CN116956258A - Calculation element authentication method and device for data calculation in data operation - Google Patents

Calculation element authentication method and device for data calculation in data operation Download PDF

Info

Publication number
CN116956258A
CN116956258A CN202311225109.0A CN202311225109A CN116956258A CN 116956258 A CN116956258 A CN 116956258A CN 202311225109 A CN202311225109 A CN 202311225109A CN 116956258 A CN116956258 A CN 116956258A
Authority
CN
China
Prior art keywords
computing
information
hash value
data
calculation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311225109.0A
Other languages
Chinese (zh)
Other versions
CN116956258B (en
Inventor
李帜
王爽
郑灏
孙琪
王帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Weiwei Information Technology Co ltd
Original Assignee
Hangzhou Weiwei Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Weiwei Information Technology Co ltd filed Critical Hangzhou Weiwei Information Technology Co ltd
Priority to CN202311225109.0A priority Critical patent/CN116956258B/en
Publication of CN116956258A publication Critical patent/CN116956258A/en
Application granted granted Critical
Publication of CN116956258B publication Critical patent/CN116956258B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The embodiment of the invention relates to a method and a device for authenticating a computing element, wherein the method comprises the following steps: receiving calculation element registration information sent by a calculation element provider, and registering a corresponding calculation element according to the calculation element registration information; receiving a certificate signature request file sent by a computing participant; and confirming whether the corresponding computing element is registered according to the certificate signature request file, and sending the identity certificate of the computing element to the registered computing participant. In the technical scheme of the embodiment of the invention, each computing element involved in the data computation comprises hardware, a platform, an algorithm and data, the registration is carried out in advance on a supervision server side, and the supervision server side issues an identity certificate to each computing element or each computing element combination according to the existing registration record, so that the integral authentication of the computing element is realized, and the security and reliability of the data computation in the data operation are improved.

Description

Calculation element authentication method and device for data calculation in data operation
Technical Field
The embodiment of the invention relates to the technical field of authentication of data calculation, in particular to a method and a device for authenticating calculation elements of data calculation in data operation.
Background
Data operation refers to that an owner of data mines through analysis of the data, information hidden in massive data is used as goods and released in a compliance mode for consumers of the data. The data operation process involves the calculation of data, for example, multiparty security calculation, federal learning and other modes can be adopted to use the data, but the data is not revealed.
In the prior art, the staff of each computing participant typically communicates to establish a connection between computing nodes of a plurality of computing participants to perform corresponding security calculations. However, by adopting the scheme, the computing party does not know the hardware, platform, algorithm and data information of the computing nodes of other computing parties, so that data leakage is easy to occur, and the data security is poor. For example, a certain computing participant node is not deployed with a trusted execution environment, and algorithms, data and the like are tampered, so that data stealing operation may occur, and the data security is poor.
Disclosure of Invention
Based on the foregoing situation of the prior art, an object of an embodiment of the present invention is to provide a method and an apparatus for authenticating a computing element of data computation in data operation, where an algorithm and/or data and hardware and/or software (platform) deployed by the algorithm and/or data are registered and authenticated on a server as a whole, so as to improve security and reliability of data computation in data operation.
To achieve the above object, according to one aspect of the present invention, there is provided a computing element authentication method applied to a supervision server, the method including:
receiving calculation element registration information sent by a calculation element provider, and registering a corresponding calculation element according to the calculation element registration information, wherein the calculation element comprises one of hardware, a platform, an algorithm and data;
receiving a certificate signature request file sent by a computing participant, wherein the computing participant consists of the following computing elements: the system consists of hardware, a platform and an algorithm or consists of hardware, a platform and data;
and confirming whether the computing element corresponding to the computing participant is registered according to the certificate signature request file, and sending an identity certificate of the computing element to the computing participant with which the computing element is registered, wherein the identity certificate is used for establishing authentication between the computing participant and the supervision server or authentication between the computing participants.
Further, the computing element registration information includes a computing element hash value, the computing element hash value being generated from information proving an identity of the computing element; the certificate signature request file is generated by a computing participant according to the hash value;
Confirming whether the corresponding computing element is registered according to the certificate signing request file comprises the following steps:
acquiring first information in the certificate signing request file, wherein the first information comprises the calculation element hash value;
confirming an authentication module to which a corresponding computing element belongs according to the first information;
and adopting the confirmed authentication module to confirm whether the computing element is registered, wherein the authentication module is a hardware authentication module, a platform authentication module, an algorithm authentication module or a data authentication module.
Further, the calculated element hash value comprises a hardware hash value, a platform hash value, an algorithm hash value and a data hash value;
the hardware hash value is generated according to the hardware attribute information;
the platform hash value is generated according to the platform attribute information;
the algorithm hash value is generated according to the algorithm attribute information;
the data hash value is generated according to the data attribute information.
Further, the method further comprises:
receiving task requirement information of a computing task;
selecting a target computing element from registered computing elements according to task requirement information, so as to determine a computing participant according to the target computing element;
according to the computing participants, a safe computing space is constructed, wherein the safe computing space is a computing execution system formed by providing related computing elements by the computing participants according to computing tasks, the computing elements of the computing execution system are mutually authenticated to confirm safety, the computing execution system is connected and cooperated by the related computing elements according to the requirements of the computing tasks to form a relatively independent safe system, and the computing execution system is used for executing the computing tasks and obtaining computing results.
Further, the method further comprises:
after determining that at least two types of computing elements are combined elements, acquiring computing element combined information of at least two different types of computing elements;
establishing an association relation for the corresponding computing elements according to the computing element combination information;
selecting a target computing element from registered computing elements according to the task requirement information, wherein the target computing element comprises:
according to the task request information, preferentially selecting the computing element with the association relation from the computing elements as a target computing element.
Further, after registering the calculation element registration information, storing the calculation element into an element registration information table, wherein the element registration information table comprises a hardware information table, a platform information table, an algorithm information table and a data information table according to categories;
the selecting the computing element with the association relation from the computing elements as the target computing element preferentially according to the task requirement information comprises the following steps:
selecting a plurality of first computing elements meeting the hardware requirements from a hardware information table according to the hardware requirements in the task requirement information;
selecting a plurality of second computing elements meeting the platform requirements from the platform information table according to the platform requirements in the task requirement information;
Selecting a plurality of third computing elements meeting the hardware requirements from an algorithm information table according to the algorithm requirements in the task requirement information;
selecting a plurality of fourth computing elements meeting the hardware requirements from a data information table according to the data requirements in the task requirement information;
determining whether the selected first computing element, second computing element, third computing element and fourth computing element have an association relationship, and if so, preferentially selecting the computing element with the association relationship as a target computing element.
According to a second aspect of the present invention, there is provided a computing element authentication method applied to a computing element provider, the method comprising:
sending calculation element registration information to a supervision server side so that the supervision server side registers corresponding calculation elements according to the calculation element registration information, wherein the calculation elements comprise one of hardware, a platform, an algorithm and data;
after at least one computing element of the computing element provider is combined into a computing participant, sending a certificate signature request file to the supervision server, so that the supervision server confirms whether the corresponding computing element is registered according to the certificate signature request file and sends an identity certificate of the computing element to the registered computing participant;
And receiving an identity certificate of a computing element related to the certificate signing request file sent by the supervision server side, and establishing authentication with the supervision server side or authentication with other computing participants according to the identity certificate.
Further, the computing element is hardware, a platform, an algorithm or data;
the sending the registration information of the computing element to the supervision server includes:
generating a hash value based on calculation element characteristic data of a calculation participant through a local application program of the calculation participant, and sending the hash value as calculation element registration information to a supervision server, wherein the calculation element characteristic data is hardware characteristic data, platform characteristic data, algorithm characteristic data or data characteristic data;
the sending the certificate signing request file to the supervision server side comprises the following steps:
generating a hash value based on calculation element characteristic data of the calculation participant by the local application program of the calculation participant, wherein the calculation element characteristic data is hardware characteristic data, platform characteristic data, algorithm characteristic data or data characteristic data;
generating a certificate signature request file, wherein the certificate signature request file comprises first information, second information and third information, the first information comprises the hash value, the second information comprises hash relation parameters, and the third information comprises business requirement information;
And carrying out identity verification based on the certificate of the application program and the supervision server, and sending the certificate signature request file to the supervision server.
Further, the method further comprises:
generating a first private key based on the hash value, and generating a first public key based on the first private key;
and transmitting the first public key through a certificate signature request file.
Further, the computing element is a combination element of hardware, a platform and an algorithm related to an algorithm instance, or a combination element of hardware, a platform and data related to a data instance;
the sending the registration information of the computing element to the supervision server includes:
generating a first hash value, a second hash value and a third hash value based on calculation elements related to an algorithm instance or a data instance respectively, wherein the first hash value is a hardware hash value, the second hash value is a platform hash value, and the third hash value is an algorithm hash value or a data hash value;
generating a hash relation registry, wherein the hash relation registry comprises a first hash value, a second hash value, a third hash value and a hash relation number;
the sending the certificate signing request file to the supervision server side comprises the following steps:
Generating a certificate signature request file, wherein the certificate signature request file comprises first information, second information and third information, the first information comprises a first hash value, a second hash value and a third hash value, the second information comprises a hash relation parameter, and the third information comprises business requirement information;
and sending the certificate signing request file to a supervision server.
In summary, the embodiment of the invention provides a method and a device for authenticating computing elements, wherein the method comprises the following steps: receiving calculation element registration information sent by a calculation element provider, and registering corresponding calculation elements according to the calculation element registration information, wherein the calculation elements comprise one or more than two of hardware, a platform, an algorithm and data; receiving a certificate signature request file sent by a computing participant; and confirming whether the corresponding computing element is registered according to the certificate signature request file, and sending an identity certificate of the computing element to the registered computing participant, wherein the identity certificate is used for establishing authentication between the computing participant and the supervision server or authentication between the computing participants. In the technical scheme of the embodiment of the invention, each computing element involved in the data computation comprises hardware, a platform, an algorithm and data, the registration is carried out in advance on a supervision server side, and the supervision server side issues an identity certificate to each computing element or each computing element combination according to the existing registration record, so that the integral authentication of the computing element is realized, and the security and reliability of the data computation in the data operation are improved. In the scheme, the supervision server can respectively verify corresponding to hardware, a platform, an algorithm and data, verify whether the hardware, the platform, the algorithm and the data are compliant, issue certificates when the computing elements are combined into a computing node (of a computing participant), and verify the security of the hardware, the platform, the algorithm (or the data) of the computing participant according to the certificates by other computing participants.
Drawings
FIG. 1 is a flow chart of a method for computing element authentication according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for computing element authentication according to another embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The objects, technical solutions and advantages of the present invention will become more apparent by the following detailed description of the present invention with reference to the accompanying drawings. It should be understood that the description is only illustrative and is not intended to limit the scope of the invention. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present invention.
It is to be noted that unless otherwise defined, technical or scientific terms used in one or more embodiments of the present invention should be taken in a general sense as understood by one of ordinary skill in the art to which the present invention belongs. The use of the terms "first," "second," and the like in one or more embodiments of the present invention does not denote any order, quantity, or importance, but rather the terms "first," "second," and the like are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect.
The technical scheme of the invention is described in detail below with reference to the accompanying drawings. The embodiment of the invention provides a computing element authentication method, which is applied to a supervision server, wherein a flow chart of the computing element authentication method is shown in fig. 1, and the method comprises the following steps of:
s202, receiving calculation element registration information sent by a calculation element provider, and registering a corresponding calculation element according to the calculation element registration information, wherein the calculation element comprises one of hardware, a platform, an algorithm and data. In the embodiment of the invention, the calculation elements are divided into four types: hardware, a platform, an algorithm and data, wherein each computing element needs to register a hash value of the computing element in advance at a supervision server, so that the hash value is used as a verification for element identity when a subsequent identity certificate is issued. Registering each individual computing element with the supervision server, wherein the registering can be initiated to the supervision server through a tool (application program) which is arranged on a terminal where the computing element is located and is specially used for registering the computing element, for example, for a hardware computing element, a hash value can be generated as the hash value of the hardware based on specific information data of the hardware through a certain compiled application program (the tool for registering the hardware is independently developed and is customized for each client) running on the hardware; for a platform (software) computing element, a hash value can be generated as a hash value of the platform by a certain compiled application program (which is a tool for independently developing platform registration and is customized for each client) based on specific information data of the platform; for the algorithm calculation element, a hash value can be generated as the hash value of the algorithm by a certain compiled application program (which is a tool for independently developing algorithm registration and is customized for each client) based on specific information data of the algorithm; for the data calculation element, a hash value may be generated as a hash value of the data (interface/metadata/data set, etc.) based on specific information data of the data, by a certain kind of compiled application program (which is a tool for separately developing algorithm registration, will be customized for each client). The calculation element registration information transmitted from the calculation element provider may include a calculation element hash value generated from information that proves the identity of the calculation element. According to the types of different computing elements, the computing element hash values comprise a hardware hash value, a platform hash value, an algorithm hash value and a data hash value. The hardware hash value is generated according to hardware attribute information, wherein the hardware attribute information comprises related information such as a main board, a CPU, a hard disk, a coding address and the like of hardware; the platform hash value is generated according to platform attribute information, and the platform attribute information comprises related information such as a platform serial number, a platform code, a version number and the like; the algorithm hash value is generated according to algorithm attribute information, and the algorithm attribute information comprises related information such as an algorithm serial number, an algorithm code, a version number and the like; the data hash value is generated based on data attribute information including, for example, data interface code, data set information, metadata information, and the like.
S204, receiving a certificate signature request file sent by the computing participant. A certificate signing request file is generated by the computing party from the hash value.
S206, confirming whether the corresponding computing element is registered according to the certificate signature request file, and sending an identity certificate of the computing element to the registered computing participant, wherein the identity certificate is used for establishing authentication between the computing participant and the supervision server or authentication between the computing participants. Confirming whether the corresponding computing element is registered according to the certificate signature request file, and for the individual computing element, confirming the corresponding computing element by the following steps:
s2061, acquiring first information in the certificate signature request file, wherein the first information comprises the calculation element hash value;
s2062, confirming an authentication module to which the corresponding computing element belongs according to the first information;
s2063, adopting the confirmed authentication module to confirm whether the computing element is registered, wherein the authentication module is a hardware authentication module, a platform authentication module, an algorithm authentication module or a data authentication module.
The registration of information also includes registration of a combination of computing elements, including hardware, a platform and a combination of algorithms carried by the hardware, the platform and a combination of data carried by the platform, i.e. each computing element in the combination of computing elements is built together, rather than distributed in a decentralized manner, such as data, platform and hardware, or the algorithm, platform and hardware belong to the same device. When some computing elements belong to the same device, hash values of the computing elements generate an association relationship, and the association relationship between the computing elements can be recorded by generating a hash relationship registry. The certificate signing request file comprises relevant hash information of the calculation element combination (comprising an algorithm example or a data example) and whether each relevant calculation element is registered or not is searched at a service supervision end. For the request of the calculation element combination, whether the calculation element combination is registered or not can be confirmed by distinguishing whether the calculation element combination corresponds to the calculation element combination or not according to the following steps:
S2064, obtaining second information in the certificate signing request file, where the second information includes a hash relation parameter.
S2065, when the value of the second information is an effective value, searching the hash relation registry through a combined element authentication module of the supervision server to confirm whether the calculation element is registered; the second information is a valid value, and indicates that the computing element is a combination of more than two of hardware, a platform, an algorithm and data.
Specifically, if the hash value in the first information does not exist in the hash relation registry, sending certificate signature request invalidation information to the computing participant; if the hash value in the first information exists in the hash relation registry, confirming whether the associated certificate issuing state parameter is valid or not; if the certificate issuing state parameter is valid, sending an identity certificate of the combined computing element to the computing participant according to third information in a certificate signing request file, wherein the third information comprises service requirement information; if the certificate issuing status parameter is invalid, the identity certificate of the combined calculation element is sent to the calculation participant, and the certificate issuing status, the name of the calculation element of the acquired certificate, the hash value of the calculation element of the acquired certificate, the type of the calculation element of the acquired certificate and the basic information of the calculation element of the acquired certificate are recorded in a hash relation registry. The combination of calculation elements represents one or more calculation elements, and is an integral component. The administration server may issue an identity certificate for the combination of computing elements. In the original file parameters of the signature request file of each calculation element certificate, hash relation parameters appear, the parameters are Boolean values, when the parameter values are valid, the parameters enter a combined element authentication module, and a hash relation registry is searched. In the hash relation registry, whether the calculated element hash value exists in the table or not in the calculated element certificate signature request file is searched, and if the calculated element hash value does not exist in the table, the issuing request is invalid. If the computing element hash value exists in the table, its associated "certificate issue status parameter" is retrieved, and if so, it indicates that the identity certificate for the computing element combination has been issued. The administration service may also determine whether to send the already formed element combination certificate to the element based on the service information in the certificate signing request file. For example, in a contract related to business approval, the fact that the computing element needs to obtain an identity certificate of the computing element combination whole is related, if the identity certificate is needed, the supervision server side issues the computing element combination whole certificate to the computing element; if the business information expression is not needed, the calculation element combination whole certificate is not additionally issued to the calculation element. If the hash value of the computing element exists in the table and the associated certificate issue status parameter is searched, the hash value is invalid, the identity certificate of the computing element combination is not issued; meanwhile, issuing a computing element combination identity certificate to the computing element, and recording the name, hash value and type of the computing element in a hash relation registry.
The supervision server may locally set an authentication (CA) module, where the authentication module includes a hardware authentication module, a platform authentication module, an algorithm authentication module, or a data authentication module, where the authentication module stores the computing element and the registration information of the computing element combination, and may further include a combination element authentication module, where the authentication module stores a hash relationship registry of the computing element combination. And the supervision server performs search and confirmation on each authentication module of the supervision server according to the hash value carried in the certificate signature request file (CSR), and if the authentication module is registered in advance, the supervision server issues the corresponding identity certificate. The header of the hash relationship registry is shown in table 1:
TABLE 1 hash relationship registry header
According to certain alternative embodiments, the method further comprises:
based on the hash relation registry, the number of computing participants in the predetermined area that obtain the identity certificate is counted. The number of computing participants in the predetermined area that obtain the identity certificate may be counted based on information recorded in the hash relationship registry. For example, counting how many platform computing elements obtain identity certificates in a certain area, and counting the number of the identity certificates of the platform computing elements under the field of the area; and counting the number of certificates of which the type of the obtained computing element combination identity certificate is the platform computing element under the regional field, and then adding.
According to certain alternative embodiments, the method may further comprise the steps of:
s2071, receiving task requirement information of a computing task;
s2072, selecting a target computing element from registered computing elements according to the task requirement information, so as to determine a computing participant according to the target computing element. According to the task requirement information, the step can preferentially select the computing element with the association relation from the computing elements as the target computing element.
S2073, constructing a safe calculation space according to a calculation participant, wherein the safe calculation space refers to a calculation execution system formed by providing related calculation elements by the calculation participant according to a calculation task, the calculation elements of the calculation execution system are mutually authenticated to confirm safety, the calculation execution system is connected and cooperated by the related calculation elements according to the requirement of the calculation task to form a relatively independent safe system, and the calculation execution system is used for executing the calculation task and obtaining a calculation result.
S2074, after determining that at least two types of computing elements are combined elements, acquiring computing element combined information of at least two different types of computing elements. The combined element may be combined in the original state of the computing element provider, for example, the computing element provider may be composed of hardware and a platform, and may upload a message to prove that the two computing elements are combined; or may be a combination of server schedule calculation elements to form a combined element.
The combination of computing elements may be a combination of hardware and a platform, or a combination of a platform and an algorithm, or a combination of a platform and data, a combination of hardware and an algorithm, a combination of hardware and data, or the like. For example, the platform itself is already deployed on hardware, and it is not necessary to schedule the combination again. The two types of computing elements are determined to be the combined elements, and the computing participants can upload the combined information to the server, or the server actively schedules one computing element to another computing element, for example, after the server schedules the platform to hardware, the combined elements are formed.
S2075, establishing association relation for the corresponding computing elements according to the computing element combination information.
After registering the calculation element registration information, the calculation element is stored in an element registration information table, and the element registration information table includes a hardware information table, a platform information table, an algorithm information table, and a data information table by category. The hardware information table is used for storing hardware related information, including hardware attribute information and hardware hash values, wherein the hardware attribute information includes, but is not limited to, a main board, a CPU, a hard disk and an encoded address of the hardware. The hardware hash value can be generated according to the hardware attribute information, or can be generated by adopting other related information of hardware. The platform information table is used to store platform related information, including platform attribute information including, but not limited to, platform serial number, platform code, and version number, and platform hash values. The platform hash value can be generated according to the platform attribute information, and can also be generated by adopting other relevant information of the platform. The algorithm information table is used for storing algorithm related information including algorithm attribute information and algorithm hash values, the algorithm attribute information including but not limited to algorithm serial numbers, algorithm codes and version numbers. The algorithm hash value can be generated according to the algorithm attribute information, and can also be generated by adopting related information of other algorithms. The data information table is used for storing data-related information including data attribute information and data hash values, the data attribute information including, but not limited to, data interface codes, data set information and metadata information. The data hash value may be generated based on the data attribute information, or may be generated by other data related information. The above information tables may further include classification information, and the hardware information table may include classification of whether the trusted execution environment is supported or not or other classification. The platform information table may contain information such as supportable algorithms, types of data, etc. The algorithm information table may contain supportable data types, adapted platforms, hardware, etc. class information. The data information table may contain information such as a data storage format, an encryption scheme of data, and use of data.
In an alternative example, the hash values of the computing elements of the computing element provider may be preset in a plurality of verification centers, and the verification centers are used for providing verification services for the corresponding computing elements, where the computing elements corresponding to the hash values of the computing elements stored in the verification centers are verified and rule-conforming computing elements, for example, after development is completed, an application program (or called algorithm) needs to be uploaded to an auditing mechanism to perform compliance audit, and then the hash values of the corresponding computing elements are stored in the verification centers. After receiving the registration information of the computing element provider, the supervision server can send the hash value of the computing element to be verified to the verification center for verification, and after the verification is passed, the registration information of the computing element is registered in the supervision server. The verification center may also send the calculated element hash value to the supervision server, and the supervision server may extract the corresponding calculated element hash value after receiving the calculated element registration information of the calculated element provider, so as to perform verification. In addition, in another alternative scheme, the supervision server side of the scheme may also perform compliance verification on the computing element, for example, after receiving the computing element registration information, the supervision server side may include attribute information of the registering element, and may further obtain other information (or may not obtain, only verify information such as attribute, etc.) of the registering element, so as to verify whether the computing element is compliant, and after the verification is passed, store the corresponding computing element hash value in the information table (for example, store in the hardware information table, the platform information table, the algorithm information table or the data information table according to the category).
Wherein, according to the task request information, preferentially select the computing element with association from the computing elements as the target computing element, and further comprise:
selecting a plurality of first computing elements meeting the hardware requirements from a hardware information table according to the hardware requirements in the task requirement information; selecting a plurality of second computing elements meeting the platform requirements from the platform information table according to the platform requirements in the task requirement information; selecting a plurality of third computing elements meeting the hardware requirements from an algorithm information table according to the algorithm requirements in the task requirement information; selecting a plurality of fourth computing elements meeting the hardware requirements from a data information table according to the data requirements in the task requirement information; determining whether the selected first computing element, second computing element, third computing element and fourth computing element have an association relationship, and if so, preferentially selecting the computing element with the association relationship as a target computing element. The association relation table can be set, the association relation can be determined through table lookup, and priority marks can be added, so that the more the associated computing elements are, the higher the priority level of the computing elements is, and table lookup can be performed with higher priority. And marks can be added to the first to fourth computing elements, if all the four types of elements meeting the requirements have marks, whether the relationship exists or not can be further inquired, and if the relationship does not exist, the inquiry is not needed. According to the embodiment of the invention, through the technical scheme, the equipment which is physically combined can be preferentially selected to participate in calculation, so that the scheduling process is reduced, for example, the process of scheduling the platform to hardware and the process of scheduling the algorithm to the platform are reduced.
According to certain alternative embodiments, the method may further comprise the steps of:
s2081, classifying registered computing element registration information according to computing elements to obtain hash values under different computing element categories;
s2082, clustering hash values under each calculation element category according to the letter bit length and the number bit length of the hash values; the hash value lengths are defined here, and the hash value lengths are defined to be identical.
S2083, mapping and converting the hash value in each cluster to obtain a hash mapping value, wherein the hash mapping value is expressed as
Wherein, the liquid crystal display device comprises a liquid crystal display device,letter representing the hash value as letter bit, +.>Indicating that the hash value is common +.>Bit letter bits; />10-bit binary number representing the number of the digital bit in the hash value, ±>Indicating that the hash value is common +.>A bit digital bit;,/>
s2084, carrying out hash bucket division on the hash mapping value, wherein each hash bucket meets the following conditions: hash valueThe values are the same;
s2085 inIn the recipe, get->The 0-1 values of the two digits constitute a 0-1 digit string, said +.>And the combination of the digit strings as an assembly index of the hash bucket;
s2086, searching the first information in the calculation element registration information of the hash buckets through an authentication module of the supervision server.
In order to reduce the cost of searching the hash value of the calculation element, the hash value registered by the calculation element can be further classified in the embodiment of the invention, so that the subsequent searching according to the hash value in the certificate signature request file is convenient. The barreling rule may be implemented, for example, according to the following rule: (1) The hash values are divided according to the types of the computing elements, and can be divided into four hash value types which are respectively recorded as hardware hash types, platform hash types, algorithm hash types and data hash types; (2) Classifying the hash values according to the lengths of the hash values under each hash type, and recording the hash lengths as cluster names, such as a hardware hash type cluster 10, wherein the hash length under the type is 10; (3) mapping and converting the registered hash value. The conversion rule is as follows: binarizing the number of each digital position of the hash, if the position is a letter, reserving the letter, and placing all the letters in advance; if the bit is a number, the bit is converted to a 10-bit binary notation. For example, if the hash value of a certain calculation element is a91, the hash value after mapping conversion is: a 1111111111 1100000000; for example, if the hash value of a certain calculation element is A9B1, the hash value after mapping conversion is: AB 1111111111 1100000000 (100000000 for number 0; 110000000 for number 1; 111000000 for number 2; 111100000 for number 3.. And so on); the hash bucket is formulated in the following way: the number of letters of the hash value is the same, and the mapping function for the digital portion satisfies: k binary 0-1 values are taken to form a new 0-1 digit string, and the letter number + digit string is used as the assembly index of the hash bucket. Because the mapping mode can lead the hash values falling in the same hash bucket to have high proximity degree, namely the element categories are the same, the hash lengths are the same, the letter numbers are the same, and the similarity probability of the digital parts is that (wherein->When defined as decimal, the probability that the sum of the digital differences of the decimal bits equals x. Where k and x are parameters of the mapping method, and the user can set by himself, the larger the value of k, the smaller the value of x, the higher the proximity of hash values falling on the digital part of the same hash bucket.
In order to improve the issuing efficiency of the identity certificate, different computing element identity certificate issuing engines can be further arranged for different computing elements: setting a computing element certificate issuing engine corresponding to each computing element; and sending the certificate signature request file to the hash buckets under different computing element categories through each computing element certificate issuing engine so as to search in the hash buckets according to the certificate signature request file. The hardware certificate issuing engine, the platform certificate issuing engine, the algorithm certificate issuing engine and the data certificate issuing engine can be set for different computing elements, and are used for issuing identity certificates for different computing elements or computing element combinations respectively, and each issuing engine sends requests to different types of hash buckets.
The secure computation space certificate issuing engine can be further arranged, the secure computation space is composed of a plurality of computing element examples of hardware, a platform, an algorithm and data, and each secure computation space corresponds to one secure computation space certificate and is used for associating the computing element examples in the secure computation space. The rules of the issuance of the secure computation space certificate issuing engine are: after verifying the timeliness of each computing element certificate attached to the certificate issuing request, issuing a secure computing space certificate, and simultaneously generating a secure computing space ID, wherein the validity period of the secure computing space certificate is the shortest of the validity periods of the associated computing element examples. Setting a secure computation space certificate issuing engine to send an identity certificate of a secure computation space to the computation participant through the secure computation space certificate issuing engine, wherein the secure computation space comprises at least one computation element combination of hardware, a platform and an algorithm; the sending, by the secure computation space certificate issuing engine, an identity certificate of the secure computation space to the computation participant, including: verifying timeliness of each calculation element certificate in a certificate signing request file, and issuing an identity certificate of a safe calculation space after verification is passed, wherein the safe calculation space certificate comprises a plurality of calculation element certificates which are mutually related; and generating a secure computation space ID corresponding to the secure computation space certificate, wherein the validity period of the secure computation space certificate is the shortest validity period in the certificates of the multiple computing elements which are mutually related. If the identity certificate of the newly added computing element combination needs to be associated with the secure computation space certificate, an identity certificate modification interface of the secure computation space needs to be called to modify the associated certificate information of the secure computation space identity certificate.
According to certain alternative embodiments, the method further comprises: when any computing element combination in the secure computing space is modified or updated, the validity period of the secure computing space certificate is updated; when a new computing element is added to any computing element combination in the secure computing space, the relation between the secure computing space and the computing element combination is modified. After the computing element example certificate associated with the secure computing space certificate is modified, a modification interface of the associated secure computing space certificate is triggered, whether the validity period of the modified computing element example certificate is smaller than that of the current secure computing space certificate is checked, and if so, the validity period is updated.
The embodiment of the invention also provides a computing element authentication method which is applied to a computing element provider, and a flow chart of the computing element authentication method is shown in fig. 2, and the method comprises the following steps:
s402, sending the calculation element registration information to the supervision server side so that the supervision server side registers the corresponding calculation element according to the calculation element registration information, wherein the calculation element comprises one or more than two of hardware, a platform, an algorithm and data. The computing element registration information may be sent to the administration server by: generating a hash value based on the computing element characteristic data of the computing party through a local application program of the computing party, and sending the hash value to a supervision server as computing element registration information, wherein the computing element characteristic data is hardware characteristic data, platform characteristic data, algorithm characteristic data or data characteristic data. The computing element is a combination element of hardware, a platform and an algorithm related to an algorithm example or a combination element of hardware, a platform and data related to a data example; specifically, sending the computing element registration information to the supervision server includes:
Generating a first hash value, a second hash value and a third hash value based on calculation elements related to an algorithm instance or a data instance respectively, wherein the first hash value is a hardware hash value, the second hash value is a platform hash value, and the third hash value is an algorithm hash value or a data hash value;
generating a hash relation registry, wherein the hash relation registry comprises a first hash value, a second hash value, a third hash value and a hash relation number;
the sending the certificate signing request file to the supervision server side comprises the following steps:
generating a certificate signature request file, wherein the certificate signature request file comprises first information, second information and third information, the first information comprises a first hash value, a second hash value and a third hash value, the second information comprises a hash relation parameter, and the third information comprises business requirement information;
and sending the certificate signing request file to a supervision server.
S404, after at least one computing element of the computing element provider is combined into a computing participant, sending a certificate signature request file to the supervision server, so that the supervision server confirms whether the corresponding computing element is registered according to the certificate signature request file, and sending an identity certificate of the computing element to the registered computing participant. When a certificate signature request file is sent to a supervision server, a hash value is generated based on calculation element characteristic data of a calculation participant through an application program local to the calculation participant, wherein the calculation element characteristic data is hardware characteristic data, platform characteristic data, algorithm characteristic data or data characteristic data, and for example, the hardware hash value is generated according to a main board of hardware, a CPU and related data of a hard disk; the platform hash value is generated according to the platform serial number, the platform code and the version number; the algorithm hash value is generated according to the algorithm serial number, the algorithm code and the version number; the data hash value is encoded according to a data interface, and data set information and metadata information are generated; and then generating a certificate signature request file, wherein the certificate signature request file comprises first information, second information and third information, the first information comprises the hash value, the second information comprises hash relation parameters, and the third information comprises business requirement information. The authentication can be performed based on the certificate of the application program and the supervision server, and the certificate signature request file is sent to the supervision server. For each computing element, a certificate signature request file (CSR) may be generated by a tool (application program) dedicated to registration of the computing element to the supervision server based on the generated hash value, and the file may carry service information (such as regions, industries, etc.), and the certificate signature request file (CSR) is sent to the supervision server (communication transmission may be based on TLS protocol, and in the certificate signature request file (CSR) transmission, identity verification of the application program is based on a self-contained certificate in the application program). The local of the computing element can generate a private key based on a hash value or other assembly codes, and generate a public key based on the private key, wherein the public key can be used as unnecessary information in a certificate signature request file (CSR), and when the public key signed by the supervision server is transmitted to other nodes, the public key can be proved to be signed and safe by the supervision server, so that the public key can be used with confidence in the following communication protocol process. And the supervision server performs search and confirmation on each computing element authentication module of the supervision server according to the hash value carried in the certificate signature request file (CSR), and if the search and confirmation are registered in advance, the supervision server issues the identity certificate of the computing element. The certificate bookmark name request file can be transmitted in an encryption mode: generating a first private key based on the hash value, and generating a first public key based on the first private key; and transmitting the first public key through a certificate signature request file.
S406, receiving an identity certificate of a computing element related to the certificate signing request file sent by the supervision server, so as to establish authentication with the supervision server or authentication with other computing participants according to the identity certificate.
The embodiment of the invention also provides a computing element authentication device which is applied to the supervision server, and the device comprises:
the computing element registration module is used for receiving computing element registration information sent by a computing participant, and registering corresponding computing elements according to the computing element registration information, wherein the computing elements comprise one or more than two of hardware, a platform, an algorithm and data;
the identity certificate providing module is used for receiving a certificate signature request file sent by a computing participant; and confirming whether the corresponding computing element is registered according to the certificate signature request file, and sending an identity certificate of the computing element to the registered computing participant, wherein the identity certificate is used for establishing authentication between the computing participant and the supervision server or authentication between the computing participants.
The specific procedure of each module in the calculation element authentication apparatus provided in the above embodiment of the present invention to realize the function thereof is the same as each step of the calculation element authentication method provided in the above embodiment of the present invention, and thus, a repetitive description thereof will be omitted here.
The embodiment of the invention also provides electronic equipment, and fig. 3 is a schematic structural diagram of the electronic equipment according to the embodiment of the invention. As shown in fig. 3, the electronic device 300 includes: one or more processors 301 and memory 302; and computer program instructions stored in the memory 302, which when executed by the processor 301, cause the processor 301 to perform the computational element authentication method of any of the embodiments described above. The processor 301 may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities and may control other components in the electronic device to perform desired functions.
Memory 302 may include one or more computer program products, which may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. Volatile memory can include, for example, random Access Memory (RAM) and/or cache memory (cache) and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program instructions may be stored on a computer readable storage medium and the processor 301 may execute the program instructions to implement the steps in the computing element authentication method and/or other desired functions of the various embodiments of the present invention above.
In some embodiments, the electronic device 300 may further include: an input device 303, and an output device 304, which are interconnected by a bus system and/or other form of connection mechanism (not shown in fig. 3). For example, when the electronic device is a stand-alone device, the input means 303 may be a communication network connector for receiving the acquired input signal from an external, removable device. In addition, the input device 303 may also include, for example, a keyboard, a mouse, a microphone, and the like. The output device 304 may output various information to the outside, and may include, for example, a display, a speaker, a printer, a communication network, a remote output apparatus connected thereto, and the like.
In addition to the methods and apparatus described above, embodiments of the invention may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in a method of computing element authentication as in any of the embodiments described above.
The computer program product may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present invention may also be a computer-readable storage medium having stored thereon computer program instructions which, when executed by a processor, cause the processor to perform steps in a computing element authentication method of various embodiments of the present invention.
A computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It is to be appreciated that the processor in embodiments of the invention may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In summary, the embodiment of the invention relates to a method and a device for authenticating computing elements, wherein the method comprises the following steps: receiving calculation element registration information sent by a calculation participant, and registering corresponding calculation elements according to the calculation element registration information, wherein the calculation elements comprise one or more than two of hardware, a platform, an algorithm and data; receiving a certificate signature request file sent by a computing participant; and confirming whether the corresponding computing element is registered according to the certificate signature request file, and sending an identity certificate of the computing element to the registered computing participant, wherein the identity certificate is used for establishing authentication between the computing participant and the supervision server or authentication between the computing participants. In the technical scheme of the embodiment of the invention, each computing element involved in the data computation comprises hardware, a platform, an algorithm and data, the registration is carried out in advance on a supervision server side, and the supervision server side issues an identity certificate to each computing element or each computing element combination according to the existing registration record, so that the integral authentication of the computing element is realized, and the security and reliability of the data computation in the data operation are improved.
It should be understood that the above discussion of any of the embodiments is exemplary only and is not intended to suggest that the scope of the invention (including the claims) is limited to these examples; combinations of features of the above embodiments or in different embodiments are also possible within the spirit of the invention, steps may be implemented in any order and there are many other variations of the different aspects of one or more embodiments of the invention described above which are not provided in detail for the sake of brevity. The above detailed description of the present invention is merely illustrative or explanatory of the principles of the invention and is not necessarily intended to limit the invention. Accordingly, any modification, equivalent replacement, improvement, etc. made without departing from the spirit and scope of the present invention should be included in the scope of the present invention. Furthermore, the appended claims are intended to cover all such changes and modifications that fall within the scope and boundary of the appended claims, or equivalents of such scope and boundary.

Claims (10)

1. A method for authenticating computing elements, applied to a supervision server, the method comprising:
receiving calculation element registration information sent by a calculation element provider, and registering a corresponding calculation element according to the calculation element registration information, wherein the calculation element comprises one of hardware, a platform, an algorithm and data;
Receiving a certificate signature request file sent by a computing participant, wherein the computing participant consists of the following computing elements: the system consists of hardware, a platform and an algorithm or consists of hardware, a platform and data;
and confirming whether the computing element corresponding to the computing participant is registered according to the certificate signature request file, and sending an identity certificate of the computing element to the computing participant with which the computing element is registered, wherein the identity certificate is used for establishing authentication between the computing participant and the supervision server or authentication between the computing participants.
2. The method of claim 1, wherein the computing element registration information includes a computing element hash value generated from information that proves the identity of the computing element; the certificate signature request file is generated by a computing participant according to the hash value;
confirming whether the corresponding computing element is registered according to the certificate signing request file comprises the following steps:
acquiring first information in the certificate signing request file, wherein the first information comprises the calculation element hash value;
confirming an authentication module to which a corresponding computing element belongs according to the first information;
And adopting the confirmed authentication module to confirm whether the computing element is registered, wherein the authentication module is a hardware authentication module, a platform authentication module, an algorithm authentication module or a data authentication module.
3. The method of claim 2, wherein the computational element hash values include a hardware hash value, a platform hash value, an algorithm hash value, and a data hash value;
the hardware hash value is generated according to the hardware attribute information;
the platform hash value is generated according to the platform attribute information;
the algorithm hash value is generated according to the algorithm attribute information;
the data hash value is generated according to the data attribute information.
4. The method according to claim 1, wherein the method further comprises:
receiving task requirement information of a computing task;
selecting a target computing element from registered computing elements according to task requirement information, so as to determine a computing participant according to the target computing element;
according to the computing participants, a safe computing space is constructed, wherein the safe computing space is a computing execution system formed by providing related computing elements by the computing participants according to computing tasks, the computing elements of the computing execution system are mutually authenticated to confirm safety, the computing execution system is connected and cooperated by the related computing elements according to the requirements of the computing tasks to form a relatively independent safe system, and the computing execution system is used for executing the computing tasks and obtaining computing results.
5. The method according to claim 4, wherein the method further comprises:
after determining that at least two types of computing elements are combined elements, acquiring computing element combined information of at least two different types of computing elements;
establishing an association relation for the corresponding computing elements according to the computing element combination information;
selecting a target computing element from registered computing elements according to the task requirement information, wherein the target computing element comprises:
according to the task request information, preferentially selecting the computing element with the association relation from the computing elements as a target computing element.
6. The method of claim 5, wherein after registering the calculation element registration information, the calculation element is stored in an element registration information table, the element registration information table including a hardware information table, a platform information table, an algorithm information table, and a data information table by category;
the selecting the computing element with the association relation from the computing elements as the target computing element preferentially according to the task requirement information comprises the following steps:
selecting a plurality of first computing elements meeting the hardware requirements from a hardware information table according to the hardware requirements in the task requirement information;
Selecting a plurality of second computing elements meeting the platform requirements from the platform information table according to the platform requirements in the task requirement information;
selecting a plurality of third computing elements meeting the hardware requirements from an algorithm information table according to the algorithm requirements in the task requirement information;
selecting a plurality of fourth computing elements meeting the hardware requirements from a data information table according to the data requirements in the task requirement information;
determining whether the selected first computing element, second computing element, third computing element and fourth computing element have an association relationship, and if so, preferentially selecting the computing element with the association relationship as a target computing element.
7. A computing element authentication method, applied to a computing element provider, comprising:
sending calculation element registration information to a supervision server side so that the supervision server side registers corresponding calculation elements according to the calculation element registration information, wherein the calculation elements comprise one of hardware, a platform, an algorithm and data;
after at least one computing element of the computing element provider is combined into a computing participant, sending a certificate signature request file to the supervision server, so that the supervision server confirms whether the corresponding computing element is registered according to the certificate signature request file and sends an identity certificate of the computing element to the registered computing participant;
And receiving an identity certificate of a computing element related to the certificate signing request file sent by the supervision server side, and establishing authentication with the supervision server side or authentication with other computing participants according to the identity certificate.
8. The method of claim 7, wherein the computing element is hardware, a platform, an algorithm, or data;
the sending the registration information of the computing element to the supervision server includes:
generating a hash value based on calculation element characteristic data of a calculation participant through a local application program of the calculation participant, and sending the hash value as calculation element registration information to a supervision server, wherein the calculation element characteristic data is hardware characteristic data, platform characteristic data, algorithm characteristic data or data characteristic data;
the sending the certificate signing request file to the supervision server side comprises the following steps:
generating a hash value based on calculation element characteristic data of the calculation participant by the local application program of the calculation participant, wherein the calculation element characteristic data is hardware characteristic data, platform characteristic data, algorithm characteristic data or data characteristic data;
generating a certificate signature request file, wherein the certificate signature request file comprises first information, second information and third information, the first information comprises the hash value, the second information comprises hash relation parameters, and the third information comprises business requirement information;
And carrying out identity verification based on the certificate of the application program and the supervision server, and sending the certificate signature request file to the supervision server.
9. The method of claim 8, wherein the method further comprises:
generating a first private key based on the hash value, and generating a first public key based on the first private key;
and transmitting the first public key through a certificate signature request file.
10. The method of claim 7, wherein the computational element is a combination of hardware, platform, and algorithm associated with an algorithm instance, or a combination of hardware, platform, and data associated with a data instance;
the sending the registration information of the computing element to the supervision server includes:
generating a first hash value, a second hash value and a third hash value based on calculation elements related to an algorithm instance or a data instance respectively, wherein the first hash value is a hardware hash value, the second hash value is a platform hash value, and the third hash value is an algorithm hash value or a data hash value;
generating a hash relation registry, wherein the hash relation registry comprises a first hash value, a second hash value, a third hash value and a hash relation number;
The sending the certificate signing request file to the supervision server side comprises the following steps:
generating a certificate signature request file, wherein the certificate signature request file comprises first information, second information and third information, the first information comprises a first hash value, a second hash value and a third hash value, the second information comprises a hash relation parameter, and the third information comprises business requirement information;
and sending the certificate signing request file to a supervision server.
CN202311225109.0A 2023-09-21 2023-09-21 Calculation element authentication method and device for data calculation in data operation Active CN116956258B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311225109.0A CN116956258B (en) 2023-09-21 2023-09-21 Calculation element authentication method and device for data calculation in data operation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311225109.0A CN116956258B (en) 2023-09-21 2023-09-21 Calculation element authentication method and device for data calculation in data operation

Publications (2)

Publication Number Publication Date
CN116956258A true CN116956258A (en) 2023-10-27
CN116956258B CN116956258B (en) 2023-12-05

Family

ID=88458819

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311225109.0A Active CN116956258B (en) 2023-09-21 2023-09-21 Calculation element authentication method and device for data calculation in data operation

Country Status (1)

Country Link
CN (1) CN116956258B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20180041054A (en) * 2017-09-06 2018-04-23 주식회사 코인플러그 Method for providing certificate service based on smart contract and server using the same
KR101858653B1 (en) * 2016-12-30 2018-06-28 주식회사 코인플러그 Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same
CN109743172A (en) * 2018-12-06 2019-05-10 国网山东省电力公司电力科学研究院 Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal
CN110046507A (en) * 2018-12-12 2019-07-23 阿里巴巴集团控股有限公司 Form the method and device of trust computing cluster
US20210218576A1 (en) * 2020-01-10 2021-07-15 Beijing Baidu Netcom Science And Technology Co., Ltd. Method, apparatus for blockchain-based multi-party computation, device and medium
US20210342841A1 (en) * 2020-05-01 2021-11-04 Capital One Services, Llc Mobile authentification method via peer mobiles
CN114374522A (en) * 2022-03-22 2022-04-19 杭州美创科技有限公司 Trusted device authentication method and device, computer device and storage medium
CN116501501A (en) * 2023-06-21 2023-07-28 亚信科技(中国)有限公司 Method and device for managing and arranging computing power resources, electronic equipment and storage medium
CN116707758A (en) * 2023-06-20 2023-09-05 杭州趣链科技有限公司 Authentication method, equipment and server of trusted computing equipment
CN116738406A (en) * 2023-04-24 2023-09-12 中国联合网络通信集团有限公司 Trusted execution environment TEE authentication system, method, device and storage medium

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101858653B1 (en) * 2016-12-30 2018-06-28 주식회사 코인플러그 Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same
KR20180041054A (en) * 2017-09-06 2018-04-23 주식회사 코인플러그 Method for providing certificate service based on smart contract and server using the same
CN109743172A (en) * 2018-12-06 2019-05-10 国网山东省电力公司电力科学研究院 Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal
CN110046507A (en) * 2018-12-12 2019-07-23 阿里巴巴集团控股有限公司 Form the method and device of trust computing cluster
US20210218576A1 (en) * 2020-01-10 2021-07-15 Beijing Baidu Netcom Science And Technology Co., Ltd. Method, apparatus for blockchain-based multi-party computation, device and medium
US20210342841A1 (en) * 2020-05-01 2021-11-04 Capital One Services, Llc Mobile authentification method via peer mobiles
CN114374522A (en) * 2022-03-22 2022-04-19 杭州美创科技有限公司 Trusted device authentication method and device, computer device and storage medium
CN116738406A (en) * 2023-04-24 2023-09-12 中国联合网络通信集团有限公司 Trusted execution environment TEE authentication system, method, device and storage medium
CN116707758A (en) * 2023-06-20 2023-09-05 杭州趣链科技有限公司 Authentication method, equipment and server of trusted computing equipment
CN116501501A (en) * 2023-06-21 2023-07-28 亚信科技(中国)有限公司 Method and device for managing and arranging computing power resources, electronic equipment and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
孙学军;: "基于集群架构的物联网终端动态认证仿真", 计算机仿真, no. 04, pages 317 - 321 *
孙江辉;杜程;马龙;: "可信计算平台的认证机制的设计", 现代电子技术, no. 06, pages 30 - 36 *
肖长水;姒茂新;傅颖丽;方立刚;顾才东;: "自认证可信云存储框架与算法设计", 计算机工程与设计, no. 10, pages 107 - 112 *

Also Published As

Publication number Publication date
CN116956258B (en) 2023-12-05

Similar Documents

Publication Publication Date Title
JP6877448B2 (en) Methods and systems for guaranteeing computer software using distributed hash tables and blockchain
EP3639465B1 (en) Improved hardware security module management
US10924285B2 (en) Method and server for providing notary service with respect to file and verifying file recorded by the notary service
WO2021114937A1 (en) Blockchain-based service processing method, apparatus and device
US10235538B2 (en) Method and server for providing notary service for file and verifying file recorded by notary service
US10643208B2 (en) Digital payment system
WO2020182005A1 (en) Method for information processing in digital asset certificate inheritance transfer, and related device
CN108923908A (en) authorization processing method, device, equipment and storage medium
CN107453874B (en) Digital seal and generation method thereof, service request and providing method and electronic equipment
JP2019153181A (en) Management program
CN109067732A (en) Internet of things equipment and data insertion system, method and computer readable storage medium
US11258771B2 (en) Systems and methods for sending user data from a trusted party to a third party using a distributed registry
CN111709860A (en) Homote advice processing method, device, equipment and storage medium
CN112069529B (en) Block chain-based volume management method and device, computer and storage medium
EP4011031B1 (en) Secure identity card using unclonable functions
JP7462903B2 (en) User terminal, authenticator terminal, registrant terminal, management system and program
CN116956258B (en) Calculation element authentication method and device for data calculation in data operation
KR20190068886A (en) Blockchain based Method and system for supporting open source software license compliance
CN115967508A (en) Data access control method and device, equipment, storage medium and program product
CN112016118A (en) Anonymous database rating updates
CN117034370B (en) Data processing method based on block chain network and related equipment
KR102179076B1 (en) System for providing block chain Solution on Data Integrity of Public data-set, and process method thereof
JP2024518487A (en) Method and system for quantum-resistant hashing schemes
KR20230137767A (en) Method for Issuing Non-Fungible Token of Certificate-Based Rights Objects
KR20230137770A (en) Method for Issuing Non-Fungible Token of Industrial Property

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant