WO2019174187A1 - Blockchain-based method for message communication between multiple terminals, terminal and storage medium - Google Patents

Blockchain-based method for message communication between multiple terminals, terminal and storage medium Download PDF

Info

Publication number
WO2019174187A1
WO2019174187A1 PCT/CN2018/102397 CN2018102397W WO2019174187A1 WO 2019174187 A1 WO2019174187 A1 WO 2019174187A1 CN 2018102397 W CN2018102397 W CN 2018102397W WO 2019174187 A1 WO2019174187 A1 WO 2019174187A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
blockchain
encrypted
message
terminal
Prior art date
Application number
PCT/CN2018/102397
Other languages
French (fr)
Chinese (zh)
Inventor
张文明
陆陈一帆
宦鹏飞
张宇
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2019174187A1 publication Critical patent/WO2019174187A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a method, a terminal, and a storage medium for message communication between multiple ends based on a blockchain.
  • the traditional method can use TCP or UDP to perform message communication between multiple terminals, but in the process of communication, the message communication process between the message producer and the message consumer cannot be guaranteed. Confidentiality and confidentiality of message data, for example, cannot guarantee that the message producer consumer's receipt of the message is valid and falsified, and when it comes to the response of multiple consumers, it will be leaked to other consumers themselves as participants, production. In view of this, the message of communication between the message producer and the message consumer and the confidentiality of the message data are effectively solved as a problem to be solved.
  • the purpose of the application is to provide a method, a terminal and a storage medium for inter-terminal message communication based on blockchain, which are intended to effectively guarantee the confidentiality of the message communication process and the plaintext of the message.
  • the present application provides a method for inter-multi-terminal message communication based on a blockchain, and the method for inter-terminal message communication based on a blockchain includes:
  • the second CA certificate is obtained, and the public key corresponding to the second CA certificate is uploaded to the blockchain node of the blockchain network.
  • the producer terminal generates its own first key, encrypts the message plaintext to be communicated based on the first key and uses a predetermined encryption algorithm, and uploads the encrypted message plaintext to the blockchain node;
  • the producer terminal acquires the public key corresponding to the second CA certificate of the consumer terminal from the blockchain network, and uses the public key corresponding to the second CA certificate of the consumer terminal based on the private key of the first CA certificate and utilizes the exchange protocol.
  • the algorithm processes the first negotiation key, encrypts the generated first key by using the first negotiation key to obtain the encrypted first key, and uploads the encrypted first key to the blockchain node. ;
  • the consumer terminal acquires the encrypted first key on the blockchain node in a predetermined manner, and obtains the public key corresponding to the first CA certificate of the producer terminal from the blockchain network, and the second CA based on the second CA
  • the public key corresponding to the first CA certificate of the producer terminal is processed by the exchange protocol algorithm to obtain a second negotiation key, and the encrypted first key is decrypted by using the second negotiation key to obtain the First key
  • the consumer terminal obtains the encrypted plaintext message on the blockchain node, and obtains the first key by decrypting to decrypt the encrypted plaintext message to obtain the plaintext of the message.
  • the present application also provides a producer terminal, the producer terminal including a memory and a processor connected to the memory, wherein the memory stores a system executable on the processor, The system performs the following steps when executed by the processor:
  • the present application further provides a consumer terminal including a memory and a processor connected to the memory, wherein the memory stores a system executable on the processor, The system performs the following steps when executed by the processor:
  • the encrypted first key on the blockchain node is obtained in a predetermined manner, from the blockchain network.
  • Obtaining a public key corresponding to the first CA certificate of the producer terminal, and processing the second negotiation key by using a public key corresponding to the first CA certificate of the producer terminal and using the exchange protocol algorithm Decrypting the encrypted first key by using the second negotiation key to obtain the first key;
  • the present application also provides a computer readable storage medium having stored thereon a processing system that, when executed by a processor, implements the steps performed by the producer terminal described above.
  • the present application also provides another computer readable storage medium having stored thereon a processing system that, when executed by a processor, implements the steps performed by the consumer terminal described above.
  • the beneficial effects of the present application are: in the blockchain alliance chain composed of a plurality of terminals, when the message communication is performed, the producer terminal encrypts the message plaintext and the key by using a predetermined encryption method, and uploads the encrypted image.
  • the consumer terminal polls or the event-monitoring blockchain first decrypts the encrypted key, and then decrypts the encrypted message with the key to perform the message.
  • Communication, message plain text is not easy to be tampered with. If there are multiple consumer terminals, the communication process is only known to the other party, and the multiple consumer terminals cannot know whether the producer terminal communicates with other consumer terminals, effectively ensuring message communication. The confidentiality of the process and the plaintext of the message.
  • FIG. 1 is a schematic diagram of an optional application environment of each embodiment of the present application.
  • FIG. 2 is a schematic flowchart of a method for inter-multi-terminal message communication based on blockchain in the present application.
  • FIG. 1 it is a schematic diagram of an application environment of a preferred embodiment of a method for inter-terminal message communication based on blockchain in the present application.
  • the application environment diagram includes a plurality of producer terminals, consumer terminals, and a multi-terminal blockchain network composed of a plurality of producer terminals and consumer terminals.
  • the producer terminal or the consumer terminal can perform data interaction with other terminals in the blockchain network through suitable technologies such as network and near field communication technology.
  • a producer terminal or a consumer terminal is a device that can automatically perform numerical calculation and/or information processing in accordance with an instruction set or stored in advance.
  • the producer terminal or the consumer terminal may be a computer, a single network server, a server group composed of multiple network servers, or a cloud-based cloud composed of a large number of hosts or network servers, where the cloud computing is distributed computing.
  • a super virtual computer consisting of a group of loosely coupled computers.
  • the producer terminal may include, but is not limited to, a memory 11, a processor 12, and a network interface 13 communicably coupled to each other through a system bus, and the memory 11 stores a processing system operable on the processor 12. It is pointed out that Figure 1 only shows the producer terminal with components 11-13, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
  • the consumer terminal can include, but is not limited to, a memory 21, a processor 22, and a network interface 23 that are communicably coupled to one another via a system bus, and the memory 21 stores a processing system operable on the processor 22. It is pointed out that Figure 1 only shows the producer terminal with components 21-23, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
  • the memory 11 includes a memory and at least one type of readable storage medium.
  • the memory provides a cache for the operation of the producer terminal;
  • the readable storage medium can be, for example, a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), a random access memory (RAM), a static random access memory (SRAM).
  • a non-volatile storage medium such as a read only memory (ROM), an electrically erasable programmable read only memory (EEPROM), a programmable read only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, or the like.
  • the readable storage medium may be an internal storage unit of a producer terminal, such as a hard disk of the producer terminal; in other embodiments, the non-volatile storage medium may also be external to the producer terminal.
  • Storage devices such as plug-in hard drives on the producer terminal, Smart Media Card (SMC), Secure Digital (SD) cards, Flash Cards, etc.
  • the readable storage medium of the memory 11 is generally used to store an operating system installed on a producer terminal and various types of application software, such as program code for storing a processing system in an embodiment of the present application. Further, the memory 11 can also be used to temporarily store various types of data that have been output or are to be output.
  • the processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments.
  • the processor 12 is typically used to control the overall operation of the producer terminal, such as performing control and processing associated with data interaction or communication with the consumer terminal, and the like.
  • the processor 12 is configured to run program code or process data stored in the memory 11, such as running a processing system or the like.
  • the network interface 13 may comprise a wireless network interface or a wired network interface, which is typically used to establish a communication connection between the producer terminal and other terminals.
  • the network interface 13 is mainly used to connect the producer terminal with the consumer terminal, and establish a data transmission channel and a communication connection between the producer terminal and the consumer terminal.
  • the processing system is stored in the memory 11 and includes at least one computer readable instruction stored in the memory 11, the at least one computer readable instruction being executable by the processor 12 to implement the methods of various embodiments of the present application;
  • the at least one computer readable instruction can be classified into different logic modules depending on the functions implemented by its various parts.
  • the memory 21, the processor 22, and the network interface 23 of the consumer terminal are similar to the memory 11, the processor 12, and the network interface 13 of the producer terminal, and are not described herein again.
  • the encrypted second key used for encrypting the response information is encrypted and uploaded to the blockchain node by the consumer terminal, the encrypted second key on the blockchain node is obtained in a predetermined manner, and the first negotiation is utilized. Decrypting the encrypted second key to obtain the second key;
  • the producer terminal acquires the encrypted response information on the blockchain node, and decrypts the encrypted response information by decrypting to obtain the response information.
  • processing system described above is implemented by the processor 22 to implement the following steps:
  • the encrypted first key on the blockchain node is obtained in a predetermined manner, from the blockchain network.
  • Obtaining a public key corresponding to the first CA certificate of the producer terminal, and processing the second negotiation key by using a public key corresponding to the first CA certificate of the producer terminal and using the exchange protocol algorithm Decrypting the encrypted first key by using the second negotiation key to obtain the first key;
  • the generated second key is encrypted by using the second negotiation key to obtain the encrypted second key, and the encrypted second key is uploaded to the blockchain node.
  • the producer terminal when performing message communication, the producer terminal encrypts the message plaintext and the key by using a predetermined encryption method, and uploads the encrypted message.
  • the consumer terminal polls or the event-monitoring blockchain first decrypts the encrypted key, and then decrypts the encrypted message with the key to communicate the message.
  • the message is not easy to be tampered with. If there are multiple consumer terminals, the communication process is only known to the other party, and the multiple consumer terminals cannot know whether the producer terminal communicates with other consumer terminals, effectively guaranteeing the message communication process. And the confidentiality of the message.
  • FIG. 2 is a schematic flowchart of a method for inter-multi-terminal message communication based on a blockchain according to the method.
  • the method for message communication between multi-ends based on a blockchain includes the following steps:
  • Step S1 Before the message is communicated between the consumer terminal and the consumer terminal in the blockchain network formed by the multi-end, the first CA certificate is obtained, and the public key corresponding to the first CA certificate is uploaded to the block of the blockchain network. On the chain node;
  • Step S2 Before the consumer terminal communicates with the producer terminal, the second CA certificate is obtained, and the public key corresponding to the second CA certificate is uploaded to the blockchain node of the blockchain network;
  • the multi-end blockchain network supports the e-commerce authentication center CA, and each terminal accessing the blockchain network must go to the e-commerce authentication center CA to obtain its own CA certificate.
  • the terminal does not need to send the public key directly, but exposes its own CA certificate to ensure the legality of its identity.
  • Step S3 the producer terminal generates its own first key, encrypts the plaintext of the message to be communicated based on the first key and uses a predetermined encryption algorithm, and uploads the encrypted plaintext message to the blockchain node;
  • the predetermined encryption algorithm is preferably a symmetric encryption algorithm that uses the same key for encryption and decryption, or uses two keys that can be easily inter-inferred.
  • the symmetric encryption algorithm is an AES encryption algorithm.
  • E the encryption function used in the encryption process
  • the encrypted message plaintext C E(K, P), where P is the message plaintext, K is the key, and C is the ciphertext.
  • the symmetric encryption algorithm may also be other encryption algorithms, such as a DES encryption algorithm.
  • Step S4 The producer terminal acquires the public key corresponding to the second CA certificate of the consumer terminal from the blockchain network, and exchanges the public key corresponding to the second CA certificate of the consumer terminal based on the private key of the first CA certificate.
  • the protocol algorithm processes the first negotiation key, and uses the first negotiation key to encrypt the generated first key to obtain the encrypted first key, and uploads the encrypted first key to the blockchain node. on;
  • the first negotiation key is asymmetrically encrypted by using the exchange protocol algorithm, and the generated first key is encrypted into a symmetric encryption method by using the first negotiation key, and the asymmetric encryption is used.
  • the method of symmetric encryption encrypts the first key, which can ensure the security of the first key, thereby ensuring the security of the plaintext of the message.
  • Step S5 The consumer terminal acquires the encrypted first key on the blockchain node in a predetermined manner, and obtains the public key corresponding to the first CA certificate of the producer terminal from the blockchain network, based on the second of the second
  • the public key of the CA certificate and the public key corresponding to the first CA certificate of the producer terminal are processed by the exchange protocol algorithm to obtain a second negotiation key, and the encrypted first key is decrypted by using the second negotiation key.
  • Step S6 The consumer terminal acquires the encrypted plaintext message on the blockchain node, and obtains the first key by decrypting to decrypt the encrypted message plaintext to obtain the plaintext of the message.
  • the predetermined manner is a manner of polling the blockchain or an event listening blockchain chain, so as to actively acquire the encrypted message plaintext on the blockchain node, so that the communication process is not known by other consumer terminals. To ensure the confidentiality of the communication process.
  • the second negotiation key is processed by the consumer terminal based on the public key of the second CA certificate of the second CA certificate and the public key corresponding to the first CA certificate of the producer terminal, and the second negotiation key is processed by using the exchange protocol algorithm.
  • a negotiation key is the same key, which is obtained through negotiation between the two parties. Therefore, the encrypted first key can be decrypted by using the second negotiation key to obtain the first key, and the first key is used.
  • the encrypted plaintext message is decrypted to obtain the plaintext of the message.
  • the blockchain, the symmetric encryption and the asymmetric encryption technology are combined, so that the communication process and the communication message are not known by other terminals, and the message confidentiality of the communication process and the communication is guaranteed.
  • the predetermined encryption algorithm is a symmetric encryption algorithm
  • the terminal A and the terminal B message communicate
  • the terminal A is a producer terminal
  • the terminal B is a consumer terminal:
  • Terminal A priA is the private key of terminal A, pubA is the public key of terminal A, and public key pubA is uploaded into the blockchain;
  • the terminal A automatically generates a first key K, and the message plaintext P and the first key K generate an encrypted message plaintext C through the AES symmetric encryption algorithm, and the encrypted message plaintext C is uploaded into the blockchain.
  • Obtain the certificate pubB of the terminal B from the blockchain, and pass the ECDH key exchange protocol algorithm: priA*pub Q, which is the first negotiation key negotiated by both parties. Then, it is calculated by the AES symmetric encryption algorithm, and the first key K is symmetrically encrypted by using Q as a key to obtain a ciphertext C2, and C2 is uploaded into the blockchain.
  • Terminal B priB is the private key of terminal B, pubB is the public key of terminal B, and public key pubB is transmitted to the blockchain;
  • the terminal B obtains the ciphertext C2 uploaded by the terminal A from the blockchain by means of polling or event monitoring;
  • the consumer terminal responds to the producer terminal after decrypting the message, and the method further includes:
  • the consumer terminal generates corresponding second response information based on the plaintext of the message, generates a second key of its own, encrypts the response information based on the second key and uses a predetermined encryption algorithm, and uploads the encrypted response information to the block.
  • the consumer terminal encrypts the generated second key by using the second negotiation key to obtain the encrypted second key, and uploads the encrypted second key to the blockchain node;
  • the producer terminal obtains the encrypted second key on the blockchain node by using a predetermined method, and decrypts the encrypted second key by using the first negotiation key to obtain the second key;
  • the producer terminal acquires the encrypted response information on the blockchain node, and decrypts the encrypted response information by decrypting to obtain the response information.
  • the manner in which the consumer terminal encrypts the response information and the second key is substantially the same as the manner in which the producer terminal encrypts the plaintext of the message and encrypts the first key; the producer terminal responds to the information and the second
  • the manner in which the key is decrypted is basically the same as the manner in which the consumer terminal decrypts the plaintext and the first key, and details are not described herein again.
  • the consumer terminal encrypts the response information and the second key, and the producer terminal decrypts the response information and the second key, and also combines the blockchain, the symmetric encryption, and the asymmetric encryption technology to make the communication
  • the process and communication messages are not known by other terminals, further ensuring the message confidentiality of the communication process and communication.
  • the present application also provides a computer readable storage medium having stored thereon a processing system that, when executed by a processor, implements the steps of the method described above by a producer terminal or a consumer terminal.
  • the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
  • Implementation Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods described in various embodiments of the present application.

Abstract

The present application relates to a blockchain-based method for message communication between multiple terminals, a terminal and a storage medium, the method comprising: a producer terminal, when performing message communication, encrypts a message plaintext and a key by using a predetermined encryption mode and then uploads the encrypted message plaintext and the key to a blockchain; and a consumer terminal, by employing a blockchain polling mode or a blockchain event monitoring mode, first decrypts the encrypted key and then decrypts the encrypted message plaintext using the key, thereby performing message communication. The present application may effectively guarantee the message communication process and the confidentiality of the message plaintext.

Description

基于区块链的多端间消息通信的方法、终端及存储介质Method, terminal and storage medium for message communication between multi-ends based on blockchain
优先权申明Priority claim
本申请基于巴黎公约申明享有2018年03月12日递交的申请号为CN2018101990914、名称为“基于区块链的多端间消息通信的方法、终端及存储介质”中国专利申请的优先权,该中国专利申请的整体内容以参考的方式结合在本申请中。This application is based on the Paris Convention for the benefit of the Chinese patent application entitled "Method, Terminal and Storage Medium for Message Communication Based on Blockchain-Based Multi-End", which is filed on March 12, 2018, with the application number CN2018101990914. The entire content of the application is incorporated herein by reference.
技术领域Technical field
本申请涉及通信技术领域,尤其涉及一种基于区块链的多端间消息通信的方法、终端及存储介质。The present application relates to the field of communications technologies, and in particular, to a method, a terminal, and a storage medium for message communication between multiple ends based on a blockchain.
背景技术Background technique
目前,在多终端接入并进行消息通信时,传统的方法可以使用TCP或UDP进行多终端之间的消息通信,但在通信过程中,不能保障消息生产者与消息消费者之间消息通信过程的保密性及消息数据的保密性,例如,不能保障消息生产者消费者的接收到消息是否有效以及被篡改、涉及到多方消费者的响应时会泄露给其他的消费者自己是参与方、生产者通信的消息可能会泄露给无关的消费者等等,有鉴于此,有效地保障消息生产者与消息消费者之间消息通信过程及消息数据的保密性成为有待解决的问题。At present, when multiple terminals access and perform message communication, the traditional method can use TCP or UDP to perform message communication between multiple terminals, but in the process of communication, the message communication process between the message producer and the message consumer cannot be guaranteed. Confidentiality and confidentiality of message data, for example, cannot guarantee that the message producer consumer's receipt of the message is valid and falsified, and when it comes to the response of multiple consumers, it will be leaked to other consumers themselves as participants, production. In view of this, the message of communication between the message producer and the message consumer and the confidentiality of the message data are effectively solved as a problem to be solved.
发明内容Summary of the invention
本申请的目的在于提供一种基于区块链的多端间消息通信的方法、终端及存储介质,旨在有效地保障消息通信过程及消息明文的保密性。The purpose of the application is to provide a method, a terminal and a storage medium for inter-terminal message communication based on blockchain, which are intended to effectively guarantee the confidentiality of the message communication process and the plaintext of the message.
为实现上述目的,本申请提供一种基于区块链的多端间消息通信的方法,所述基于区块链的多端间消息通信的方法包括:To achieve the above objective, the present application provides a method for inter-multi-terminal message communication based on a blockchain, and the method for inter-terminal message communication based on a blockchain includes:
S1,生产者终端与多端构成的区块链网络中的消费者终端进行消息通信 之前,获取第一CA证书,将该第一CA证书对应的公钥上传到该区块链网络的区块链节点上;S1: Before the message is communicated between the consumer terminal and the consumer terminal in the blockchain network formed by the multi-end, the first CA certificate is obtained, and the public key corresponding to the first CA certificate is uploaded to the blockchain of the blockchain network. On the node;
S2,消费者终端与生产者终端通信之前,获取第二CA证书,将该第二CA证书对应的公钥上传到该区块链网络的区块链节点上;S2. Before the consumer terminal communicates with the producer terminal, the second CA certificate is obtained, and the public key corresponding to the second CA certificate is uploaded to the blockchain node of the blockchain network.
S3,生产者终端生成自身的第一密钥,基于该第一密钥并利用预定的加密算法对待通信的消息明文进行加密,将加密后的消息明文上传到区块链节点上;S3, the producer terminal generates its own first key, encrypts the message plaintext to be communicated based on the first key and uses a predetermined encryption algorithm, and uploads the encrypted message plaintext to the blockchain node;
S4,生产者终端从区块链网络中获取消费者终端的第二CA证书对应的公钥,基于第一CA证书的私钥与消费者终端的第二CA证书对应的公钥并利用交换协议算法处理得到第一协商密钥,利用该第一协商密钥对所生成的第一密钥进行加密得到加密后的第一密钥,将加密后的第一密钥上传到区块链节点上;S4. The producer terminal acquires the public key corresponding to the second CA certificate of the consumer terminal from the blockchain network, and uses the public key corresponding to the second CA certificate of the consumer terminal based on the private key of the first CA certificate and utilizes the exchange protocol. The algorithm processes the first negotiation key, encrypts the generated first key by using the first negotiation key to obtain the encrypted first key, and uploads the encrypted first key to the blockchain node. ;
S5,消费者终端通过预定的方式获取区块链节点上的加密后的第一密钥,从区块链网络中获取生产者终端的第一CA证书对应的公钥,基于自身的第二CA证书的私钥与生产者终端的第一CA证书对应的公钥并利用交换协议算法处理得到第二协商密钥,利用该第二协商密钥对该加密后的第一密钥进行解密得到该第一密钥;S5. The consumer terminal acquires the encrypted first key on the blockchain node in a predetermined manner, and obtains the public key corresponding to the first CA certificate of the producer terminal from the blockchain network, and the second CA based on the second CA The public key corresponding to the first CA certificate of the producer terminal is processed by the exchange protocol algorithm to obtain a second negotiation key, and the encrypted first key is decrypted by using the second negotiation key to obtain the First key
S6,消费者终端获取区块链节点上的加密后的消息明文,利用解密后得到第一密钥对该加密后的消息明文进行解密,得到该消息明文。S6. The consumer terminal obtains the encrypted plaintext message on the blockchain node, and obtains the first key by decrypting to decrypt the encrypted plaintext message to obtain the plaintext of the message.
为实现上述目的,本申请还提供一种生产者终端,所述生产者终端包括存储器及与所述存储器连接的处理器,所述存储器中存储有可在所述处理器上运行的系统,所述系统被所述处理器执行时实现如下步骤:To achieve the above object, the present application also provides a producer terminal, the producer terminal including a memory and a processor connected to the memory, wherein the memory stores a system executable on the processor, The system performs the following steps when executed by the processor:
在与多端构成的区块链网络中的消费者终端进行消息通信之前,获取第一CA证书,将该第一CA证书对应的公钥上传到该区块链网络的区块链节点上;Acquiring the first CA certificate and uploading the public key corresponding to the first CA certificate to the blockchain node of the blockchain network before performing message communication with the consumer terminal in the blockchain network formed by the multi-end;
生成自身的第一密钥,基于该第一密钥并利用预定的加密算法对待通信的消息明文进行加密,将加密后的消息明文上传到区块链节点上;Generating a first key of the first key, encrypting the plaintext of the message to be communicated by using the predetermined encryption algorithm, and uploading the encrypted plaintext message to the blockchain node;
从区块链网络中获取消费者终端的第二CA证书对应的公钥,基于第一CA证书的私钥与消费者终端的第二CA证书对应的公钥并利用交换协议算法处理得到第一协商密钥,利用该第一协商密钥对所生成的第一密钥进行加密得到加密后的第一密钥,将加密后的第一密钥上传到区块链节点上。Obtaining, from the blockchain network, the public key corresponding to the second CA certificate of the consumer terminal, based on the public key of the first CA certificate and the public key corresponding to the second CA certificate of the consumer terminal, and using the exchange protocol algorithm to obtain the first Negotiating the key, encrypting the generated first key by using the first negotiation key to obtain the encrypted first key, and uploading the encrypted first key to the blockchain node.
为实现上述目的,本申请还提供一种消费者终端,所述消费者终端包括存储器及与所述存储器连接的处理器,所述存储器中存储有可在所述处理器上运行的系统,所述系统被所述处理器执行时实现如下步骤:To achieve the above object, the present application further provides a consumer terminal including a memory and a processor connected to the memory, wherein the memory stores a system executable on the processor, The system performs the following steps when executed by the processor:
在与生产者终端通信之前,获取第二CA证书,将该第二CA证书对应的公钥上传到该区块链网络的区块链节点上;Before communicating with the producer terminal, acquiring a second CA certificate, and uploading the public key corresponding to the second CA certificate to the blockchain node of the blockchain network;
在生产者终端将用于加密消息明文的第一密钥进行加密并上传到区块链节点后,通过预定的方式获取区块链节点上的加密后的第一密钥,从区块链网络中获取生产者终端的第一CA证书对应的公钥,基于自身的第二CA证书的私钥与生产者终端的第一CA证书对应的公钥并利用交换协议算法处理得到第二协商密钥,利用该第二协商密钥对该加密后的第一密钥进行解密得到该第一密钥;After the first key used to encrypt the plaintext of the message is encrypted and uploaded to the blockchain node by the producer terminal, the encrypted first key on the blockchain node is obtained in a predetermined manner, from the blockchain network. Obtaining a public key corresponding to the first CA certificate of the producer terminal, and processing the second negotiation key by using a public key corresponding to the first CA certificate of the producer terminal and using the exchange protocol algorithm Decrypting the encrypted first key by using the second negotiation key to obtain the first key;
获取区块链节点上的加密后的消息明文,利用解密后得到第一密钥对该加密后的消息明文进行解密,得到该消息明文。Obtaining the encrypted plaintext message on the blockchain node, and decrypting the decrypted message to obtain the first key, and decrypting the encrypted message plaintext to obtain the plaintext of the message.
本申请还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有处理系统,所述处理系统被处理器执行时实现上述的生产者终端执行的步骤。The present application also provides a computer readable storage medium having stored thereon a processing system that, when executed by a processor, implements the steps performed by the producer terminal described above.
本申请还提供另一种计算机可读存储介质,所述计算机可读存储介质上存储有处理系统,所述处理系统被处理器执行时实现上述的消费者终端执行的步骤。The present application also provides another computer readable storage medium having stored thereon a processing system that, when executed by a processor, implements the steps performed by the consumer terminal described above.
本申请的有益效果是:本申请由多个终端组成的区块链联盟链中,在进行消息通信时,生产者终端采用预定的加密方式将消息明文及密钥都加密后,上传加密后的消息明文及密钥至区块链中,消费者终端轮询或者事件监听区块链,首先对加密后的密钥进行解密,然后再用密钥解密加密后的消息明文,以此进行消息的通信,消息明文不易被篡改,若有多个消费者终端,通信过程仅有通信的对方知晓,多个消费者终端之间无法获知生产者终端是否与其他消费者终端通信,有效地保障消息通信过程及消息明文的保密性。The beneficial effects of the present application are: in the blockchain alliance chain composed of a plurality of terminals, when the message communication is performed, the producer terminal encrypts the message plaintext and the key by using a predetermined encryption method, and uploads the encrypted image. In the message plaintext and key-to-blockchain, the consumer terminal polls or the event-monitoring blockchain first decrypts the encrypted key, and then decrypts the encrypted message with the key to perform the message. Communication, message plain text is not easy to be tampered with. If there are multiple consumer terminals, the communication process is only known to the other party, and the multiple consumer terminals cannot know whether the producer terminal communicates with other consumer terminals, effectively ensuring message communication. The confidentiality of the process and the plaintext of the message.
附图说明DRAWINGS
图1为本申请各个实施例一可选的应用环境示意图;1 is a schematic diagram of an optional application environment of each embodiment of the present application;
图2为本申请基于区块链的多端间消息通信的方法一实施例的流程示意图。FIG. 2 is a schematic flowchart of a method for inter-multi-terminal message communication based on blockchain in the present application.
具体实施方式detailed description
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the objects, technical solutions, and advantages of the present application more comprehensible, the present application will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
需要说明的是,在本申请中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本申请要求的 保护范围之内。It should be noted that the descriptions of "first", "second" and the like in the present application are for the purpose of description only, and are not to be construed as indicating or implying their relative importance or implicitly indicating the number of technical features indicated. . Thus, features defining "first" or "second" may include at least one of the features, either explicitly or implicitly. In addition, the technical solutions between the various embodiments may be combined with each other, but must be based on the realization of those skilled in the art, and when the combination of the technical solutions is contradictory or impossible to implement, it should be considered that the combination of the technical solutions does not exist. Nor is it within the scope of protection required by this application.
参阅图1所示,是本申请基于区块链的多端间消息通信的方法的较佳实施例的应用环境示意图。该应用环境示意图包括多个生产者终端、消费者终端及多个生产者终端与消费者终端构成的多端的区块链网络。生产者终端或消费者终端可以通过网络、近场通信技术等适合的技术与区块链网络中的其他终端进行数据交互。Referring to FIG. 1 , it is a schematic diagram of an application environment of a preferred embodiment of a method for inter-terminal message communication based on blockchain in the present application. The application environment diagram includes a plurality of producer terminals, consumer terminals, and a multi-terminal blockchain network composed of a plurality of producer terminals and consumer terminals. The producer terminal or the consumer terminal can perform data interaction with other terminals in the blockchain network through suitable technologies such as network and near field communication technology.
生产者终端或消费者终端是一种能够按照事先设定或者存储的指令,自动进行数值计算和/或信息处理的设备。所述生产者终端或消费者终端可以是计算机、也可以是单个网络服务器、多个网络服务器组成的服务器组或者基于云计算的由大量主机或者网络服务器构成的云,其中云计算是分布式计算的一种,由一群松散耦合的计算机集组成的一个超级虚拟计算机。A producer terminal or a consumer terminal is a device that can automatically perform numerical calculation and/or information processing in accordance with an instruction set or stored in advance. The producer terminal or the consumer terminal may be a computer, a single network server, a server group composed of multiple network servers, or a cloud-based cloud composed of a large number of hosts or network servers, where the cloud computing is distributed computing. A super virtual computer consisting of a group of loosely coupled computers.
在本实施例中,生产者终端可包括,但不仅限于,可通过系统总线相互通信连接的存储器11、处理器12、网络接口13,存储器11存储有可在处理器12上运行的处理系统。需要指出的是,图1仅示出了具有组件11-13的生产者终端,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。In the present embodiment, the producer terminal may include, but is not limited to, a memory 11, a processor 12, and a network interface 13 communicably coupled to each other through a system bus, and the memory 11 stores a processing system operable on the processor 12. It is pointed out that Figure 1 only shows the producer terminal with components 11-13, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
消费者终端可包括,但不仅限于,可通过系统总线相互通信连接的存储器21、处理器22、网络接口23,存储器21存储有可在处理器22上运行的处理系统。需要指出的是,图1仅示出了具有组件21-23的生产者终端,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。The consumer terminal can include, but is not limited to, a memory 21, a processor 22, and a network interface 23 that are communicably coupled to one another via a system bus, and the memory 21 stores a processing system operable on the processor 22. It is pointed out that Figure 1 only shows the producer terminal with components 21-23, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
其中,存储器11包括内存及至少一种类型的可读存储介质。内存为生产者终端的运行提供缓存;可读存储介质可为如闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器 (EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等的非易失性存储介质。在一些实施例中,可读存储介质可以是生产者终端的内部存储单元,例如该生产者终端的硬盘;在另一些实施例中,该非易失性存储介质也可以是生产者终端的外部存储设备,例如生产者终端上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。本实施例中,存储器11的可读存储介质通常用于存储安装于生产者终端的操作系统和各类应用软件,例如存储本申请一实施例中的处理系统的程序代码等。此外,存储器11还可以用于暂时地存储已经输出或者将要输出的各类数据。The memory 11 includes a memory and at least one type of readable storage medium. The memory provides a cache for the operation of the producer terminal; the readable storage medium can be, for example, a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), a random access memory (RAM), a static random access memory (SRAM). A non-volatile storage medium such as a read only memory (ROM), an electrically erasable programmable read only memory (EEPROM), a programmable read only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, or the like. In some embodiments, the readable storage medium may be an internal storage unit of a producer terminal, such as a hard disk of the producer terminal; in other embodiments, the non-volatile storage medium may also be external to the producer terminal. Storage devices, such as plug-in hard drives on the producer terminal, Smart Media Card (SMC), Secure Digital (SD) cards, Flash Cards, etc. In this embodiment, the readable storage medium of the memory 11 is generally used to store an operating system installed on a producer terminal and various types of application software, such as program code for storing a processing system in an embodiment of the present application. Further, the memory 11 can also be used to temporarily store various types of data that have been output or are to be output.
所述处理器12在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器12通常用于控制所述生产者终端的总体操作,例如执行与消费者终端进行数据交互或者通信相关的控制和处理等。本实施例中,所述处理器12用于运行所述存储器11中存储的程序代码或者处理数据,例如运行处理系统等。The processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 12 is typically used to control the overall operation of the producer terminal, such as performing control and processing associated with data interaction or communication with the consumer terminal, and the like. In this embodiment, the processor 12 is configured to run program code or process data stored in the memory 11, such as running a processing system or the like.
所述网络接口13可包括无线网络接口或有线网络接口,该网络接口13通常用于在所述生产者终端与其他终端之间建立通信连接。本实施例中,网络接口13主要用于将生产者终端与消费者终端相连,在生产者终端与消费者终端之间建立数据传输通道和通信连接。The network interface 13 may comprise a wireless network interface or a wired network interface, which is typically used to establish a communication connection between the producer terminal and other terminals. In this embodiment, the network interface 13 is mainly used to connect the producer terminal with the consumer terminal, and establish a data transmission channel and a communication connection between the producer terminal and the consumer terminal.
所述处理系统存储在存储器11中,包括至少一个存储在存储器11中的计算机可读指令,该至少一个计算机可读指令可被处理器器12执行,以实现本申请各实施例的方法;以及,该至少一个计算机可读指令依据其各部分所实现的功能不同,可被划为不同的逻辑模块。The processing system is stored in the memory 11 and includes at least one computer readable instruction stored in the memory 11, the at least one computer readable instruction being executable by the processor 12 to implement the methods of various embodiments of the present application; The at least one computer readable instruction can be classified into different logic modules depending on the functions implemented by its various parts.
此外,消费者终端的存储器21、处理器22、网络接口23对应与生产者终端的存储器11、处理器12、网络接口13类似,此处不再赘述。In addition, the memory 21, the processor 22, and the network interface 23 of the consumer terminal are similar to the memory 11, the processor 12, and the network interface 13 of the producer terminal, and are not described herein again.
在一实施例中,上述处理系统被所述处理器12执行时实现如下步骤:In an embodiment, when the processing system is executed by the processor 12, the following steps are implemented:
在与多端构成的区块链网络中的消费者终端进行消息通信之前,获取第一CA证书,将该第一CA证书对应的公钥上传到该区块链网络的区块链节点上;Acquiring the first CA certificate and uploading the public key corresponding to the first CA certificate to the blockchain node of the blockchain network before performing message communication with the consumer terminal in the blockchain network formed by the multi-end;
生成自身的第一密钥,基于该第一密钥并利用预定的加密算法对待通信的消息明文进行加密,将加密后的消息明文上传到区块链节点上;Generating a first key of the first key, encrypting the plaintext of the message to be communicated by using the predetermined encryption algorithm, and uploading the encrypted plaintext message to the blockchain node;
从区块链网络中获取消费者终端的第二CA证书对应的公钥,基于第一CA证书的私钥与消费者终端的第二CA证书对应的公钥并利用交换协议算法处理得到第一协商密钥,利用该第一协商密钥对所生成的第一密钥进行加密得到加密后的第一密钥,将加密后的第一密钥上传到区块链节点上。Obtaining, from the blockchain network, the public key corresponding to the second CA certificate of the consumer terminal, based on the public key of the first CA certificate and the public key corresponding to the second CA certificate of the consumer terminal, and using the exchange protocol algorithm to obtain the first Negotiating the key, encrypting the generated first key by using the first negotiation key to obtain the encrypted first key, and uploading the encrypted first key to the blockchain node.
此外,处理系统被所述处理器12执行时,还实现如下步骤:Moreover, when the processing system is executed by the processor 12, the following steps are also implemented:
在消费者终端将用于加密响应信息的第二密钥进行加密并上传到区块链节点后,通过预定的方式获取区块链节点上的加密后的第二密钥,利用该第一协商密钥对该加密后的第二密钥进行解密得到该第二密钥;After the second key used for encrypting the response information is encrypted and uploaded to the blockchain node by the consumer terminal, the encrypted second key on the blockchain node is obtained in a predetermined manner, and the first negotiation is utilized. Decrypting the encrypted second key to obtain the second key;
生产者终端获取区块链节点上的加密后的响应信息,利用解密后得到第二密钥对该加密后的响应信息进行解密,得到该响应信息。The producer terminal acquires the encrypted response information on the blockchain node, and decrypts the encrypted response information by decrypting to obtain the response information.
在另一实施例中,上述处理系统被所述处理器22执行时实现如下步骤:In another embodiment, the processing system described above is implemented by the processor 22 to implement the following steps:
在与生产者终端通信之前,获取第二CA证书,将该第二CA证书对应的公钥上传到该区块链网络的区块链节点上;Before communicating with the producer terminal, acquiring a second CA certificate, and uploading the public key corresponding to the second CA certificate to the blockchain node of the blockchain network;
在生产者终端将用于加密消息明文的第一密钥进行加密并上传到区块链节点后,通过预定的方式获取区块链节点上的加密后的第一密钥,从区块链网络中获取生产者终端的第一CA证书对应的公钥,基于自身的第二CA证书的私钥与生产者终端的第一CA证书对应的公钥并利用交换协议算法处理得到第二协商密钥,利用该第二协商密钥对该加密后的第一密钥进行解密得到该第一密钥;After the first key used to encrypt the plaintext of the message is encrypted and uploaded to the blockchain node by the producer terminal, the encrypted first key on the blockchain node is obtained in a predetermined manner, from the blockchain network. Obtaining a public key corresponding to the first CA certificate of the producer terminal, and processing the second negotiation key by using a public key corresponding to the first CA certificate of the producer terminal and using the exchange protocol algorithm Decrypting the encrypted first key by using the second negotiation key to obtain the first key;
获取区块链节点上的加密后的消息明文,利用解密后得到第一密钥对该加密后的消息明文进行解密,得到该消息明文。Obtaining the encrypted plaintext message on the blockchain node, and decrypting the decrypted message to obtain the first key, and decrypting the encrypted message plaintext to obtain the plaintext of the message.
此外,处理系统被所述处理器22执行时,还实现如下步骤:Moreover, when the processing system is executed by the processor 22, the following steps are also implemented:
基于所述消息明文生成对应的响应信息,生成自身的第二密钥,基于该第二密钥并利用预定的加密算法对响应信息进行加密,将加密后的响应信息上传到区块链节点上;Generating corresponding response information based on the plaintext of the message, generating a second key of the second key, encrypting the response information by using a predetermined encryption algorithm based on the second key, and uploading the encrypted response information to the blockchain node ;
利用该第二协商密钥对所生成的第二密钥进行加密得到加密后的第二密钥,将加密后的第二密钥上传到区块链节点上。The generated second key is encrypted by using the second negotiation key to obtain the encrypted second key, and the encrypted second key is uploaded to the blockchain node.
通过上面的描述可以看出:由多个终端组成的区块链联盟链中,在进行消息通信时,生产者终端采用预定的加密方式将消息明文及密钥都加密后,上传加密后的消息明文及密钥至区块链中,消费者终端轮询或者事件监听区块链,首先对加密后的密钥进行解密,然后再用密钥解密加密后的消息明文,以此进行消息的通信,消息明文不易被篡改,若有多个消费者终端,通信过程仅有通信的对方知晓,多个消费者终端之间无法获知生产者终端是否与其他消费者终端通信,有效地保障消息通信过程及消息明文的保密性。It can be seen from the above description that in the blockchain alliance chain composed of multiple terminals, when performing message communication, the producer terminal encrypts the message plaintext and the key by using a predetermined encryption method, and uploads the encrypted message. In the plaintext and key-to-blockchain, the consumer terminal polls or the event-monitoring blockchain first decrypts the encrypted key, and then decrypts the encrypted message with the key to communicate the message. The message is not easy to be tampered with. If there are multiple consumer terminals, the communication process is only known to the other party, and the multiple consumer terminals cannot know whether the producer terminal communicates with other consumer terminals, effectively guaranteeing the message communication process. And the confidentiality of the message.
如图2所示,图2为本申请基于区块链的多端间消息通信的方法一实施例的流程示意图,该基于区块链的多端间消息通信的方法包括以下步骤:As shown in FIG. 2, FIG. 2 is a schematic flowchart of a method for inter-multi-terminal message communication based on a blockchain according to the method. The method for message communication between multi-ends based on a blockchain includes the following steps:
步骤S1,生产者终端与多端构成的区块链网络中的消费者终端进行消息通信之前,获取第一CA证书,将该第一CA证书对应的公钥上传到该区块链网络的区块链节点上;Step S1: Before the message is communicated between the consumer terminal and the consumer terminal in the blockchain network formed by the multi-end, the first CA certificate is obtained, and the public key corresponding to the first CA certificate is uploaded to the block of the blockchain network. On the chain node;
步骤S2,消费者终端与生产者终端通信之前,获取第二CA证书,将该第二CA证书对应的公钥上传到该区块链网络的区块链节点上;Step S2: Before the consumer terminal communicates with the producer terminal, the second CA certificate is obtained, and the public key corresponding to the second CA certificate is uploaded to the blockchain node of the blockchain network;
其中,多端构成的区块链网络支持电子商务认证中心CA,每一接入区块链网络的终端都必须去电子商务认证中心CA处获取自身的CA证书。在 后续进行加密时,终端不需要直接发送公钥,而是公开自己的CA证书以保证自身身份的合法性。Among them, the multi-end blockchain network supports the e-commerce authentication center CA, and each terminal accessing the blockchain network must go to the e-commerce authentication center CA to obtain its own CA certificate. In the subsequent encryption, the terminal does not need to send the public key directly, but exposes its own CA certificate to ensure the legality of its identity.
步骤S3,生产者终端生成自身的第一密钥,基于该第一密钥并利用预定的加密算法对待通信的消息明文进行加密,将加密后的消息明文上传到区块链节点上;Step S3, the producer terminal generates its own first key, encrypts the plaintext of the message to be communicated based on the first key and uses a predetermined encryption algorithm, and uploads the encrypted plaintext message to the blockchain node;
其中,预定的加密算法为优选为对称加密算法,其在加密和解密时使用相同的密钥,或是使用两个可以简单地相互推算的密钥。在一具体的实例中,该对称加密算法为AES加密算法。在加密过程中使用加密函数E,则加密后的消息明文C=E(K,P),其中P为消息明文,K为密钥,C为密文。在其他的具体的实例中,该对称加密算法也可以是其他的加密算法,例如DES加密算法等。The predetermined encryption algorithm is preferably a symmetric encryption algorithm that uses the same key for encryption and decryption, or uses two keys that can be easily inter-inferred. In a specific example, the symmetric encryption algorithm is an AES encryption algorithm. When the encryption function E is used in the encryption process, the encrypted message plaintext C=E(K, P), where P is the message plaintext, K is the key, and C is the ciphertext. In other specific examples, the symmetric encryption algorithm may also be other encryption algorithms, such as a DES encryption algorithm.
步骤S4,生产者终端从区块链网络中获取消费者终端的第二CA证书对应的公钥,基于第一CA证书的私钥与消费者终端的第二CA证书对应的公钥并利用交换协议算法处理得到第一协商密钥,利用该第一协商密钥对所生成的第一密钥进行加密得到加密后的第一密钥,将加密后的第一密钥上传到区块链节点上;Step S4: The producer terminal acquires the public key corresponding to the second CA certificate of the consumer terminal from the blockchain network, and exchanges the public key corresponding to the second CA certificate of the consumer terminal based on the private key of the first CA certificate. The protocol algorithm processes the first negotiation key, and uses the first negotiation key to encrypt the generated first key to obtain the encrypted first key, and uploads the encrypted first key to the blockchain node. on;
本实施例中,利用交换协议算法处理得到第一协商密钥为非对称加密的方法,利用该第一协商密钥对所生成的第一密钥进行加密为对称加密的方法,利用非对称加密及对称加密的方法对第一密钥进行加密,能够确保第一密钥的安全性,由此保障消息明文的安全性。In this embodiment, the first negotiation key is asymmetrically encrypted by using the exchange protocol algorithm, and the generated first key is encrypted into a symmetric encryption method by using the first negotiation key, and the asymmetric encryption is used. And the method of symmetric encryption encrypts the first key, which can ensure the security of the first key, thereby ensuring the security of the plaintext of the message.
步骤S5,消费者终端通过预定的方式获取区块链节点上的加密后的第一密钥,从区块链网络中获取生产者终端的第一CA证书对应的公钥,基于自身的第二CA证书的私钥与生产者终端的第一CA证书对应的公钥并利用交换协议算法处理得到第二协商密钥,利用该第二协商密钥对该加密后的第一密钥进行解密得到该第一密钥;Step S5: The consumer terminal acquires the encrypted first key on the blockchain node in a predetermined manner, and obtains the public key corresponding to the first CA certificate of the producer terminal from the blockchain network, based on the second of the second The public key of the CA certificate and the public key corresponding to the first CA certificate of the producer terminal are processed by the exchange protocol algorithm to obtain a second negotiation key, and the encrypted first key is decrypted by using the second negotiation key. The first key;
步骤S6,消费者终端获取区块链节点上的加密后的消息明文,利用解密后得到第一密钥对该加密后的消息明文进行解密,得到该消息明文。Step S6: The consumer terminal acquires the encrypted plaintext message on the blockchain node, and obtains the first key by decrypting to decrypt the encrypted message plaintext to obtain the plaintext of the message.
优选地,预定的方式为轮询区块链的方式或者事件监听区块链的方式,以便主动地获取区块链节点上的加密后的消息明文,以便通信过程不被其他的消费者终端知晓,保障通信过程的保密性。Preferably, the predetermined manner is a manner of polling the blockchain or an event listening blockchain chain, so as to actively acquire the encrypted message plaintext on the blockchain node, so that the communication process is not known by other consumer terminals. To ensure the confidentiality of the communication process.
其中,消费者终端基于自身的第二CA证书的私钥与生产者终端的第一CA证书对应的公钥并利用交换协议算法处理得到的第二协商密钥,该第二协商密钥与第一协商密钥为相同的密钥,为经双方协商得到的,因此,可以利用第二协商密钥对该加密后的第一密钥进行解密,得到该第一密钥,利用第一密钥对加密后的消息明文进行解密,得到该消息明文。The second negotiation key is processed by the consumer terminal based on the public key of the second CA certificate of the second CA certificate and the public key corresponding to the first CA certificate of the producer terminal, and the second negotiation key is processed by using the exchange protocol algorithm. A negotiation key is the same key, which is obtained through negotiation between the two parties. Therefore, the encrypted first key can be decrypted by using the second negotiation key to obtain the first key, and the first key is used. The encrypted plaintext message is decrypted to obtain the plaintext of the message.
本实施例将区块链、对称加密及非对称加密技术结合起来,使得通信过程及通信的消息不被其他的终端知晓,保障通信过程及的通信的消息保密性。In this embodiment, the blockchain, the symmetric encryption and the asymmetric encryption technology are combined, so that the communication process and the communication message are not known by other terminals, and the message confidentiality of the communication process and the communication is guaranteed.
在一具体的实例中,在区块链的多端消息通信中,预定的加密算法为对称加密算法,终端A和终端B消息通信,终端A为生产者终端,终端B为消费者终端:In a specific example, in the multi-end message communication of the blockchain, the predetermined encryption algorithm is a symmetric encryption algorithm, the terminal A and the terminal B message communicate, the terminal A is a producer terminal, and the terminal B is a consumer terminal:
终端A:priA为终端A的私钥,pubA为终端A的公钥,公钥pubA上传到区块链中;Terminal A: priA is the private key of terminal A, pubA is the public key of terminal A, and public key pubA is uploaded into the blockchain;
终端A自动生成一个第一密钥K,消息明文P和第一密钥K通过AES对称加密算法生成一个加密后的消息明文C,加密后的消息明文C上传到区块链中。从区块链中获取终端B的证书pubB,通过ECDH密钥交换协议算法即:priA*pub=Q,这个Q是双方协商出来的第一协商密钥。然后再通过AES对称加密算法计算,以Q为密钥对第一密钥K进行对称加密,得到一个密文C2,C2上传到区块链中。The terminal A automatically generates a first key K, and the message plaintext P and the first key K generate an encrypted message plaintext C through the AES symmetric encryption algorithm, and the encrypted message plaintext C is uploaded into the blockchain. Obtain the certificate pubB of the terminal B from the blockchain, and pass the ECDH key exchange protocol algorithm: priA*pub=Q, which is the first negotiation key negotiated by both parties. Then, it is calculated by the AES symmetric encryption algorithm, and the first key K is symmetrically encrypted by using Q as a key to obtain a ciphertext C2, and C2 is uploaded into the blockchain.
终端B:priB为终端B的私钥,pubB为终端B的公钥,公钥pubB上 传到区块链中;Terminal B: priB is the private key of terminal B, pubB is the public key of terminal B, and public key pubB is transmitted to the blockchain;
终端B通过轮询或者事件监听的方式,从区块链中获取了到终端A上传的密文C2;The terminal B obtains the ciphertext C2 uploaded by the terminal A from the blockchain by means of polling or event monitoring;
从区块链中获取终端A的证书pubA,终端B通过ECDH秘钥交换协议算法即:priB*pubA=Q,终端B生成的Q和终端A生成的Q的值是一样的。然后通过AES解密算法,以Q为密钥对密文C2进行解密,最终获得第一密钥K,这样就实现了密钥交换,然后去区块链中获取加密后的消息明文C,然后再用AES解密,以第一密钥K为密钥对加密后的消息明文C解密,得到消息明文P。The certificate pubA of the terminal A is obtained from the blockchain, and the terminal B passes the ECDH key exchange protocol algorithm: priB*pubA=Q, and the Q generated by the terminal B and the Q generated by the terminal A are the same. Then, through the AES decryption algorithm, the ciphertext C2 is decrypted by using Q as the key, and finally the first key K is obtained, so that the key exchange is realized, and then the encrypted message C is obtained in the blockchain, and then The AES is decrypted, and the encrypted message C is decrypted by using the first key K as a key to obtain a message plaintext P.
在一实施例中,消费者终端在解密得到消息明文后,会对生产者终端作出一个响应,该方法还包括:In an embodiment, the consumer terminal responds to the producer terminal after decrypting the message, and the method further includes:
消费者终端基于所述消息明文生成对应的响应信息,生成自身的第二密钥,基于该第二密钥并利用预定的加密算法对响应信息进行加密,将加密后的响应信息上传到区块链节点上;The consumer terminal generates corresponding second response information based on the plaintext of the message, generates a second key of its own, encrypts the response information based on the second key and uses a predetermined encryption algorithm, and uploads the encrypted response information to the block. On the chain node;
消费者终端利用该第二协商密钥对所生成的第二密钥进行加密得到加密后的第二密钥,将加密后的第二密钥上传到区块链节点上;The consumer terminal encrypts the generated second key by using the second negotiation key to obtain the encrypted second key, and uploads the encrypted second key to the blockchain node;
生产者终端通过预定的方式获取区块链节点上的加密后的第二密钥,利用该第一协商密钥对该加密后的第二密钥进行解密得到该第二密钥;The producer terminal obtains the encrypted second key on the blockchain node by using a predetermined method, and decrypts the encrypted second key by using the first negotiation key to obtain the second key;
生产者终端获取区块链节点上的加密后的响应信息,利用解密后得到第二密钥对该加密后的响应信息进行解密,得到该响应信息。The producer terminal acquires the encrypted response information on the blockchain node, and decrypts the encrypted response information by decrypting to obtain the response information.
其中,消费者终端对响应信息及第二密钥进行加密的方式,与生产者终端对消息明文的加密方式及对第一密钥进行加密的方式基本相同;生产者终端对响应信息及第二密钥进行解密的方式,与消费者终端对消息明文及第一密钥的解密的方式基本相同,此处不再赘述。本实施例消费者终端对响应信息及第二密钥进行加密,生产者终端对响应信息及第二密钥进行解密,同样 是将区块链、对称加密及非对称加密技术结合起来,使得通信过程及通信的消息不被其他的终端知晓,进一步保障通信过程及的通信的消息保密性。The manner in which the consumer terminal encrypts the response information and the second key is substantially the same as the manner in which the producer terminal encrypts the plaintext of the message and encrypts the first key; the producer terminal responds to the information and the second The manner in which the key is decrypted is basically the same as the manner in which the consumer terminal decrypts the plaintext and the first key, and details are not described herein again. In this embodiment, the consumer terminal encrypts the response information and the second key, and the producer terminal decrypts the response information and the second key, and also combines the blockchain, the symmetric encryption, and the asymmetric encryption technology to make the communication The process and communication messages are not known by other terminals, further ensuring the message confidentiality of the communication process and communication.
本申请还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有处理系统,所述处理系统被处理器执行时实现上述的生产者终端或消费者终端执行的方法的步骤。The present application also provides a computer readable storage medium having stored thereon a processing system that, when executed by a processor, implements the steps of the method described above by a producer terminal or a consumer terminal.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments of the present application are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better. Implementation. Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods described in various embodiments of the present application.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above is only a preferred embodiment of the present application, and is not intended to limit the scope of the patent application, and the equivalent structure or equivalent process transformations made by the specification and the drawings of the present application, or directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of this application.

Claims (20)

  1. 一种基于区块链的多端间消息通信的方法,其特征在于,所述基于区块链的多端间消息通信的方法包括:A method for message communication between multiple ends based on blockchain, characterized in that the method for message communication between multiple ends based on blockchain includes:
    S1,生产者终端与多端构成的区块链网络中的消费者终端进行消息通信之前,获取第一CA证书,将该第一CA证书对应的公钥上传到该区块链网络的区块链节点上;S1: Before the message is communicated between the consumer terminal and the consumer terminal in the blockchain network formed by the multi-end, the first CA certificate is obtained, and the public key corresponding to the first CA certificate is uploaded to the blockchain of the blockchain network. On the node;
    S2,消费者终端与生产者终端通信之前,获取第二CA证书,将该第二CA证书对应的公钥上传到该区块链网络的区块链节点上;S2. Before the consumer terminal communicates with the producer terminal, the second CA certificate is obtained, and the public key corresponding to the second CA certificate is uploaded to the blockchain node of the blockchain network.
    S3,生产者终端生成自身的第一密钥,基于该第一密钥并利用预定的加密算法对待通信的消息明文进行加密,将加密后的消息明文上传到区块链节点上;S3, the producer terminal generates its own first key, encrypts the message plaintext to be communicated based on the first key and uses a predetermined encryption algorithm, and uploads the encrypted message plaintext to the blockchain node;
    S4,生产者终端从区块链网络中获取消费者终端的第二CA证书对应的公钥,基于第一CA证书的私钥与消费者终端的第二CA证书对应的公钥并利用交换协议算法处理得到第一协商密钥,利用该第一协商密钥对所生成的第一密钥进行加密得到加密后的第一密钥,将加密后的第一密钥上传到区块链节点上;S4. The producer terminal acquires the public key corresponding to the second CA certificate of the consumer terminal from the blockchain network, and uses the public key corresponding to the second CA certificate of the consumer terminal based on the private key of the first CA certificate and utilizes the exchange protocol. The algorithm processes the first negotiation key, encrypts the generated first key by using the first negotiation key to obtain the encrypted first key, and uploads the encrypted first key to the blockchain node. ;
    S5,消费者终端通过预定的方式获取区块链节点上的加密后的第一密钥,从区块链网络中获取生产者终端的第一CA证书对应的公钥,基于自身的第二CA证书的私钥与生产者终端的第一CA证书对应的公钥并利用交换协议算法处理得到第二协商密钥,利用该第二协商密钥对该加密后的第一密钥进行解密得到该第一密钥;S5. The consumer terminal acquires the encrypted first key on the blockchain node in a predetermined manner, and obtains the public key corresponding to the first CA certificate of the producer terminal from the blockchain network, and the second CA based on the second CA The public key corresponding to the first CA certificate of the producer terminal is processed by the exchange protocol algorithm to obtain a second negotiation key, and the encrypted first key is decrypted by using the second negotiation key to obtain the First key
    S6,消费者终端获取区块链节点上的加密后的消息明文,利用解密后得到第一密钥对该加密后的消息明文进行解密,得到该消息明文。S6. The consumer terminal obtains the encrypted plaintext message on the blockchain node, and obtains the first key by decrypting to decrypt the encrypted plaintext message to obtain the plaintext of the message.
  2. 根据权利要求1所述的基于区块链的多端间消息通信的方法,其特征在于,所述步骤S6之后,还包括:The method of the blockchain-based inter-terminal message communication according to claim 1, wherein after the step S6, the method further comprises:
    消费者终端基于所述消息明文生成对应的响应信息,生成自身的第二密钥,基于该第二密钥并利用预定的加密算法对响应信息进行加密,将加密后的响应信息上传到区块链节点上;The consumer terminal generates corresponding second response information based on the plaintext of the message, generates a second key of its own, encrypts the response information based on the second key and uses a predetermined encryption algorithm, and uploads the encrypted response information to the block. On the chain node;
    消费者终端利用该第二协商密钥对所生成的第二密钥进行加密得到加密后的第二密钥,将加密后的第二密钥上传到区块链节点上;The consumer terminal encrypts the generated second key by using the second negotiation key to obtain the encrypted second key, and uploads the encrypted second key to the blockchain node;
    生产者终端通过预定的方式获取区块链节点上的加密后的第二密钥,利用该第一协商密钥对该加密后的第二密钥进行解密得到该第二密钥;The producer terminal obtains the encrypted second key on the blockchain node by using a predetermined method, and decrypts the encrypted second key by using the first negotiation key to obtain the second key;
    生产者终端获取区块链节点上的加密后的响应信息,利用解密后得到第二密钥对该加密后的响应信息进行解密,得到该响应信息。The producer terminal acquires the encrypted response information on the blockchain node, and decrypts the encrypted response information by decrypting to obtain the response information.
  3. 根据权利要求1所述的基于区块链的多端间消息通信的方法,其特征在于,所述预定的方式为轮询区块链的方式或者事件监听区块链的方式。The method for inter-terminal inter-message message communication according to claim 1, wherein the predetermined manner is a manner of polling a blockchain or a manner of an event listening blockchain.
  4. 根据权利要求2所述的基于区块链的多端间消息通信的方法,其特征在于,所述预定的方式为轮询区块链的方式或者事件监听区块链的方式。The method for inter-terminal inter-message message communication according to claim 2, wherein the predetermined manner is a manner of polling a blockchain or a manner of an event listening blockchain.
  5. 一种生产者终端,其特征在于,所述生产者终端包括存储器及与所述存储器连接的处理器,所述存储器中存储有可在所述处理器上运行的系统,所述系统被所述处理器执行时实现如下步骤:A producer terminal, comprising: a memory and a processor coupled to the memory, the memory storing a system operable on the processor, the system being The processor implements the following steps when it executes:
    在与多端构成的区块链网络中的消费者终端进行消息通信之前,获取第一CA证书,将该第一CA证书对应的公钥上传到该区块链网络的区块链节点上;Acquiring the first CA certificate and uploading the public key corresponding to the first CA certificate to the blockchain node of the blockchain network before performing message communication with the consumer terminal in the blockchain network formed by the multi-end;
    生成自身的第一密钥,基于该第一密钥并利用预定的加密算法对待通信的消息明文进行加密,将加密后的消息明文上传到区块链节点上;Generating a first key of the first key, encrypting the plaintext of the message to be communicated by using the predetermined encryption algorithm, and uploading the encrypted plaintext message to the blockchain node;
    从区块链网络中获取消费者终端的第二CA证书对应的公钥,基于第一CA证书的私钥与消费者终端的第二CA证书对应的公钥并利用交换协议算法处理得到第一协商密钥,利用该第一协商密钥对所生成的第一密钥进行加密得到加密后的第一密钥,将加密后的第一密钥上传到区块链节点上。Obtaining, from the blockchain network, the public key corresponding to the second CA certificate of the consumer terminal, based on the public key of the first CA certificate and the public key corresponding to the second CA certificate of the consumer terminal, and using the exchange protocol algorithm to obtain the first Negotiating the key, encrypting the generated first key by using the first negotiation key to obtain the encrypted first key, and uploading the encrypted first key to the blockchain node.
  6. 根据权利要求5所述的生产者终端,其特征在于,所述处理系统被所述处理器执行时,还实现如下步骤:The producer terminal according to claim 5, wherein when said processing system is executed by said processor, the following steps are further implemented:
    在消费者终端将用于加密响应信息的第二密钥进行加密并上传到区块链节点后,通过预定的方式获取区块链节点上的加密后的第二密钥,利用该第一协商密钥对该加密后的第二密钥进行解密得到该第二密钥;After the second key used for encrypting the response information is encrypted and uploaded to the blockchain node by the consumer terminal, the encrypted second key on the blockchain node is obtained in a predetermined manner, and the first negotiation is utilized. Decrypting the encrypted second key to obtain the second key;
    生产者终端获取区块链节点上的加密后的响应信息,利用解密后得到第二密钥对该加密后的响应信息进行解密,得到该响应信息。The producer terminal acquires the encrypted response information on the blockchain node, and decrypts the encrypted response information by decrypting to obtain the response information.
  7. 根据权利要求5所述的生产者终端,其特征在于,所述预定的方式为轮询区块链的方式或者事件监听区块链的方式。The producer terminal according to claim 5, wherein the predetermined manner is a manner of polling a blockchain or a manner of an event listening blockchain.
  8. 根据权利要求6所述的生产者终端,其特征在于,所述预定的方式为轮询区块链的方式或者事件监听区块链的方式。The producer terminal according to claim 6, wherein the predetermined manner is a manner of polling a blockchain or a manner of an event listening blockchain.
  9. 一种消费者终端,其特征在于,所述消费者终端包括存储器及与所述存储器连接的处理器,所述存储器中存储有可在所述处理器上运行的系统,所述系统被所述处理器执行时实现如下步骤:A consumer terminal, comprising: a memory and a processor coupled to the memory, the memory storing a system operable on the processor, the system being The processor implements the following steps when it executes:
    在与生产者终端通信之前,获取第二CA证书,将该第二CA证书对应的公钥上传到该区块链网络的区块链节点上;Before communicating with the producer terminal, acquiring a second CA certificate, and uploading the public key corresponding to the second CA certificate to the blockchain node of the blockchain network;
    在生产者终端将用于加密消息明文的第一密钥进行加密并上传到区块链节点后,通过预定的方式获取区块链节点上的加密后的第一密钥,从区块链网络中获取生产者终端的第一CA证书对应的公钥,基于自身的第二CA证书的私钥与生产者终端的第一CA证书对应的公钥并利用交换协议算法处理得到第二协商密钥,利用该第二协商密钥对该加密后的第一密钥进行解密得到该第一密钥;After the first key used to encrypt the plaintext of the message is encrypted and uploaded to the blockchain node by the producer terminal, the encrypted first key on the blockchain node is obtained in a predetermined manner, from the blockchain network. Obtaining a public key corresponding to the first CA certificate of the producer terminal, and processing the second negotiation key by using a public key corresponding to the first CA certificate of the producer terminal and using the exchange protocol algorithm Decrypting the encrypted first key by using the second negotiation key to obtain the first key;
    获取区块链节点上的加密后的消息明文,利用解密后得到第一密钥对该加密后的消息明文进行解密,得到该消息明文。Obtaining the encrypted plaintext message on the blockchain node, and decrypting the decrypted message to obtain the first key, and decrypting the encrypted message plaintext to obtain the plaintext of the message.
  10. 根据权利要求9所述的消费者终端,其特征在于,所述处理系统被所 述处理器执行时,还实现如下步骤:The consumer terminal of claim 9 wherein when said processing system is executed by said processor, the steps of:
    基于所述消息明文生成对应的响应信息,生成自身的第二密钥,基于该第二密钥并利用预定的加密算法对响应信息进行加密,将加密后的响应信息上传到区块链节点上;Generating corresponding response information based on the plaintext of the message, generating a second key of the second key, encrypting the response information by using a predetermined encryption algorithm based on the second key, and uploading the encrypted response information to the blockchain node ;
    利用该第二协商密钥对所生成的第二密钥进行加密得到加密后的第二密钥,将加密后的第二密钥上传到区块链节点上。The generated second key is encrypted by using the second negotiation key to obtain the encrypted second key, and the encrypted second key is uploaded to the blockchain node.
  11. 根据权利要求9所述的消费者终端,其特征在于,所述预定的方式为轮询区块链的方式或者事件监听区块链的方式。The consumer terminal of claim 9, wherein the predetermined manner is a manner of polling a blockchain or a manner of an event listening blockchain.
  12. 根据权利要求10所述的消费者终端,其特征在于,所述预定的方式为轮询区块链的方式或者事件监听区块链的方式。The consumer terminal of claim 10, wherein the predetermined manner is a manner of polling a blockchain or a manner of an event listening blockchain.
  13. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有处理系统,所述处理系统被处理器执行时实现步骤:A computer readable storage medium, wherein the computer readable storage medium stores a processing system, and when the processing system is executed by the processor, the steps are:
    在与多端构成的区块链网络中的消费者终端进行消息通信之前,获取第一CA证书,将该第一CA证书对应的公钥上传到该区块链网络的区块链节点上;Acquiring the first CA certificate and uploading the public key corresponding to the first CA certificate to the blockchain node of the blockchain network before performing message communication with the consumer terminal in the blockchain network formed by the multi-end;
    生成自身的第一密钥,基于该第一密钥并利用预定的加密算法对待通信的消息明文进行加密,将加密后的消息明文上传到区块链节点上;Generating a first key of the first key, encrypting the plaintext of the message to be communicated by using the predetermined encryption algorithm, and uploading the encrypted plaintext message to the blockchain node;
    从区块链网络中获取消费者终端的第二CA证书对应的公钥,基于第一CA证书的私钥与消费者终端的第二CA证书对应的公钥并利用交换协议算法处理得到第一协商密钥,利用该第一协商密钥对所生成的第一密钥进行加密得到加密后的第一密钥,将加密后的第一密钥上传到区块链节点上。Obtaining, from the blockchain network, the public key corresponding to the second CA certificate of the consumer terminal, based on the public key of the first CA certificate and the public key corresponding to the second CA certificate of the consumer terminal, and using the exchange protocol algorithm to obtain the first Negotiating the key, encrypting the generated first key by using the first negotiation key to obtain the encrypted first key, and uploading the encrypted first key to the blockchain node.
  14. 根据权利要求13所述的计算机可读存储介质,其特征在于,所述处理系统被所述处理器执行时,还实现如下步骤:The computer readable storage medium of claim 13, wherein when the processing system is executed by the processor, the following steps are further implemented:
    在消费者终端将用于加密响应信息的第二密钥进行加密并上传到区块链节点后,通过预定的方式获取区块链节点上的加密后的第二密钥,利用该 第一协商密钥对该加密后的第二密钥进行解密得到该第二密钥;After the second key used for encrypting the response information is encrypted and uploaded to the blockchain node by the consumer terminal, the encrypted second key on the blockchain node is obtained in a predetermined manner, and the first negotiation is utilized. Decrypting the encrypted second key to obtain the second key;
    生产者终端获取区块链节点上的加密后的响应信息,利用解密后得到第二密钥对该加密后的响应信息进行解密,得到该响应信息。The producer terminal acquires the encrypted response information on the blockchain node, and decrypts the encrypted response information by decrypting to obtain the response information.
  15. 根据权利要求13所述的计算机可读存储介质,其特征在于,所述预定的方式为轮询区块链的方式或者事件监听区块链的方式。The computer readable storage medium of claim 13, wherein the predetermined manner is a manner of polling a blockchain or a manner of an event listening blockchain.
  16. 根据权利要求14所述的计算机可读存储介质,其特征在于,所述预定的方式为轮询区块链的方式或者事件监听区块链的方式。The computer readable storage medium of claim 14, wherein the predetermined manner is a manner of polling a blockchain or a manner of an event listening blockchain.
  17. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有处理系统,所述处理系统被处理器执行时实现步骤:A computer readable storage medium, wherein the computer readable storage medium stores a processing system, and when the processing system is executed by the processor, the steps are:
    在与生产者终端通信之前,获取第二CA证书,将该第二CA证书对应的公钥上传到该区块链网络的区块链节点上;Before communicating with the producer terminal, acquiring a second CA certificate, and uploading the public key corresponding to the second CA certificate to the blockchain node of the blockchain network;
    在生产者终端将用于加密消息明文的第一密钥进行加密并上传到区块链节点后,通过预定的方式获取区块链节点上的加密后的第一密钥,从区块链网络中获取生产者终端的第一CA证书对应的公钥,基于自身的第二CA证书的私钥与生产者终端的第一CA证书对应的公钥并利用交换协议算法处理得到第二协商密钥,利用该第二协商密钥对该加密后的第一密钥进行解密得到该第一密钥;After the first key used to encrypt the plaintext of the message is encrypted and uploaded to the blockchain node by the producer terminal, the encrypted first key on the blockchain node is obtained in a predetermined manner, from the blockchain network. Obtaining a public key corresponding to the first CA certificate of the producer terminal, and processing the second negotiation key by using a public key corresponding to the first CA certificate of the producer terminal and using the exchange protocol algorithm Decrypting the encrypted first key by using the second negotiation key to obtain the first key;
    获取区块链节点上的加密后的消息明文,利用解密后得到第一密钥对该加密后的消息明文进行解密,得到该消息明文。Obtaining the encrypted plaintext message on the blockchain node, and decrypting the decrypted message to obtain the first key, and decrypting the encrypted message plaintext to obtain the plaintext of the message.
  18. 根据权利要求17所述的计算机可读存储介质,其特征在于,所述处理系统被所述处理器执行时,还实现如下步骤:The computer readable storage medium according to claim 17, wherein when said processing system is executed by said processor, the following steps are further implemented:
    基于所述消息明文生成对应的响应信息,生成自身的第二密钥,基于该第二密钥并利用预定的加密算法对响应信息进行加密,将加密后的响应信息上传到区块链节点上;Generating corresponding response information based on the plaintext of the message, generating a second key of the second key, encrypting the response information by using a predetermined encryption algorithm based on the second key, and uploading the encrypted response information to the blockchain node ;
    利用该第二协商密钥对所生成的第二密钥进行加密得到加密后的第二 密钥,将加密后的第二密钥上传到区块链节点上。The generated second key is encrypted by using the second negotiation key to obtain the encrypted second key, and the encrypted second key is uploaded to the blockchain node.
  19. 根据权利要求17所述的计算机可读存储介质,其特征在于,所述预定的方式为轮询区块链的方式或者事件监听区块链的方式。The computer readable storage medium of claim 17, wherein the predetermined manner is a manner of polling a blockchain or a manner of an event listening blockchain.
  20. 根据权利要求18所述的计算机可读存储介质,其特征在于,所述预定的方式为轮询区块链的方式或者事件监听区块链的方式。The computer readable storage medium of claim 18, wherein the predetermined manner is a manner of polling a blockchain or a manner of an event listening blockchain.
PCT/CN2018/102397 2018-03-12 2018-08-27 Blockchain-based method for message communication between multiple terminals, terminal and storage medium WO2019174187A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810199091.4A CN108566375A (en) 2018-03-12 2018-03-12 The method, terminal and storage medium of message communicating between multiterminal based on block chain
CN201810199091.4 2018-03-12

Publications (1)

Publication Number Publication Date
WO2019174187A1 true WO2019174187A1 (en) 2019-09-19

Family

ID=63532800

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/102397 WO2019174187A1 (en) 2018-03-12 2018-08-27 Blockchain-based method for message communication between multiple terminals, terminal and storage medium

Country Status (2)

Country Link
CN (1) CN108566375A (en)
WO (1) WO2019174187A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110889128A (en) * 2019-11-27 2020-03-17 上海禾一网络科技有限公司 Input method and device based on block chain storage and encryption key exchange
CN112085503A (en) * 2020-09-15 2020-12-15 北京书礼行知文化传媒有限公司 Block chain-based e-commerce distribution method and device, electronic equipment and storage medium
CN112257085A (en) * 2020-10-22 2021-01-22 政采云有限公司 Bidding processing method, system, equipment and medium based on block chain
CN112543187A (en) * 2020-11-26 2021-03-23 齐鲁工业大学 Industrial Internet of things safety data sharing method based on edge block chain
CN112714117A (en) * 2020-08-24 2021-04-27 支付宝(杭州)信息技术有限公司 Service processing method, device, equipment and system
CN113221146A (en) * 2021-05-26 2021-08-06 中国人民银行数字货币研究所 Method and device for data transmission between block chain nodes
CN113507468A (en) * 2021-07-08 2021-10-15 上海欧冶金融信息服务股份有限公司 Encryption method, decryption method and authorization method based on block chain technology
CN113556334A (en) * 2021-07-14 2021-10-26 深圳市奥闻科技有限公司 Data interaction encryption method, device, equipment and storage medium based on Internet of things
CN113783847A (en) * 2021-08-24 2021-12-10 上海浦东发展银行股份有限公司 Message interaction method and device, computer equipment and storage medium
CN114430416A (en) * 2020-10-16 2022-05-03 微观(天津)科技发展有限公司 Data processing method and device based on block chain system and storage medium
CN114614981A (en) * 2022-02-21 2022-06-10 北京航空航天大学 Hidden information transmission method and device based on-chain negotiation

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109522270A (en) * 2018-10-19 2019-03-26 平安科技(深圳)有限公司 File storing and reading method, electronic device and readable storage medium storing program for executing based on block chain
CN109523267A (en) * 2018-10-30 2019-03-26 苏宁易购集团股份有限公司 A kind of verification method, the apparatus and system of the transaction data based on block chain
CN109474597A (en) * 2018-11-19 2019-03-15 中链科技有限公司 A kind of distributed message based on block chain sends and receives method and device
CN109740319B (en) * 2018-12-06 2021-03-12 中国联合网络通信集团有限公司 Digital identity verification method and server
CN109802940A (en) * 2018-12-12 2019-05-24 北京众享比特科技有限公司 Block chain data base encryption and decryption method, device, equipment and its storage medium
CN109768982A (en) * 2019-01-23 2019-05-17 深圳市元征科技股份有限公司 A kind of encrypted transmission method and device based on Internet of Things
CN110061968A (en) * 2019-03-15 2019-07-26 广东工程职业技术学院 A kind of file encryption-decryption method based on block chain, system and storage medium
CN109743185B (en) * 2019-03-19 2020-12-01 全链通有限公司 Group communication method based on domain name block chain, block chain link point and medium
CN110209381A (en) * 2019-05-31 2019-09-06 深圳前海微众银行股份有限公司 SDK fast integration method, apparatus, equipment and storage medium based on block chain
CN112787987B (en) * 2019-11-11 2022-08-30 丁爱民 Path encryption method, device and system
CN111404950B (en) * 2020-03-23 2021-12-10 腾讯科技(深圳)有限公司 Information sharing method and device based on block chain network and related equipment
CN114727243A (en) * 2021-01-05 2022-07-08 中国移动通信有限公司研究院 VoLTE encryption communication method, device, system, terminal and storage medium
CN114866267B (en) * 2021-02-03 2023-12-05 支付宝(杭州)信息技术有限公司 Method and device for realizing secure multicast in block chain network
CN114285555A (en) * 2021-12-15 2022-04-05 支付宝(杭州)信息技术有限公司 Multicast method and device based on block chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1601431A (en) * 1999-03-03 2005-03-30 索尼公司 Data processing device, data processing method, terminal, transmission method for data processing device
CN101582906A (en) * 2009-06-23 2009-11-18 中国人民解放军信息工程大学 Key agreement method and device
CN102412971A (en) * 2011-11-30 2012-04-11 西安西电捷通无线网络通信股份有限公司 SM2 key exchange protocol based key agreement method and device
CN107294714A (en) * 2017-07-31 2017-10-24 美的智慧家居科技有限公司 Cryptographic key negotiation method, device and its equipment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10402792B2 (en) * 2015-08-13 2019-09-03 The Toronto-Dominion Bank Systems and method for tracking enterprise events using hybrid public-private blockchain ledgers
CN106941487B (en) * 2017-02-24 2021-01-05 创新先进技术有限公司 Data sending method and device
CN107040383B (en) * 2017-04-24 2018-01-30 中山大学 A kind of blind Verifiable Encryptosystem endorsement method based on block chain
CN107294709A (en) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 A kind of block chain data processing method, apparatus and system
CN107181599B (en) * 2017-07-18 2020-01-21 天津理工大学 Routing position data secret storage and sharing method based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1601431A (en) * 1999-03-03 2005-03-30 索尼公司 Data processing device, data processing method, terminal, transmission method for data processing device
CN101582906A (en) * 2009-06-23 2009-11-18 中国人民解放军信息工程大学 Key agreement method and device
CN102412971A (en) * 2011-11-30 2012-04-11 西安西电捷通无线网络通信股份有限公司 SM2 key exchange protocol based key agreement method and device
CN107294714A (en) * 2017-07-31 2017-10-24 美的智慧家居科技有限公司 Cryptographic key negotiation method, device and its equipment

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110889128A (en) * 2019-11-27 2020-03-17 上海禾一网络科技有限公司 Input method and device based on block chain storage and encryption key exchange
US11477008B2 (en) 2020-08-24 2022-10-18 Alipay (Hangzhou) Information Technology Co., Ltd. Service processing methods, apparatuses, devices and systems
CN112714117A (en) * 2020-08-24 2021-04-27 支付宝(杭州)信息技术有限公司 Service processing method, device, equipment and system
CN112085503A (en) * 2020-09-15 2020-12-15 北京书礼行知文化传媒有限公司 Block chain-based e-commerce distribution method and device, electronic equipment and storage medium
CN114430416A (en) * 2020-10-16 2022-05-03 微观(天津)科技发展有限公司 Data processing method and device based on block chain system and storage medium
CN112257085A (en) * 2020-10-22 2021-01-22 政采云有限公司 Bidding processing method, system, equipment and medium based on block chain
CN112543187A (en) * 2020-11-26 2021-03-23 齐鲁工业大学 Industrial Internet of things safety data sharing method based on edge block chain
CN112543187B (en) * 2020-11-26 2022-04-12 齐鲁工业大学 Industrial Internet of things safety data sharing method based on edge block chain
CN113221146B (en) * 2021-05-26 2023-11-03 中国人民银行数字货币研究所 Method and device for data transmission among block chain nodes
CN113221146A (en) * 2021-05-26 2021-08-06 中国人民银行数字货币研究所 Method and device for data transmission between block chain nodes
CN113507468A (en) * 2021-07-08 2021-10-15 上海欧冶金融信息服务股份有限公司 Encryption method, decryption method and authorization method based on block chain technology
CN113556334A (en) * 2021-07-14 2021-10-26 深圳市奥闻科技有限公司 Data interaction encryption method, device, equipment and storage medium based on Internet of things
CN113556334B (en) * 2021-07-14 2023-04-28 深圳市奥闻科技有限公司 Data interaction encryption method, device, equipment and storage medium based on Internet of things
CN113783847B (en) * 2021-08-24 2023-06-30 上海浦东发展银行股份有限公司 Message interaction method, device, computer equipment and storage medium
CN113783847A (en) * 2021-08-24 2021-12-10 上海浦东发展银行股份有限公司 Message interaction method and device, computer equipment and storage medium
CN114614981A (en) * 2022-02-21 2022-06-10 北京航空航天大学 Hidden information transmission method and device based on-chain negotiation
CN114614981B (en) * 2022-02-21 2023-12-19 北京航空航天大学 Hidden information transmission method and device based on-chain negotiation

Also Published As

Publication number Publication date
CN108566375A (en) 2018-09-21

Similar Documents

Publication Publication Date Title
WO2019174187A1 (en) Blockchain-based method for message communication between multiple terminals, terminal and storage medium
US10554636B2 (en) Lightweight encrypted communication protocol
US10375067B2 (en) Mutual authentication with symmetric secrets and signatures
US20230142978A1 (en) Lightweight authentication protocol using device tokens
US10003582B2 (en) Technologies for synchronizing and restoring reference templates
WO2021196915A1 (en) Encryption and decryption operation-based data transmission methods and systems, and computer device
RU2734294C2 (en) Method and system for distributing keys between a server and a medical device
WO2017097041A1 (en) Data transmission method and device
CN113302871B (en) Communication method, communication system and network interface controller
US11210658B2 (en) Constructing a distributed ledger transaction on a cold hardware wallet
JP5544627B2 (en) Data security access method suitable for electronic tags
US20230254129A1 (en) Key management for multi-party computation
JP2020505849A (en) Digital certificate management method and device
WO2022022009A1 (en) Message processing method and apparatus, device, and storage medium
US20200195446A1 (en) System and method for ensuring forward & backward secrecy using physically unclonable functions
KR20200032945A (en) System-on-chip for performing virtual vprivate network funtion and system comprising the same
CN111294203B (en) Information transmission method
US10951652B1 (en) Communication session resumption
TW201537937A (en) Unified identity authentication platform and authentication method thereof
CN113556230A (en) Data security transmission method, certificate correlation method, server, system and medium
US11791993B2 (en) Shared key system, information processing apparatus, equipment, shared key method and program
CN105409159B (en) Key storage appts, key keeping method and its recording medium
BR102020008787A2 (en) secure data transmission method
US20170374041A1 (en) Distributed processing of a product on the basis of centrally encrypted stored data
CN110086627B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18909532

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 22.01.2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18909532

Country of ref document: EP

Kind code of ref document: A1