authentication Method in a Distributed Environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant