CN110009342B - Data sending and receiving method and device and electronic equipment - Google Patents

Data sending and receiving method and device and electronic equipment Download PDF

Info

Publication number
CN110009342B
CN110009342B CN201910131392.8A CN201910131392A CN110009342B CN 110009342 B CN110009342 B CN 110009342B CN 201910131392 A CN201910131392 A CN 201910131392A CN 110009342 B CN110009342 B CN 110009342B
Authority
CN
China
Prior art keywords
certificate
data
digital signature
acquisition device
trusted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910131392.8A
Other languages
Chinese (zh)
Other versions
CN110009342A (en
Inventor
蒋海滔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Advanced New Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced New Technologies Co Ltd filed Critical Advanced New Technologies Co Ltd
Priority to CN201910131392.8A priority Critical patent/CN110009342B/en
Publication of CN110009342A publication Critical patent/CN110009342A/en
Application granted granted Critical
Publication of CN110009342B publication Critical patent/CN110009342B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a data sending and receiving method, a device and electronic equipment, wherein the sending method comprises the following steps: collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate; signing the original data based on the preset private key to obtain a digital signature; and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.

Description

Data sending and receiving method and device and electronic equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and an apparatus for sending and receiving data, and an electronic device.
Background
The data receiving object can ensure the safety of the received data through some technical means. For example, each block of a blockchain (a data receiving object) contains a timestamp linked to the previous block, and this design can ensure that the data after being uplinked is difficult to tamper with, and has high security. But cannot guarantee the authenticity of the data at the time of reception.
It can be seen that there is a need to propose a solution that guarantees the authenticity of the received data.
Disclosure of Invention
The embodiment of the application provides a data sending and receiving method, a data sending and receiving device and electronic equipment, so as to ensure the authenticity of received data.
In order to solve the technical problems, the embodiment of the application is realized as follows:
in a first aspect, a data transmission method is provided, including:
collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
In a second aspect, a data acquisition device is provided, including:
the data acquisition module is used for acquiring original data, wherein a preset private key and a first certificate are stored in the data acquisition device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
The data signing module is used for signing the original data based on the preset private key to obtain a digital signature;
the data transmitting module is used for transmitting target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
In a third aspect, a data receiving method is provided, including:
receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate, the second certificate being a trusted certificate;
and when the digital signature and the first certificate are both verified, determining that the original data is authentic.
In a fourth aspect, a data receiving apparatus is provided, including:
the data receiving module is used for receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
A first verification module configured to verify the digital signature based on a public key of the first certificate;
a second verification module configured to verify the first certificate based on a second certificate, where the second certificate is a trusted certificate;
and the determining module is used for determining that the original data is true and trusted when the digital signature and the first certificate are both verified.
In a fifth aspect, an electronic device is provided, including:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
In a sixth aspect, a computer-readable storage medium storing one or more programs that, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to:
collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
In a seventh aspect, an electronic device is provided, including:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
Verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate, the second certificate being a trusted certificate;
and when the digital signature and the first certificate are both verified, determining that the original data is authentic.
In an eighth aspect, a computer-readable storage medium is provided, the computer-readable storage medium storing one or more programs that, when executed by an electronic device that includes a plurality of application programs, cause the electronic device to:
receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate, the second certificate being a trusted certificate;
and when the digital signature and the first certificate are both verified, determining that the original data is authentic.
As can be seen from the technical solutions provided by the embodiments of the present application, the solutions provided by the embodiments of the present application at least have one of the following technical effects: because the data acquisition device stores the preset private key and the first certificate, the data acquisition device can digitally sign the sent original data through the preset private key and send the original data, the digital signature and the first certificate to the data receiving object together, the data receiving object can verify the authenticity of the received original data through verifying the first certificate and the digital signature, and therefore the authenticity of the original data received by the data receiving object is guaranteed.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
fig. 1 is a flow chart of a data transmission method according to an embodiment of the present disclosure.
Fig. 2 is one of schematic diagrams of a data transmission method according to an embodiment of the present disclosure.
Fig. 3 is a schematic diagram of a second embodiment of the data transmission method according to the present disclosure.
Fig. 4 is a flowchart of a data receiving method according to an embodiment of the present disclosure.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Fig. 6 is a schematic structural diagram of another electronic device according to an embodiment of the present disclosure.
Fig. 7 is a schematic structural diagram of a data acquisition device according to an embodiment of the present disclosure.
Fig. 8 is a schematic structural diagram of a data receiving apparatus provided in the embodiment of the present specification.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
In order to ensure the authenticity of the received data, the embodiments of the present specification provide a data transmission method and a data reception method. The execution subject of the data transmission method provided in the embodiments of the present specification may be a data acquisition device, such as a sensor of a camera, a scanning apparatus, or the like. The execution body of the data receiving method provided in the embodiment of the present disclosure includes, but is not limited to, at least one of a server, a terminal, and an electronic device capable of being configured to execute the method provided in the embodiment of the present disclosure. In other words, the data receiving method may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Fig. 1 is a flow chart of a data transmission method according to an embodiment of the present disclosure, as shown in fig. 1, the data transmission method may include:
step 102, collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate.
The data acquisition device may be a sensor capable of acquiring data directly from the physical world (or physical environment), such as a camera capable of acquiring video data from the physical world. Correspondingly, the original data is real data acquired from the physical world by the data acquisition device.
The certificate is a digital certificate, which is typically a file digitally signed by a certificate authority that contains public key owner information and a public key.
Public key the public key is the one disclosed in the asymmetric encryption algorithm and can be used to verify signatures or encrypt data. The private key is the secret key in the asymmetric encryption algorithm, and can be used to sign or decrypt data.
The preset private key is created and stored by the data acquisition device, and the first certificate may be created and written to the data acquisition device by the manufacturer of the data acquisition device, and may be regarded as a data acquisition device certificate (when the data acquisition device is a sensor, may be referred to as a sensor certificate). Accordingly, optionally, a data transmission method shown in fig. 1 may further include, before step 102: creating and storing the preset private key, and receiving and storing the first certificate.
The process of creating and storing a preset private key for a data acquisition device and the process of creating a first certificate and writing the first certificate into the data acquisition device by a manufacturer will be described with reference to fig. 2. As shown in fig. 2, the process may include:
step 201, the data acquisition device 22 creates and stores a key pair, and the private key in the key pair is the preset private key.
Step 202, the first electronic device 21 of the manufacturer reads the public key of the key pair created in step 201 from the data acquisition device 22. That is, the first electronic device 21 reads the public key corresponding to the preset private key from the data acquisition device 22.
The first electronic device 21 may be a production device of a manufacturer, and may specifically be an electronic device, such as a computer.
In step 203, the first electronic device 21 reads the private key of the second certificate from the preset key management system KMS/the preset hardware security module HSM 23.
A key management system (Key Management System, KMS) is an integrated system for generating, distributing and managing keys for devices and applications.
The hardware security module (Hardware Security Module, HSM) is a computer hardware device for protecting and managing keys used by a strong authentication system while providing related cryptographic operations. The hardware security module is typically connected directly to a computer or web server in the form of an expansion card or external device.
The second certificate may be issued by a trusted third party authority; alternatively, the second certificate may be issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority. Wherein the third party authority may be a certification authority (CA, certificate Authority).
The second certificate may be sent along with the target data to the data receiving object, which may also obtain the second certificate through the disclosed download channel. The receiving object may obtain the third certificate through the disclosed download channel.
In one example, when the second certificate is issued by a trusted third party authority, the second certificate may be a root certificate issued by the third party authority or a subordinate certificate of the root certificate issued by the third party authority.
In another example, when the second certificate is issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority, the second certificate may be regarded as a vendor certificate issued by the third party authority to a manufacturer of the data acquisition device, and the third certificate may be a root certificate issued by the third party authority or a lower-level certificate of the root certificate issued by the third party authority. Table 1 lists one possible relationship of the first certificate, the second certificate and the third certificate.
TABLE 1
Figure SMS_1
In table 1, SE refers to Secure Element (TEE Element), TEE refers to trusted execution environment (Trusted Execution Environment), and TPM refers to Secure chip (Trusted Platform Module).
As can be seen from table 1, the private key of the second certificate is often stored in a preset key management system or a preset hardware security module.
In step 204, the first electronic device 21 signs the public key corresponding to the preset private key based on the read private key of the second certificate, so as to obtain the first certificate.
Step 205, the first electronic device 21 writes the first certificate into the data acquisition device 22.
Through the steps 201 to 205, the purposes of assigning the first certificate to the data acquisition device 22 and securely storing the preset private key in the data acquisition device can be achieved.
And 104, signing the original data based on the preset private key to obtain a digital signature.
As an example, the data collection device may calculate a HASH (HASH) value of the original data based on a predetermined algorithm, and then sign the HASH value using the predetermined private key to generate a digital signature of the original data.
Step 106, sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
That is, the data acquisition device transmits the original data, the signature of the original data, and the first certificate together to the data receiving object.
The data reception object may be an execution body of the data reception method provided in the embodiment of the present specification, and more specifically, the data reception object may be a program installed in the execution body of the data reception method provided in the embodiment of the present specification, for example, a blockchain platform.
It will be appreciated that the data receiving object can verify whether the received original data is tampered with by means of a digital signature, and that by means of the first certificate it can be verified whether the received original data is coming from a trusted data collection device, i.e. whether the data collection device sending the original data is official.
In summary, in the data transmission method provided in the embodiment shown in fig. 3, since the data acquisition device stores the preset private key and the first certificate, and the data acquisition device can digitally sign the transmitted original data through the preset private key and transmit the original data, the digital signature and the first certificate to the data receiving object together, the data receiving object can verify the authenticity of the received original data by verifying the first certificate and the digital signature, thereby ensuring the authenticity of the original data received by the data receiving object.
Optionally, in another embodiment, when the second certificate is issued based on at least one level of third certificate and the third certificate is issued by a trusted third party authority, that is, when the second certificate is a vendor certificate issued based on a third certificate of a third party authority, the target data sent in step 106 may further include the second certificate, and the second certificate may also be used to verify the authenticity of the original data.
It is also understood that when the second certificate is a manufacturer certificate, if the second certificate is verified to be issued based on a third certificate issued by a trusted third party authority, it can be further verified that the original data is from a trusted data acquisition device, which is produced by an official authority, so that the authenticity of the original data received by the data receiving object is better ensured.
A data transmission method provided in the embodiment of the present disclosure is described below with reference to fig. 3. As shown in fig. 3, a data transmission method provided in the embodiment of the present disclosure may include:
step 301, the data acquisition device 22 acquires raw data from the physical world 25.
The data collection device 22 stores a preset private key and a first certificate, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate.
Step 302, the data acquisition device 22 signs the original data based on the preset private key to obtain a digital signature of the original data.
Step 303, the data acquisition device 22 sends target data to the second electronic device 24, where the target data includes the original data, the digital signature, and the first certificate, and the digital signature and the first certificate are used to verify the authenticity of the original data.
The second electronic device 24 may be a data receiving object, that is, the second electronic device 24 may be an execution subject of the data receiving method provided in the present specification.
Similar to the embodiment shown in fig. 1, in the data transmission method provided in the embodiment shown in fig. 3, since the preset private key and the first certificate are stored in the data acquisition device 22, and the data acquisition device 22 can digitally sign the transmitted original data through the preset private key and transmit the original data, the digital signature and the first certificate to the second electronic device 24 together, the second electronic device 24 can verify the authenticity of the received original data by verifying the first certificate and the digital signature, so as to ensure the authenticity of the original data received by the second electronic device 24.
The foregoing is a description of a data transmission method provided in the embodiments of the present specification, and a data receiving method provided in the embodiments of the present specification is described below with reference to fig. 4.
As shown in fig. 4, the data receiving method provided in the embodiment of the present disclosure is applied to a data receiving object, where the data receiving object may be an electronic device such as a server, a terminal, or the like, and the method may include:
step 402, receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
Step 404, verifying the digital signature based on the public key of the first certificate.
As an example, the data receiving object may calculate a HASH (HASH) value of the original data based on a preset algorithm, and then perform signing-off on the digital signature by using a public key in the first certificate to obtain a signing-off value, and determine that the original data is not tampered when the signing-off value is consistent with the calculated HASH value, that is, determine that verification of the digital signature is passed.
Step 406, verifying the first certificate based on a second certificate, wherein the second certificate is a trusted certificate.
As an example, the data receiving object may verify the signature of the first certificate based on the public key corresponding to the second certificate, and when the signature verification of the first certificate is passed, determine that the verification of the first certificate is passed, that is, determine that the first certificate is an officially issued certificate, and the corresponding data collecting device for proving that the original data is produced officially.
The second certificate is issued by a trusted third party authority; alternatively, the second certificate is issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority.
Step 408, determining that the original data is authentic when the digital signature and the first certificate are both verified.
Specifically, when the digital signature and the first certificate are verified, it is determined that the original data is from a trusted data acquisition device, and a preset private key for generating the digital signature and the first certificate are stored in the data acquisition device.
It will be appreciated that the data receiving object may verify whether the received original data has been tampered with by means of a digital signature, and that the first certificate may verify whether the received original data is from a trusted data collection device, i.e. whether the data collection device that sent the original data is official in production.
In this embodiment, the data acquisition device may be a sensor.
Optionally, when the second certificate is issued based on at least one level of a third certificate, and the third certificate is issued by a trusted third party authority, the target data further includes the second certificate, the method shown in fig. 4 may further include: and verifying the second certificate based on the third certificate.
On this basis, step 408 may include: and determining that the original data is authentic when the digital signature, the first certificate and the second certificate are all verified. The process of verifying the second certificate based on the third certificate is similar to the process of verifying the first certificate based on the second certificate, and will not be described in detail herein.
In the data receiving method provided in the embodiment shown in fig. 4, since the received target data includes the digital signature and the first certificate for verifying the authenticity of the received original data, the data receiving object can verify the authenticity of the received original data by verifying the first certificate and the digital signature, thereby ensuring the authenticity of the original data received by the data receiving object.
The foregoing is a description of a data receiving method provided in the embodiments of the present disclosure, and it should be noted that the data receiving method provided in the embodiments of the present disclosure corresponds to the data transmitting method provided in the embodiments of the present disclosure, and reference is made to the description of the data transmitting method hereinabove for relevant points, and repeated description is not made here.
The electronic device provided in the embodiments of the present specification will be described below.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. Referring to fig. 5, at the hardware level, the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, network interface, and memory may be interconnected by an internal bus, which may be an ISA (Industry Standard Architecture ) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one bi-directional arrow is shown in FIG. 5, but not only one bus or type of bus.
And the memory is used for storing programs. In particular, the program may include program code including computer-operating instructions. The memory may include memory and non-volatile storage and provide instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory to the memory and then runs, and the data acquisition device is formed on a logic level. The processor is used for executing the programs stored in the memory and is specifically used for executing the following operations:
collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
The data transmission method disclosed in the embodiment shown in fig. 1 of the present specification can be applied to a processor or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in one or more embodiments of the present description may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with one or more embodiments of the present disclosure may be embodied directly in a hardware decoding processor or in a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
The electronic device may further execute the data transmission method of fig. 1, which is not described herein.
Of course, in addition to the software implementation, the electronic device in this specification does not exclude other implementations, such as a logic device or a combination of software and hardware, that is, the execution subject of the following process is not limited to each logic unit, but may also be hardware or a logic device.
Fig. 6 is a schematic structural diagram of another electronic device according to the embodiment of the present disclosure, where the electronic device shown in fig. 6 is different from the electronic device shown in fig. 5 in that a processor reads a corresponding computer program from a nonvolatile memory into a memory and then operates the computer program to form a data receiving device on a logic level. The processor is used for executing the programs stored in the memory and is specifically used for executing the following operations:
receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate, the second certificate being a trusted certificate;
And when the digital signature and the first certificate are both verified, determining that the original data is authentic.
The data receiving method disclosed in the embodiment shown in fig. 4 of the present specification can be applied to the processor in fig. 6, or implemented by the processor in fig. 6.
The present description also proposes a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, enable the portable electronic device to perform the method of the embodiment of fig. 1, and in particular to perform the operations of:
collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
The present description also proposes a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, enable the portable electronic device to perform the method of the embodiment of fig. 4, and in particular to perform the operations of:
receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate, the second certificate being a trusted certificate;
and when the digital signature and the first certificate are both verified, determining that the original data is authentic.
The data acquisition device 700 and the data receiving device 800 provided in the embodiments of the present specification are described below.
Fig. 7 is a schematic structural diagram of a data acquisition device 700 provided in the present specification. Referring to fig. 7, in a software implementation, a data acquisition device 700 may include: a data acquisition module 701, a data signing module 702 and a data transmission module 703.
The data collection module 701 is configured to collect original data, where a preset private key and a first certificate are stored in the data collection device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate.
The data acquisition device may be a sensor capable of acquiring data directly from the physical world (or physical environment). Raw data is real data acquired from the physical world by a data acquisition device.
The preset private key is created and stored by the data acquisition device, and the first certificate may be created and written to the data acquisition device by the manufacturer of the data acquisition device, and may be regarded as a data acquisition device certificate (when the data acquisition device is a sensor, may be referred to as a sensor certificate). Correspondingly, the data acquisition device 700 shown in fig. 7 may further include: and the storage module is used for creating and storing the preset private key and receiving and storing the first certificate before the original data are acquired.
The second certificate may be issued by a trusted third party authority; alternatively, the second certificate may be issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority. Wherein the third party authority may be a certification authority (CA, certificate Authority).
In one example, when the second certificate is issued by a trusted third party authority, the second certificate may be a root certificate issued by the third party authority or a subordinate certificate of the root certificate issued by the third party authority.
In another example, when the second certificate is issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority, the second certificate may be regarded as a vendor certificate issued by the third party authority to a manufacturer of the data acquisition device, and the third certificate may be a root certificate issued by the third party authority or a lower-level certificate of the root certificate issued by the third party authority.
The private key of the second certificate is often stored in a preset key management system or a preset hardware security module.
The data signing module 702 is configured to sign the original data based on the preset private key, and obtain a digital signature.
As one example, the data signing module 702 may calculate a HASH (HASH) value of the original data based on a predetermined algorithm and then sign the HASH value using the predetermined private key to generate a digital signature of the original data.
A data sending module 703, configured to send target data to a data receiving object, where the target data includes the original data, the digital signature, and the first certificate, and the digital signature and the first certificate are used to verify authenticity of the original data.
That is, the data transmission module 703 may transmit the original data, the signature of the original data, and the first certificate together to the data reception object.
The data reception object may be an execution body of the data reception method provided in the embodiment of the present specification, and more specifically, the data reception object may be a program installed in the execution body of the data reception method provided in the embodiment of the present specification, for example, a blockchain platform.
It will be appreciated that the data receiving object can verify whether the received original data is tampered with by means of a digital signature, and that by means of the first certificate it can be verified whether the received original data is coming from a trusted data collection device, i.e. whether the data collection device sending the original data is official.
In the data acquisition device 700 shown in fig. 7, since the preset private key and the first certificate are stored in the data acquisition device 700, and the data acquisition device can digitally sign the transmitted original data through the preset private key and transmit the original data, the digital signature and the first certificate to the data receiving object together, the data receiving object can verify the authenticity of the received original data by verifying the first certificate and the digital signature, thereby ensuring the authenticity of the original data received by the data receiving object.
Optionally, in another embodiment, when the second certificate is issued based on at least one level of a third certificate and the third certificate is issued by a trusted third party authority, that is, when the second certificate is a vendor certificate issued based on a certificate of a third party authority, the target data sent by the data sending module 703 may further include the second certificate, and the second certificate may also be used to verify the authenticity of the original data.
It is also understood that when the second certificate is a manufacturer certificate, if the second certificate is verified to be issued based on a third certificate issued by a trusted third party authority, it can be further verified that the original data is from a trusted data acquisition device, which is produced by an official authority, so that the authenticity of the original data received by the data receiving object is better ensured.
The data acquisition device 700 can implement the method of the method embodiment of fig. 1, and specifically, reference may be made to the data transmission method of the embodiment shown in fig. 1, which is not described herein.
Fig. 8 is a schematic structural diagram of a data receiving apparatus 800 provided in the present specification. Referring to fig. 8, in a software implementation, a data receiving apparatus 800 may include: a data receiving module 801, a first authentication module 802, a second authentication module 803, and a determination module 804.
The data receiving module 801 is configured to receive target data, where the target data includes original data, a digital signature, and a first certificate, and the digital signature and the first certificate are used to verify authenticity of the original data.
A first verification module 802, configured to verify the digital signature based on a public key of the first certificate.
As an example, the first verification module 802 may calculate a HASH (HASH) value of the original data based on a preset algorithm, then perform signing-off on the digital signature by using a public key in the first certificate to obtain a signing-off value, and determine that the original data is not tampered when the signing-off value is consistent with the calculated HASH value, that is, determine that verification of the digital signature is passed.
A second verification module 803, configured to verify the first certificate based on a second certificate, where the second certificate is a trusted certificate.
As an example, the second verification module 803 may verify the signature of the first certificate based on the public key corresponding to the second certificate, and when the signature of the first certificate is verified, determine that the verification of the first certificate is passed, that is, determine that the first certificate is an officially issued certificate, and the corresponding data acquisition device for proving that the data acquisition device for transmitting the original data is officially produced.
The second certificate is issued by a trusted third party authority; alternatively, the second certificate is issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority.
A determining module 804, configured to determine that the original data is authentic when the digital signature and the first certificate are both verified.
Specifically, the determining module 804 may determine that the original data is from a trusted data collection device when verification of the digital signature and the first certificate are both passed, where a preset private key for generating the digital signature and the first certificate are stored in the data collection device.
It will be appreciated that the data receiving device may verify whether the received original data has been tampered with by means of a digital signature and that the first certificate may verify whether the received original data is from a trusted data collection device, i.e. whether the data collection device that sent the original data is official in production.
In this embodiment, the data acquisition device may be a sensor.
Optionally, when the second certificate is issued based on at least one level of a third certificate, and the third certificate is issued by a trusted third party authority, the target data further includes the second certificate, the data receiving apparatus 800 shown in fig. 8 may further include: and the third verification module is used for verifying the second certificate based on the third certificate.
On this basis, the determination module 804 may be configured to: and determining that the original data is authentic when the digital signature, the first certificate and the second certificate are all verified. The process of verifying the second certificate based on the third certificate is similar to the process of verifying the first certificate based on the second certificate, and will not be described in detail herein.
The data receiving apparatus 800 shown in fig. 8, since the received target data includes the digital signature and the first certificate for verifying the authenticity of the received original data, makes it possible for the data receiving apparatus to verify the authenticity of the received original data by verifying the first certificate and the digital signature, thereby ensuring the authenticity of the original data received by the data receiving object.
The data receiving apparatus 800 can implement the method of the method embodiment of fig. 4, and the data receiving method of the embodiment shown in fig. 4 may be referred to specifically, and will not be described herein.
In summary, the foregoing description is only a preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, or the like, which is within the spirit and principles of one or more embodiments of the present disclosure, is intended to be included within the scope of one or more embodiments of the present disclosure.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.

Claims (12)

1. A data transmission method applied to a data acquisition device, the method comprising:
the method comprises the steps of collecting original data from a physical environment, wherein a preset private key and a first certificate are stored in a data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, the second certificate is a trusted certificate, the first certificate is a certificate of the data collecting device, the first certificate is created by a manufacturer of the data collecting device and written into the data collecting device, the second certificate is issued by a trusted third party mechanism, and the second certificate is a manufacturer certificate of the data collecting device;
Signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature, the first certificate and the second certificate, the digital signature is used for verifying whether the original data is tampered, and the first certificate and the second certificate are used for verifying whether the data acquisition device is trusted.
2. The method of claim 1, prior to collecting raw data, the method further comprising:
creating and storing the preset private key;
the first certificate is received and stored.
3. The method according to claim 1,
the private key of the second certificate is stored in a preset key management system KMS or a preset hardware security module HSM.
4. The method according to claim 1 to 3,
the data acquisition device is a sensor.
5. A method of data reception, the method comprising:
receiving target data, wherein the target data comprises original data, a digital signature, a first certificate and a second certificate, the original data is collected by a data collecting device from a physical environment, the first certificate is a certificate of the data collecting device, the first certificate is created by a manufacturer of the data collecting device and written into the data collecting device, the second certificate is issued by a trusted third party institution, the second certificate is a manufacturer certificate of the data collecting device, the digital signature is used for verifying whether the original data is tampered, and the first certificate and the second certificate are used for verifying whether the data collecting device is trusted;
Verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate;
and when the digital signature and the first certificate are verified, determining that the original data is from a trusted data acquisition device, wherein a preset private key for generating the digital signature and the first certificate are stored in the data acquisition device.
6. The method according to claim 5,
the data acquisition device is a sensor.
7. A data acquisition device, comprising:
the data acquisition module is used for acquiring original data from a physical environment, wherein a preset private key and a first certificate are stored in the data acquisition device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, the second certificate is a trusted certificate, the first certificate is a certificate of the data acquisition device, the first certificate is created by a manufacturer of the data acquisition device and written into the data acquisition device, the second certificate is issued by a trusted third party mechanism, and the second certificate is a manufacturer certificate of the data acquisition device;
The data signing module is used for signing the original data based on the preset private key to obtain a digital signature;
the data sending module is used for sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature, the first certificate and the second certificate, the digital signature is used for verifying whether the original data is tampered, and the first certificate and the second certificate are used for verifying whether the data collecting device is trusted.
8. A data receiving apparatus comprising:
the data receiving module is used for receiving target data, the target data comprises original data, a digital signature, a first certificate and a second certificate, the original data is collected by a data collecting device from a physical environment, the first certificate is a certificate of the data collecting device, the first certificate is created by a manufacturer of the data collecting device and written into the data collecting device, the second certificate is issued by a trusted third party institution, the second certificate is a manufacturer certificate of the data collecting device, the digital signature is used for verifying whether the original data is tampered, and the first certificate and the second certificate are used for verifying whether the data collecting device is trusted;
A first verification module configured to verify the digital signature based on a public key of the first certificate;
the second verification module is used for verifying the first certificate based on a second certificate;
and the determining module is used for determining that the original data is from a trusted data acquisition device when the digital signature and the first certificate are verified, wherein a preset private key for generating the digital signature and the first certificate are stored in the data acquisition device.
9. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring original data from a physical environment through a data acquisition device, wherein a preset private key and a first certificate are stored in the data acquisition device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, the second certificate is a trusted certificate, the first certificate is a certificate of the data acquisition device, the first certificate is created by a manufacturer of the data acquisition device and written into the data acquisition device, the second certificate is issued by a trusted third party mechanism, and the second certificate is a manufacturer certificate of the data acquisition device;
Signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature, the first certificate and the second certificate, the digital signature is used for verifying whether the original data is tampered, and the first certificate and the second certificate are used for verifying whether the data acquisition device is trusted.
10. A computer-readable storage medium storing one or more programs that, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to:
acquiring original data from a physical environment through a data acquisition device, wherein a preset private key and a first certificate are stored in the data acquisition device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, the second certificate is a trusted certificate, the first certificate is a certificate of the data acquisition device, the first certificate is created by a manufacturer of the data acquisition device and written into the data acquisition device, the second certificate is issued by a trusted third party mechanism, and the second certificate is a manufacturer certificate of the data acquisition device;
Signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature, the first certificate and the second certificate, the digital signature is used for verifying whether the original data is tampered, and the first certificate and the second certificate are used for verifying whether the data acquisition device is trusted.
11. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
receiving target data, wherein the target data comprises original data, a digital signature, a first certificate and a second certificate, the original data is collected by a data collecting device from a physical environment, the first certificate is a certificate of the data collecting device, the first certificate is created by a manufacturer of the data collecting device and written into the data collecting device, the second certificate is issued by a trusted third party institution, the second certificate is a manufacturer certificate of the data collecting device, the digital signature is used for verifying whether the original data is tampered, and the first certificate and the second certificate are used for verifying whether the data collecting device is trusted;
Verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate;
and when the digital signature and the first certificate are verified, determining that the original data is from a trusted data acquisition device, wherein a preset private key for generating the digital signature and the first certificate are stored in the data acquisition device.
12. A computer-readable storage medium storing one or more programs that, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to:
receiving target data, wherein the target data comprises original data, a digital signature, a first certificate and a second certificate, the original data is collected by a data collecting device from a physical environment, the first certificate is a certificate of the data collecting device, the first certificate is created by a manufacturer of the data collecting device and written into the data collecting device, the second certificate is issued by a trusted third party institution, the second certificate is a manufacturer certificate of the data collecting device, the digital signature is used for verifying whether the original data is tampered, and the first certificate and the second certificate are used for verifying whether the data collecting device is trusted;
Verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate;
and when the digital signature and the first certificate are verified, determining that the original data is from a trusted data acquisition device, wherein a preset private key for generating the digital signature and the first certificate are stored in the data acquisition device.
CN201910131392.8A 2019-02-22 2019-02-22 Data sending and receiving method and device and electronic equipment Active CN110009342B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910131392.8A CN110009342B (en) 2019-02-22 2019-02-22 Data sending and receiving method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910131392.8A CN110009342B (en) 2019-02-22 2019-02-22 Data sending and receiving method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN110009342A CN110009342A (en) 2019-07-12
CN110009342B true CN110009342B (en) 2023-07-07

Family

ID=67165882

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910131392.8A Active CN110009342B (en) 2019-02-22 2019-02-22 Data sending and receiving method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN110009342B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111092724B (en) * 2019-12-25 2022-11-15 杭州溪塔科技有限公司 Block chain system digital certificate issuing method, equipment, system and medium
CN111934884B (en) * 2020-07-22 2023-03-14 中国联合网络通信集团有限公司 Certificate management method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101944997A (en) * 2010-08-25 2011-01-12 北京市劳动信息中心 IC (Integrated Circuit) card attesting method and system based on double-key and digital certificate system
CN112865982A (en) * 2017-07-26 2021-05-28 创新先进技术有限公司 Digital certificate management method and device and electronic equipment
CN107911222B (en) * 2017-11-21 2020-08-28 沃通电子认证服务有限公司 Digital signature generating method, digital signature verifying method, digital signature generating apparatus, digital signature verifying apparatus, and storage medium storing digital signature verifying program

Also Published As

Publication number Publication date
CN110009342A (en) 2019-07-12

Similar Documents

Publication Publication Date Title
CN111724150B (en) Service request processing method and device
CN107077557B (en) Method and device for releasing and verifying software application program
CN111401902B (en) Service processing method, device and equipment based on block chain
US10885207B2 (en) Method, apparatus, and electronic device for blockchain-based recordkeeping
CN109639410B (en) Block chain-based data evidence storing method and device and electronic equipment
CN113012008B (en) Identity management method, device and equipment based on trusted hardware
CN110391913B (en) Vehicle binding method and device
EP3779792B1 (en) Two-dimensional code generation method, data processing method, apparatus, and server
CN109635572B (en) Contract signing method and device based on block chain and terminal equipment
CN112215608A (en) Data processing method and device
CN110245518B (en) Data storage method, device and equipment
CN104462965A (en) Method for verifying integrity of application program and network device
CN102096841B (en) Integrated circuit and system for installing computer code thereon
CN110009342B (en) Data sending and receiving method and device and electronic equipment
CN107332833B (en) Verification method and device
CN113536284A (en) Method, device, equipment and storage medium for verifying digital certificate
CN113901424A (en) Method and device for selectively disclosing digital identity attribute
CN113162915A (en) Block chain based transaction method, node, electronic device, medium and system
CN111899104B (en) Service execution method and device
CN108183804B (en) Certificate sharing method
CN111884808B (en) Method and device for preventing transaction cross-chain replay and electronic equipment
CN114339676A (en) Updating system, method and device for unmanned equipment
CN111046440B (en) Tamper verification method and system for secure area content
CN108259490B (en) Client verification method and device
US10498722B2 (en) Methods and apparatus to issue digital certificates

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20201019

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20201019

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant