CN108322451B - Data processing method, data processing device, computer equipment and storage medium - Google Patents

Data processing method, data processing device, computer equipment and storage medium Download PDF

Info

Publication number
CN108322451B
CN108322451B CN201810030994.XA CN201810030994A CN108322451B CN 108322451 B CN108322451 B CN 108322451B CN 201810030994 A CN201810030994 A CN 201810030994A CN 108322451 B CN108322451 B CN 108322451B
Authority
CN
China
Prior art keywords
terminal
distributed system
data
key
temporary session
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810030994.XA
Other languages
Chinese (zh)
Other versions
CN108322451A (en
Inventor
张宇
宦鹏飞
谢丹力
王梦寒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Financial Technology Co Ltd Shanghai
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN201810030994.XA priority Critical patent/CN108322451B/en
Priority to PCT/CN2018/096760 priority patent/WO2019136959A1/en
Publication of CN108322451A publication Critical patent/CN108322451A/en
Application granted granted Critical
Publication of CN108322451B publication Critical patent/CN108322451B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/303Terminal profiles

Abstract

The present application relates to a data processing method, system, computer device and storage medium. The method comprises the steps that a first temporary session key is obtained through a pre-configured interface according to the exchange of a key exchange protocol and a distributed system; encrypting data to be written through a first temporary session key; and sending the encrypted data to be written to a distributed system through a pre-configured interface so that the distributed system decrypts the encrypted data to be written through a second temporary session key to obtain a first plaintext, wherein the second temporary session key corresponds to the first temporary session key. By adopting the method, the interface can be configured at the terminal in advance, the distributed system is not required to be provided with the entry node, the deployment cost is greatly saved, and the authorized terminal is provided with the interface, so that the data source in the distributed system is rich, the access is simpler and more convenient, the pressure of the access node of the distributed system is greatly relieved, and the related problem that one access node writes in data is avoided.

Description

Data processing method, data processing device, computer equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data processing method and apparatus, a computer device, and a storage medium.
Background
The distributed database is used in a way that multiple organizations write data into the database together. Typically, a node joining a distributed system will provide a read-write interface.
The data read-write of the existing distributed system is initiated and controlled by a mechanism which is in butt joint with the distributed system, in the process of one-time write operation, the butt joint mechanism initiates a request for storing data into the distributed system, the data can be written into the distributed system through a write-in interface provided by the distributed system and is synchronized to other nodes in the distributed system, and in the process of one-time read operation, an access mechanism reads the data from the distributed system through a read interface provided by the distributed system and uses the data.
Therefore, all data to be stored in the distributed system must be completed through the read-write interface provided by the distributed system, which causes problems of centralized authority and performance bottleneck. In addition, if this one read/write interface is in problem, there is a risk that data cannot be written onto the distributed system. When the amount of data to be written is large, there are problems of data writing delay, data loss, and the like.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a data processing method, an apparatus, a computer device, and a storage medium for transferring read/write permission to an authorized terminal.
A method of data processing, the method comprising:
exchanging with a distributed system through a pre-configured interface according to a key exchange protocol to obtain a first temporary session key;
encrypting data to be written through the first temporary session key;
sending the encrypted data to be written to the distributed system through a pre-configured interface, so that the distributed system decrypts the encrypted data to be written to obtain a first plaintext through a second temporary session key, wherein the second temporary session key corresponds to the first temporary session key.
In one embodiment, after the step of encrypting the data to be written by using the first temporary session key, the method further includes:
signing the encrypted data to be written through a pre-deployed terminal private key;
the step of sending the encrypted data to be written to the distributed system through a pre-configured interface so that the distributed system decrypts the encrypted data to be written to obtain a first plaintext through a second temporary session key includes:
and sending the encrypted and signed data to be written to a distributed system through a pre-configured interface, so that the distributed system decrypts the encrypted data to be written to obtain a first plaintext through a second temporary session key after successfully verifying the received data to be written through a terminal public key, wherein the terminal public key corresponds to the terminal private key.
In one embodiment, the method further comprises:
receiving data to be read which is returned by the distributed system and encrypted through a second temporary session key through a pre-configured interface;
and decrypting the encrypted data to be read by the first temporary session key to obtain a second plaintext.
In one embodiment, the step of receiving, through a pre-configured interface, data to be read, which is returned by the distributed system and encrypted by the second temporary session key, includes:
receiving data to be read returned by the distributed system through a pre-configured interface, wherein the data to be read is signed and encrypted through the terminal public key and the second temporary session key;
before the step of decrypting the encrypted data to be read by the first temporary session key to obtain a second plaintext, the method further includes:
and checking the signed data to be read through the terminal public key by using the terminal private key to obtain the encrypted data to be read.
In one embodiment, the method further comprises:
sending a registration request to a distributed system, wherein the registration request carries a registration type and a terminal identifier;
receiving a configuration file generated by the distributed system according to the terminal identification and the registration type;
and configuring according to the configuration file.
In one embodiment, the method further comprises:
acquiring terminal information, and generating a terminal public key and a terminal private key corresponding to the terminal public key according to the terminal information;
sending the terminal public key to a distributed system;
the step of receiving the configuration file generated by the distributed system according to the terminal identifier and the registration type includes:
and after the distributed system successfully signs the terminal public key through a certificate authority, receiving a configuration file generated by the distributed system according to the terminal identification and the registration type.
In one embodiment, the method further comprises:
acquiring terminal information and sending the terminal information to a distributed system;
and receiving a terminal private key and a terminal public key which are returned by the distributed system and correspond to the terminal information, wherein the terminal private key and the terminal public key are generated by the distributed system through a certificate authority according to the terminal information.
A data processing apparatus, the apparatus comprising:
the key acquisition module is used for exchanging with a distributed system through a pre-configured interface according to a key exchange protocol to acquire a first temporary session key;
the encryption module is used for encrypting the data to be written through the first temporary session key;
the writing module is configured to send the encrypted data to be written to the distributed system through a preconfigured interface, so that the distributed system decrypts the encrypted data to be written through a second temporary session key to obtain a first plaintext, where the second temporary session key corresponds to the first temporary session key.
A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of any of the methods described above when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any of the above.
According to the data processing method, the data processing device, the computer equipment and the storage medium, the interface is configured in the authorization center in advance, the interface is not used for an entry node deployed in the distributed system, the deployment cost is greatly saved, the data sources in the distributed system can be rich by configuring the interface for the terminal, the access is simpler and more convenient, the pressure of the access node of the distributed system is greatly relieved, and the related problem that one access node writes data is avoided.
Drawings
FIG. 1 is a diagram of an exemplary implementation of a data processing method;
FIG. 2 is a flow diagram illustrating a data processing method according to one embodiment;
FIG. 3 is a flow diagram of pre-configuration steps in one embodiment;
FIG. 4 is a timing diagram of a data processing method in one embodiment;
FIG. 5 is a block diagram showing the structure of a data processing apparatus according to an embodiment;
FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The data processing method provided by the application can be applied to the application environment shown in fig. 1. The terminal is connected with the distributed system through a network. The distributed system configures the terminal in advance, and transfers the read-write permission originally deployed at the read-write node of the distributed system to the terminal, so that the data to be written can be uploaded to any node of the distributed system through the terminal, for example, the terminal can be configured through a configuration file, the configuration file can be an integrated SDK (Software Development Kit), a security module is formed at the terminal by configuring an interface of the terminal, and the security module obtains the access permission of the distributed system, the key management of encryption and decryption, the management of a terminal private key, the management of an authorization certificate and the like. The terminal exchanges with the distributed system through the security module according to the key exchange protocol to obtain a first temporary session key, and encrypts data to be written through the first temporary session key; sending the encrypted data to be written to the distributed system through a pre-configured interface to realize the writing of the data, wherein the reading of the same data can be realized by sending a data reading request to the distributed system through the security module and then receiving the data to be read which is returned by the distributed system and encrypted through a second temporary session key through the pre-configured interface; and decrypting the encrypted data to be read by the first temporary session key to obtain a second plaintext. The terminal 102 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices.
In one embodiment, as shown in fig. 2, a data processing method is provided, which is described by taking the application of the method to the terminal in fig. 1 as an example, and includes the following steps:
s202: a first temporary session key is obtained by exchanging with the distributed system according to a key exchange protocol through a pre-configured interface.
The distributed system may be a block chain or other distributed system, and is not limited herein.
Specifically, the pre-configured interface is obtained by registering the terminal with the distributed system, for example, the terminal sends a registration request to the distributed system, the distributed system determines whether the terminal is a secure terminal, and if the terminal is a secure terminal, the terminal may be authorized, for example, a corresponding configuration file is sent to configure a target interface of the terminal. The read-write permission originally deployed at the read-write nodes of the distributed system is transferred to the terminal through pre-configuration, so that the data to be uploaded can be uploaded to any node of the distributed system after being processed by the terminal, and the distributed system does not need to deploy a large number of read-write nodes any more, so that the cost can be greatly reduced. The deployment process may exist in a form of forming a security module at the terminal, for example, after downloading the configured SDK to the terminal for loading and running, the SDK uniformly manages an interface interacting with the distributed system.
The first temporary session key may be different temporary session keys used for different types of data as needed, for example, the temporary session keys for data interaction between the terminal and the distributed system each time may be different, so that even if a lawbreaker acquires the temporary session key, the key for the next data interaction cannot be predicted, and thus the plaintext of the data cannot be acquired.
Specifically, the terminals and the authorized terminals may store shared curve parameters, for example, the first terminal stores a first shared curve parameter, the second terminal stores a second shared curve parameter, and the distributed system stores all shared curve parameters, each shared curve parameter including an elliptic curve E, an order N and a base point G. The obtaining of the first temporary session key by exchanging with the distributed system according to the key exchange protocol through the preconfigured interface may specifically include: sending a key exchange request to the distributed system through a pre-configured interface; receiving a first key code returned by the distributed system according to the key exchange request; generating a first temporary session key according to the first key; the second temporary session key is generated by the terminal as a second random number, a second key is generated according to the second random number, the second key is sent to the distributed system, and the distributed system generates the second temporary session key according to the second key and the first random number generated by the distributed system.
The generation process of the first temporary session key and the second temporary session key is explained in detail below: a terminal sends a key exchange request to a distributed system, wherein the request carries a terminal identifier which can uniquely determine the terminal and generate a second random number; when a distributed system receives a key exchange request sent by a terminal, acquiring a base point G corresponding to the terminal and generating a first random number a, generating a first key A (a G) by the distributed system according to the base point G and the first random number, and sending the generated first key to the terminal; the terminal generates a second key B ═ B × G according to a base point G and a second random number stored in the terminal, and sends the second key to the distributed system; the distributed system calculates a second temporary session key Q ═ a ═ B according to the second key and the first random number, the terminal calculates a first temporary session key Q ═ B ═ a according to the first key and the second random number, and the process is Q ═ a ═ B ═ G ═ Q' according to the switching law and the bonding law. Where the delivery of a may be public, i.e. an attacker may acquire a. Since the discrete logarithm problem of elliptic curves is a difficult problem, an attacker cannot calculate a through A, G. Therefore, the two exchange parties can negotiate out a secret key under the condition of not sharing any secret, and the safety of data to be written can be ensured.
S204: and encrypting the data to be written by the first temporary session key.
Specifically, after the terminal and the distributed system calculate the temporary session key, the terminal may encrypt the data to be written by using the first temporary session key, so as to ensure the security of the data to be written, and further, in order to enable the distributed system to know which terminal sends the data to be written, the terminal identifier and the encrypted data to be written may be sent to the distributed system together, and the terminal identifier may uniquely determine the terminal, which may be an MAC address of the terminal, and the like.
S206: and sending the encrypted data to be written to a distributed system through a pre-configured interface so that the distributed system decrypts the encrypted data to be written through a second temporary session key to obtain a first plaintext, wherein the second temporary session key corresponds to the first temporary session key.
Specifically, after the data is successfully encrypted, the encrypted data to be written is sent to the distributed system through a pre-configured interface, the distributed system can obtain the second temporary session key obtained through calculation after receiving the encrypted data to be written, and the encrypted data to be written is decrypted through the second temporary session key to obtain a data plaintext. Preferably, when a plurality of terminals send data to be written to the distributed system at the same time, the distributed system first obtains the calculated second temporary session key according to the terminal identifier of the terminal, for example, when the distributed system calculates the second temporary session key, the distributed system first stores the second temporary session key in association with the corresponding terminal identifier, so that the distributed system can obtain the calculated second temporary session key according to the terminal identifier, and then decrypts the encrypted data to be uploaded according to the second temporary session key to obtain the first plaintext.
After the distributed system acquires the first plaintext, the data can be encrypted and stored according to a data encryption mode on the distributed system so as to ensure the security of the data on the distributed system.
According to the data processing method, the interface is configured in the authorization center in advance, the interface is not needed to be configured in an entry node deployed in the distributed system, the deployment cost is greatly saved, the data in the distributed system can be abundant in source and is more simple and convenient to access through configuring the interface for the authorization terminal, the pressure of the access node of the distributed system is greatly relieved, and the problem that one access node writes data is solved.
In one embodiment, after the step of encrypting the data to be written by using the first temporary session key, that is, after step S204, signing the encrypted data to be written by using a pre-deployed terminal private key; therefore, the encrypted data to be written is sent to the distributed system through the preconfigured interface, so that the distributed system decrypts the encrypted data to be written through the second temporary session key to obtain the first plaintext, that is, step S206 may include: and sending the encrypted and signed data to be written to a distributed system through a pre-configured interface, so that the distributed system decrypts the encrypted data to be written to obtain a first plaintext through a second temporary session key after successfully verifying the received data to be written through a terminal public key, wherein the terminal public key corresponds to a terminal private key.
Specifically, in order to further ensure the security of data transmission between the terminal and the distributed system, a terminal public and private key may be deployed in advance, that is, data sent to the distributed system by the terminal is signed by the terminal private key, so that the signature can be verified by the corresponding terminal public key at the distributed system, and the security of data transmission is further ensured.
The pre-deployed terminal public and private key can be generated by a terminal, namely when the terminal is registered, the public key generated by the terminal is submitted to a distributed system, then the terminal public key is signed by the distributed system through a certificate authority of the distributed system and stored in the distributed system, and an authorization certificate is returned to the terminal to indicate that the terminal is successfully registered; in another embodiment, the public-private key of the terminal may be generated in a distributed system, that is, the distributed system generates the public-private key of the terminal according to the terminal information, and then returns the terminal private key to the terminal, and in order to ensure the security of the terminal private key, the process may be performed through a line.
Specifically, after the data to be written is encrypted by the terminal through the first temporary session key, the encrypted data to be written can be signed through the terminal private key deployed in advance, so that the encrypted and signed data to be written and the terminal identification are sent to the distributed system, after the distributed system receives the data, the terminal public key can be obtained according to the terminal identification, the encrypted and signed data to be written is checked through the terminal public key, the encrypted data to be written is decrypted through the second temporary session key only after the check and the sign are successful, a first plaintext is obtained, otherwise, the data to be written which is not successfully checked is deleted directly, and the data uploaded to the distributed system are guaranteed to be safe data. The step of obtaining the terminal public key may be to sign the distributed system through a certificate of the distributed system, so that the signed terminal public key may be checked and signed through a private key corresponding to the certificate of the distributed system to obtain the terminal public key. Preferably, different session keys may be used for encryption and digital signing, one for each purpose-one key. In order to ensure the reliability of the data, the data can be signed through a double-layer signature, for example, after the terminal signs through the terminal private key, the terminal signs through the distributed system public key, so that after the distributed system receives the data, firstly, the signature is checked through the private key corresponding to the distributed system public key, after the signature is checked successfully, the signature is checked through the terminal public key, and finally, the signature is decrypted through the second temporary session key, so that the security of the data is further ensured.
In the above embodiment, the distributed system performs signature verification on the data uploaded by the terminal, confirms the authorization authority of the terminal, and ensures that the data is actually uploaded by the terminal and is not tampered; thereby ensuring data validity and authenticity over the distributed system. By the scheme, the safety problem of uploading data in a system with multiple terminals accessed to the distributed system is effectively solved, and after the authorized reader of the data acquires the data, the certificate of a certain authorized terminal can be acquired on the distributed system to verify the authenticity of the acquired data, so that the trust problem of an authorization mechanism is solved.
In one embodiment, the data processing method may further include a data reading step, where the data reading step may include receiving, through a pre-configured interface, data to be read that is returned by the distributed system and encrypted by the second temporary session key; and decrypting the encrypted data to be read by the first temporary session key to obtain a second plaintext.
Specifically, the foregoing embodiment mainly relates to uploading data to be uploaded of a terminal to a distributed system, and this embodiment mainly relates to the terminal reading the data to be read from the distributed system, where the terminal may first send a data reading request to the distributed system, where the data reading request carries a terminal identifier, and then the distributed system performs key exchange with the terminal according to a key exchange protocol to obtain a second temporary session key and a first temporary session key, and a specific obtaining manner of the first temporary session key and the second temporary session key may be referred to above, which is not described herein again. The distributed system encrypts the data to be read through the acquired second temporary session key and sends the encrypted data to be read to the corresponding terminal, so that the terminal can decrypt the data to be read through the first temporary session key corresponding to the second temporary session key to obtain a second plaintext, and the second plaintext can be processed.
In the embodiment, the interface is configured in the authorization center in advance, the interface is not used for the entry node deployed in the distributed system, so that the deployment cost is greatly saved, the interface is configured for the authorization terminal, the data sources in the distributed system are rich, the access is simpler and more convenient, the pressure of the access nodes of the distributed system is greatly relieved, and the related problem that one access node writes data is avoided. Meanwhile, each terminal adopts a unique identifier for the same data, so that the repetition of the linked data is avoided. The access of multi-party channels is realized, and thus the function of data sharing is realized. Moreover, each entrance is independent, and the downtime of one entrance does not influence the work of other entrances.
In one embodiment, the step of receiving, through a preconfigured interface, data to be read, which is returned by the distributed system and encrypted by the second temporary session key, may include: and receiving the data to be read returned by the distributed system through a pre-configured interface, wherein the data to be read is signed and encrypted through the terminal public key and the second temporary session key. Therefore, before the step of decrypting the encrypted data to be read by the first temporary session key to obtain the second plaintext, the method may further include: and checking the signed data to be read through the terminal public key by using the terminal private key to obtain the encrypted data to be read.
Specifically, the public key and the private key of the terminal can be configured in the pre-configuration stage, and the public key of the terminal is stored in the distributed system, so that when the terminal reads data from the distributed system, the distributed system can encrypt the data to be read through the second temporary session key first, and then sign the data to be read through the terminal public key to further ensure the security of the data to be read. When the terminal receives the data to be read, the terminal private key is firstly obtained, the encrypted and signed data to be read is checked, and after the check is successful, the data to be read is decrypted through the first temporary session key to obtain a second plaintext, so that other processing is performed on the second plaintext. Wherein different session keys can be used for encryption and digital signature, one for each key. And in order to guarantee the reliability of the data, the double-layer signature can be used, for example, after the distributed system carries out signature addition through the terminal public key, the distributed system private key can carry out signature addition, so that after the terminal receives the data, firstly, the signature is tested through the distributed system public key, after the signature test is successful, the signature is tested through the terminal private key, and finally, the first temporary session key is used for decryption, so that the safety of the data is further guaranteed.
In this embodiment, the accessed terminal may not need to deploy an entry node of the distributed system, which greatly saves deployment cost, and may provide differentiated interface configuration for the characteristics of different terminals, so that the access mode is richer. By adopting the system, the data sources in the distributed system are rich, the access is simpler and more convenient, and the pressure of the distributed system for accessing the server is greatly relieved. The problems associated with writing data from one access port are avoided. Meanwhile, each organization and each enterprise adopt unique identification for the same data, and the repetition of the linked data is avoided. The access of multi-party channels is realized, and thus the function of data sharing is realized. Moreover, each entrance is independent, and the downtime of one entrance does not influence the work of other entrances.
In one embodiment, the data processing method may further include a pre-configuration step, where the pre-configuration step is to transfer the read-write permission originally deployed at the read-write node of the distributed system to the terminal, so that the data may be directly uploaded to the distributed system after being processed by the terminal, and the terminal may directly obtain the data from the distributed system, and the accessed terminal may not deploy an entry node of the distributed system, thereby greatly saving the deployment cost.
Referring to fig. 3, fig. 3 is a flow chart of a pre-configuration step in an embodiment, the pre-configuration step may include:
s302: and sending a registration request to the distributed system, wherein the registration request carries the registration type and the terminal identification.
Specifically, when a terminal wants to directly perform data exchange with a distributed system, authorization of the distributed system needs to be acquired, so that the terminal sends a registration request to the distributed system, the registration request carries a terminal identifier to uniquely represent the terminal, the registration type is that some terminals are data storage type terminals, some terminals are accounting type terminals, configuration files of different terminals are different, differential interface configuration can be provided according to the characteristics of different authorized terminals, and access modes are richer.
When the registration request of the terminal is received, the distributed system may first determine the terminal according to the terminal identifier, and then determine whether the terminal is a secure terminal, for example, the identifier of the secure terminal may be pre-stored in the distributed system.
S304: and receiving a configuration file generated by the distributed system according to the terminal identification and the registration type.
Specifically, the step of obtaining the corresponding configuration file according to the terminal identifier and the registration type may include obtaining the corresponding configuration file according to the registration type in the registration request, and filling the relevant information of the terminal in the configuration file, such as the terminal identifier. Specifically, the registration type can comprise a data storage type, an accounting type and the like, and for the data storage type, the initialized interfaces in the configuration file comprise interfaces for data encryption, decryption, data ID confusion, distributed system database query and the like; the accounting type needs to provide interfaces related to account book accounting, such as homomorphic encryption, ring signature and the like. After the distributed system generates the corresponding configuration file, the configuration file can be sent to the corresponding terminal, and in order to ensure the security of the configuration file, prevent the configuration file from being obtained by illegal molecules in online transmission, the configuration file can be sent to the corresponding terminal in a manner of offline transmission.
S306: and carrying out configuration according to the configuration file.
Specifically, after the terminal acquires the configuration file, the terminal is configured according to the content in the configuration file. The configuration file not only authorizes the access authority of the terminal, but also comprises other functions, such as encryption and decryption, private key/certificate management and the like, and is equivalent to a written SDK module which is loaded and operated locally after being downloaded by the terminal, and the authorized terminal is equivalent to calling the SDK and uniformly accessing to a read-write node of a distributed system by the SDK.
In the embodiment, the read-write permission originally deployed at the read-write node of the distributed system is transferred to the terminal, so that the data can be directly uploaded to the distributed system after being processed by the terminal, the terminal can directly acquire the data from the distributed system, the accessed terminal does not need to deploy the entry node of the distributed system, and the deployment cost is greatly saved.
In one embodiment, the pre-configuring step may further include a terminal public and private key generating step, where the step may include two implementation manners, one is that a public and private key pair is generated by the terminal, the terminal submits to a certificate authority of the distributed system when registering, the certificate authority signs the terminal public key, and stores the signed terminal public key and the terminal identifier in association with each other on the distributed system, so that the distributed system can verify the signature through the terminal public key when receiving the data signed by the terminal private key. In another mode, the terminal submits the terminal information to the distributed system, the distributed system generates a public and private key of the terminal according to the terminal information, and returns the generated terminal private key to the terminal, and optionally returns the terminal private key to the terminal through a offline mode, so as to ensure the security of the terminal private key.
The following two ways are described in detail: the first mode can include that the terminal acquires terminal information, and generates a terminal public key and a terminal private key corresponding to the terminal public key according to the terminal information; and sending the terminal public key to the distributed system. The terminal information can include terminal identification, user information, such as an account number and a password, and a public and private key of the terminal can be generated through an open source tool according to the terminal information, or the terminal information is sent to an authoritative certificate authority, the authoritative certificate authority generates a terminal public and private key according to the terminal information and sends the terminal public and private key to the terminal, and the terminal uploads the generated terminal public key to a distributed system, so that the distributed system can check the signature through the terminal public key when receiving data signed through the terminal private key. Specifically, the step of receiving the configuration file generated by the distributed system according to the terminal identifier and the registration type includes: and after the distributed system successfully signs the terminal public key through the certificate authority, receiving a configuration file generated by the distributed system according to the terminal identification and the registration type. When the distributed system receives the terminal public key uploaded by the terminal, the terminal public key is signed through a certificate authority center on the distributed system to be stored on the distributed system, the terminal public key is prevented from being acquired by other illegal molecules, and after the storage is completed, an authorization certificate, namely a configuration file generated according to the terminal identification and the registration type, is issued to the terminal.
The second way may be that the terminal acquires terminal information, and sends the terminal information to the distributed system, and the distributed system generates a public and private key of the corresponding terminal according to the terminal information, where the terminal information may include a terminal identifier and user information, such as an account number and a password, and the distributed system generates a terminal public and private key according to the terminal information through a certificate authority of the distributed system, and sends the terminal private key to the terminal for storage, and the terminal public key is stored in the distributed system in association with the terminal identifier, so that the distributed system can check the signature through the terminal public key when receiving data signed by the terminal private key. And receiving a terminal private key and a terminal public key which are returned by the distributed system and correspond to the terminal information, wherein the terminal private key and the terminal public key are generated by the distributed system through a certificate authority according to the terminal information.
In the above embodiment, the pre-configuring step may further generate a terminal public and private key, so that when the terminal and the distributed system perform data transmission, not only the temporary session key is used for encryption, but also the terminal public and private key is used for signing, thereby further improving the security of data.
Referring to fig. 4, fig. 4 is a timing diagram of a data processing method in an embodiment, in which a terminal uploads data to a distributed system, and a public and private key of the terminal is generated by the terminal, in which the distributed system is a block chain.
The terminal first acquires terminal information and then generates a terminal public key and a terminal private key according to the terminal information; secondly, the terminal sends a registration request to the block chain, wherein the registration request carries a registration type, a terminal identifier and generated terminal public key information; thirdly, after the block link receives the registration request, the terminal public key is signed through a certificate authority of the block chain and stored in the block chain, and a corresponding configuration file is generated according to the registration type and the terminal identification; fourthly, the block chain issues the configuration file to the terminal, and the step can be carried out in a offline mode; fifthly, the terminal configures the terminal according to the configuration file, for example, a corresponding security module is formed; sixthly, after the configuration is completed, the terminal can acquire the authorization certificate from the block chain, namely, the data can be encrypted to ensure the data security; seventhly, the terminal exchanges with the block chain through the security module according to the key exchange protocol to obtain a temporary session key; eighthly, encrypting the data to be uploaded through the temporary session key, and signing the data through a terminal private key; ninth, the terminal sends the encrypted and signed data to the block chain through the security module; tenth, after receiving the encrypted and signed data, the blockchain may obtain a terminal public key according to the terminal identifier, check and sign the encrypted and signed data through the terminal public key, decrypt the encrypted data through a temporary session key obtained through key exchange after the sign check is successful to obtain a plaintext, and after obtaining the plaintext, encrypt the data through a public and private key on the blockchain as needed and store the encrypted data on the blockchain to ensure the security of the data on the blockchain.
According to the data processing method, the interface is configured in the authorization center in advance, the access node configured in the block chain is not needed, the deployment cost is greatly saved, the data sources in the block chain can be rich by configuring the interface for the authorization terminal, the access is simpler and more convenient, the pressure of the block chain access node is greatly relieved, and the related problem that one access node writes data is avoided.
It should be understood that although the various steps in the flow charts of fig. 2-4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-4 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 5, a data processing apparatus is provided, which includes a key obtaining module 100, an encryption module 200, and a writing module 300, wherein:
and the key obtaining module 100 is configured to exchange with the distributed system according to a key exchange protocol through a preconfigured interface to obtain the first temporary session key.
And an encryption module 200, configured to encrypt the data to be written by using the first temporary session key.
The writing module 300 is configured to send the encrypted data to be written to the distributed system through a preconfigured interface, so that the distributed system decrypts the encrypted data to be written through a second temporary session key to obtain a first plaintext, where the second temporary session key corresponds to the first temporary session key.
In one embodiment, the apparatus may further include:
and the signature module is used for signing the encrypted data to be written through a pre-deployed terminal private key after the data to be written is encrypted through the first temporary session key.
The writing module 300 is further configured to send the encrypted and signed data to be written to the distributed system through a preconfigured interface, so that the distributed system decrypts the encrypted data to be written to by using the second temporary session key after successfully verifying the signature of the received data to be written by using the terminal public key to obtain a first plaintext, where the terminal public key corresponds to the terminal private key.
In one embodiment, the apparatus may further include:
and the reading module is used for receiving the data to be read which is returned by the distributed system and encrypted by the second temporary session key through a pre-configured interface.
And the decryption module is used for decrypting the encrypted data to be read through the first temporary session key to obtain a second plaintext.
In one embodiment, the reading module is further configured to receive, through a preconfigured interface, data to be read that is returned by the distributed system and signed and encrypted through the terminal public key and the second temporary session key.
The device can further comprise a signature verification module which is used for verifying the signature of the data to be read which is signed by the terminal public key through the terminal private key to obtain the encrypted data to be read before the encrypted data to be read is decrypted through the first temporary session key to obtain the second plaintext.
In one embodiment, the apparatus may further include:
and the sending module is used for sending a registration request to the distributed system, wherein the registration request carries the registration type and the terminal identification.
And the receiving module is used for receiving the configuration file generated by the distributed system according to the terminal identification and the registration type.
And the configuration module is used for configuring according to the configuration file.
In one embodiment, the apparatus may further include:
and the first public and private key generation module is used for acquiring the terminal information and generating a terminal public key and a terminal private key corresponding to the terminal public key according to the terminal information.
The sending module is further configured to send the terminal public key to the distributed system.
The receiving module is further used for receiving the configuration file generated by the distributed system according to the terminal identification and the registration type after the distributed system successfully signs the terminal public key through the certificate authority.
In one embodiment, the sending module may be further configured to obtain the terminal information and send the terminal information to the distributed system.
The receiving module is further used for receiving a terminal private key and a terminal public key which are returned by the distributed system and correspond to the terminal information, and the terminal private key and the terminal public key are generated by the distributed system through the certificate authority according to the terminal information.
For specific limitations of the data processing apparatus, reference may be made to the above limitations of the data processing method, which are not described herein again. The various modules in the data processing apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 6. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a data processing method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program: exchanging with a distributed system through a pre-configured interface according to a key exchange protocol to obtain a first temporary session key; encrypting data to be written through a first temporary session key; and sending the encrypted data to be written to a distributed system through a pre-configured interface so that the distributed system decrypts the encrypted data to be written through a second temporary session key to obtain a first plaintext, wherein the second temporary session key corresponds to the first temporary session key.
In one embodiment, after the step of encrypting the data to be written by the first temporary session key, which is implemented when the processor executes the computer program, the method may further include: signing the encrypted data to be written through a pre-deployed terminal private key; the step of sending the encrypted data to be written to the distributed system through a pre-configured interface, which is implemented when the processor executes the computer program, so that the distributed system decrypts the encrypted data to be written to obtain the first plaintext through the second temporary session key may include: and sending the encrypted and signed data to be written to a distributed system through a pre-configured interface, so that the distributed system decrypts the encrypted data to be written to obtain a first plaintext through a second temporary session key after successfully verifying the received data to be written through a terminal public key, wherein the terminal public key corresponds to a terminal private key.
In one embodiment, the processor, when executing the computer program, further performs the steps of: receiving data to be read which is returned by the distributed system and encrypted through a second temporary session key through a pre-configured interface; and decrypting the encrypted data to be read by the first temporary session key to obtain a second plaintext.
In one embodiment, the step of receiving, by the processor when executing the computer program, the data to be read, which is returned by the distributed system and encrypted by the second temporary session key, through the pre-configured interface may include: receiving data to be read returned by the distributed system through a pre-configured interface, wherein the data to be read is signed and encrypted through the terminal public key and the second temporary session key; before the step of decrypting the encrypted data to be read by the first temporary session key to obtain the second plaintext, which is implemented when the processor executes the computer program, the method may further include: and checking the signed data to be read through the terminal public key by using the terminal private key to obtain the encrypted data to be read.
In one embodiment, the processor, when executing the computer program, further performs the steps of: sending a registration request to a distributed system, wherein the registration request carries a registration type and a terminal identifier; receiving a configuration file generated by a distributed system according to a terminal identifier and a registration type; and carrying out configuration according to the configuration file.
In one embodiment, the processor, when executing the computer program, further performs the steps of: acquiring terminal information, and generating a terminal public key and a terminal private key corresponding to the terminal public key according to the terminal information; sending the terminal public key to a distributed system; the step of receiving the configuration file generated by the distributed system according to the terminal identifier and the registration type when the processor executes the computer program may include: and after the distributed system successfully signs the terminal public key through the certificate authority, receiving a configuration file generated by the distributed system according to the terminal identification and the registration type.
In one embodiment, the processor, when executing the computer program, further performs the steps of: acquiring terminal information and sending the terminal information to a distributed system; and receiving a terminal private key and a terminal public key which are returned by the distributed system and correspond to the terminal information, wherein the terminal private key and the terminal public key are generated by the distributed system through a certificate authority according to the terminal information.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: exchanging with a distributed system through a pre-configured interface according to a key exchange protocol to obtain a first temporary session key; encrypting data to be written through a first temporary session key; and sending the encrypted data to be written to a distributed system through a pre-configured interface so that the distributed system decrypts the encrypted data to be written through a second temporary session key to obtain a first plaintext, wherein the second temporary session key corresponds to the first temporary session key.
In one embodiment, after the step of encrypting the data to be written by the first temporary session key, which is implemented when the computer program is executed by the processor, the method may further include: signing the encrypted data to be written through a pre-deployed terminal private key; the step of sending the encrypted data to be written to the distributed system through a preconfigured interface when the computer program is executed by the processor, so that the distributed system decrypts the encrypted data to be written to obtain the first plaintext through the second temporary session key may include: and sending the encrypted and signed data to be written to a distributed system through a pre-configured interface, so that the distributed system decrypts the encrypted data to be written to obtain a first plaintext through a second temporary session key after successfully verifying the received data to be written through a terminal public key, wherein the terminal public key corresponds to a terminal private key.
In one embodiment, the computer program when executed by the processor further performs the steps of: receiving data to be read which is returned by the distributed system and encrypted through a second temporary session key through a pre-configured interface; and decrypting the encrypted data to be read by the first temporary session key to obtain a second plaintext.
In one embodiment, the step of receiving, by the processor, the data to be read encrypted by the second temporary session key returned by the distributed system through the pre-configured interface may include: receiving data to be read returned by the distributed system through a pre-configured interface, wherein the data to be read is signed and encrypted through the terminal public key and the second temporary session key; before the step of decrypting the encrypted data to be read by the first temporary session key to obtain the second plaintext, when the computer program is executed by the processor, the method may further include: and checking the signed data to be read through the terminal public key by using the terminal private key to obtain the encrypted data to be read.
In one embodiment, the computer program when executed by the processor further performs the steps of: sending a registration request to a distributed system, wherein the registration request carries a registration type and a terminal identifier; receiving a configuration file generated by a distributed system according to a terminal identifier and a registration type; and carrying out configuration according to the configuration file.
In one embodiment, the computer program when executed by the processor further performs the steps of: acquiring terminal information, and generating a terminal public key and a terminal private key corresponding to the terminal public key according to the terminal information; sending the terminal public key to a distributed system; the step of receiving a configuration file generated by the distributed system according to the terminal identifier and the registration type, which is implemented when the computer program is executed by the processor, may include: and after the distributed system successfully signs the terminal public key through the certificate authority, receiving a configuration file generated by the distributed system according to the terminal identification and the registration type.
In one embodiment, the computer program when executed by the processor further performs the steps of: acquiring terminal information and sending the terminal information to a distributed system; and receiving a terminal private key and a terminal public key which are returned by the distributed system and correspond to the terminal information, wherein the terminal private key and the terminal public key are generated by the distributed system through a certificate authority according to the terminal information.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method of data processing, the method comprising:
sending a registration request to a distributed system, wherein the registration request carries a registration type and a terminal identifier, the registration type comprises a storage type and an accounting type, and configuration files corresponding to different registration types are different;
receiving a configuration file generated by the distributed system according to the terminal identifier and the registration type in a manner of offline transmission, wherein the generation process of the configuration file comprises the following steps: the distributed system determines a corresponding terminal according to a terminal identifier, judges whether the terminal is a safe terminal or not, and acquires a configuration file corresponding to the registration type when the terminal is the safe terminal, and fills relevant information of the terminal into the acquired configuration file, wherein the configuration file comprises access authority configuration, encryption and decryption function configuration and private key/certificate management configuration of the terminal;
configuring according to the configuration file, and configuring an interface of the terminal to form a security module at the terminal, wherein the security module obtains access authority of a distributed system, encryption and decryption key management, terminal private key management and authorization certificate management;
exchanging with a distributed system through a pre-configured interface according to a key exchange protocol to obtain a first temporary session key;
encrypting data to be written through the first temporary session key;
sending the encrypted data to be written to the distributed system through a pre-configured interface, so that the distributed system decrypts the encrypted data to be written to obtain a first plaintext through a second temporary session key, wherein the second temporary session key corresponds to the first temporary session key.
2. The method according to claim 1, wherein after the step of encrypting the data to be written by the first temporary session key, further comprising:
signing the encrypted data to be written through a pre-deployed terminal private key;
the step of sending the encrypted data to be written to the distributed system through a pre-configured interface so that the distributed system decrypts the encrypted data to be written to obtain a first plaintext through a second temporary session key includes:
and sending the encrypted and signed data to be written to a distributed system through a pre-configured interface, so that the distributed system decrypts the encrypted data to be written to obtain a first plaintext through a second temporary session key after successfully verifying the received data to be written through a terminal public key, wherein the terminal public key corresponds to the terminal private key.
3. The method of claim 1, further comprising:
receiving data to be read which is returned by the distributed system and encrypted through a second temporary session key through a pre-configured interface;
and decrypting the encrypted data to be read by the first temporary session key to obtain a second plaintext.
4. The method according to claim 3, wherein the step of receiving the data to be read returned by the distributed system and encrypted by the second temporary session key through the pre-configured interface comprises:
receiving data to be read returned by the distributed system through a pre-configured interface, wherein the data to be read is signed and encrypted through the terminal public key and the second temporary session key;
before the step of decrypting the encrypted data to be read by the first temporary session key to obtain a second plaintext, the method further includes:
and checking the signed data to be read through the terminal public key by using the terminal private key to obtain the encrypted data to be read.
5. The method of claim 1, further comprising:
acquiring terminal information, and generating a terminal public key and a terminal private key corresponding to the terminal public key according to the terminal information;
sending the terminal public key to a distributed system;
the step of receiving the configuration file generated by the distributed system according to the terminal identifier and the registration type includes:
and after the distributed system successfully signs the terminal public key through a certificate authority, receiving a configuration file generated by the distributed system according to the terminal identification and the registration type.
6. The method of claim 1, further comprising:
acquiring terminal information and sending the terminal information to a distributed system;
and receiving a terminal private key and a terminal public key which are returned by the distributed system and correspond to the terminal information, wherein the terminal private key and the terminal public key are generated by the distributed system through a certificate authority according to the terminal information.
7. A data processing apparatus, characterized in that the apparatus comprises:
the system comprises a sending module, a registration module and a processing module, wherein the sending module is used for sending a registration request to a distributed system, the registration request carries a registration type and a terminal identifier, the registration type comprises a storage type and an accounting type, and configuration files corresponding to different registration types are different;
a receiving module, configured to receive, by means of offline transmission, a configuration file generated by the distributed system according to the terminal identifier and the registration type, where a generation process of the configuration file includes: the distributed system determines a corresponding terminal according to a terminal identifier, judges whether the terminal is a safe terminal or not, and acquires a configuration file corresponding to the registration type when the terminal is the safe terminal, and fills relevant information of the terminal into the acquired configuration file, wherein the configuration file comprises access authority configuration, encryption and decryption function configuration and private key/certificate management configuration of the terminal;
the configuration module is used for configuring according to the configuration file and configuring an interface of the terminal so as to form a security module at the terminal, and the security module obtains the access authority of a distributed system, the key management of encryption and decryption, the management of a terminal private key and the management of an authorization certificate;
the key acquisition module is used for exchanging with a distributed system through a pre-configured interface according to a key exchange protocol to acquire a first temporary session key;
the encryption module is used for encrypting the data to be written through the first temporary session key;
the writing module is configured to send the encrypted data to be written to the distributed system through a preconfigured interface, so that the distributed system decrypts the encrypted data to be written through a second temporary session key to obtain a first plaintext, where the second temporary session key corresponds to the first temporary session key.
8. The apparatus of claim 7, further comprising:
the signature module is used for signing the encrypted data to be written through a terminal private key which is deployed in advance;
the write-in module is further configured to send the encrypted and signed data to be written to the distributed system through a preconfigured interface, so that the distributed system decrypts the encrypted data to be written to obtain a first plaintext by using a second temporary session key after successfully verifying and signing the received data to be written through the terminal public key, and the terminal public key corresponds to the terminal private key.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 7 are implemented when the computer program is executed by the processor.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN201810030994.XA 2018-01-12 2018-01-12 Data processing method, data processing device, computer equipment and storage medium Active CN108322451B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810030994.XA CN108322451B (en) 2018-01-12 2018-01-12 Data processing method, data processing device, computer equipment and storage medium
PCT/CN2018/096760 WO2019136959A1 (en) 2018-01-12 2018-07-24 Data processing method and device, computer device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810030994.XA CN108322451B (en) 2018-01-12 2018-01-12 Data processing method, data processing device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN108322451A CN108322451A (en) 2018-07-24
CN108322451B true CN108322451B (en) 2020-09-22

Family

ID=62894319

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810030994.XA Active CN108322451B (en) 2018-01-12 2018-01-12 Data processing method, data processing device, computer equipment and storage medium

Country Status (2)

Country Link
CN (1) CN108322451B (en)
WO (1) WO2019136959A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040076B (en) * 2018-08-09 2020-07-24 腾讯科技(深圳)有限公司 Data processing method, system, device, equipment and medium
CN109241756B (en) * 2018-08-20 2020-01-31 深圳市腾讯网络信息技术有限公司 Data processing method, system, server and medium based on block chain
CN110969527B (en) * 2018-09-29 2023-02-24 北京天能博信息科技有限公司 Data processing method of block chain and related equipment
CN109361663B (en) * 2018-10-10 2021-05-28 中航信托股份有限公司 Method, system and device for accessing encrypted data
CN109670325B (en) * 2018-12-21 2023-03-28 北京思源理想控股集团有限公司 Device and method for encrypting and decrypting configuration file
CN109698834A (en) * 2019-01-11 2019-04-30 深圳市元征科技股份有限公司 A kind of encrypted transmission method and system
CN110166460B (en) * 2019-05-24 2021-12-14 北京思源理想控股集团有限公司 Service account registration method and device, storage medium and electronic device
CN111294349B (en) * 2020-01-22 2021-09-03 重庆大学 Method and device for sharing data of Internet of things equipment
CN111314072B (en) * 2020-02-21 2021-06-22 北京邮电大学 Extensible identity authentication method and system based on SM2 algorithm
CN111541690B (en) * 2020-04-21 2022-05-20 北京智芯微电子科技有限公司 Safety protection method for communication between intelligent terminal and server
CN112003697B (en) * 2020-08-25 2023-09-29 成都卫士通信息产业股份有限公司 Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium
CN113138809A (en) * 2021-04-30 2021-07-20 广东天波信息技术股份有限公司 Method and system for safely switching working modes of terminal
CN113343309B (en) * 2021-08-02 2022-01-04 北京东方通软件有限公司 Natural person database privacy security protection method and device and terminal equipment
CN115147956A (en) * 2022-06-29 2022-10-04 中国第一汽车股份有限公司 Data processing method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1710985A (en) * 2005-06-30 2005-12-21 中国科学院计算技术研究所 Enciphered consulating method for speech-sound communication in grouped network
KR101197207B1 (en) * 2011-05-17 2012-11-02 인크로스 주식회사 Method for Verification of Contensts Using Verification Platform
CN102970299A (en) * 2012-11-27 2013-03-13 西安电子科技大学 File safe protection system and method thereof
CN103167498A (en) * 2011-12-19 2013-06-19 卓望数码技术(深圳)有限公司 Ability control method and system
CN105516117A (en) * 2015-12-02 2016-04-20 南方电网科学研究院有限责任公司 Cloud computing based power data security storage method
CN107135219A (en) * 2017-05-05 2017-09-05 四川长虹电器股份有限公司 A kind of Internet of Things information secure transmission method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8533746B2 (en) * 2006-11-01 2013-09-10 Microsoft Corporation Health integration platform API
KR101661930B1 (en) * 2015-08-03 2016-10-05 주식회사 코인플러그 Certificate issuance system based on block chain
CN106100981B (en) * 2016-08-22 2019-08-23 布比(北京)网络技术有限公司 Social network data exchange method and device
CN106534092B (en) * 2016-11-02 2019-07-02 西安电子科技大学 The privacy data encryption method of key is depended on based on message

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1710985A (en) * 2005-06-30 2005-12-21 中国科学院计算技术研究所 Enciphered consulating method for speech-sound communication in grouped network
KR101197207B1 (en) * 2011-05-17 2012-11-02 인크로스 주식회사 Method for Verification of Contensts Using Verification Platform
CN103167498A (en) * 2011-12-19 2013-06-19 卓望数码技术(深圳)有限公司 Ability control method and system
CN102970299A (en) * 2012-11-27 2013-03-13 西安电子科技大学 File safe protection system and method thereof
CN105516117A (en) * 2015-12-02 2016-04-20 南方电网科学研究院有限责任公司 Cloud computing based power data security storage method
CN107135219A (en) * 2017-05-05 2017-09-05 四川长虹电器股份有限公司 A kind of Internet of Things information secure transmission method

Also Published As

Publication number Publication date
CN108322451A (en) 2018-07-24
WO2019136959A1 (en) 2019-07-18

Similar Documents

Publication Publication Date Title
CN108322451B (en) Data processing method, data processing device, computer equipment and storage medium
US7571489B2 (en) One time passcode system
CN109325342B (en) Identity information management method, device, computer equipment and storage medium
US8925055B2 (en) Device using secure processing zone to establish trust for digital rights management
CN108768664A (en) Key management method, device, system, storage medium and computer equipment
US11968206B2 (en) Non-custodial tool for building decentralized computer applications
US11853438B2 (en) Providing cryptographically secure post-secrets-provisioning services
CN111401901B (en) Authentication method and device of biological payment device, computer device and storage medium
CN109359977A (en) Network communication method, device, computer equipment and storage medium
CN111368340A (en) Block chain-based evidence-based security verification method and device and hardware equipment
CN114070614B (en) Identity authentication method, apparatus, device, storage medium and computer program product
KR20180127384A (en) Authorization methods and devices for joint accounts, and authentication methods and devices for joint accounts
CN110942382A (en) Electronic contract generating method and device, computer equipment and storage medium
CN109150811B (en) Method and device for realizing trusted session and computing equipment
CN114168922B (en) User CA certificate generation method and system based on digital certificate
JPH10336172A (en) Managing method of public key for electronic authentication
CN114168923A (en) Group CA certificate generation method and system based on digital certificate
CN116049802A (en) Application single sign-on method, system, computer equipment and storage medium
CN112087417B (en) Terminal authority control method and device, computer equipment and storage medium
CN112182627A (en) Block chain digital certificate management method and system based on mobile equipment
US8621231B2 (en) Method and server for accessing an electronic safe via a plurality of entities
CN110401535B (en) Digital certificate generation, secure communication and identity authentication method and device
US20240146721A1 (en) Non-custodial tool for building decentralized computer applications
KR100480377B1 (en) Environment enactment and method for network apparatus in using smart card
CN117834242A (en) Verification method, device, apparatus, storage medium, and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1251093

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant