Disclosure of Invention
The embodiment of the application provides a data sending and receiving method, a data sending and receiving device and electronic equipment, so as to ensure the authenticity of received data.
In order to solve the technical problems, the embodiment of the application is realized as follows:
in a first aspect, a data transmission method is provided, including:
collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
In a second aspect, a data acquisition device is provided, including:
the data acquisition module is used for acquiring original data, wherein a preset private key and a first certificate are stored in the data acquisition device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
The data signing module is used for signing the original data based on the preset private key to obtain a digital signature;
the data transmitting module is used for transmitting target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
In a third aspect, a data receiving method is provided, including:
receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate, the second certificate being a trusted certificate;
and when the digital signature and the first certificate are both verified, determining that the original data is authentic.
In a fourth aspect, a data receiving apparatus is provided, including:
the data receiving module is used for receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
A first verification module configured to verify the digital signature based on a public key of the first certificate;
a second verification module configured to verify the first certificate based on a second certificate, where the second certificate is a trusted certificate;
and the determining module is used for determining that the original data is true and trusted when the digital signature and the first certificate are both verified.
In a fifth aspect, an electronic device is provided, including:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
In a sixth aspect, a computer-readable storage medium storing one or more programs that, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to:
collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
In a seventh aspect, an electronic device is provided, including:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
Verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate, the second certificate being a trusted certificate;
and when the digital signature and the first certificate are both verified, determining that the original data is authentic.
In an eighth aspect, a computer-readable storage medium is provided, the computer-readable storage medium storing one or more programs that, when executed by an electronic device that includes a plurality of application programs, cause the electronic device to:
receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate, the second certificate being a trusted certificate;
and when the digital signature and the first certificate are both verified, determining that the original data is authentic.
As can be seen from the technical solutions provided by the embodiments of the present application, the solutions provided by the embodiments of the present application at least have one of the following technical effects: because the data acquisition device stores the preset private key and the first certificate, the data acquisition device can digitally sign the sent original data through the preset private key and send the original data, the digital signature and the first certificate to the data receiving object together, the data receiving object can verify the authenticity of the received original data through verifying the first certificate and the digital signature, and therefore the authenticity of the original data received by the data receiving object is guaranteed.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
In order to ensure the authenticity of the received data, the embodiments of the present specification provide a data transmission method and a data reception method. The execution subject of the data transmission method provided in the embodiments of the present specification may be a data acquisition device, such as a sensor of a camera, a scanning apparatus, or the like. The execution body of the data receiving method provided in the embodiment of the present disclosure includes, but is not limited to, at least one of a server, a terminal, and an electronic device capable of being configured to execute the method provided in the embodiment of the present disclosure. In other words, the data receiving method may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Fig. 1 is a flow chart of a data transmission method according to an embodiment of the present disclosure, as shown in fig. 1, the data transmission method may include:
step 102, collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate.
The data acquisition device may be a sensor capable of acquiring data directly from the physical world (or physical environment), such as a camera capable of acquiring video data from the physical world. Correspondingly, the original data is real data acquired from the physical world by the data acquisition device.
The certificate is a digital certificate, which is typically a file digitally signed by a certificate authority that contains public key owner information and a public key.
Public key the public key is the one disclosed in the asymmetric encryption algorithm and can be used to verify signatures or encrypt data. The private key is the secret key in the asymmetric encryption algorithm, and can be used to sign or decrypt data.
The preset private key is created and stored by the data acquisition device, and the first certificate may be created and written to the data acquisition device by the manufacturer of the data acquisition device, and may be regarded as a data acquisition device certificate (when the data acquisition device is a sensor, may be referred to as a sensor certificate). Accordingly, optionally, a data transmission method shown in fig. 1 may further include, before step 102: creating and storing the preset private key, and receiving and storing the first certificate.
The process of creating and storing a preset private key for a data acquisition device and the process of creating a first certificate and writing the first certificate into the data acquisition device by a manufacturer will be described with reference to fig. 2. As shown in fig. 2, the process may include:
step 201, the data acquisition device 22 creates and stores a key pair, and the private key in the key pair is the preset private key.
Step 202, the first electronic device 21 of the manufacturer reads the public key of the key pair created in step 201 from the data acquisition device 22. That is, the first electronic device 21 reads the public key corresponding to the preset private key from the data acquisition device 22.
The first electronic device 21 may be a production device of a manufacturer, and may specifically be an electronic device, such as a computer.
In step 203, the first electronic device 21 reads the private key of the second certificate from the preset key management system KMS/the preset hardware security module HSM 23.
A key management system (Key Management System, KMS) is an integrated system for generating, distributing and managing keys for devices and applications.
The hardware security module (Hardware Security Module, HSM) is a computer hardware device for protecting and managing keys used by a strong authentication system while providing related cryptographic operations. The hardware security module is typically connected directly to a computer or web server in the form of an expansion card or external device.
The second certificate may be issued by a trusted third party authority; alternatively, the second certificate may be issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority. Wherein the third party authority may be a certification authority (CA, certificate Authority).
The second certificate may be sent along with the target data to the data receiving object, which may also obtain the second certificate through the disclosed download channel. The receiving object may obtain the third certificate through the disclosed download channel.
In one example, when the second certificate is issued by a trusted third party authority, the second certificate may be a root certificate issued by the third party authority or a subordinate certificate of the root certificate issued by the third party authority.
In another example, when the second certificate is issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority, the second certificate may be regarded as a vendor certificate issued by the third party authority to a manufacturer of the data acquisition device, and the third certificate may be a root certificate issued by the third party authority or a lower-level certificate of the root certificate issued by the third party authority. Table 1 lists one possible relationship of the first certificate, the second certificate and the third certificate.
TABLE 1
In table 1, SE refers to Secure Element (TEE Element), TEE refers to trusted execution environment (Trusted Execution Environment), and TPM refers to Secure chip (Trusted Platform Module).
As can be seen from table 1, the private key of the second certificate is often stored in a preset key management system or a preset hardware security module.
In step 204, the first electronic device 21 signs the public key corresponding to the preset private key based on the read private key of the second certificate, so as to obtain the first certificate.
Step 205, the first electronic device 21 writes the first certificate into the data acquisition device 22.
Through the steps 201 to 205, the purposes of assigning the first certificate to the data acquisition device 22 and securely storing the preset private key in the data acquisition device can be achieved.
And 104, signing the original data based on the preset private key to obtain a digital signature.
As an example, the data collection device may calculate a HASH (HASH) value of the original data based on a predetermined algorithm, and then sign the HASH value using the predetermined private key to generate a digital signature of the original data.
Step 106, sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
That is, the data acquisition device transmits the original data, the signature of the original data, and the first certificate together to the data receiving object.
The data reception object may be an execution body of the data reception method provided in the embodiment of the present specification, and more specifically, the data reception object may be a program installed in the execution body of the data reception method provided in the embodiment of the present specification, for example, a blockchain platform.
It will be appreciated that the data receiving object can verify whether the received original data is tampered with by means of a digital signature, and that by means of the first certificate it can be verified whether the received original data is coming from a trusted data collection device, i.e. whether the data collection device sending the original data is official.
In summary, in the data transmission method provided in the embodiment shown in fig. 3, since the data acquisition device stores the preset private key and the first certificate, and the data acquisition device can digitally sign the transmitted original data through the preset private key and transmit the original data, the digital signature and the first certificate to the data receiving object together, the data receiving object can verify the authenticity of the received original data by verifying the first certificate and the digital signature, thereby ensuring the authenticity of the original data received by the data receiving object.
Optionally, in another embodiment, when the second certificate is issued based on at least one level of third certificate and the third certificate is issued by a trusted third party authority, that is, when the second certificate is a vendor certificate issued based on a third certificate of a third party authority, the target data sent in step 106 may further include the second certificate, and the second certificate may also be used to verify the authenticity of the original data.
It is also understood that when the second certificate is a manufacturer certificate, if the second certificate is verified to be issued based on a third certificate issued by a trusted third party authority, it can be further verified that the original data is from a trusted data acquisition device, which is produced by an official authority, so that the authenticity of the original data received by the data receiving object is better ensured.
A data transmission method provided in the embodiment of the present disclosure is described below with reference to fig. 3. As shown in fig. 3, a data transmission method provided in the embodiment of the present disclosure may include:
step 301, the data acquisition device 22 acquires raw data from the physical world 25.
The data collection device 22 stores a preset private key and a first certificate, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate.
Step 302, the data acquisition device 22 signs the original data based on the preset private key to obtain a digital signature of the original data.
Step 303, the data acquisition device 22 sends target data to the second electronic device 24, where the target data includes the original data, the digital signature, and the first certificate, and the digital signature and the first certificate are used to verify the authenticity of the original data.
The second electronic device 24 may be a data receiving object, that is, the second electronic device 24 may be an execution subject of the data receiving method provided in the present specification.
Similar to the embodiment shown in fig. 1, in the data transmission method provided in the embodiment shown in fig. 3, since the preset private key and the first certificate are stored in the data acquisition device 22, and the data acquisition device 22 can digitally sign the transmitted original data through the preset private key and transmit the original data, the digital signature and the first certificate to the second electronic device 24 together, the second electronic device 24 can verify the authenticity of the received original data by verifying the first certificate and the digital signature, so as to ensure the authenticity of the original data received by the second electronic device 24.
The foregoing is a description of a data transmission method provided in the embodiments of the present specification, and a data receiving method provided in the embodiments of the present specification is described below with reference to fig. 4.
As shown in fig. 4, the data receiving method provided in the embodiment of the present disclosure is applied to a data receiving object, where the data receiving object may be an electronic device such as a server, a terminal, or the like, and the method may include:
step 402, receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
Step 404, verifying the digital signature based on the public key of the first certificate.
As an example, the data receiving object may calculate a HASH (HASH) value of the original data based on a preset algorithm, and then perform signing-off on the digital signature by using a public key in the first certificate to obtain a signing-off value, and determine that the original data is not tampered when the signing-off value is consistent with the calculated HASH value, that is, determine that verification of the digital signature is passed.
Step 406, verifying the first certificate based on a second certificate, wherein the second certificate is a trusted certificate.
As an example, the data receiving object may verify the signature of the first certificate based on the public key corresponding to the second certificate, and when the signature verification of the first certificate is passed, determine that the verification of the first certificate is passed, that is, determine that the first certificate is an officially issued certificate, and the corresponding data collecting device for proving that the original data is produced officially.
The second certificate is issued by a trusted third party authority; alternatively, the second certificate is issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority.
Step 408, determining that the original data is authentic when the digital signature and the first certificate are both verified.
Specifically, when the digital signature and the first certificate are verified, it is determined that the original data is from a trusted data acquisition device, and a preset private key for generating the digital signature and the first certificate are stored in the data acquisition device.
It will be appreciated that the data receiving object may verify whether the received original data has been tampered with by means of a digital signature, and that the first certificate may verify whether the received original data is from a trusted data collection device, i.e. whether the data collection device that sent the original data is official in production.
In this embodiment, the data acquisition device may be a sensor.
Optionally, when the second certificate is issued based on at least one level of a third certificate, and the third certificate is issued by a trusted third party authority, the target data further includes the second certificate, the method shown in fig. 4 may further include: and verifying the second certificate based on the third certificate.
On this basis, step 408 may include: and determining that the original data is authentic when the digital signature, the first certificate and the second certificate are all verified. The process of verifying the second certificate based on the third certificate is similar to the process of verifying the first certificate based on the second certificate, and will not be described in detail herein.
In the data receiving method provided in the embodiment shown in fig. 4, since the received target data includes the digital signature and the first certificate for verifying the authenticity of the received original data, the data receiving object can verify the authenticity of the received original data by verifying the first certificate and the digital signature, thereby ensuring the authenticity of the original data received by the data receiving object.
The foregoing is a description of a data receiving method provided in the embodiments of the present disclosure, and it should be noted that the data receiving method provided in the embodiments of the present disclosure corresponds to the data transmitting method provided in the embodiments of the present disclosure, and reference is made to the description of the data transmitting method hereinabove for relevant points, and repeated description is not made here.
The electronic device provided in the embodiments of the present specification will be described below.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. Referring to fig. 5, at the hardware level, the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, network interface, and memory may be interconnected by an internal bus, which may be an ISA (Industry Standard Architecture ) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one bi-directional arrow is shown in FIG. 5, but not only one bus or type of bus.
And the memory is used for storing programs. In particular, the program may include program code including computer-operating instructions. The memory may include memory and non-volatile storage and provide instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory to the memory and then runs, and the data acquisition device is formed on a logic level. The processor is used for executing the programs stored in the memory and is specifically used for executing the following operations:
collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
The data transmission method disclosed in the embodiment shown in fig. 1 of the present specification can be applied to a processor or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in one or more embodiments of the present description may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with one or more embodiments of the present disclosure may be embodied directly in a hardware decoding processor or in a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
The electronic device may further execute the data transmission method of fig. 1, which is not described herein.
Of course, in addition to the software implementation, the electronic device in this specification does not exclude other implementations, such as a logic device or a combination of software and hardware, that is, the execution subject of the following process is not limited to each logic unit, but may also be hardware or a logic device.
Fig. 6 is a schematic structural diagram of another electronic device according to the embodiment of the present disclosure, where the electronic device shown in fig. 6 is different from the electronic device shown in fig. 5 in that a processor reads a corresponding computer program from a nonvolatile memory into a memory and then operates the computer program to form a data receiving device on a logic level. The processor is used for executing the programs stored in the memory and is specifically used for executing the following operations:
receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate, the second certificate being a trusted certificate;
And when the digital signature and the first certificate are both verified, determining that the original data is authentic.
The data receiving method disclosed in the embodiment shown in fig. 4 of the present specification can be applied to the processor in fig. 6, or implemented by the processor in fig. 6.
The present description also proposes a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, enable the portable electronic device to perform the method of the embodiment of fig. 1, and in particular to perform the operations of:
collecting original data, wherein a preset private key and a first certificate are stored in the data collecting device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate;
signing the original data based on the preset private key to obtain a digital signature;
and sending target data to a data receiving object, wherein the target data comprises the original data, the digital signature and the first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data.
The present description also proposes a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, enable the portable electronic device to perform the method of the embodiment of fig. 4, and in particular to perform the operations of:
receiving target data, wherein the target data comprises original data, a digital signature and a first certificate, and the digital signature and the first certificate are used for verifying the authenticity of the original data;
verifying the digital signature based on a public key of the first certificate;
verifying the first certificate based on a second certificate, the second certificate being a trusted certificate;
and when the digital signature and the first certificate are both verified, determining that the original data is authentic.
The data acquisition device 700 and the data receiving device 800 provided in the embodiments of the present specification are described below.
Fig. 7 is a schematic structural diagram of a data acquisition device 700 provided in the present specification. Referring to fig. 7, in a software implementation, a data acquisition device 700 may include: a data acquisition module 701, a data signing module 702 and a data transmission module 703.
The data collection module 701 is configured to collect original data, where a preset private key and a first certificate are stored in the data collection device, the first certificate is generated by signing a public key corresponding to the preset private key based on a private key of a second certificate, and the second certificate is a trusted certificate.
The data acquisition device may be a sensor capable of acquiring data directly from the physical world (or physical environment). Raw data is real data acquired from the physical world by a data acquisition device.
The preset private key is created and stored by the data acquisition device, and the first certificate may be created and written to the data acquisition device by the manufacturer of the data acquisition device, and may be regarded as a data acquisition device certificate (when the data acquisition device is a sensor, may be referred to as a sensor certificate). Correspondingly, the data acquisition device 700 shown in fig. 7 may further include: and the storage module is used for creating and storing the preset private key and receiving and storing the first certificate before the original data are acquired.
The second certificate may be issued by a trusted third party authority; alternatively, the second certificate may be issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority. Wherein the third party authority may be a certification authority (CA, certificate Authority).
In one example, when the second certificate is issued by a trusted third party authority, the second certificate may be a root certificate issued by the third party authority or a subordinate certificate of the root certificate issued by the third party authority.
In another example, when the second certificate is issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority, the second certificate may be regarded as a vendor certificate issued by the third party authority to a manufacturer of the data acquisition device, and the third certificate may be a root certificate issued by the third party authority or a lower-level certificate of the root certificate issued by the third party authority.
The private key of the second certificate is often stored in a preset key management system or a preset hardware security module.
The data signing module 702 is configured to sign the original data based on the preset private key, and obtain a digital signature.
As one example, the data signing module 702 may calculate a HASH (HASH) value of the original data based on a predetermined algorithm and then sign the HASH value using the predetermined private key to generate a digital signature of the original data.
A data sending module 703, configured to send target data to a data receiving object, where the target data includes the original data, the digital signature, and the first certificate, and the digital signature and the first certificate are used to verify authenticity of the original data.
That is, the data transmission module 703 may transmit the original data, the signature of the original data, and the first certificate together to the data reception object.
The data reception object may be an execution body of the data reception method provided in the embodiment of the present specification, and more specifically, the data reception object may be a program installed in the execution body of the data reception method provided in the embodiment of the present specification, for example, a blockchain platform.
It will be appreciated that the data receiving object can verify whether the received original data is tampered with by means of a digital signature, and that by means of the first certificate it can be verified whether the received original data is coming from a trusted data collection device, i.e. whether the data collection device sending the original data is official.
In the data acquisition device 700 shown in fig. 7, since the preset private key and the first certificate are stored in the data acquisition device 700, and the data acquisition device can digitally sign the transmitted original data through the preset private key and transmit the original data, the digital signature and the first certificate to the data receiving object together, the data receiving object can verify the authenticity of the received original data by verifying the first certificate and the digital signature, thereby ensuring the authenticity of the original data received by the data receiving object.
Optionally, in another embodiment, when the second certificate is issued based on at least one level of a third certificate and the third certificate is issued by a trusted third party authority, that is, when the second certificate is a vendor certificate issued based on a certificate of a third party authority, the target data sent by the data sending module 703 may further include the second certificate, and the second certificate may also be used to verify the authenticity of the original data.
It is also understood that when the second certificate is a manufacturer certificate, if the second certificate is verified to be issued based on a third certificate issued by a trusted third party authority, it can be further verified that the original data is from a trusted data acquisition device, which is produced by an official authority, so that the authenticity of the original data received by the data receiving object is better ensured.
The data acquisition device 700 can implement the method of the method embodiment of fig. 1, and specifically, reference may be made to the data transmission method of the embodiment shown in fig. 1, which is not described herein.
Fig. 8 is a schematic structural diagram of a data receiving apparatus 800 provided in the present specification. Referring to fig. 8, in a software implementation, a data receiving apparatus 800 may include: a data receiving module 801, a first authentication module 802, a second authentication module 803, and a determination module 804.
The data receiving module 801 is configured to receive target data, where the target data includes original data, a digital signature, and a first certificate, and the digital signature and the first certificate are used to verify authenticity of the original data.
A first verification module 802, configured to verify the digital signature based on a public key of the first certificate.
As an example, the first verification module 802 may calculate a HASH (HASH) value of the original data based on a preset algorithm, then perform signing-off on the digital signature by using a public key in the first certificate to obtain a signing-off value, and determine that the original data is not tampered when the signing-off value is consistent with the calculated HASH value, that is, determine that verification of the digital signature is passed.
A second verification module 803, configured to verify the first certificate based on a second certificate, where the second certificate is a trusted certificate.
As an example, the second verification module 803 may verify the signature of the first certificate based on the public key corresponding to the second certificate, and when the signature of the first certificate is verified, determine that the verification of the first certificate is passed, that is, determine that the first certificate is an officially issued certificate, and the corresponding data acquisition device for proving that the data acquisition device for transmitting the original data is officially produced.
The second certificate is issued by a trusted third party authority; alternatively, the second certificate is issued based on at least one level of third certificate, and the third certificate is issued by a trusted third party authority.
A determining module 804, configured to determine that the original data is authentic when the digital signature and the first certificate are both verified.
Specifically, the determining module 804 may determine that the original data is from a trusted data collection device when verification of the digital signature and the first certificate are both passed, where a preset private key for generating the digital signature and the first certificate are stored in the data collection device.
It will be appreciated that the data receiving device may verify whether the received original data has been tampered with by means of a digital signature and that the first certificate may verify whether the received original data is from a trusted data collection device, i.e. whether the data collection device that sent the original data is official in production.
In this embodiment, the data acquisition device may be a sensor.
Optionally, when the second certificate is issued based on at least one level of a third certificate, and the third certificate is issued by a trusted third party authority, the target data further includes the second certificate, the data receiving apparatus 800 shown in fig. 8 may further include: and the third verification module is used for verifying the second certificate based on the third certificate.
On this basis, the determination module 804 may be configured to: and determining that the original data is authentic when the digital signature, the first certificate and the second certificate are all verified. The process of verifying the second certificate based on the third certificate is similar to the process of verifying the first certificate based on the second certificate, and will not be described in detail herein.
The data receiving apparatus 800 shown in fig. 8, since the received target data includes the digital signature and the first certificate for verifying the authenticity of the received original data, makes it possible for the data receiving apparatus to verify the authenticity of the received original data by verifying the first certificate and the digital signature, thereby ensuring the authenticity of the original data received by the data receiving object.
The data receiving apparatus 800 can implement the method of the method embodiment of fig. 4, and the data receiving method of the embodiment shown in fig. 4 may be referred to specifically, and will not be described herein.
In summary, the foregoing description is only a preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, or the like, which is within the spirit and principles of one or more embodiments of the present disclosure, is intended to be included within the scope of one or more embodiments of the present disclosure.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.