Processing

Please wait...

Settings

Settings

Goto Application

1. WO2021036183 - METHOD AND APPARATUS FOR CARRYING OUT SECURE MULTI-PARTY COMPUTATION BY MEANS OF CERTIFICATE ISSUING

Publication Number WO/2021/036183
Publication Date 04.03.2021
International Application No. PCT/CN2020/072112
International Filing Date 15.01.2020
IPC
H04L 9/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
06the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/08 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
08Key distribution
H04L 9/32 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system
CPC
H04L 9/0643
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
06the encryption apparatus using shift registers or memories for block-wise ; or stream; coding, e.g. DES systems ; or RC4; Hash functions; Pseudorandom sequence generators
0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
H04L 9/0825
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
08Key distribution ; or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
0825using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
H04L 9/083
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
08Key distribution ; or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
083involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
H04L 9/3265
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system ; or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
3263involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
3265using certificate chains, trees or paths; Hierarchical trust model
Applicants
  • 创新先进技术有限公司 ADVANCED NEW TECHNOLOGIES CO., LTD.
Inventors
  • 余超凡 YU, Chaofan
  • 王磊 WANG, Lei
  • 周爱辉 ZHOU, Aihui
  • 张宁 ZHANG, Ning
  • 田洪亮 TIAN, Hongliang
  • 肖俊贤 XIAO, Junxian
Agents
  • 北京博思佳知识产权代理有限公司 BEIJING BESTIPR INTELLECTUAL PROPERTY LAW CORPORATION
Priority Data
201910808822.529.08.2019CN
Publication Language Chinese (ZH)
Filing Language Chinese (ZH)
Designated States
Title
(EN) METHOD AND APPARATUS FOR CARRYING OUT SECURE MULTI-PARTY COMPUTATION BY MEANS OF CERTIFICATE ISSUING
(FR) PROCÉDÉ ET APPAREIL POUR EFFECTUER UN CALCUL SÉCURISÉ MULTI-PARTIE AU MOYEN DE L'ÉMISSION DE CERTIFICATS
(ZH) 通过证书签发进行多方安全计算的方法及装置
Abstract
(EN)
Provided in the embodiments of the present description are a method and apparatus for realizing secure multi-party computation by means of certificate distribution. According to the solution, task groups are formed by means of pre-configuration, and group identifiers are allocated. A trusted certificate generator generates a certificate chain and a private key for a group identifier, wherein the certificate chain comprises a root certificate and a corresponding public key certificate, and the public key certificate and a private key match, and constitute a certificate pair. Then, the trusted certificate generator distributes the root certificate and the certificate pair to all trusted computation units which have been authenticated and which operate respective computation tasks corresponding to the group identifier. In addition, the root certificate is also distributed to a user terminal requesting a computation service of the task group. Thus, secure multi-party communication can be carried out between the user terminal with the root certificate and the trusted computation units with the root certificate and the certificate pair by means of a TLS protocol.
(FR)
Les modes de réalisation de la présente invention concernent un procédé et un appareil pour effectuer un calcul sécurisé multi-partie au moyen d'une distribution de certificats. Selon la solution, des groupes de tâches sont formés au moyen d'une préconfiguration, et des identifiants de groupe sont attribués. Un générateur de certificats de confiance génère une chaîne de certificats et une clé privée pour un identifiant de groupe, la chaîne de certificats comprenant un certificat racine et un certificat de clé publique correspondant, le certificat de clé publique et la clé privée étant appariés et constituant une paire de certificats. Ensuite, le générateur de certificats de confiance distribue le certificat racine et la paire de certificats à toutes les unités de calcul de confiance ayant été authentifiées et qui effectuent des tâches de calcul respectives correspondant à l'identifiant de groupe. De plus, le certificat racine est également distribué à un terminal utilisateur demandant un service de calcul du groupe de tâches. Par conséquent, une communication multi-partie sécurisée peut être établie entre le terminal utilisateur doté du certificat racine et les unités de calcul de confiance dotées du certificat racine et de la paire de certificats, au moyen d'un protocole TLS.
(ZH)
本说明书实施例提供一种通过分发证书实现多方安全计算的方法和装置。根据该方案,预先配置形成任务分组,并分配组标识。可信证书生成器针对一个组标识生成一套证书链和一个私钥,其中证书链包括根证书和对应的公钥证书,公钥证书与私钥相匹配,构成证书对。然后,可信证书生成器将根证书和证书对分发给经过认证的、运行该组标识对应的各个计算任务的各个可信计算单元。另一方面,还将上述根证书分发给请求该任务分组的计算服务的用户终端。于是,具有根证书的用户终端、具有根证书和证书对的可信计算单元之间,可以通过TLS协议的方式,进行多方安全通信。
Also published as
Latest bibliographic data on file with the International Bureau