WO2022068237A1 - Information processing method and apparatus for generating key on the basis of attribute of information, and device - Google Patents

Information processing method and apparatus for generating key on the basis of attribute of information, and device Download PDF

Info

Publication number
WO2022068237A1
WO2022068237A1 PCT/CN2021/097120 CN2021097120W WO2022068237A1 WO 2022068237 A1 WO2022068237 A1 WO 2022068237A1 CN 2021097120 W CN2021097120 W CN 2021097120W WO 2022068237 A1 WO2022068237 A1 WO 2022068237A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
sub
piece
ciphertext
coordinate
Prior art date
Application number
PCT/CN2021/097120
Other languages
French (fr)
Chinese (zh)
Inventor
贾牧
陆陈一帆
谢丹力
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2022068237A1 publication Critical patent/WO2022068237A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Definitions

  • the present application relates to the field of blockchain technology, and in particular, to an information processing method, apparatus and device for generating keys based on attributes of information.
  • the existing information storage method is generally local storage of the terminal.
  • the medical platform will use the terminal to store the medical record information, patient information and other information of each patient, and this information storage method has great risks.
  • illegal terminals can easily obtain locally stored information, resulting in information leakage, and illegal users can tamper with locally stored information, resulting in low information security, and when the local storage fails, the information cannot be retrieved , resulting in losses. Therefore, how to ensure the security of information in the process of information storage and prevent information leakage is an urgent problem to be solved.
  • the embodiments of the present application provide an information processing method, device, and device for generating a key based on an attribute of the information, which can encrypt information, improve information security, and prevent information leakage.
  • an embodiment of the present application provides an information processing method for generating a key based on an attribute of the information, including:
  • the target information includes at least two pieces of sub-information
  • the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs, the At least one of the generation address of the piece of sub-information and the data type of each piece of sub-information;
  • each piece of adjusted sub-information obtain coordinate information corresponding to each of the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • an embodiment of the present application provides an information processing apparatus for generating a key based on attributes of information, including:
  • a function acquisition module used for acquiring an objective function for describing information, and attribute information of each piece of sub-information in the target information to be processed, the target information including at least two pieces of sub-information, and the attribute information of each piece of sub-information including the each piece of sub-information At least one of the organization to which it belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information;
  • a key generation module for generating a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information
  • an information adjustment module configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
  • a coordinate obtaining module configured to obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the objective function and each piece of adjusted sub-information;
  • an information encryption module configured to encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information, and obtain the ciphertext of the coordinate information corresponding to each sub-information;
  • the information storage module is configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • One aspect of the present application provides a computer device, including: a processor, a memory, and a network interface;
  • the above-mentioned processor is connected to a memory and a network interface, wherein the network interface is used to provide a data communication function, the above-mentioned memory is used to store a computer program, and the above-mentioned processor is used to call the above-mentioned computer program to execute the following method:
  • the objective function used to describe the information, and attribute information of each piece of sub-information in the target information to be processed where the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs , at least one of the generation address of each piece of sub-information and the data type of each piece of sub-information;
  • each piece of adjusted sub-information obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • An aspect of an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, the computer program includes program instructions, and when executed by a processor, the program instructions cause the processor to execute the following method :
  • the objective function used to describe the information, and attribute information of each piece of sub-information in the target information to be processed where the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs , at least one of the generation address of each piece of sub-information and the data type of each piece of sub-information;
  • each piece of adjusted sub-information obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • the security of the information can be improved based on the characteristics that the blockchain cannot be tampered with and is not easily lost;
  • the resource occupation of the local storage space of the terminal can be reduced.
  • FIG. 1 is a schematic flowchart of an information processing method for generating a key based on an attribute of information provided by an embodiment of the present application
  • FIG. 2 is a schematic flowchart of an information processing method for generating a key based on an attribute of information provided by an embodiment of the present application
  • FIG. 3 is a schematic diagram of the composition and structure of an information processing apparatus for generating a key based on an attribute of information provided by an embodiment of the present application;
  • FIG. 4 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
  • the technical solution of the present application may relate to the technical field of blockchain, for example, the data involved in the present application, such as the ciphertext of coordinate information and/or the ciphertext of target information, are stored in the blockchain.
  • the present application can be applied to scenarios such as financial technology such as encrypting financial data, and can also be applied to scenarios such as digital medical treatment such as encrypting patient information to improve information security.
  • the blockchain involved in this application is a new application mode of computer technologies such as distributed data storage, point-to-point transmission (P2P transmission), consensus mechanism, and encryption algorithm.
  • each data block contains a batch of network transaction information, which is used to verify the validity of its information (anti-counterfeiting) and generate the next block.
  • the blockchain can include the underlying platform of the blockchain, the platform product service layer and the application service layer; the blockchain can be composed of multiple serial transaction records (also known as blocks) that are connected and protected by cryptography.
  • the distributed ledger connected by the blockchain allows multiple parties to effectively record the transaction, and the transaction can be permanently checked (it cannot be tampered with).
  • the consensus mechanism refers to the mathematical algorithm that realizes the establishment of trust between different nodes and the acquisition of rights and interests in the blockchain network; that is to say, the consensus mechanism is a mathematical algorithm recognized by all network nodes of the blockchain.
  • the target information can be, for example, the patient's medical record information, patient information, etc., by encrypting the patient's medical record information, patient information and other information of the medical platform, and storing the encrypted information in the In the blockchain network, it is beneficial to manage the patient's medical record information, patient information, etc., and improve the security of the patient's information.
  • FIG. 1 is a schematic flowchart of an information processing method for generating a key based on an attribute of information provided by an embodiment of the present application.
  • the method is applied to a node in a blockchain network, and the node may be an independent one.
  • a physical server can also be a server cluster or distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, and domain name services. , security services, Content Delivery Network (CDN), and cloud servers for basic cloud computing services such as big data and artificial intelligence platforms.
  • CDN Content Delivery Network
  • the node may refer to computer equipment, including mobile phones, tablet computers, notebook computers, PDAs, smart speakers, mobile internet devices (MID, mobile internet device), POS (Point Of Sales, point of sale) machines, wearable devices (such as smart watches, smart bracelets, etc.)
  • the method includes:
  • S101 Acquire an objective function for describing information and attribute information of each piece of sub-information in the target information to be processed.
  • the objective function may refer to a function corresponding to an elliptic curve, and the objective function may also refer to a function corresponding to other curves.
  • the target information includes at least two pieces of sub-information, and the target information may refer to data such as transaction data, business data, and internal data of an institution.
  • the attribute information of each piece of sub-information in the target information includes at least one of the organization to which each piece of sub-information belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information.
  • S102 Generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information.
  • the attribute information of each piece of sub-information is at least one of the organization to which each piece of sub-information belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information.
  • the computer device may generate a key corresponding to each piece of sub-information according to at least one of the institution to which each piece of sub-information belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information. Since the attribute information of each piece of sub-information is different, the key corresponding to each piece of sub-information generated according to the attribute information of each piece of sub-information is different.
  • the institution to which each piece of sub-information belongs may refer to an institution to which the terminal that generates each piece of sub-information belongs, or the institution to which each piece of sub-information belongs may refer to an institution that owns each piece of sub-information, for example, each sub-message is a banking institution
  • the business data within one day, the institution to which each sub-message belongs is the banking institution.
  • the generation address of each piece of sub-information may include an IP address, a MAC address, or other addresses of the terminal that generates each piece of sub-information.
  • the data type of each piece of sub-information may refer to the service type of each piece of sub-information.
  • the business type of each piece of sub-information may include high-real-time services such as transfer services and recharge services, and low-real-time services such as marriage registration services and certificate processing services, and so on.
  • the computer device generates a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information, and encrypts each piece of sub-information by using the key corresponding to each piece of sub-information to encrypt the target information and improve the security of the target information.
  • S103 Obtain a first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information.
  • the first random number can be used to adjust each piece of sub-information, so that the value corresponding to each piece of sub-information after adjustment is less than or equal to the first threshold, so that each piece of sub-information is mapped to the curve of the objective function, according to the curve of the objective function Calculate the coordinate point corresponding to each sub-information.
  • the first threshold may be determined according to a curve parameter corresponding to the objective function. If the curve parameter is the curve length c, the first threshold is (2 ⁇ 256)-w, where w is a very small value.
  • random number generation algorithms can be used to generate random numbers, such as the central limit theorem and Box Muller (coordinate transformation method), Monte Carlo algorithm, numerical probability algorithm, Las Vegas algorithm or other algorithms to generate random numbers, and
  • the generated random number is determined as the first random number corresponding to each piece of sub-information.
  • each piece of sub-information is not numeric data
  • each piece of sub-information can be encoded to obtain numeric-type encoded data, and each piece of sub-information corresponds to each piece of information according to the first random number corresponding to each piece of sub-information
  • the encoded data is adjusted to obtain each piece of sub-information after adjustment.
  • each piece of sub-information is numerical data
  • each piece of sub-information is adjusted according to the first random number corresponding to each piece of sub-information to obtain each piece of adjusted sub-information. It can be known that each piece of sub-information after adjustment includes the piece of sub-information and the first random number corresponding to the piece of sub-information.
  • each piece of sub-information of the adjusted non-numeric type can be encoded to obtain coded data corresponding to each piece of sub-information of the adjusted numerical type, and the coded data corresponding to each piece of sub-information of the adjusted numerical type can be mapped to the corresponding coded data of the objective function.
  • the corresponding coordinate point is obtained on the curve, so as to obtain the coordinate information corresponding to each piece of sub-information according to the coordinate point.
  • the curve corresponding to the objective function can be obtained, and each piece of adjusted sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function; according to the first coordinate and the objective function , determine the second coordinate of the target point on the curve corresponding to the objective function; determine the first coordinate and the second coordinate as the coordinate information corresponding to each piece of sub-information, thereby obtaining at least two pieces of sub-information corresponding to each sub-information Coordinate information.
  • the second coordinate of the target point on the curve corresponding to the objective function can be determined according to the first coordinate and the objective function, and the first coordinate can be determined.
  • the coordinates and the second coordinates are determined as the coordinate information corresponding to the sub-information c.
  • the curve corresponding to the objective function can be shown in formula (1-1):
  • a and b are known real numbers, and x and y are both parameters.
  • the value of the other parameter can be calculated by formula (1-1), for example , by determining the value of x, the value of y can be calculated according to formula (1-1).
  • a is 1, b is -1, the sub-information c is mapped to the first coordinate of the target point on the curve corresponding to the objective function (for example, the abscissa of the target point) is 1, and a, b and the first coordinate
  • the coordinates are substituted into formula (1-1) as x, and y is obtained as 1, that is, the second coordinate of the target point on the curve corresponding to the objective function is 1, then the coordinate information corresponding to the sub-information c is (1, 1),
  • the coordinate information corresponding to the other sub-information in the at least two pieces of sub-information can be acquired, thereby acquiring the coordinate information corresponding to each sub-information in the at least two pieces of sub-information.
  • the computer device can use the key corresponding to each piece of sub-information to perform the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information. Encrypt to obtain the ciphertext of the coordinate information corresponding to each sub-information.
  • the computer device can obtain the private key of the terminal to which the target information belongs, and encrypt the coordinate information corresponding to each sub-information in the at least two sub-information according to the private key of the terminal and the key corresponding to each sub-information, and obtain each sub-information.
  • the ciphertext of the coordinate information corresponding to the sliver information can be used to use the key corresponding to each piece of sub-information to perform the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information.
  • the ciphertext of the coordinate information corresponding to the sub-information is the ciphertext obtained by encrypting the sub-information. If the ciphertext is not decrypted, the ciphertext of the corresponding sub-information corresponding to the ciphertext cannot be known even if the ciphertext is obtained. content.
  • S106 Determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information.
  • the ciphertext of the target information includes the ciphertext of the coordinate information corresponding to each of the at least two sub-information, so far, the ciphertext of the target information can be obtained by encrypting the target information, and the ciphertext of the target information can be obtained.
  • the documents are stored in the blockchain network.
  • the computer device can verify the legitimacy of the terminal that needs to obtain the target information.
  • the ciphertext of the target information is decrypted to obtain the target information, and the target information is sent to the terminal that needs to obtain the target information, thereby realizing the acquisition of the target information.
  • the ciphertext of the target information can also be sent to the terminal to which the target information belongs, and after the ciphertext of the target information is decrypted by the terminal to which the target information belongs, the decrypted target information is sent to the terminal that needs to obtain the target information, So as to achieve the acquisition of target information.
  • the key corresponding to each piece of sub-information is generated according to the attribute information of each piece of sub-information. Since the attribute information of each piece of sub-information is different, the key corresponding to each piece of generated sub-information is different, so the key corresponding to each piece of sub-information is used.
  • After the key is encrypted, it is difficult for an illegal terminal to obtain the key corresponding to each piece of sub-information, so it is difficult to decrypt the ciphertext, which can improve the difficulty of cracking the ciphertext and improve the security of information.
  • each piece of sub-information in the at least two pieces of sub-information it is beneficial to generate coordinate information corresponding to each piece of adjusted sub-information according to each piece of adjusted sub-information, and improve the success rate of obtaining coordinate information corresponding to each piece of adjusted sub-information.
  • By encrypting each piece of sub-information in the target information illegal terminals are prevented from cracking the ciphertext, thereby improving the security of each piece of sub-information, thereby improving the security of the target information.
  • the security of the information can be improved based on the characteristics of the blockchain that cannot be tampered with and is not easily lost; in addition, the ciphertext of the target information is stored in the blockchain network. , which can reduce the resource occupation of the local storage space of the terminal.
  • the attribute information of each piece of sub-information above includes the organization to which each piece of sub-information above belongs, and the above step S102 includes the following steps s11 to s13.
  • s11 Obtain the time and the number of pieces of information written into the blockchain network by the organization to which each sub-information belongs.
  • the information written by the organization to the blockchain network includes all the information written by the organization to the blockchain network, and the number of written information includes the number of all information written by the organization to the blockchain network.
  • the institution wrote 80 pieces of information to the blockchain network last year, and the institution wrote 100 pieces of information to the blockchain this year, then the number of pieces of information written to the blockchain network by the institution is 180, then the The time each of the 180 messages was written to the blockchain.
  • s12 Determine the activity level of the organization to which each piece of sub-information belongs according to the time of writing information and the number of pieces of writing information.
  • the activity level may be, for example, a numerical value within 0-1, or the activity level may also be a numerical value within 0-10, or a numerical value within 0-100, and the like. For example, if the activity is a value within 0-100, the larger the value corresponding to the activity, the higher the activity of the organization; the smaller the value corresponding to the activity, the lower the activity of the organization.
  • the method for determining the activity level of the organization to which each piece of sub-information belongs according to the time of writing information and the number of pieces of writing information may include: the shorter the period of writing information and the more pieces of writing information, the higher the activity level. High; the longer the cycle of writing information and the fewer pieces of writing information, the lower the activity.
  • the information belonging to the same cycle can be determined according to the time when the information is written. For example, if the cycle is every week, the number of pieces of information that the institution writes to the blockchain network every week is the first quantity threshold, and the corresponding activity is activity level 1. The number of times the institution writes information to the blockchain network every month The number of pieces is the first quantity threshold, and the corresponding activity level is activity level 2.
  • the number of pieces of information that the institution writes to the blockchain network every quarter is the first number threshold value, and the corresponding activity level is activity level 3, then the activity level is 1 is greater than activity 2 is greater than activity 3.
  • the number of pieces of information that the institution writes to the blockchain network per week is the first threshold
  • the corresponding activity is 1,
  • the number of pieces of information that the institution writes to the blockchain network per month is the second threshold.
  • Quantity threshold the corresponding activity is Activity 2
  • the number of pieces of information that the institution writes to the blockchain network every quarter is the third quantity threshold
  • the corresponding activity is Activity 3
  • Activity 1 is greater than Activity 2 greater than activity level 3.
  • the first quantity threshold is greater than the second quantity threshold
  • the second quantity threshold is greater than the third quantity threshold.
  • the first quantity threshold, the second quantity threshold, and the third quantity threshold may be set according to specific conditions, which are not limited in this embodiment of the present application.
  • the activity of an institution can be determined based on the number of pieces of information the institution writes to the blockchain network each month. If the number of pieces of information that the institution writes to the blockchain network each month is greater than the first quantity threshold, the activity of the institution is a value within 80-100; if the institution writes to the blockchain network every month If the number of pieces of information is greater than the second quantity threshold and less than the first quantity threshold, the activity of the institution is a value within 60-79; if the number of pieces of information written to the blockchain network by the institution per month is greater than the third If the quantity threshold is smaller than the second quantity threshold, the activity of the institution is a value within 0-59. That is to say, the more pieces of information an institution writes to the blockchain network each month, the greater the value corresponding to the activity of the institution, and the greater the activity.
  • the type of information written to the blockchain network by the organization to which each sub-information belongs and the number of written information can be obtained, and the type of written information and the number of written information can be determined. the activity of the institution.
  • the more types of written information and the more pieces of written information the higher the activity of the organization to which each piece of sub-information belongs; The lower the activity of the organization to which each sub-information belongs.
  • the corresponding activity is 1; If the type of written information is greater than the second value and less than the first value, and the number of written information is greater than the second quantity threshold and less than the first quantity threshold, the corresponding activity level is activity level 2; The type of written information is greater than the third numerical value and less than the second numerical value, and the number of pieces of written information is greater than the third quantity threshold and less than the second quantity threshold, and the corresponding activity is 3.
  • activity 1 is greater than activity 2 and greater than activity 3
  • the first quantity threshold is greater than the second quantity threshold and greater than the third quantity threshold.
  • s13 respectively perform a hash operation on the activity of the organization to which each piece of sub-information belongs to obtain a key corresponding to each piece of sub-information.
  • the activity degree of the organization to which a certain piece of sub-information belongs is k
  • k1 is the piece of sub-information the corresponding key.
  • the computer device obtains a key corresponding to each sub-information by using a hash function to perform a hash operation on the activity of the organization to which each sub-information belongs. Since the activity degree corresponding to the organization to which each sub-information belongs is different, the key corresponding to each sub-information obtained according to the activity degree is different.
  • the key corresponding to each sub-information is used for encryption, and the obtained key Even if the ciphertext corresponding to the target information is obtained by an illegal terminal, it is difficult to obtain the key corresponding to each piece of sub-information, so it is impossible to decrypt the ciphertext of each piece of sub-information, so that the ciphertext of the target information cannot be decrypted. Decryption, thereby improving the security of the target information.
  • the attribute information of each piece of sub-information includes the generation address of each piece of sub-information
  • the above-mentioned step S102 includes the following steps s21-s22.
  • s21 Encode the generation address of each piece of sub-information to obtain a second random number corresponding to each piece of information.
  • s22 respectively perform a hash operation on the second random number corresponding to each piece of information to obtain a key corresponding to each piece of sub-information.
  • the generated address of each piece of sub-information may be the IP address of the terminal to which each piece of sub-information belongs, the MAC address of the terminal to which each piece of sub-information belongs, and the specific geographic location of the terminal to which each piece of sub-information belongs, such as longitude and latitude, etc. .
  • the computer equipment obtains the second random number corresponding to each piece of information by encoding the generation address of each piece of sub-information, and performs hash operation on the second random number corresponding to each piece of information to obtain the key corresponding to each piece of sub-information.
  • the attribute information of each piece of sub-information includes the data type of each piece of sub-information
  • the above step S102 includes the following steps s31 to s33.
  • s33 respectively perform a hash operation on the third random number corresponding to each piece of information to obtain a key corresponding to each piece of sub-information.
  • the data type of each piece of sub-information may refer to the business type of each piece of sub-information, and the business type may include transfer business, recharge business and other high real-time business types, as well as marriage registration business, certificate handling business, etc. Less real-time business types, etc.
  • the transfer business, recharge business and other types of business that require higher real-time performance the real-time performance level of each sub-information corresponding to this type of service is higher; for marriage registration business, certificate processing business and other types of business needs real-time performance is relatively high. If the value is low, the real-time performance level of each piece of sub-information corresponding to this type of service is low.
  • sub-information completed within a first time threshold may be determined as a first real-time level
  • sub-information completed within a second time threshold may be determined as a second real-time level
  • sub-information completed within a third time threshold The sub-information is determined to be the third real-time level, and so on.
  • a third random number corresponding to each sub-information is generated according to the real-time level of each sub-information, and a hash operation is performed on the third random number corresponding to each sub-information to obtain a key corresponding to each sub-information.
  • each sub-information Since the data type of each sub-information may be different, the corresponding key of each sub-information obtained according to the data type is different. Therefore, in the subsequent encryption process, the key corresponding to each sub-information is used for encryption, and the obtained ciphertext is different. Even if the illegal terminal obtains the ciphertext corresponding to the target information, it is difficult to obtain the key corresponding to each piece of sub-information, so it is impossible to decrypt the ciphertext of each piece of sub-information, so that the ciphertext of the target information cannot be decrypted, and then Improve the security of target information.
  • the attribute information of each piece of sub-information may include the target amount contained in each piece of sub-information, and a fifth random number corresponding to each piece of sub-information is generated according to the target amount contained in each piece of sub-information; The corresponding fifth random number is hashed to obtain a key corresponding to each piece of sub-information.
  • the key corresponding to each sub-information obtained according to the target amount contained in each sub-information is different. Therefore, in the subsequent encryption process, the key corresponding to each sub-information is used for encryption.
  • the obtained ciphertexts are different. Even if the illegal terminal obtains the ciphertext corresponding to the target information, it is difficult to obtain the key corresponding to each sub-information. Therefore, it is impossible to decrypt the ciphertext of each sub-information, so that the target information cannot be decrypted.
  • the ciphertext is decrypted, thereby improving the security of the target information.
  • the above step S103 includes the following steps s41-s42.
  • each piece of sub-information after splicing is smaller than the information threshold, determine each piece of sub-information after splicing as each piece of adjusted sub-information.
  • steps s41-s42 if each piece of sub-information after splicing is smaller than the information threshold, it is considered that the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, which can be determined according to the first coordinate and the objective function. , the second coordinate of the target point on the curve corresponding to the objective function is obtained by calculation, that is, the coordinate information corresponding to each piece of sub-information can be obtained. If each piece of sub-information after splicing is greater than or equal to the information threshold, it is considered that the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the target cannot be calculated based on the first coordinate and the objective function.
  • the second coordinate of the target point on the curve corresponding to the function that is, the coordinate information corresponding to each piece of sub-information cannot be obtained.
  • the first random numbers corresponding to each piece of sub-information may or may not be equal.
  • the information threshold may be, for example, (2 ⁇ 256) or less than (2 ⁇ 256).
  • the first random number can be adjusted, and the specific method includes the following steps s51-s53.
  • each piece of candidate sub-information is smaller than the information threshold, determine each piece of candidate sub-information as each adjusted piece of sub-information.
  • steps s51 to s53 since each piece of sub-information after splicing is greater than or equal to the information threshold, the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and cannot be based on the first coordinate and the target. function, the second coordinate of the target point on the curve corresponding to the objective function is obtained by calculation, that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. Therefore, it is necessary to adjust the first random number corresponding to each piece of sub-information, and splicing the adjusted first random number with each piece of sub-information to obtain each candidate piece of sub-information.
  • each piece of candidate sub-information is less than the information threshold, the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the corresponding value of the objective function can be calculated according to the first coordinate and the objective function.
  • the second coordinate of the target point on the curve that is, the coordinate information corresponding to each piece of sub-information can be obtained. If each candidate sub-information is greater than or equal to the information threshold, it is considered that the sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the objective function cannot be calculated based on the first coordinate and the objective function.
  • the second coordinate of the target point on the corresponding curve that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. That is, if each piece of candidate sub-information is greater than or equal to the information threshold, continue to adjust the first random number until the adjusted first random number and each piece of candidate sub-information are spliced, and each piece of candidate sub-information after splicing If it is less than the information threshold, then each piece of sub-information of the candidate after splicing is determined as each piece of adjusted sub-information.
  • each adjusted sub-information can be obtained, and the success rate of subsequent encryption of each sub-information can be improved.
  • the above step S105 includes the following steps s61-s62.
  • s61 Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information.
  • the terminal to which the target information belongs is the terminal that uploads the target information to the blockchain network for processing such as encryption and storage
  • the private key of the terminal to which the target information belongs is the private key generated by the terminal.
  • the identifier of the terminal to which the target information belongs can be obtained, a fourth random number can be generated by using the SECP256K1 algorithm, and the fourth random number can be filled to obtain the private key of the terminal. number.
  • the identifier of the terminal may refer to the factory serial number of the terminal, or other identifiers used to uniquely indicate the terminal.
  • an encryption algorithm can be used to encrypt the coordinate information corresponding to each piece of sub-information to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  • the encryption algorithm can include, for example, Elgamal algorithm (an asymmetric encryption algorithm), Rabin algorithm ( An asymmetric encryption algorithm), Diffie-Hellman algorithm (an asymmetric encryption algorithm), ECC algorithm (elliptic curve encryption algorithm).
  • the computer device encrypts the coordinate information corresponding to each piece of sub-information in at least two pieces of sub-information according to the private key of the terminal and the key corresponding to each piece of sub-information, and obtains the ciphertext of the coordinate information corresponding to each piece of sub-information. Encryption is performed to obtain the corresponding ciphertext. After the terminal obtains the ciphertext corresponding to each piece of sub-information, it needs to be decrypted to obtain the sub-information corresponding to each piece of ciphertext.
  • Figure 2 2 is a schematic flowchart of an information processing method for generating a key based on an attribute of information provided by an embodiment of the present application, the method is applied to a node in a blockchain network, and the node may refer to a computer device; such as As shown in Figure 2, the method includes:
  • s72 Obtain the product of the base point coordinates and the private key of the terminal to obtain candidate coordinates.
  • the coordinates of the base point of the curve of the objective function can be acquired.
  • the base point is G
  • the corresponding base point coordinates are (x1, y1)
  • the private key of the terminal is h
  • the candidate coordinates can be calculated according to formula (1-2):
  • the candidate coordinate is H
  • the base point is G
  • the private key of the terminal is h.
  • the candidate coordinates can be encrypted by formula (1-3) to obtain the ciphertext of the candidate coordinates , and fuse the coordinate information corresponding to the sub-information i with the ciphertext of the candidate coordinates to obtain the ciphertext of the coordinate information corresponding to the sub-information i.
  • Ci Mi+ki*H (1-3)
  • the candidate coordinates are H, Ci is the ciphertext of the coordinate information corresponding to the sub-information i, Mi is the coordinate information corresponding to the sub-information i, and ki is the key corresponding to the sub-information i.
  • ki*H indicates that the candidate coordinates are encrypted according to the key corresponding to the sub-information i, and the ciphertext of the candidate coordinates is obtained. It can be known that, for other sub-information in the n pieces of sub-information, the encryption and fusion can also be performed by formula (1-3) to obtain the ciphertext of the coordinate information corresponding to the other sub-information.
  • the ciphertext of the coordinate information corresponding to the piece of sub-information can be obtained by encrypting and fusing the formula (1-3), that is to say, a piece of sub-information corresponds to the number of ciphertexts of the coordinate information corresponding to a piece of sub-information , that is, for n pieces of sub-information, the number of ciphertexts of the coordinate information corresponding to the finally obtained sub-information is n.
  • FIG. 3 is a schematic diagram of the composition structure of an information processing apparatus for generating a key based on an attribute of information provided by an embodiment of the present application.
  • the above-mentioned information processing apparatus for generating a key based on an attribute of information may be run in a computer device.
  • a computer program (including program code) of , for example, the information processing apparatus for generating a key based on an attribute of the information is an application software; the apparatus can be used to execute the corresponding steps in the methods provided by the embodiments of the present application.
  • the device 30 includes:
  • the function acquisition module 301 is used to acquire the target function for describing information, and the attribute information of each piece of sub-information in the target information to be processed, the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the attribute information of each piece of sub-information. At least one of the organization to which the information belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information;
  • a key generation module 302 configured to generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
  • an information adjustment module 303 configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
  • a coordinate obtaining module 304 configured to obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the objective function and each piece of adjusted sub-information;
  • the information encryption module 305 is used for encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information to obtain the ciphertext of the coordinate information corresponding to each sub-information;
  • the information storage module 306 is configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • the attribute information of each piece of sub-information includes the organization to which each piece of sub-information belongs;
  • the key generation module 302 is specifically used to: obtain the organization to which each piece of sub-information belongs and write information into the blockchain network. time and the number of pieces of written information; determine the activity of the organization to which each piece of sub-information belongs according to the time of the written information and the number of pieces of written information; respectively check the activity of the organization to which each piece of sub-information belongs Perform the Greek operation to obtain the key corresponding to each piece of sub-information.
  • the attribute information of each piece of sub-information includes the generation address of each piece of sub-information;
  • the key generation module 302 is specifically configured to: encode the generation address of each piece of sub-information, and obtain the first corresponding to each piece of information. Two random numbers; respectively perform a hash operation on the second random number corresponding to each piece of information to obtain a key corresponding to each piece of sub-information.
  • the attribute information of each piece of sub-information includes the data type of each piece of sub-information;
  • the key generation module 302 is specifically configured to: determine the real-time level of processing each piece of sub-information according to the data type of each piece of sub-information ; Generate the third random number corresponding to each piece of sub-information according to the real-time level of each piece of sub-information; respectively perform a hash operation on the third random number corresponding to each piece of information to obtain the corresponding key of each piece of sub-information.
  • the information adjustment module 303 is specifically used for: splicing the first random number with each piece of sub-information to obtain each piece of sub-information after splicing; if each piece of sub-information after the splicing is less than the information threshold, then Each piece of sub-information after splicing is determined as each piece of adjusted sub-information.
  • the information encryption module 305 is specifically configured to: obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information; according to the private key of the terminal and the key corresponding to each piece of sub-information , encrypting the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  • the information encryption module 305 is specifically used to: obtain the base point coordinates of the curve of the objective function; obtain the product of the base point coordinates and the private key of the terminal to obtain candidate coordinates; according to the corresponding key of each piece of sub-information
  • the candidate coordinates are encrypted to obtain the ciphertext of the candidate coordinates; the coordinate information corresponding to each piece of sub-information is fused with the ciphertext of the corresponding candidate coordinates to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  • step S101 shown in FIG. 1 can be performed by the function acquisition module 301 shown in FIG. 3
  • step S102 shown in FIG. 1 can be performed by the key generation module 302 shown in FIG. 3
  • the steps shown in FIG. 1 S103 can be executed by the information adjustment module 303 in FIG. 3
  • step S104 shown in FIG. 1 can be executed by the coordinate acquisition module 304 in FIG. 3
  • step S105 shown in FIG. 1 can be executed by the information encryption module 305 in FIG. 3 step S106 shown in FIG.
  • each module in the information processing of generating a key based on the attribute of the information shown in FIG. 3 may be respectively or all combined into one or several units to form, or some (some) of the units may be formed. It can also be divided into multiple sub-units with smaller functions, which can realize the same operation without affecting the realization of the technical effects of the embodiments of the present application.
  • the above modules are divided based on logical functions. In practical applications, the function of one module may also be implemented by multiple units, or the functions of multiple modules may be implemented by one unit. In other embodiments of the present application, the information processing apparatus for generating keys based on information attributes may also include other units. In practical applications, these functions may also be implemented with the assistance of other units, and may be implemented by cooperation of multiple units.
  • a general-purpose computer device such as a computer including processing elements and storage elements such as a central processing unit (CPU), random access storage medium (RAM), read only storage medium (ROM), etc.
  • CPU central processing unit
  • RAM random access storage medium
  • ROM read only storage medium
  • Running a computer program capable of executing the steps involved in the corresponding methods as shown in FIG. 1 and FIG. 2 , to construct an information processing apparatus for generating keys based on attributes of information as shown in FIG. 3 , And to realize the information processing method for generating a key based on the attribute of the information according to the embodiment of the present application.
  • the above-mentioned computer program can be recorded on, for example, a computer-readable recording medium, loaded in the above-mentioned computing device via the computer-readable recording medium, and executed therein.
  • the key corresponding to each piece of sub-information is generated according to the attribute information of each piece of sub-information. Since the attribute information of each piece of sub-information is different, the key corresponding to each piece of generated sub-information is different, so the key corresponding to each piece of sub-information is used.
  • After the key is encrypted, it is difficult for an illegal terminal to obtain the key corresponding to each piece of sub-information, so it is difficult to decrypt the ciphertext, which can improve the difficulty of cracking the ciphertext and improve the security of information.
  • each piece of sub-information in the at least two pieces of sub-information it is beneficial to generate coordinate information corresponding to each piece of adjusted sub-information according to each piece of adjusted sub-information, and improve the success rate of obtaining coordinate information corresponding to each piece of adjusted sub-information.
  • By encrypting each piece of sub-information in the target information illegal terminals are prevented from cracking the ciphertext, thereby improving the security of each piece of sub-information, thereby improving the security of the target information.
  • the security of the information can be improved based on the characteristics of the blockchain that cannot be tampered with and is not easily lost; in addition, the ciphertext of the target information is stored in the blockchain network. , which can reduce the resource occupation of the local storage space of the terminal.
  • FIG. 4 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
  • the above-mentioned computer device 40 may include: a processor 401 , a network interface 404 and a memory 405 , in addition, the above-mentioned computer device 40 may further include: a user interface 403 , and at least one communication bus 402 .
  • the communication bus 402 is used to realize the connection and communication between these components.
  • the user interface 403 may include a display screen (Display) and a keyboard (Keyboard), and the optional user interface 403 may also include a standard wired interface and a wireless interface.
  • the network interface 404 may include a standard wired interface and a wireless interface (eg, a WI-FI interface).
  • the memory 405 may be a high-speed RAM memory, or a non-volatile memory, such as at least one disk memory.
  • the memory 405 can optionally also be at least one storage device located away from the aforementioned processor 401 .
  • the memory 405, which is a computer-readable storage medium may include an operating system, a network communication module, a user interface module, and a device control application program.
  • the network interface 404 can provide a network communication function;
  • the user interface 403 is mainly used to provide an input interface for the user; and
  • the processor 401 can be used to call the device control application stored in the memory 405 program to achieve:
  • the target information includes at least two pieces of sub-information
  • the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs, the At least one of the generation address of the piece of sub-information and the data type of each piece of sub-information;
  • each piece of adjusted sub-information obtain coordinate information corresponding to each of the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • the computer device 40 described in this embodiment of the present application can execute the description of the above-mentioned information processing method for generating a key based on the attribute of the information in the foregoing embodiments corresponding to FIG. 1 and FIG.
  • the description of the above-mentioned information processing apparatus for generating a key based on the attribute of the information in the corresponding embodiment will not be repeated here.
  • the description of the beneficial effects of using the same method will not be repeated.
  • the key corresponding to each piece of sub-information is generated according to the attribute information of each piece of sub-information. Since the attribute information of each piece of sub-information is different, the key corresponding to each piece of generated sub-information is different, so the key corresponding to each piece of sub-information is used.
  • After the key is encrypted, it is difficult for an illegal terminal to obtain the key corresponding to each piece of sub-information, so it is difficult to decrypt the ciphertext, which can improve the difficulty of cracking the ciphertext and improve the security of information.
  • each piece of sub-information in the at least two pieces of sub-information it is beneficial to generate coordinate information corresponding to each piece of adjusted sub-information according to each piece of adjusted sub-information, and improve the success rate of obtaining coordinate information corresponding to each piece of adjusted sub-information.
  • By encrypting each piece of sub-information in the target information illegal terminals are prevented from cracking the ciphertext, thereby improving the security of each piece of sub-information, thereby improving the security of the target information.
  • the security of the information can be improved based on the characteristics of the blockchain that cannot be tampered with and is not easily lost; in addition, the ciphertext of the target information is stored in the blockchain network. , which can reduce the resource occupation of the local storage space of the terminal.
  • Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and the computer program includes program instructions, which, when executed by a computer, cause the computer to execute the above-mentioned embodiments.
  • the method, the computer may be part of the above mentioned computer equipment.
  • it is the above-mentioned processor 401 .
  • program instructions may be deployed for execution on one computer device, or on multiple computer devices located at one site, or alternatively, distributed across multiple sites and interconnected by a communications network Implemented, multiple computer devices distributed in multiple locations and interconnected by a communication network can form a blockchain network.
  • the storage medium involved in this application such as a computer-readable storage medium, may be non-volatile or volatile.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.

Abstract

An information processing method and apparatus for generating a key on the basis of attribute of information, and a device. Said method comprises: acquiring a target function for describing information and attribute information of each piece of sub-information in target information to be processed (S101); generating a key of each piece of sub-information according to the attribute information of each piece of sub-information (S102); acquiring a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number, so as to obtain each piece of adjusted sub-information (S103); according to the target function and each piece of adjusted sub-information, acquiring coordinate information corresponding to each piece of sub-information (S104); encrypting the coordinate information of each piece of sub-information by using the key of each piece of sub-information, so as to obtain a ciphertext of the coordinate information (S105); and determining the ciphertext of the coordinate information corresponding to each piece of sub-information as a ciphertext of the target information, and storing the ciphertext of the target information into a block chain network (S106). The invention improves the security of information.

Description

基于信息的属性生成密钥的信息处理方法、装置及设备Information processing method, device and device for generating key based on information attribute
本申请要求于2020年9月29日提交中国专利局、申请号为202011054352.7,发明名称为“基于信息的属性生成密钥的信息处理方法、装置及设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on September 29, 2020 with the application number 202011054352.7 and the title of the invention is "information processing method, device and equipment for generating keys based on information attributes", all of which are The contents are incorporated herein by reference.
技术领域technical field
本申请涉及区块链技术领域,尤其涉及基于信息的属性生成密钥的信息处理方法、装置及设备。The present application relates to the field of blockchain technology, and in particular, to an information processing method, apparatus and device for generating keys based on attributes of information.
背景技术Background technique
在这个网络发展较为迅速的时代,越来越多的信息都是通过网络进行交互、存储。发明人意识到,现有的信息存储方式一般为终端本地存储,例如,医疗平台中会使用终端对每个患者的病历信息、患者信息等信息进行存储,该种信息存储方式存在较大的风险,非法终端容易获取到本地存储的信息,导致信息的泄露,以及,非法用户可以对本地存储的信息进行篡改,导致信息安全性较低,并且,当本地存储出现故障时,导致信息无法找回,从而造成损失。因此,如何确保信息存储过程中信息的安全性,防止信息泄露是亟待解决的问题。In this era of rapid network development, more and more information is interacted and stored through the network. The inventor realized that the existing information storage method is generally local storage of the terminal. For example, the medical platform will use the terminal to store the medical record information, patient information and other information of each patient, and this information storage method has great risks. , illegal terminals can easily obtain locally stored information, resulting in information leakage, and illegal users can tamper with locally stored information, resulting in low information security, and when the local storage fails, the information cannot be retrieved , resulting in losses. Therefore, how to ensure the security of information in the process of information storage and prevent information leakage is an urgent problem to be solved.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供基于信息的属性生成密钥的信息处理方法、装置及设备,可以实现对信息进行加密,提高信息的安全性,防止信息泄露。The embodiments of the present application provide an information processing method, device, and device for generating a key based on an attribute of the information, which can encrypt information, improve information security, and prevent information leakage.
本申请实施例一方面提供基于信息的属性生成密钥的信息处理方法,包括:On the one hand, an embodiment of the present application provides an information processing method for generating a key based on an attribute of the information, including:
获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息,该目标信息包括至少两条子信息,该每条子信息的属性信息包括该每条子信息所属的机构、该每条子信息的生成地址以及该每条子信息的数据类型中的至少一种;Obtain the objective function used to describe the information, and the attribute information of each piece of sub-information in the target information to be processed, the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs, the At least one of the generation address of the piece of sub-information and the data type of each piece of sub-information;
根据该每条子信息的属性信息生成该每条子信息对应的密钥;Generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
获取该每条子信息对应的第一随机数,根据该第一随机数对该每条子信息进行调整,得到调整后的每条子信息;Obtain the first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
根据该目标函数以及该调整后的每条子信息,获取该至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each of the at least two pieces of sub-information;
采用该每条子信息对应的密钥,对该至少两条子信息中的对应子信息的坐标信息进行加密,得到该每条子信息对应的坐标信息的密文;Encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information to obtain the ciphertext of the coordinate information corresponding to each sub-information;
将该每条子信息对应的坐标信息的密文确定为该目标信息的密文,将该目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
本申请实施例一方面提供基于信息的属性生成密钥的信息处理装置,包括:On the one hand, an embodiment of the present application provides an information processing apparatus for generating a key based on attributes of information, including:
函数获取模块,用于获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息,该目标信息包括至少两条子信息,该每条子信息的属性信息包括该每条子信息所属的机构、该每条子信息的生成地址以及该每条子信息的数据类型中的至少一种;A function acquisition module, used for acquiring an objective function for describing information, and attribute information of each piece of sub-information in the target information to be processed, the target information including at least two pieces of sub-information, and the attribute information of each piece of sub-information including the each piece of sub-information At least one of the organization to which it belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information;
密钥生成模块,用于根据该每条子信息的属性信息生成该每条子信息对应的密钥;a key generation module for generating a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
信息调整模块,用于获取该每条子信息对应的第一随机数,根据该第一随机数对该每条子信息进行调整,得到调整后的每条子信息;an information adjustment module, configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
坐标获取模块,用于根据该目标函数以及该调整后的每条子信息,获取该至少两条子信息中每条子信息对应的坐标信息;a coordinate obtaining module, configured to obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the objective function and each piece of adjusted sub-information;
信息加密模块,用于采用该每条子信息对应的密钥,对该至少两条子信息中的对应子信息的坐标信息进行加密,得到该每条子信息对应的坐标信息的密文;an information encryption module, configured to encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information, and obtain the ciphertext of the coordinate information corresponding to each sub-information;
信息存储模块,用于将该每条子信息对应的坐标信息的密文确定为该目标信息的密文,将该目标信息的密文存储至区块链网络中。The information storage module is configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
本申请一方面提供了一种计算机设备,包括:处理器、存储器、网络接口;One aspect of the present application provides a computer device, including: a processor, a memory, and a network interface;
上述处理器与存储器、网络接口相连,其中,网络接口用于提供数据通信功能,上述存储器用于存储计算机程序,上述处理器用于调用上述计算机程序,以执行以下方法:The above-mentioned processor is connected to a memory and a network interface, wherein the network interface is used to provide a data communication function, the above-mentioned memory is used to store a computer program, and the above-mentioned processor is used to call the above-mentioned computer program to execute the following method:
获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息,所述目标信息包括至少两条子信息,所述每条子信息的属性信息包括所述每条子信息所属的机构、所述每条子信息的生成地址以及所述每条子信息的数据类型中的至少一种;Obtain the objective function used to describe the information, and attribute information of each piece of sub-information in the target information to be processed, where the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs , at least one of the generation address of each piece of sub-information and the data type of each piece of sub-information;
根据所述每条子信息的属性信息生成所述每条子信息对应的密钥;Generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;obtaining a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information;
采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;Using the key corresponding to each piece of sub-information, encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information, and obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
本申请实施例一方面提供了一种计算机可读存储介质,该计算机可读存储介质存储有计算机程序,该计算机程序包括程序指令,该程序指令当被处理器执行时使该处理器执行以下方法:An aspect of an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, the computer program includes program instructions, and when executed by a processor, the program instructions cause the processor to execute the following method :
获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息,所述目标信息包括至少两条子信息,所述每条子信息的属性信息包括所述每条子信息所属的机构、所述每条子信息的生成地址以及所述每条子信息的数据类型中的至少一种;Obtain the objective function used to describe the information, and attribute information of each piece of sub-information in the target information to be processed, where the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs , at least one of the generation address of each piece of sub-information and the data type of each piece of sub-information;
根据所述每条子信息的属性信息生成所述每条子信息对应的密钥;Generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;obtaining a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information;
采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;Using the key corresponding to each piece of sub-information, encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information, and obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
本申请实施例通过将目标信息的密文信息存储至区块链网络中,基于区块链不可篡改且不易丢失的特性,可以提高信息的安全性;此外,将目标信息的密文存储至区块链网络中,可以减少终端本地存储空间的资源占用。In the embodiment of the present application, by storing the ciphertext information of the target information in the blockchain network, the security of the information can be improved based on the characteristics that the blockchain cannot be tampered with and is not easily lost; In the blockchain network, the resource occupation of the local storage space of the terminal can be reduced.
附图说明Description of drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present application more clearly, the following briefly introduces the drawings required in the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.
图1是本申请实施例提供的一种基于信息的属性生成密钥的信息处理方法的流程示意图;1 is a schematic flowchart of an information processing method for generating a key based on an attribute of information provided by an embodiment of the present application;
图2是本申请实施例提供的一种基于信息的属性生成密钥的信息处理方法的流程示意图;2 is a schematic flowchart of an information processing method for generating a key based on an attribute of information provided by an embodiment of the present application;
图3是本申请实施例提供的一种基于信息的属性生成密钥的信息处理装置的组成结构示意图;3 is a schematic diagram of the composition and structure of an information processing apparatus for generating a key based on an attribute of information provided by an embodiment of the present application;
图4是本申请实施例提供的一种计算机设备的组成结构示意图。FIG. 4 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
本申请的技术方案可涉及区块链技术领域,比如本申请涉及的数据如坐标信息的密文和/或目标信息的密文等存储于区块链中。可选的,本申请可应用于金融科技如对金融数据加密等场景中,还可应用于数字医疗如对患者信息加密等场景中,以提高信息安全性。The technical solution of the present application may relate to the technical field of blockchain, for example, the data involved in the present application, such as the ciphertext of coordinate information and/or the ciphertext of target information, are stored in the blockchain. Optionally, the present application can be applied to scenarios such as financial technology such as encrypting financial data, and can also be applied to scenarios such as digital medical treatment such as encrypting patient information to improve information security.
本申请所涉及的区块链是一种分布式数据存储、点对点传输(P2P传输)、共识机制、加密算法等计算机技术的新型应用模式,其本质上是一个去中心化的数据库,是一串使用密码学方法相关联产生的数据块,每一个数据块中包含了一批次网络交易的信息,用于验证其信息的有效性(防伪)和生成下一个区块。区块链可以包括区块链底层平台、平台产品服务层以及应用服务层;区块链可由多个借由密码学串接并保护内容的串连交易记录(又称区块)构成,用区块链所串接的分布式账本能让多方有效纪录交易,且可永久查验此交易(不可篡改)。其中,共识机制是指区块链网络中实现不同节点之间建立信任、获取权益的数学算法;也就是说,共识机制是区块链各网络节点共同认可的一种数学算法。The blockchain involved in this application is a new application mode of computer technologies such as distributed data storage, point-to-point transmission (P2P transmission), consensus mechanism, and encryption algorithm. Using cryptographic methods to associate the generated data blocks, each data block contains a batch of network transaction information, which is used to verify the validity of its information (anti-counterfeiting) and generate the next block. The blockchain can include the underlying platform of the blockchain, the platform product service layer and the application service layer; the blockchain can be composed of multiple serial transaction records (also known as blocks) that are connected and protected by cryptography. The distributed ledger connected by the blockchain allows multiple parties to effectively record the transaction, and the transaction can be permanently checked (it cannot be tampered with). Among them, the consensus mechanism refers to the mathematical algorithm that realizes the establishment of trust between different nodes and the acquisition of rights and interests in the blockchain network; that is to say, the consensus mechanism is a mathematical algorithm recognized by all network nodes of the blockchain.
本申请适用于医疗平台中,则目标信息例如可以为患者的病历信息、患者信息等等,通过对患者的病历信息、患者信息以及医疗平台的其他信息进行加密,并将加密后的信息存储至区块链网络中,有利于对患者的病历信息、患者信息等进行管理,提高患者的信息的安全性。This application is applicable to the medical platform, and the target information can be, for example, the patient's medical record information, patient information, etc., by encrypting the patient's medical record information, patient information and other information of the medical platform, and storing the encrypted information in the In the blockchain network, it is beneficial to manage the patient's medical record information, patient information, etc., and improve the security of the patient's information.
请参见图1,图1是本申请实施例提供的一种基于信息的属性生成密钥的信息处理方法的流程示意图,该方法应用于区块链网络中的节点,该节点可以是独立的一个物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、内容分发网络(Content Delivery Network,CDN)、以及大数据和人工智能平台等基础云计算服务的云服务器。或者,该节点可以是指计算机设备,包括手机、平板电脑、笔记本电脑、掌上电脑、智能音响、移动互联网设备(MID,mobile internet device)、POS(Point Of Sales,销售点)机、可穿戴设备(例如智能手表、智能手环等)等。如图1所示,该方法包括:Please refer to FIG. 1. FIG. 1 is a schematic flowchart of an information processing method for generating a key based on an attribute of information provided by an embodiment of the present application. The method is applied to a node in a blockchain network, and the node may be an independent one. A physical server can also be a server cluster or distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, and domain name services. , security services, Content Delivery Network (CDN), and cloud servers for basic cloud computing services such as big data and artificial intelligence platforms. Alternatively, the node may refer to computer equipment, including mobile phones, tablet computers, notebook computers, PDAs, smart speakers, mobile internet devices (MID, mobile internet device), POS (Point Of Sales, point of sale) machines, wearable devices (such as smart watches, smart bracelets, etc.) As shown in Figure 1, the method includes:
S101,获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息。S101: Acquire an objective function for describing information and attribute information of each piece of sub-information in the target information to be processed.
这里,目标函数可以是指椭圆曲线对应的函数,目标函数也可以是指其他曲线对应的函数。目标信息包括至少两条子信息,目标信息可以是指某机构的交易数据、营业数据、该机构的内部资料等数据。目标信息中每条子信息的属性信息包括每条子信息所属的机构、每条子信息的生成地址以及每条子信息的数据类型中的至少一种。Here, the objective function may refer to a function corresponding to an elliptic curve, and the objective function may also refer to a function corresponding to other curves. The target information includes at least two pieces of sub-information, and the target information may refer to data such as transaction data, business data, and internal data of an institution. The attribute information of each piece of sub-information in the target information includes at least one of the organization to which each piece of sub-information belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information.
S102,根据每条子信息的属性信息生成每条子信息对应的密钥。S102: Generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information.
这里,每条子信息的属性信息每条子信息所属的机构、每条子信息的生成地址以及每条子信息的数据类型中的至少一种。计算机设备可以根据每条子信息所属的机构、每条子信息的生成地址以及每条子信息的数据类型中的至少一种生成每条子信息对应的密钥。由于每条子信息的属性信息不同,因此根据每条子信息的属性信息生成每条子信息对应的密钥不同,在后续对每条子信息进行加密时,使用每条子信息对应的密钥对每条子信息进行加密,即使非法终端获取到某一条子信息对应的密钥,也无法根据该密钥计算出其他子信息对应的密钥,因此无法实现对目标信息的密文的解密,可以提高目标信息的安全性。Here, the attribute information of each piece of sub-information is at least one of the organization to which each piece of sub-information belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information. The computer device may generate a key corresponding to each piece of sub-information according to at least one of the institution to which each piece of sub-information belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information. Since the attribute information of each piece of sub-information is different, the key corresponding to each piece of sub-information generated according to the attribute information of each piece of sub-information is different. Encryption, even if the illegal terminal obtains the key corresponding to a certain piece of sub-information, it cannot calculate the key corresponding to other sub-information based on the key, so it is impossible to decrypt the ciphertext of the target information, which can improve the security of the target information. sex.
其中,每条子信息所属的机构可以是指生成每条子信息的终端所属的机构,或者,每 条子信息所属的机构可以是指拥有每条子信息的所有权的机构,例如,每条子消息为某银行机构一天内的营业数据,则该每条子消息所属的机构为该银行机构。每条子信息的生成地址可以包括生成每条子信息的终端的IP地址、MAC地址或者其他地址。每条子信息的数据类型可以是指每条子信息的业务类型。例如,每条子信息的业务类型可以包括转账业务、充值业务等实时性较高的业务,以及婚姻登记业务、证件办理业务等实时性较低的业务,等等。计算机设备根据每条子信息的属性信息生成每条子信息对应的密钥,通过使用每条子信息对应的密钥对每条子信息进行加密,从而实现对目标信息进行加密,可以提高目标信息的安全性。The institution to which each piece of sub-information belongs may refer to an institution to which the terminal that generates each piece of sub-information belongs, or the institution to which each piece of sub-information belongs may refer to an institution that owns each piece of sub-information, for example, each sub-message is a banking institution The business data within one day, the institution to which each sub-message belongs is the banking institution. The generation address of each piece of sub-information may include an IP address, a MAC address, or other addresses of the terminal that generates each piece of sub-information. The data type of each piece of sub-information may refer to the service type of each piece of sub-information. For example, the business type of each piece of sub-information may include high-real-time services such as transfer services and recharge services, and low-real-time services such as marriage registration services and certificate processing services, and so on. The computer device generates a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information, and encrypts each piece of sub-information by using the key corresponding to each piece of sub-information to encrypt the target information and improve the security of the target information.
S103,获取每条子信息对应的第一随机数,根据第一随机数对每条子信息进行调整,得到调整后的每条子信息。S103: Obtain a first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information.
这里,由于每条子信息对应的数值大于第一阈值时,不能实现将每条子信息映射到目标函数的曲线上,则无法根据目标函数的曲线计算得到每条子信息对应的坐标点。因此可以使用第一随机数对每条子信息进行调整,使得调整后的每条子信息对应的数值小于或等于第一阈值,从而实现将每条子信息映射到目标函数的曲线上,根据目标函数的曲线计算得到每条子信息对应的坐标点。通过使用第一随机数对每条子信息进行调整,可以提高获取每条子信息对应的坐标点的概率,从而提高加密成功的概率。第一阈值可以是根据目标函数对应的曲线参数确定的,如该曲线参数为曲线长度c,则第一阈值为(2^256)-w,其中,w为一个极小的数值。Here, since when the value corresponding to each piece of sub-information is greater than the first threshold, it is impossible to map each piece of sub-information onto the curve of the objective function, so the coordinate point corresponding to each piece of sub-information cannot be calculated according to the curve of the objective function. Therefore, the first random number can be used to adjust each piece of sub-information, so that the value corresponding to each piece of sub-information after adjustment is less than or equal to the first threshold, so that each piece of sub-information is mapped to the curve of the objective function, according to the curve of the objective function Calculate the coordinate point corresponding to each sub-information. By using the first random number to adjust each piece of sub-information, the probability of obtaining the coordinate point corresponding to each piece of sub-information can be improved, thereby improving the probability of successful encryption. The first threshold may be determined according to a curve parameter corresponding to the objective function. If the curve parameter is the curve length c, the first threshold is (2^256)-w, where w is a very small value.
具体实现中,可以采用随机数生成算法生成随机数,例如中心极限定理和Box Muller(坐标变换法)、蒙特卡洛算法、数值概率算法、拉斯维加斯算法或者其他算法生成随机数,并将该生成的随机数确定为每条子信息对应的第一随机数。或者,可以调用C语言中的rand函数生成随机数。In specific implementation, random number generation algorithms can be used to generate random numbers, such as the central limit theorem and Box Muller (coordinate transformation method), Monte Carlo algorithm, numerical probability algorithm, Las Vegas algorithm or other algorithms to generate random numbers, and The generated random number is determined as the first random number corresponding to each piece of sub-information. Alternatively, you can call the rand function in the C language to generate random numbers.
在一种可能的情况下,若每条子信息不为数值类型的数据,则可以对每条子信息进行编码,得到数值类型的编码数据,根据每条子信息对应的第一随机数对每条子信息对应的编码数据进行调整,得到调整后的每条子信息。In a possible case, if each piece of sub-information is not numeric data, each piece of sub-information can be encoded to obtain numeric-type encoded data, and each piece of sub-information corresponds to each piece of information according to the first random number corresponding to each piece of sub-information The encoded data is adjusted to obtain each piece of sub-information after adjustment.
在另一种可能的情况下,若每条子信息为数值类型的数据,则根据每条子信息对应的第一随机数对每条子信息进行调整,得到调整后的每条子信息。可知,调整后的每条子信息包括该条子信息和该条子信息对应的第一随机数。In another possible situation, if each piece of sub-information is numerical data, each piece of sub-information is adjusted according to the first random number corresponding to each piece of sub-information to obtain each piece of adjusted sub-information. It can be known that each piece of sub-information after adjustment includes the piece of sub-information and the first random number corresponding to the piece of sub-information.
S104,根据目标函数以及调整后的每条子信息,获取至少两条子信息中每条子信息对应的坐标信息。S104, according to the objective function and each adjusted piece of sub-information, obtain coordinate information corresponding to each of the at least two pieces of sub-information.
这里,例如可以对调整后非数值类型的每条子信息进行编码,得到调整后数值类型的每条子信息对应的编码数据,将调整后数值类型的每条子信息对应的编码数据映射至目标函数对应的曲线上得到对应的坐标点,从而根据该坐标点得到每条子信息对应的坐标信息。Here, for example, each piece of sub-information of the adjusted non-numeric type can be encoded to obtain coded data corresponding to each piece of sub-information of the adjusted numerical type, and the coded data corresponding to each piece of sub-information of the adjusted numerical type can be mapped to the corresponding coded data of the objective function. The corresponding coordinate point is obtained on the curve, so as to obtain the coordinate information corresponding to each piece of sub-information according to the coordinate point.
在一种可能的实现方式中,可以获取目标函数对应的曲线,将调整后的每条子信息映射至该目标函数对应的曲线上的目标点的第一坐标;根据该第一坐标以及该目标函数,确定该目标函数对应的曲线上的目标点的第二坐标;将该第一坐标以及该第二坐标确定为每条子信息对应的坐标信息,从而获取到至少两条子信息中每条子信息对应的坐标信息。In a possible implementation manner, the curve corresponding to the objective function can be obtained, and each piece of adjusted sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function; according to the first coordinate and the objective function , determine the second coordinate of the target point on the curve corresponding to the objective function; determine the first coordinate and the second coordinate as the coordinate information corresponding to each piece of sub-information, thereby obtaining at least two pieces of sub-information corresponding to each sub-information Coordinate information.
举例来对获取至少两条子信息中任意一条子信息c对应的坐标信息进行说明,可以根据第一坐标和目标函数,确定该目标函数对应的曲线上的目标点的第二坐标,将该第一坐标以及该第二坐标确定为子信息c对应的坐标信息。例如,目标函数对应的曲线可以如公式(1-1)所示:For example, to illustrate the acquisition of the coordinate information corresponding to any one of the at least two sub-information c, the second coordinate of the target point on the curve corresponding to the objective function can be determined according to the first coordinate and the objective function, and the first coordinate can be determined. The coordinates and the second coordinates are determined as the coordinate information corresponding to the sub-information c. For example, the curve corresponding to the objective function can be shown in formula (1-1):
y 2=x 3+ax+b  (1-1) y 2 =x 3 +ax+b (1-1)
其中,a和b均为已知的实数,x和y均为参数,通过确定x或者y中的任意一个参数 的值,则可以通过公式(1-1)计算得到另一个参数的值,例如,通过确定x的值,根据公式(1-1)可计算得到y的值。Among them, a and b are known real numbers, and x and y are both parameters. By determining the value of any one parameter in x or y, the value of the other parameter can be calculated by formula (1-1), for example , by determining the value of x, the value of y can be calculated according to formula (1-1).
例如,a为1,b为-1,子信息c映射至该目标函数对应的曲线上的目标点的第一坐标(例如该目标点的横坐标)为1,将a,b以及该第一坐标作为x代入公式(1-1)中,得到y为1,即该目标函数对应的曲线上的目标点的第二坐标为1,则子信息c对应的坐标信息为(1,1),通过该方法,可以获取到至少两条子信息中其他子信息对应的坐标信息,从而获取到至少两条子信息中每条子信息对应的坐标信息。For example, a is 1, b is -1, the sub-information c is mapped to the first coordinate of the target point on the curve corresponding to the objective function (for example, the abscissa of the target point) is 1, and a, b and the first coordinate The coordinates are substituted into formula (1-1) as x, and y is obtained as 1, that is, the second coordinate of the target point on the curve corresponding to the objective function is 1, then the coordinate information corresponding to the sub-information c is (1, 1), Through this method, the coordinate information corresponding to the other sub-information in the at least two pieces of sub-information can be acquired, thereby acquiring the coordinate information corresponding to each sub-information in the at least two pieces of sub-information.
S105,采用每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文。S105 , encrypting the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information by using the key corresponding to each piece of sub-information, to obtain a ciphertext of the coordinate information corresponding to each piece of sub-information.
这里,由于步骤S102中根据每条子信息的属性信息生成每条子信息对应的密钥,因此,计算机设备可以采用每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文。具体实现中,计算机设备可以获取目标信息所属的终端的私钥,根据该终端的私钥和每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文。可知,子信息对应的坐标信息的密文为对子信息加密后的得到的密文,在未对其进行解密的情况下,即使获取到该密文也无法获知该密文对应的子信息的内容。通过使用目标信息所属的终端的私钥和每条子信息对应的密钥对目标信息对应的每条子信息进行加密,可以提高目标信息的安全性。Here, since the key corresponding to each piece of sub-information is generated according to the attribute information of each piece of sub-information in step S102, the computer device can use the key corresponding to each piece of sub-information to perform the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information. Encrypt to obtain the ciphertext of the coordinate information corresponding to each sub-information. In a specific implementation, the computer device can obtain the private key of the terminal to which the target information belongs, and encrypt the coordinate information corresponding to each sub-information in the at least two sub-information according to the private key of the terminal and the key corresponding to each sub-information, and obtain each sub-information. The ciphertext of the coordinate information corresponding to the sliver information. It can be seen that the ciphertext of the coordinate information corresponding to the sub-information is the ciphertext obtained by encrypting the sub-information. If the ciphertext is not decrypted, the ciphertext of the corresponding sub-information corresponding to the ciphertext cannot be known even if the ciphertext is obtained. content. By encrypting each piece of sub-information corresponding to the target information by using the private key of the terminal to which the target information belongs and the key corresponding to each piece of sub-information, the security of the target information can be improved.
S106,将每条子信息对应的坐标信息的密文确定为目标信息的密文,将目标信息的密文存储至区块链网络中。S106: Determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
这里,上述步骤中,对于至少两条子信息中的每条子信息,都会得到每条子信息对应的坐标信息的密文,因此,将每条子信息对应的坐标信息的密文确定为目标信息的密文,也就是说,目标信息的密文包括至少两条子信息中的每条子信息对应的坐标信息的密文,至此,可以实现对目标信息进行加密得到目标信息的密文,可以将目标信息的密文存储至区块链网络中。通过将目标信息发送至区块链网络中进行加密以及存储,可以减少终端本地存储空间的资源占用,以及,可以避免目标信息存储在终端本地被非法用户篡改,提高目标信息的安全性。Here, in the above steps, for each piece of sub-information in the at least two pieces of sub-information, the ciphertext of the coordinate information corresponding to each piece of sub-information will be obtained. Therefore, the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information. , that is to say, the ciphertext of the target information includes the ciphertext of the coordinate information corresponding to each of the at least two sub-information, so far, the ciphertext of the target information can be obtained by encrypting the target information, and the ciphertext of the target information can be obtained. The documents are stored in the blockchain network. By sending the target information to the blockchain network for encryption and storage, the resource occupation of the local storage space of the terminal can be reduced, and the target information stored locally in the terminal can be prevented from being tampered with by illegal users, thereby improving the security of the target information.
可选的,在将目标信息的密文存储至区块链网络后,后续当存在需要获取目标信息的终端时,计算机设备可以验证该需要获取目标信息的终端的合法性,在确定获取该终端具有合法性的情况下,对目标信息的密文解密后得到目标信息,并将目标信息发送至需要获取目标信息的终端,从而实现获取目标信息。或者,也可以将目标信息的密文发送至该目标信息所属的终端,通过目标信息所属的终端对目标信息的密文进行解密后,将解密后的目标信息发送至需要获取目标信息的终端,从而实现获取目标信息。Optionally, after the ciphertext of the target information is stored in the blockchain network, when there is a terminal that needs to obtain the target information subsequently, the computer device can verify the legitimacy of the terminal that needs to obtain the target information. In the case of legality, the ciphertext of the target information is decrypted to obtain the target information, and the target information is sent to the terminal that needs to obtain the target information, thereby realizing the acquisition of the target information. Alternatively, the ciphertext of the target information can also be sent to the terminal to which the target information belongs, and after the ciphertext of the target information is decrypted by the terminal to which the target information belongs, the decrypted target information is sent to the terminal that needs to obtain the target information, So as to achieve the acquisition of target information.
本申请实施例中,根据每条子信息的属性信息生成每条子信息对应的密钥,由于每条子信息的属性信息不同,生成的每条子信息对应的密钥不同,因此采用每条子信息对应的密钥进行加密后,非法终端难以获取每条子信息对应的密钥,因此难以实现对密文进行解密,可以提高密文破解的难度,提高信息的安全性。通过对至少两条子信息中每条子信息进行调整,有利于根据调整后的每条子信息生成调整后的每条子信息对应的坐标信息,提高获取调整后的每条子信息对应的坐标信息的成功率。通过对目标信息中的每条子信息进行加密,避免非法终端对该密文进行破解,从而提高每条子信息的安全性,进而提高目标信息的安全性。通过将目标信息的密文信息存储至区块链网络中,基于区块链不可篡改且不易丢失的特性,可以提高信息的安全性;此外,将目标信息的密文存储至区块链网络中,可以减少终端本地存储空间的资源占用。In the embodiment of the present application, the key corresponding to each piece of sub-information is generated according to the attribute information of each piece of sub-information. Since the attribute information of each piece of sub-information is different, the key corresponding to each piece of generated sub-information is different, so the key corresponding to each piece of sub-information is used. After the key is encrypted, it is difficult for an illegal terminal to obtain the key corresponding to each piece of sub-information, so it is difficult to decrypt the ciphertext, which can improve the difficulty of cracking the ciphertext and improve the security of information. By adjusting each piece of sub-information in the at least two pieces of sub-information, it is beneficial to generate coordinate information corresponding to each piece of adjusted sub-information according to each piece of adjusted sub-information, and improve the success rate of obtaining coordinate information corresponding to each piece of adjusted sub-information. By encrypting each piece of sub-information in the target information, illegal terminals are prevented from cracking the ciphertext, thereby improving the security of each piece of sub-information, thereby improving the security of the target information. By storing the ciphertext information of the target information in the blockchain network, the security of the information can be improved based on the characteristics of the blockchain that cannot be tampered with and is not easily lost; in addition, the ciphertext of the target information is stored in the blockchain network. , which can reduce the resource occupation of the local storage space of the terminal.
在一个实施例中,上述每条子信息的属性信息包括上述每条子信息所属的机构,上述 步骤S102中包括如下步骤s11~s13。In one embodiment, the attribute information of each piece of sub-information above includes the organization to which each piece of sub-information above belongs, and the above step S102 includes the following steps s11 to s13.
s11,获取每条子信息所属的机构向区块链网络中写入信息的时间以及写入信息的条数。s11: Obtain the time and the number of pieces of information written into the blockchain network by the organization to which each sub-information belongs.
其中,该机构向区块链网络中写入信息包括所有该机构向区块链网络写入的所有信息,写入信息的条数包括该机构向区块链网络写入的所有信息的条数。例如该机构去年向区块链网络写入80条信息、且该机构今年向区块链写入100条信息,则该机构向区块链网络中写入信息的条数为180条,则获取180条信息中每条信息写入区块链的时间。Among them, the information written by the organization to the blockchain network includes all the information written by the organization to the blockchain network, and the number of written information includes the number of all information written by the organization to the blockchain network. . For example, the institution wrote 80 pieces of information to the blockchain network last year, and the institution wrote 100 pieces of information to the blockchain this year, then the number of pieces of information written to the blockchain network by the institution is 180, then the The time each of the 180 messages was written to the blockchain.
s12,根据写入信息的时间以及写入信息的条数确定每条子信息所属的机构的活跃度。s12: Determine the activity level of the organization to which each piece of sub-information belongs according to the time of writing information and the number of pieces of writing information.
这里,活跃度例如可以为0-1以内的数值,或者,活跃度也可以为0-10以内的数值,或者0-100以内的数值,等等。例如活跃度为0-100以内的数值,则活跃度对应的数值越大,表示该机构的活跃度越大;活跃度对应的数值越小,表示该机构的活跃度越小。Here, the activity level may be, for example, a numerical value within 0-1, or the activity level may also be a numerical value within 0-10, or a numerical value within 0-100, and the like. For example, if the activity is a value within 0-100, the larger the value corresponding to the activity, the higher the activity of the organization; the smaller the value corresponding to the activity, the lower the activity of the organization.
例如,根据写入信息的时间以及写入信息的条数确定每条子信息所属的机构的活跃度的方法可以包括:写入信息的周期越短且写入信息的条数越多,活跃度越高;写入信息的周期越长且写入信息的条数越少,活跃度越低。根据写入信息的时间可以确定属于同一个周期内的信息。例如,周期为每星期,该机构每星期向区块链网络写入信息的条数为第一数量阈值,对应的活跃度为活跃度1,该机构每月向区块链网络写入信息的条数为第一数量阈值,对应的活跃度为活跃度2,该机构每季度向区块链网络写入信息的条数为第一数量阈值,对应的活跃度为活跃度3,则活跃度1大于活跃度2大于活跃度3。或者,该机构每星期向区块链网络写入信息的条数为第一数量阈值,对应的活跃度为活跃度1,该机构每月向区块链网络写入信息的条数为第二数量阈值,对应的活跃度为活跃度2,该机构每季度向区块链网络写入信息的条数为第三数量阈值,对应的活跃度为活跃度3,则活跃度1大于活跃度2大于活跃度3。其中,第一数量阈值大于第二数量阈值,第二数量阈值大于第三数量阈值。第一数量阈值、第二数量阈值以及第三数量阈值可以根据具体的情况进行设置,本申请实施例对此不做限定。For example, the method for determining the activity level of the organization to which each piece of sub-information belongs according to the time of writing information and the number of pieces of writing information may include: the shorter the period of writing information and the more pieces of writing information, the higher the activity level. High; the longer the cycle of writing information and the fewer pieces of writing information, the lower the activity. The information belonging to the same cycle can be determined according to the time when the information is written. For example, if the cycle is every week, the number of pieces of information that the institution writes to the blockchain network every week is the first quantity threshold, and the corresponding activity is activity level 1. The number of times the institution writes information to the blockchain network every month The number of pieces is the first quantity threshold, and the corresponding activity level is activity level 2. The number of pieces of information that the institution writes to the blockchain network every quarter is the first number threshold value, and the corresponding activity level is activity level 3, then the activity level is 1 is greater than activity 2 is greater than activity 3. Alternatively, the number of pieces of information that the institution writes to the blockchain network per week is the first threshold, the corresponding activity is 1, and the number of pieces of information that the institution writes to the blockchain network per month is the second threshold. Quantity threshold, the corresponding activity is Activity 2, the number of pieces of information that the institution writes to the blockchain network every quarter is the third quantity threshold, and the corresponding activity is Activity 3, then Activity 1 is greater than Activity 2 greater than activity level 3. Wherein, the first quantity threshold is greater than the second quantity threshold, and the second quantity threshold is greater than the third quantity threshold. The first quantity threshold, the second quantity threshold, and the third quantity threshold may be set according to specific conditions, which are not limited in this embodiment of the present application.
或者,可以根据该机构每个月向区块链网络写入信息的条数确定该机构的活跃度。若该机构每个月向区块链网络写入信息的条数大于第一数量阈值,则该机构的活跃度为80-100以内的数值;若该机构每个月向区块链网络写入信息的条数大于第二数量阈值且小于第一数量阈值,则该机构的活跃度为60-79以内的数值;若该机构每个月向区块链网络写入信息的条数大于第三数量阈值且小于第二数量阈值,则该机构的活跃度为0-59以内的数值。也就是说,机构每个月向区块链网络写入信息的条数越多,该机构的活跃度对应的数值越大,则活跃度越大。Alternatively, the activity of an institution can be determined based on the number of pieces of information the institution writes to the blockchain network each month. If the number of pieces of information that the institution writes to the blockchain network each month is greater than the first quantity threshold, the activity of the institution is a value within 80-100; if the institution writes to the blockchain network every month If the number of pieces of information is greater than the second quantity threshold and less than the first quantity threshold, the activity of the institution is a value within 60-79; if the number of pieces of information written to the blockchain network by the institution per month is greater than the third If the quantity threshold is smaller than the second quantity threshold, the activity of the institution is a value within 0-59. That is to say, the more pieces of information an institution writes to the blockchain network each month, the greater the value corresponding to the activity of the institution, and the greater the activity.
可选的,可以获取每条子信息所属的机构向区块链网络中写入信息的种类以及写入信息的条数,根据写入信息的种类以及写入信息的条数确定每条子信息所属的机构的活跃度。Optionally, the type of information written to the blockchain network by the organization to which each sub-information belongs and the number of written information can be obtained, and the type of written information and the number of written information can be determined. the activity of the institution.
这里,写入信息的种类越多且写入信息的条数越多,则每条子信息所属的机构的活跃度越高;写入信息的种类越少且写入信息的条数越少,则每条子信息所属的机构的活跃度越低。例如,该机构向区块链网络中写入信息的种类大于第一数值,且写入信息的条数大于第一数量阈值,对应的活跃度为活跃度1;该机构向区块链网络中写入信息的种类大于第二数值且小于第一数值,且写入信息的条数大于第二数量阈值且小于第一数量阈值,对应的活跃度为活跃度2;该机构向区块链网络中写入信息的种类大于第三数值且小于第二数值,且写入信息的条数大于第三数量阈值且小于第二数量阈值,对应的活跃度为活跃度3。其中,活跃度1大于活跃度2大于活跃度3,第一数量阈值大于第二数量阈值大于第三数量阈值。Here, the more types of written information and the more pieces of written information, the higher the activity of the organization to which each piece of sub-information belongs; The lower the activity of the organization to which each sub-information belongs. For example, if the type of information written by the institution to the blockchain network is greater than the first value, and the number of pieces of information written is greater than the first quantity threshold, the corresponding activity is 1; If the type of written information is greater than the second value and less than the first value, and the number of written information is greater than the second quantity threshold and less than the first quantity threshold, the corresponding activity level is activity level 2; The type of written information is greater than the third numerical value and less than the second numerical value, and the number of pieces of written information is greater than the third quantity threshold and less than the second quantity threshold, and the corresponding activity is 3. Wherein, activity 1 is greater than activity 2 and greater than activity 3, and the first quantity threshold is greater than the second quantity threshold and greater than the third quantity threshold.
s13,分别对每条子信息所属的机构的活跃度进行哈希运算,得到每条子信息对应的密钥。s13, respectively perform a hash operation on the activity of the organization to which each piece of sub-information belongs to obtain a key corresponding to each piece of sub-information.
这里,例如某一条子信息所属的机构的活跃度为k,则根据哈希函数对该条子信息所 属的机构的活跃度进行哈希运算,即hash(k)=k1,则k1为该条子信息对应的密钥。计算机设备通过分别使用哈希函数对每条子信息所属的机构的活跃度进行哈希运算,得到每条子信息对应的密钥。由于每条子信息所属的机构对应的活跃度不同,因此根据活跃度得到的每条子信息对应的密钥不同,因此,在后续加密过程中,采用每条子信息对应的密钥进行加密,得到的密文不同,即使非法终端获取到目标信息对应的密文,也难以获取到每条子信息对应的密钥,因此无法实现对每条子信息的密文进行解密,从而无法实现对目标信息的密文进行解密,进而提高目标信息的安全性。Here, for example, the activity degree of the organization to which a certain piece of sub-information belongs is k, then a hash operation is performed on the activity degree of the organization to which the piece of sub-information belongs according to the hash function, that is, hash(k)=k1, then k1 is the piece of sub-information the corresponding key. The computer device obtains a key corresponding to each sub-information by using a hash function to perform a hash operation on the activity of the organization to which each sub-information belongs. Since the activity degree corresponding to the organization to which each sub-information belongs is different, the key corresponding to each sub-information obtained according to the activity degree is different. Therefore, in the subsequent encryption process, the key corresponding to each sub-information is used for encryption, and the obtained key Even if the ciphertext corresponding to the target information is obtained by an illegal terminal, it is difficult to obtain the key corresponding to each piece of sub-information, so it is impossible to decrypt the ciphertext of each piece of sub-information, so that the ciphertext of the target information cannot be decrypted. Decryption, thereby improving the security of the target information.
在一个实施例中,上述每条子信息的属性信息包括上述每条子信息的生成地址,上述步骤S102中包括如下步骤s21~s22。In one embodiment, the attribute information of each piece of sub-information includes the generation address of each piece of sub-information, and the above-mentioned step S102 includes the following steps s21-s22.
s21,对每条子信息的生成地址进行编码,得到每条信息对应的第二随机数。s21: Encode the generation address of each piece of sub-information to obtain a second random number corresponding to each piece of information.
s22,分别对每条信息对应的第二随机数进行哈希运算,得到每条子信息对应的密钥。s22, respectively perform a hash operation on the second random number corresponding to each piece of information to obtain a key corresponding to each piece of sub-information.
在步骤s21~s22中,每条子信息的生成地址可以为每条子信息所属终端的IP地址、每条子信息所属终端的MAC地址、每条子信息所属终端的具体地理位置,例如可以包括经纬度,等等。计算机设备通过对每条子信息的生成地址进行编码,得到每条信息对应的第二随机数,分别对每条信息对应的第二随机数进行哈希运算,得到每条子信息对应的密钥。例如,计算机可以使用上述步骤S103中的随机数生成算法生成某一条子信息对应的第二随机数p,则对该第二随机数p进行哈希运算,即hash(p)=p1,则p1为该条子信息对应的密钥。由于每条子信息的生成地址可能不同,因此根据生成地址得到的每条子信息对应的密钥不同,因此,在后续加密过程中,采用每条子信息对应的密钥进行加密,得到的密文不同,即使非法终端获取到目标信息对应的密文,也难以获取到每条子信息对应的密钥,因此无法实现对每条子信息的密文进行解密,从而无法实现对目标信息的密文进行解密,进而提高目标信息的安全性。In steps s21-s22, the generated address of each piece of sub-information may be the IP address of the terminal to which each piece of sub-information belongs, the MAC address of the terminal to which each piece of sub-information belongs, and the specific geographic location of the terminal to which each piece of sub-information belongs, such as longitude and latitude, etc. . The computer equipment obtains the second random number corresponding to each piece of information by encoding the generation address of each piece of sub-information, and performs hash operation on the second random number corresponding to each piece of information to obtain the key corresponding to each piece of sub-information. For example, the computer can use the random number generation algorithm in the above step S103 to generate a second random number p corresponding to a certain piece of sub-information, and then perform a hash operation on the second random number p, that is, hash(p)=p1, then p1 is the key corresponding to this piece of information. Since the generation address of each sub-information may be different, the key corresponding to each sub-information obtained according to the generated address is different. Therefore, in the subsequent encryption process, the key corresponding to each sub-information is used for encryption, and the obtained ciphertext is different. Even if the illegal terminal obtains the ciphertext corresponding to the target information, it is difficult to obtain the key corresponding to each piece of sub-information, so it is impossible to decrypt the ciphertext of each piece of sub-information, so that the ciphertext of the target information cannot be decrypted, and then Improve the security of target information.
在一个实施例中,上述每条子信息的属性信息包括上述每条子信息的数据类型,上述步骤S102中包括如下步骤s31~s33。In one embodiment, the attribute information of each piece of sub-information includes the data type of each piece of sub-information, and the above step S102 includes the following steps s31 to s33.
s31,根据每条子信息的数据类型,确定处理每条子信息的实时性等级。s31, according to the data type of each piece of sub-information, determine the real-time level of processing each piece of sub-information.
s32,根据每条子信息的实时性等级生成每条子信息对应的第三随机数。S32, generate a third random number corresponding to each piece of sub-information according to the real-time level of each piece of sub-information.
s33,分别对每条信息对应的第三随机数进行哈希运算,得到每条子信息对应的密钥。s33, respectively perform a hash operation on the third random number corresponding to each piece of information to obtain a key corresponding to each piece of sub-information.
在步骤s31~s33中,每条子信息的数据类型可以是指每条子信息的业务类型,业务类型可以包括转账业务、充值业务等实时性较高的业务类型,以及婚姻登记业务、证件办理业务等实时性较低的业务类型,等等。对于转账业务、充值业务等类型的业务需要的实时性较高,则该类型业务对应的每条子信息的实时性等级较高;对于婚姻登记业务、证件办理业务等类型的业务需要的实时性较低,则该类型业务对应的每条子信息的实时性等级较低。例如,可以将在第一时间阈值内完成的子信息确定为第一实时性等级、将在第二时间阈值内完成的子信息确定为第二实时性等级、将在第三时间阈值内完成的子信息确定为第三实时性等级,等等。根据每条子信息的实时性等级生成每条子信息对应的第三随机数,分别对每条信息对应的第三随机数进行哈希运算,得到每条子信息对应的密钥。例如根据某一条子信息的实时性等级生成第三随机数m,则对该第三随机数m进行哈希运算,即hash(m)=m1,则m1为该条子信息对应的密钥。In steps s31 to s33, the data type of each piece of sub-information may refer to the business type of each piece of sub-information, and the business type may include transfer business, recharge business and other high real-time business types, as well as marriage registration business, certificate handling business, etc. Less real-time business types, etc. For the transfer business, recharge business and other types of business that require higher real-time performance, the real-time performance level of each sub-information corresponding to this type of service is higher; for marriage registration business, certificate processing business and other types of business needs real-time performance is relatively high. If the value is low, the real-time performance level of each piece of sub-information corresponding to this type of service is low. For example, sub-information completed within a first time threshold may be determined as a first real-time level, sub-information completed within a second time threshold may be determined as a second real-time level, and sub-information completed within a third time threshold The sub-information is determined to be the third real-time level, and so on. A third random number corresponding to each sub-information is generated according to the real-time level of each sub-information, and a hash operation is performed on the third random number corresponding to each sub-information to obtain a key corresponding to each sub-information. For example, a third random number m is generated according to the real-time level of a certain piece of sub-information, and a hash operation is performed on the third random number m, that is, hash(m)=m1, and m1 is the key corresponding to the piece of sub-information.
由于每条子信息的数据类型可能不同,因此根据数据类型得到的每条子信息对应的密钥不同,因此,在后续加密过程中,采用每条子信息对应的密钥进行加密,得到的密文不同,即使非法终端获取到目标信息对应的密文,也难以获取到每条子信息对应的密钥,因此无法实现对每条子信息的密文进行解密,从而无法实现对目标信息的密文进行解密,进而提高目标信息的安全性。Since the data type of each sub-information may be different, the corresponding key of each sub-information obtained according to the data type is different. Therefore, in the subsequent encryption process, the key corresponding to each sub-information is used for encryption, and the obtained ciphertext is different. Even if the illegal terminal obtains the ciphertext corresponding to the target information, it is difficult to obtain the key corresponding to each piece of sub-information, so it is impossible to decrypt the ciphertext of each piece of sub-information, so that the ciphertext of the target information cannot be decrypted, and then Improve the security of target information.
在一种可能的实现方式中,每条子信息的属性信息可以包括每条子信息包含的标的额, 根据每条子信息中包含的标的额生成每条子信息对应的第五随机数;分别对每条信息对应的第五随机数进行哈希运算,得到每条子信息对应的密钥。In a possible implementation manner, the attribute information of each piece of sub-information may include the target amount contained in each piece of sub-information, and a fifth random number corresponding to each piece of sub-information is generated according to the target amount contained in each piece of sub-information; The corresponding fifth random number is hashed to obtain a key corresponding to each piece of sub-information.
这里,标的额是指每条子信息中包含的标的物(货物)的金额,即表示每条子信息中货物的总价值。如某一条子信息为购买某货物的买卖合同,则标的额为购买该货物支付的总金额。由于每条子信息中的标的物的单价和数量不相同,因此每条子信息包含的标的额不同。例如,根据某一条子信息包含的标的额生成第五随机数n,则对该第五随机数n进行哈希运算,即hash(n)=n1,则n1为该条子信息对应的密钥。由于每条子信息包含的标的额可能不同,因此根据每条子信息包含的标的额得到的每条子信息对应的密钥不同,因此,在后续加密过程中,采用每条子信息对应的密钥进行加密,得到的密文不同,即使非法终端获取到目标信息对应的密文,也难以获取到每条子信息对应的密钥,因此无法实现对每条子信息的密文进行解密,从而无法实现对目标信息的密文进行解密,进而提高目标信息的安全性。Here, the amount of the subject matter refers to the amount of the subject matter (goods) contained in each piece of sub-information, that is, the total value of the goods in each piece of sub-information. If a certain piece of information is a sales contract for the purchase of a certain commodity, the subject amount is the total amount paid for the purchase of the commodity. Since the unit price and quantity of the subject matter in each sub-information are different, the amount of the subject matter contained in each sub-information is different. For example, if a fifth random number n is generated according to the target amount contained in a certain piece of sub-information, a hash operation is performed on the fifth random number n, that is, hash(n)=n1, and n1 is the key corresponding to the piece of sub-information. Since the target amount contained in each sub-information may be different, the key corresponding to each sub-information obtained according to the target amount contained in each sub-information is different. Therefore, in the subsequent encryption process, the key corresponding to each sub-information is used for encryption. The obtained ciphertexts are different. Even if the illegal terminal obtains the ciphertext corresponding to the target information, it is difficult to obtain the key corresponding to each sub-information. Therefore, it is impossible to decrypt the ciphertext of each sub-information, so that the target information cannot be decrypted. The ciphertext is decrypted, thereby improving the security of the target information.
在一个实施例中,上述步骤S103中包括如下步骤s41~s42。In one embodiment, the above step S103 includes the following steps s41-s42.
s41,将第一随机数与每条子信息进行拼接,得到拼接后的每条子信息。s41, splicing the first random number with each piece of sub-information to obtain each piece of sub-information after splicing.
s42,若拼接后的每条子信息小于信息阈值,则将拼接后的每条子信息确定为调整后的每条子信息。S42, if each piece of sub-information after splicing is smaller than the information threshold, determine each piece of sub-information after splicing as each piece of adjusted sub-information.
在步骤s41~s42中,若拼接后的每条子信息小于信息阈值,则认为将该条子信息映射至目标函数对应的曲线上的目标点的第一坐标,可以根据该第一坐标以及该目标函数,计算得到该目标函数对应的曲线上的目标点的第二坐标,即可以得到每条子信息对应的坐标信息。若拼接后的每条子信息大于或等于信息阈值,则认为将该条子信息映射至目标函数对应的曲线上的目标点的第一坐标,无法根据该第一坐标以及该目标函数,计算得到该目标函数对应的曲线上的目标点的第二坐标,即无法得到每条子信息对应的坐标信息。其中,每条子信息对应的第一随机数可以相等,也可以不相等。其中,信息阈值例如可以为(2^256),也可以小于(2^256)。通过将第一随机数与每条子信息进行拼接,可以得到拼接后的每条子信息,从而根据拼接后的每条子信息与信息阈值的大小关系,将拼接后的每条子信息确定为调整后的每条子信息。In steps s41-s42, if each piece of sub-information after splicing is smaller than the information threshold, it is considered that the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, which can be determined according to the first coordinate and the objective function. , the second coordinate of the target point on the curve corresponding to the objective function is obtained by calculation, that is, the coordinate information corresponding to each piece of sub-information can be obtained. If each piece of sub-information after splicing is greater than or equal to the information threshold, it is considered that the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the target cannot be calculated based on the first coordinate and the objective function. The second coordinate of the target point on the curve corresponding to the function, that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. The first random numbers corresponding to each piece of sub-information may or may not be equal. The information threshold may be, for example, (2^256) or less than (2^256). By splicing the first random number with each piece of sub-information, each piece of sub-information after splicing can be obtained, so that each piece of sub-information after splicing is determined as the adjusted Slip information.
在一种可能的实现方式中,若拼接后的每条子信息大于或等于信息阈值,则可对第一随机数进行调整,具体方法包括如下步骤s51~s53。In a possible implementation manner, if each piece of sub-information after splicing is greater than or equal to the information threshold, the first random number can be adjusted, and the specific method includes the following steps s51-s53.
s51,若拼接后的每条子信息大于或等于信息阈值,则调整第一随机数。S51, if each piece of sub-information after splicing is greater than or equal to the information threshold, adjust the first random number.
S52,将调整后的第一随机数与每条子信息进行拼接,得到候选的每条子信息。S52, splicing the adjusted first random number with each piece of sub-information to obtain each candidate sub-information.
S53,若候选的每条子信息小于信息阈值,则将候选的每条子信息确定为调整后的每条子信息。S53 , if each piece of candidate sub-information is smaller than the information threshold, determine each piece of candidate sub-information as each adjusted piece of sub-information.
在步骤s51~s53中,由于拼接后的每条子信息大于或等于信息阈值时,将该条子信息映射至目标函数对应的曲线上的目标点的第一坐标,无法根据该第一坐标以及该目标函数,计算得到该目标函数对应的曲线上的目标点的第二坐标,即无法得到每条子信息对应的坐标信息。因此,需要对每条子信息对应的第一随机数进行调整,并将调整后的第一随机数与每条子信息进行拼接,得到候选的每条子信息。In steps s51 to s53, since each piece of sub-information after splicing is greater than or equal to the information threshold, the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and cannot be based on the first coordinate and the target. function, the second coordinate of the target point on the curve corresponding to the objective function is obtained by calculation, that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. Therefore, it is necessary to adjust the first random number corresponding to each piece of sub-information, and splicing the adjusted first random number with each piece of sub-information to obtain each candidate piece of sub-information.
可知,若候选的每条子信息小于信息阈值,将该条子信息映射至目标函数对应的曲线上的目标点的第一坐标,可以根据该第一坐标以及该目标函数,计算得到该目标函数对应的曲线上的目标点的第二坐标,即可以得到每条子信息对应的坐标信息。若候选的每条子信息大于或等于信息阈值,则认为将该条子信息映射至目标函数对应的曲线上的目标点的第一坐标,无法根据该第一坐标以及该目标函数,计算得到该目标函数对应的曲线上的目标点的第二坐标,即无法得到每条子信息对应的坐标信息。也就是说,若候选的每条子信息大于或等于信息阈值,则继续调整第一随机数,直到对调整后的第一随机数与候选的每 条子信息进行拼接,拼接后的候选的每条子信息小于信息阈值,则将拼接后的候选的每条子信息确定为调整后的每条子信息。通过对每条子信息对应的第一随机数与子信息进行拼接,以及不断调整每条子信息对应的第一随机数,可以得到调整后的每条子信息,提高后续对每条子信息进行加密的成功率。It can be seen that if each piece of candidate sub-information is less than the information threshold, the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the corresponding value of the objective function can be calculated according to the first coordinate and the objective function. The second coordinate of the target point on the curve, that is, the coordinate information corresponding to each piece of sub-information can be obtained. If each candidate sub-information is greater than or equal to the information threshold, it is considered that the sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the objective function cannot be calculated based on the first coordinate and the objective function. The second coordinate of the target point on the corresponding curve, that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. That is, if each piece of candidate sub-information is greater than or equal to the information threshold, continue to adjust the first random number until the adjusted first random number and each piece of candidate sub-information are spliced, and each piece of candidate sub-information after splicing If it is less than the information threshold, then each piece of sub-information of the candidate after splicing is determined as each piece of adjusted sub-information. By splicing the first random number corresponding to each sub-information with the sub-information, and continuously adjusting the first random number corresponding to each sub-information, each adjusted sub-information can be obtained, and the success rate of subsequent encryption of each sub-information can be improved. .
在一个实施例中,上述步骤S105中包括如下步骤s61~s62。In one embodiment, the above step S105 includes the following steps s61-s62.
s61,获取目标信息所属的终端的私钥,以及每条子信息对应的密钥。s61: Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information.
这里,目标信息所属的终端为上传目标信息至区块链网络中进行加密以及存储等处理的终端,目标信息所属的终端的私钥为通过该终端生成的私钥。Here, the terminal to which the target information belongs is the terminal that uploads the target information to the blockchain network for processing such as encryption and storage, and the private key of the terminal to which the target information belongs is the private key generated by the terminal.
具体实现中,例如可以获取该目标信息所属终端的标识,采用SECP256K1算法生成第四随机数,对第四随机数进行填充,得到终端的私钥,该终端的私钥可以是指包括256位的数。这里,终端的标识可以是指终端的出厂编号,或者其他用于唯一指示该终端的标识。In a specific implementation, for example, the identifier of the terminal to which the target information belongs can be obtained, a fourth random number can be generated by using the SECP256K1 algorithm, and the fourth random number can be filled to obtain the private key of the terminal. number. Here, the identifier of the terminal may refer to the factory serial number of the terminal, or other identifiers used to uniquely indicate the terminal.
s62,根据终端的私钥以及每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文。S62, encrypt the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the private key of the terminal and the key corresponding to each piece of sub-information, to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
具体实现中,可以采用加密算法对每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文,加密算法例如可以包括Elgamal算法(一种非对称加密算法)、Rabin算法(一种非对称加密算法)、Diffie-Hellman算法(一种非对称加密算法)、ECC算法(椭圆曲线加密算法)。计算机设备根据终端的私钥以及每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文,可以实现对每条子信息进行加密,得到对应的密文,终端获取到每条子信息对应的密文后,需要进行解密,才能获知每条密文对应的子信息。In specific implementation, an encryption algorithm can be used to encrypt the coordinate information corresponding to each piece of sub-information to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information. The encryption algorithm can include, for example, Elgamal algorithm (an asymmetric encryption algorithm), Rabin algorithm ( An asymmetric encryption algorithm), Diffie-Hellman algorithm (an asymmetric encryption algorithm), ECC algorithm (elliptic curve encryption algorithm). The computer device encrypts the coordinate information corresponding to each piece of sub-information in at least two pieces of sub-information according to the private key of the terminal and the key corresponding to each piece of sub-information, and obtains the ciphertext of the coordinate information corresponding to each piece of sub-information. Encryption is performed to obtain the corresponding ciphertext. After the terminal obtains the ciphertext corresponding to each piece of sub-information, it needs to be decrypted to obtain the sub-information corresponding to each piece of ciphertext.
具体实现中,根据终端的私钥以及每条子信息对应的密钥,对至少两条子信息中每条子信息对应的坐标信息进行加密,得到每条子信息对应的坐标信息的密文的方法如图2所示,图2是本申请实施例提供的一种基于信息的属性生成密钥的信息处理方法的流程示意图,该方法应用于区块链网络中的节点,该节点可以是指计算机设备;如图2所示,该方法包括:In the specific implementation, according to the private key of the terminal and the key corresponding to each sub-information, the coordinate information corresponding to each sub-information in the at least two sub-information is encrypted, and the method of obtaining the ciphertext of the coordinate information corresponding to each sub-information is shown in Figure 2 2 is a schematic flowchart of an information processing method for generating a key based on an attribute of information provided by an embodiment of the present application, the method is applied to a node in a blockchain network, and the node may refer to a computer device; such as As shown in Figure 2, the method includes:
s71,获取目标函数的曲线的基点坐标。s71, obtain the coordinates of the base point of the curve of the objective function.
s72,获取基点坐标与终端的私钥的乘积,得到候选坐标。s72: Obtain the product of the base point coordinates and the private key of the terminal to obtain candidate coordinates.
s73,根据每条子信息对应的密钥对候选坐标进行加密,得到候选坐标的密文。S73, encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates.
s74,对每条子信息对应的坐标信息与对应的候选坐标的密文进行融合,得到每条子信息对应的坐标信息的密文。S74, fuse the coordinate information corresponding to each piece of sub-information with the ciphertext of the corresponding candidate coordinates to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
在步骤s71~s74中,通过获取目标函数的曲线,以及目标函数的曲线参数,可以获取该目标函数的曲线的基点坐标。例如基点为G,对应的基点坐标为(x1,y1),终端的私钥为h,则可以根据公式(1-2)计算得到候选坐标:In steps s71 to s74, by acquiring the curve of the objective function and the curve parameters of the objective function, the coordinates of the base point of the curve of the objective function can be acquired. For example, the base point is G, the corresponding base point coordinates are (x1, y1), and the private key of the terminal is h, then the candidate coordinates can be calculated according to formula (1-2):
H=h*G  (1-2)H=h*G (1-2)
其中,候选坐标为H,基点为G,终端的私钥为h。Among them, the candidate coordinate is H, the base point is G, and the private key of the terminal is h.
例如,目标信息对应的子信息的数量为n条,子信息i为n条子信息中的任意一条子信息,可以通过公式(1-3)的方式对候选坐标进行加密,得到候选坐标的密文,以及对子信息i对应的坐标信息与候选坐标的密文进行和融合,得到子信息i对应的坐标信息的密文。For example, if the number of sub-information corresponding to the target information is n, and the sub-information i is any sub-information in the n sub-information, the candidate coordinates can be encrypted by formula (1-3) to obtain the ciphertext of the candidate coordinates , and fuse the coordinate information corresponding to the sub-information i with the ciphertext of the candidate coordinates to obtain the ciphertext of the coordinate information corresponding to the sub-information i.
Ci=Mi+ki*H  (1-3)Ci=Mi+ki*H (1-3)
其中,候选坐标为H,Ci为子信息i对应的坐标信息的密文,Mi为子信息i对应的坐标信息,ki为子信息i对应的密钥。ki*H表示根据子信息i对应的密钥对候选坐标进行加密,得到候选坐标的密文。可知,对于n条子信息中的其他子信息,也可以通过公式(1-3)进行加密和融合,得到其他子信息对应的坐标信息的密文。对于每一条子信息,通过公式(1-3)进行加密和融合可以得到该条子信息对应的坐标信息的密文,也就是说,一条子信 息对应一条子信息对应的坐标信息的密文的数量,即对于n条子信息,最终得到的子信息对应的坐标信息的密文的数量为n。The candidate coordinates are H, Ci is the ciphertext of the coordinate information corresponding to the sub-information i, Mi is the coordinate information corresponding to the sub-information i, and ki is the key corresponding to the sub-information i. ki*H indicates that the candidate coordinates are encrypted according to the key corresponding to the sub-information i, and the ciphertext of the candidate coordinates is obtained. It can be known that, for other sub-information in the n pieces of sub-information, the encryption and fusion can also be performed by formula (1-3) to obtain the ciphertext of the coordinate information corresponding to the other sub-information. For each piece of sub-information, the ciphertext of the coordinate information corresponding to the piece of sub-information can be obtained by encrypting and fusing the formula (1-3), that is to say, a piece of sub-information corresponds to the number of ciphertexts of the coordinate information corresponding to a piece of sub-information , that is, for n pieces of sub-information, the number of ciphertexts of the coordinate information corresponding to the finally obtained sub-information is n.
通过对每条子信息进行加密,即使非法终端获取到子信息对应的密文,由于无法实现解密,也无法获取到子信息的内容,因此可以保证每条子信息的安全性,从而保证目标信息的安全性。By encrypting each piece of sub-information, even if an illegal terminal obtains the ciphertext corresponding to the sub-information, since the decryption cannot be achieved and the content of the sub-information cannot be obtained, the security of each piece of sub-information can be guaranteed, thereby ensuring the security of the target information. sex.
上面介绍了本申请实施例的方法,下面介绍本申请实施例的装置。The methods of the embodiments of the present application are described above, and the devices of the embodiments of the present application are described below.
参见图3,图3是本申请实施例提供的一种基于信息的属性生成密钥的信息处理装置的组成结构示意图,上述基于信息的属性生成密钥的信息处理装置可以是运行于计算机设备中的一个计算机程序(包括程序代码),例如该基于信息的属性生成密钥的信息处理装置为一个应用软件;该装置可以用于执行本申请实施例提供的方法中的相应步骤。该装置30包括:Referring to FIG. 3, FIG. 3 is a schematic diagram of the composition structure of an information processing apparatus for generating a key based on an attribute of information provided by an embodiment of the present application. The above-mentioned information processing apparatus for generating a key based on an attribute of information may be run in a computer device. A computer program (including program code) of , for example, the information processing apparatus for generating a key based on an attribute of the information is an application software; the apparatus can be used to execute the corresponding steps in the methods provided by the embodiments of the present application. The device 30 includes:
函数获取模块301,用于获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息,该目标信息包括至少两条子信息,该每条子信息的属性信息包括该每条子信息所属的机构、该每条子信息的生成地址以及该每条子信息的数据类型中的至少一种;The function acquisition module 301 is used to acquire the target function for describing information, and the attribute information of each piece of sub-information in the target information to be processed, the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the attribute information of each piece of sub-information. At least one of the organization to which the information belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information;
密钥生成模块302,用于根据该每条子信息的属性信息生成该每条子信息对应的密钥;a key generation module 302, configured to generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
信息调整模块303,用于获取该每条子信息对应的第一随机数,根据该第一随机数对该每条子信息进行调整,得到调整后的每条子信息;an information adjustment module 303, configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
坐标获取模块304,用于根据该目标函数以及该调整后的每条子信息,获取该至少两条子信息中每条子信息对应的坐标信息;A coordinate obtaining module 304, configured to obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the objective function and each piece of adjusted sub-information;
信息加密模块305,用于采用该每条子信息对应的密钥,对该至少两条子信息中的对应子信息的坐标信息进行加密,得到该每条子信息对应的坐标信息的密文;The information encryption module 305 is used for encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information to obtain the ciphertext of the coordinate information corresponding to each sub-information;
信息存储模块306,用于将该每条子信息对应的坐标信息的密文确定为该目标信息的密文,将该目标信息的密文存储至区块链网络中。The information storage module 306 is configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
可选的,该每条子信息的属性信息包括该每条子信息所属的机构;该密钥生成模块302,具体用于:获取该每条子信息所属的机构向该区块链网络中写入信息的时间以及写入信息的条数;根据该写入信息的时间以及该写入信息的条数确定该每条子信息所属的机构的活跃度;分别对该每条子信息所属的机构的活跃度进行哈希运算,得到该每条子信息对应的密钥。Optionally, the attribute information of each piece of sub-information includes the organization to which each piece of sub-information belongs; the key generation module 302 is specifically used to: obtain the organization to which each piece of sub-information belongs and write information into the blockchain network. time and the number of pieces of written information; determine the activity of the organization to which each piece of sub-information belongs according to the time of the written information and the number of pieces of written information; respectively check the activity of the organization to which each piece of sub-information belongs Perform the Greek operation to obtain the key corresponding to each piece of sub-information.
可选的,该每条子信息的属性信息包括该每条子信息的生成地址;该密钥生成模块302,具体用于:对该每条子信息的生成地址进行编码,得到该每条信息对应的第二随机数;分别对该每条信息对应的第二随机数进行哈希运算,得到该每条子信息对应的密钥。Optionally, the attribute information of each piece of sub-information includes the generation address of each piece of sub-information; the key generation module 302 is specifically configured to: encode the generation address of each piece of sub-information, and obtain the first corresponding to each piece of information. Two random numbers; respectively perform a hash operation on the second random number corresponding to each piece of information to obtain a key corresponding to each piece of sub-information.
可选的,该每条子信息的属性信息包括该每条子信息的数据类型;该密钥生成模块302,具体用于:根据该每条子信息的数据类型,确定处理该每条子信息的实时性等级;根据该每条子信息的实时性等级生成该每条子信息对应的第三随机数;分别对该每条信息对应的第三随机数进行哈希运算,得到该每条子信息对应的密钥。Optionally, the attribute information of each piece of sub-information includes the data type of each piece of sub-information; the key generation module 302 is specifically configured to: determine the real-time level of processing each piece of sub-information according to the data type of each piece of sub-information ; Generate the third random number corresponding to each piece of sub-information according to the real-time level of each piece of sub-information; respectively perform a hash operation on the third random number corresponding to each piece of information to obtain the corresponding key of each piece of sub-information.
可选的,该信息调整模块303,具体用于:将该第一随机数与该每条子信息进行拼接,得到拼接后的每条子信息;若该拼接后的每条子信息小于信息阈值,则将该拼接后的每条子信息确定为调整后的每条子信息。Optionally, the information adjustment module 303 is specifically used for: splicing the first random number with each piece of sub-information to obtain each piece of sub-information after splicing; if each piece of sub-information after the splicing is less than the information threshold, then Each piece of sub-information after splicing is determined as each piece of adjusted sub-information.
可选的,该信息加密模块305,具体用于:获取该目标信息所属的终端的私钥,以及该每条子信息对应的密钥;根据该终端的私钥以及该每条子信息对应的密钥,对该至少两条子信息中每条子信息对应的坐标信息进行加密,得到该每条子信息对应的坐标信息的密文。Optionally, the information encryption module 305 is specifically configured to: obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information; according to the private key of the terminal and the key corresponding to each piece of sub-information , encrypting the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
可选的,该信息加密模块305,具体用于:获取该目标函数的曲线的基点坐标;获取 该基点坐标与该终端的私钥的乘积,得到候选坐标;根据该每条子信息对应的密钥对该候选坐标进行加密,得到该候选坐标的密文;对该每条子信息对应的坐标信息与对应的候选坐标的密文进行融合,得到该每条子信息对应的坐标信息的密文。Optionally, the information encryption module 305 is specifically used to: obtain the base point coordinates of the curve of the objective function; obtain the product of the base point coordinates and the private key of the terminal to obtain candidate coordinates; according to the corresponding key of each piece of sub-information The candidate coordinates are encrypted to obtain the ciphertext of the candidate coordinates; the coordinate information corresponding to each piece of sub-information is fused with the ciphertext of the corresponding candidate coordinates to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
需要说明的是,图3对应的实施例中未提及的内容可参见方法实施例的描述,这里不再赘述。It should be noted that, for content not mentioned in the embodiment corresponding to FIG. 3 , reference may be made to the description of the method embodiment, which will not be repeated here.
根据本申请的一个实施例,图1所示的基于信息的属性生成密钥的信息处理方法所涉及的步骤可由图3所示的基于信息的属性生成密钥的信息处理装置中的各个模块来执行。例如,图1中所示的步骤S101可由图3中的函数获取模块301来执行,图1中所示的步骤S102可由图3中的密钥生成模块302来执行;图1中所示的步骤S103可由图3中的信息调整模块303来执行;图1中所示的步骤S104可由图3中的坐标获取模块304来执行;图1中所示的步骤S105可由图3中的信息加密模块305来执行;图1中所示的步骤S106可由图3中的信息存储模块306来执行。根据本申请的一个实施例,图3所示的基于信息的属性生成密钥的信息处理中的各个模块可以分别或全部合并为一个或若干个单元来构成,或者其中的某个(些)单元还可以再拆分为功能上更小的多个子单元,可以实现同样的操作,而不影响本申请的实施例的技术效果的实现。上述模块是基于逻辑功能划分的,在实际应用中,一个模块的功能也可以由多个单元来实现,或者多个模块的功能由一个单元实现。在本申请的其它实施例中,基于信息的属性生成密钥的信息处理装置也可以包括其它单元,在实际应用中,这些功能也可以由其它单元协助实现,并且可以由多个单元协作实现。According to an embodiment of the present application, the steps involved in the information processing method for generating keys based on attributes of information shown in FIG. 1 can be performed by various modules in the information processing apparatus for generating keys based on attributes of information shown in FIG. 3 implement. For example, step S101 shown in FIG. 1 can be performed by the function acquisition module 301 shown in FIG. 3 , and step S102 shown in FIG. 1 can be performed by the key generation module 302 shown in FIG. 3 ; the steps shown in FIG. 1 S103 can be executed by the information adjustment module 303 in FIG. 3 ; step S104 shown in FIG. 1 can be executed by the coordinate acquisition module 304 in FIG. 3 ; step S105 shown in FIG. 1 can be executed by the information encryption module 305 in FIG. 3 step S106 shown in FIG. 1 can be performed by the information storage module 306 in FIG. 3 . According to an embodiment of the present application, each module in the information processing of generating a key based on the attribute of the information shown in FIG. 3 may be respectively or all combined into one or several units to form, or some (some) of the units may be formed. It can also be divided into multiple sub-units with smaller functions, which can realize the same operation without affecting the realization of the technical effects of the embodiments of the present application. The above modules are divided based on logical functions. In practical applications, the function of one module may also be implemented by multiple units, or the functions of multiple modules may be implemented by one unit. In other embodiments of the present application, the information processing apparatus for generating keys based on information attributes may also include other units. In practical applications, these functions may also be implemented with the assistance of other units, and may be implemented by cooperation of multiple units.
根据本申请的另一个实施例,可以通过在包括中央处理单元(CPU)、随机存取存储介质(RAM)、只读存储介质(ROM)等处理元件和存储元件的例如计算机的通用计算机设备上运行能够执行如图1和图2中所示的相应方法所涉及的各步骤的计算机程序(包括程序代码),来构造如图3中所示的基于信息的属性生成密钥的信息处理装置,以及来实现本申请实施例的基于信息的属性生成密钥的信息处理方法。上述计算机程序可以记载于例如计算机可读记录介质上,并通过计算机可读记录介质装载于上述计算设备中,并在其中运行。According to another embodiment of the present application, it can be implemented on a general-purpose computer device such as a computer including processing elements and storage elements such as a central processing unit (CPU), random access storage medium (RAM), read only storage medium (ROM), etc. Running a computer program (including program code) capable of executing the steps involved in the corresponding methods as shown in FIG. 1 and FIG. 2 , to construct an information processing apparatus for generating keys based on attributes of information as shown in FIG. 3 , And to realize the information processing method for generating a key based on the attribute of the information according to the embodiment of the present application. The above-mentioned computer program can be recorded on, for example, a computer-readable recording medium, loaded in the above-mentioned computing device via the computer-readable recording medium, and executed therein.
本申请实施例中,根据每条子信息的属性信息生成每条子信息对应的密钥,由于每条子信息的属性信息不同,生成的每条子信息对应的密钥不同,因此采用每条子信息对应的密钥进行加密后,非法终端难以获取每条子信息对应的密钥,因此难以实现对密文进行解密,可以提高密文破解的难度,提高信息的安全性。通过对至少两条子信息中每条子信息进行调整,有利于根据调整后的每条子信息生成调整后的每条子信息对应的坐标信息,提高获取调整后的每条子信息对应的坐标信息的成功率。通过对目标信息中的每条子信息进行加密,避免非法终端对该密文进行破解,从而提高每条子信息的安全性,进而提高目标信息的安全性。通过将目标信息的密文信息存储至区块链网络中,基于区块链不可篡改且不易丢失的特性,可以提高信息的安全性;此外,将目标信息的密文存储至区块链网络中,可以减少终端本地存储空间的资源占用。In the embodiment of the present application, the key corresponding to each piece of sub-information is generated according to the attribute information of each piece of sub-information. Since the attribute information of each piece of sub-information is different, the key corresponding to each piece of generated sub-information is different, so the key corresponding to each piece of sub-information is used. After the key is encrypted, it is difficult for an illegal terminal to obtain the key corresponding to each piece of sub-information, so it is difficult to decrypt the ciphertext, which can improve the difficulty of cracking the ciphertext and improve the security of information. By adjusting each piece of sub-information in the at least two pieces of sub-information, it is beneficial to generate coordinate information corresponding to each piece of adjusted sub-information according to each piece of adjusted sub-information, and improve the success rate of obtaining coordinate information corresponding to each piece of adjusted sub-information. By encrypting each piece of sub-information in the target information, illegal terminals are prevented from cracking the ciphertext, thereby improving the security of each piece of sub-information, thereby improving the security of the target information. By storing the ciphertext information of the target information in the blockchain network, the security of the information can be improved based on the characteristics of the blockchain that cannot be tampered with and is not easily lost; in addition, the ciphertext of the target information is stored in the blockchain network. , which can reduce the resource occupation of the local storage space of the terminal.
参见图4,图4是本申请实施例提供的一种计算机设备的组成结构示意图。如图4所示,上述计算机设备40可以包括:处理器401,网络接口404和存储器405,此外,上述计算机设备40还可以包括:用户接口403,和至少一个通信总线402。其中,通信总线402用于实现这些组件之间的连接通信。其中,用户接口403可以包括显示屏(Display)、键盘(Keyboard),可选用户接口403还可以包括标准的有线接口、无线接口。网络接口404可选的可以包括标准的有线接口、无线接口(如WI-FI接口)。存储器405可以是高速RAM存储器,也可以是非易失性的存储器(non-volatile memory),例如至少一个磁盘存储器。存储器405可选的还可以是至少一个位于远离前述处理器401的存储装置。如图4所示, 作为一种计算机可读存储介质的存储器405中可以包括操作系统、网络通信模块、用户接口模块以及设备控制应用程序。Referring to FIG. 4 , FIG. 4 is a schematic structural diagram of a computer device provided by an embodiment of the present application. As shown in FIG. 4 , the above-mentioned computer device 40 may include: a processor 401 , a network interface 404 and a memory 405 , in addition, the above-mentioned computer device 40 may further include: a user interface 403 , and at least one communication bus 402 . Among them, the communication bus 402 is used to realize the connection and communication between these components. The user interface 403 may include a display screen (Display) and a keyboard (Keyboard), and the optional user interface 403 may also include a standard wired interface and a wireless interface. Optionally, the network interface 404 may include a standard wired interface and a wireless interface (eg, a WI-FI interface). The memory 405 may be a high-speed RAM memory, or a non-volatile memory, such as at least one disk memory. The memory 405 can optionally also be at least one storage device located away from the aforementioned processor 401 . As shown in FIG. 4, the memory 405, which is a computer-readable storage medium, may include an operating system, a network communication module, a user interface module, and a device control application program.
在图4所示的计算机设备40中,网络接口404可提供网络通讯功能;而用户接口403主要用于为用户提供输入的接口;而处理器401可以用于调用存储器405中存储的设备控制应用程序,以实现:In the computer device 40 shown in FIG. 4 , the network interface 404 can provide a network communication function; the user interface 403 is mainly used to provide an input interface for the user; and the processor 401 can be used to call the device control application stored in the memory 405 program to achieve:
获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息,该目标信息包括至少两条子信息,该每条子信息的属性信息包括该每条子信息所属的机构、该每条子信息的生成地址以及该每条子信息的数据类型中的至少一种;Obtain the objective function used to describe the information, and the attribute information of each piece of sub-information in the target information to be processed, the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs, the At least one of the generation address of the piece of sub-information and the data type of each piece of sub-information;
根据该每条子信息的属性信息生成该每条子信息对应的密钥;Generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
获取该每条子信息对应的第一随机数,根据该第一随机数对该每条子信息进行调整,得到调整后的每条子信息;Obtain the first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
根据该目标函数以及该调整后的每条子信息,获取该至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each of the at least two pieces of sub-information;
采用该每条子信息对应的密钥,对该至少两条子信息中的对应子信息的坐标信息进行加密,得到该每条子信息对应的坐标信息的密文;Encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information to obtain the ciphertext of the coordinate information corresponding to each sub-information;
将该每条子信息对应的坐标信息的密文确定为该目标信息的密文,将该目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
应当理解,本申请实施例中所描述的计算机设备40可执行前文图1以及图2所对应实施例中对上述基于信息的属性生成密钥的信息处理方法的描述,也可执行前文图3所对应实施例中对上述基于信息的属性生成密钥的信息处理装置的描述,在此不再赘述。另外,对采用相同方法的有益效果描述,也不再进行赘述。It should be understood that the computer device 40 described in this embodiment of the present application can execute the description of the above-mentioned information processing method for generating a key based on the attribute of the information in the foregoing embodiments corresponding to FIG. 1 and FIG. The description of the above-mentioned information processing apparatus for generating a key based on the attribute of the information in the corresponding embodiment will not be repeated here. In addition, the description of the beneficial effects of using the same method will not be repeated.
本申请实施例中,根据每条子信息的属性信息生成每条子信息对应的密钥,由于每条子信息的属性信息不同,生成的每条子信息对应的密钥不同,因此采用每条子信息对应的密钥进行加密后,非法终端难以获取每条子信息对应的密钥,因此难以实现对密文进行解密,可以提高密文破解的难度,提高信息的安全性。通过对至少两条子信息中每条子信息进行调整,有利于根据调整后的每条子信息生成调整后的每条子信息对应的坐标信息,提高获取调整后的每条子信息对应的坐标信息的成功率。通过对目标信息中的每条子信息进行加密,避免非法终端对该密文进行破解,从而提高每条子信息的安全性,进而提高目标信息的安全性。通过将目标信息的密文信息存储至区块链网络中,基于区块链不可篡改且不易丢失的特性,可以提高信息的安全性;此外,将目标信息的密文存储至区块链网络中,可以减少终端本地存储空间的资源占用。In the embodiment of the present application, the key corresponding to each piece of sub-information is generated according to the attribute information of each piece of sub-information. Since the attribute information of each piece of sub-information is different, the key corresponding to each piece of generated sub-information is different, so the key corresponding to each piece of sub-information is used. After the key is encrypted, it is difficult for an illegal terminal to obtain the key corresponding to each piece of sub-information, so it is difficult to decrypt the ciphertext, which can improve the difficulty of cracking the ciphertext and improve the security of information. By adjusting each piece of sub-information in the at least two pieces of sub-information, it is beneficial to generate coordinate information corresponding to each piece of adjusted sub-information according to each piece of adjusted sub-information, and improve the success rate of obtaining coordinate information corresponding to each piece of adjusted sub-information. By encrypting each piece of sub-information in the target information, illegal terminals are prevented from cracking the ciphertext, thereby improving the security of each piece of sub-information, thereby improving the security of the target information. By storing the ciphertext information of the target information in the blockchain network, the security of the information can be improved based on the characteristics of the blockchain that cannot be tampered with and is not easily lost; in addition, the ciphertext of the target information is stored in the blockchain network. , which can reduce the resource occupation of the local storage space of the terminal.
本申请实施例还提供一种计算机可读存储介质,该计算机可读存储介质存储有计算机程序,该计算机程序包括程序指令,该程序指令当被计算机执行时使该计算机执行如前述实施例该的方法,该计算机可以为上述提到的计算机设备的一部分。例如为上述的处理器401。作为示例,程序指令可被部署在一个计算机设备上执行,或者被部署位于一个地点的多个计算机设备上执行,又或者,在分布在多个地点且通过通信网络互连的多个计算机设备上执行,分布在多个地点且通过通信网络互连的多个计算机设备可以组成区块链网络。Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and the computer program includes program instructions, which, when executed by a computer, cause the computer to execute the above-mentioned embodiments. The method, the computer may be part of the above mentioned computer equipment. For example, it is the above-mentioned processor 401 . By way of example, program instructions may be deployed for execution on one computer device, or on multiple computer devices located at one site, or alternatively, distributed across multiple sites and interconnected by a communications network Implemented, multiple computer devices distributed in multiple locations and interconnected by a communication network can form a blockchain network.
可选的,本申请涉及的存储介质如计算机可读存储介质可以是非易失性的,也可以是易失性的。Optionally, the storage medium involved in this application, such as a computer-readable storage medium, may be non-volatile or volatile.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,该的程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,该的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing the relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium, and the program can be executed , may include the flow of the above-mentioned method embodiments. The storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.
以上所揭露的仅为本申请较佳实施例而已,当然不能以此来限定本申请之权利范围,因此依本申请权利要求所作的等同变化,仍属本申请所涵盖的范围。The above disclosures are only the preferred embodiments of the present application, and of course, the scope of the rights of the present application cannot be limited by this. Therefore, equivalent changes made according to the claims of the present application are still within the scope of the present application.

Claims (20)

  1. 一种基于信息的属性生成密钥的信息处理方法,包括:An information processing method for generating a key based on an attribute of the information, comprising:
    获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息,所述目标信息包括至少两条子信息,所述每条子信息的属性信息包括所述每条子信息所属的机构、所述每条子信息的生成地址以及所述每条子信息的数据类型中的至少一种;Obtain the objective function used to describe the information, and attribute information of each piece of sub-information in the target information to be processed, where the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs , at least one of the generation address of each piece of sub-information and the data type of each piece of sub-information;
    根据所述每条子信息的属性信息生成所述每条子信息对应的密钥;Generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
    获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;obtaining a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
    根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information;
    采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;Using the key corresponding to each piece of sub-information, encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information, and obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
    将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  2. 根据权利要求1所述的方法,其中,所述每条子信息的属性信息包括所述每条子信息所属的机构;所述根据所述每条子信息的属性信息生成所述每条子信息对应的密钥,包括:The method according to claim 1, wherein the attribute information of each piece of sub-information includes an institution to which each piece of sub-information belongs; and the key corresponding to each piece of sub-information is generated according to the attribute information of each piece of sub-information ,include:
    获取所述每条子信息所属的机构向所述区块链网络中写入信息的时间以及写入信息的条数;Obtain the time and the number of pieces of information written into the blockchain network by the organization to which each piece of sub-information belongs;
    根据所述写入信息的时间以及所述写入信息的条数确定所述每条子信息所属的机构的活跃度;Determine the activity of the organization to which each piece of sub-information belongs according to the time of writing the information and the number of pieces of the writing information;
    分别对所述每条子信息所属的机构的活跃度进行哈希运算,得到所述每条子信息对应的密钥。Perform a hash operation on the activity of the organization to which each piece of sub-information belongs to obtain a key corresponding to each of the sub-information.
  3. 根据权利要求1所述的方法,其中,所述每条子信息的属性信息包括所述每条子信息的生成地址;所述根据所述每条子信息的属性信息生成所述每条子信息对应的密钥,包括:The method according to claim 1, wherein the attribute information of each piece of sub-information includes a generation address of each piece of sub-information; the key corresponding to each piece of sub-information is generated according to the attribute information of each piece of sub-information ,include:
    对所述每条子信息的生成地址进行编码,得到所述每条信息对应的第二随机数;Encoding the generation address of each piece of sub-information to obtain a second random number corresponding to each piece of information;
    分别对所述每条信息对应的第二随机数进行哈希运算,得到所述每条子信息对应的密钥。Hash operation is performed on the second random number corresponding to each piece of information, respectively, to obtain a key corresponding to each piece of sub-information.
  4. 根据权利要求1所述的方法,其中,所述每条子信息的属性信息包括所述每条子信息的数据类型;所述根据所述每条子信息的属性信息生成所述每条子信息对应的密钥,包括:The method according to claim 1, wherein the attribute information of each piece of sub-information includes a data type of each piece of sub-information; the generating a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information ,include:
    根据所述每条子信息的数据类型,确定处理所述每条子信息的实时性等级;According to the data type of each piece of sub-information, determine the real-time level of processing each piece of sub-information;
    根据所述每条子信息的实时性等级生成所述每条子信息对应的第三随机数;Generate a third random number corresponding to each piece of sub-information according to the real-time level of each piece of sub-information;
    分别对所述每条信息对应的第三随机数进行哈希运算,得到所述每条子信息对应的密钥。Perform a hash operation on the third random number corresponding to each piece of information, respectively, to obtain a key corresponding to each piece of sub-information.
  5. 根据权利要求1所述的方法,其中,所述根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息,包括:The method according to claim 1, wherein the adjusting each piece of sub-information according to the first random number to obtain each piece of sub-information after adjustment comprises:
    将所述第一随机数与所述每条子信息进行拼接,得到拼接后的每条子信息;Splicing the first random number and each piece of sub-information to obtain each piece of sub-information after the splicing;
    若所述拼接后的每条子信息小于信息阈值,则将所述拼接后的每条子信息确定为调整后的每条子信息。If each piece of sub-information after splicing is smaller than the information threshold, each piece of sub-information after splicing is determined as each piece of sub-information after adjustment.
  6. 根据权利要求1所述的方法,其中,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文,包括:The method according to claim 1, wherein the coordinate information of the corresponding sub-information in the at least two pieces of sub-information is encrypted to obtain the ciphertext of the coordinate information corresponding to each sub-information, comprising:
    获取所述目标信息所属的终端的私钥,以及所述每条子信息对应的密钥;Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information;
    根据所述终端的私钥以及所述每条子信息对应的密钥,对所述至少两条子信息中每条子信息对应的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文。According to the private key of the terminal and the key corresponding to each piece of sub-information, the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information is encrypted to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  7. 根据权利要求6所述的方法,其中,所述根据所述私钥以及所述每条子信息对应的密钥,对所述至少两条子信息中每条子信息对应的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文,包括:The method according to claim 6, wherein the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information is encrypted according to the private key and the key corresponding to each piece of sub-information to obtain the The ciphertext of the coordinate information corresponding to each sub-information, including:
    获取所述目标函数的曲线的基点坐标;Obtain the base point coordinates of the curve of the objective function;
    获取所述基点坐标与所述终端的私钥的乘积,得到候选坐标;Obtain the product of the base point coordinates and the private key of the terminal to obtain candidate coordinates;
    根据所述每条子信息对应的密钥对所述候选坐标进行加密,得到所述候选坐标的密文;Encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates;
    对所述每条子信息对应的坐标信息与对应的候选坐标的密文进行融合,得到所述每条子信息对应的坐标信息的密文。The coordinate information corresponding to each piece of sub-information is fused with the ciphertext of the corresponding candidate coordinates to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  8. 一种基于信息的属性生成密钥的信息处理装置,包括:An information processing device for generating keys based on attributes of information, comprising:
    函数获取模块,用于获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息,所述目标信息包括至少两条子信息,所述每条子信息的属性信息包括所述每条子信息所属的机构、所述每条子信息的生成地址以及所述每条子信息的数据类型中的至少一种;A function acquisition module, used for acquiring an objective function for describing information, and attribute information of each piece of sub-information in the target information to be processed, the target information including at least two pieces of sub-information, and the attribute information of each piece of sub-information including the At least one of the organization to which each piece of sub-information belongs, the generation address of each piece of sub-information, and the data type of each piece of sub-information;
    密钥生成模块,用于根据所述每条子信息的属性信息生成所述每条子信息对应的密钥;a key generation module, configured to generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
    信息调整模块,用于获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;an information adjustment module, configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
    坐标获取模块,用于根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;a coordinate obtaining module, configured to obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the objective function and each piece of adjusted sub-information;
    信息加密模块,用于采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;an information encryption module, configured to encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each piece of sub-information to obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
    信息存储模块,用于将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。An information storage module, configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  9. 一种计算机设备,包括:处理器、存储器以及网络接口;A computer device, comprising: a processor, a memory and a network interface;
    所述处理器与所述存储器、所述网络接口相连,其中,所述网络接口用于提供数据通信功能,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,以执行以下方法:The processor is connected to the memory and the network interface, wherein the network interface is used to provide a data communication function, the memory is used to store program codes, and the processor is used to call the program codes to execute The following methods:
    获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息,所述目标信息包括至少两条子信息,所述每条子信息的属性信息包括所述每条子信息所属的机构、所述每条子信息的生成地址以及所述每条子信息的数据类型中的至少一种;Obtain the objective function used to describe the information, and attribute information of each piece of sub-information in the target information to be processed, where the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs , at least one of the generation address of each piece of sub-information and the data type of each piece of sub-information;
    根据所述每条子信息的属性信息生成所述每条子信息对应的密钥;Generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
    获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;obtaining a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
    根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information;
    采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;Using the key corresponding to each piece of sub-information, encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information, and obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
    将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  10. 根据权利要求9所述的计算机设备,其中,所述每条子信息的属性信息包括所述每条子信息所属的机构;执行所述根据所述每条子信息的属性信息生成所述每条子信息对应的密钥,包括:The computer device according to claim 9, wherein the attribute information of each piece of sub-information includes an institution to which each piece of sub-information belongs; and performing the generating according to the attribute information of each piece of sub-information corresponding to the each piece of sub-information keys, including:
    获取所述每条子信息所属的机构向所述区块链网络中写入信息的时间以及写入信息的 条数;Obtain the time and the number of pieces of information written into the blockchain network by the organization to which each piece of sub-information belongs;
    根据所述写入信息的时间以及所述写入信息的条数确定所述每条子信息所属的机构的活跃度;Determine the activity of the organization to which each piece of sub-information belongs according to the time of writing the information and the number of pieces of the writing information;
    分别对所述每条子信息所属的机构的活跃度进行哈希运算,得到所述每条子信息对应的密钥。Perform a hash operation on the activity of the organization to which each piece of sub-information belongs to obtain a key corresponding to each of the sub-information.
  11. 根据权利要求9所述的计算机设备,其中,所述每条子信息的属性信息包括所述每条子信息的生成地址;执行所述根据所述每条子信息的属性信息生成所述每条子信息对应的密钥,包括:The computer device according to claim 9, wherein the attribute information of each piece of sub-information includes a generation address of each piece of sub-information; keys, including:
    对所述每条子信息的生成地址进行编码,得到所述每条信息对应的第二随机数;Encoding the generation address of each piece of sub-information to obtain a second random number corresponding to each piece of information;
    分别对所述每条信息对应的第二随机数进行哈希运算,得到所述每条子信息对应的密钥。Hash operation is performed on the second random number corresponding to each piece of information, respectively, to obtain a key corresponding to each piece of sub-information.
  12. 根据权利要求9所述的计算机设备,其中,所述每条子信息的属性信息包括所述每条子信息的数据类型;执行所述根据所述每条子信息的属性信息生成所述每条子信息对应的密钥,包括:The computer device according to claim 9, wherein the attribute information of each piece of sub-information includes the data type of each piece of sub-information; keys, including:
    根据所述每条子信息的数据类型,确定处理所述每条子信息的实时性等级;According to the data type of each piece of sub-information, determine the real-time level of processing each piece of sub-information;
    根据所述每条子信息的实时性等级生成所述每条子信息对应的第三随机数;Generate a third random number corresponding to each piece of sub-information according to the real-time level of each piece of sub-information;
    分别对所述每条信息对应的第三随机数进行哈希运算,得到所述每条子信息对应的密钥。Perform a hash operation on the third random number corresponding to each piece of information, respectively, to obtain a key corresponding to each piece of sub-information.
  13. 根据权利要求9所述的计算机设备,其中,执行所述对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文,包括:The computer device according to claim 9, wherein performing the encryption of the coordinate information of the corresponding sub-information in the at least two pieces of sub-information to obtain the ciphertext of the coordinate information corresponding to each of the sub-information, comprising:
    获取所述目标信息所属的终端的私钥,以及所述每条子信息对应的密钥;Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information;
    根据所述终端的私钥以及所述每条子信息对应的密钥,对所述至少两条子信息中每条子信息对应的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文。According to the private key of the terminal and the key corresponding to each piece of sub-information, the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information is encrypted to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  14. 根据权利要求13所述的计算机设备,其中,执行所述根据所述私钥以及所述每条子信息对应的密钥,对所述至少两条子信息中每条子信息对应的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文,包括:The computer device according to claim 13, wherein performing the encryption according to the private key and the key corresponding to each piece of sub-information to encrypt the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information, to obtain The ciphertext of the coordinate information corresponding to each piece of sub-information includes:
    获取所述目标函数的曲线的基点坐标;Obtain the base point coordinates of the curve of the objective function;
    获取所述基点坐标与所述终端的私钥的乘积,得到候选坐标;Obtain the product of the base point coordinates and the private key of the terminal to obtain candidate coordinates;
    根据所述每条子信息对应的密钥对所述候选坐标进行加密,得到所述候选坐标的密文;Encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates;
    对所述每条子信息对应的坐标信息与对应的候选坐标的密文进行融合,得到所述每条子信息对应的坐标信息的密文。The coordinate information corresponding to each piece of sub-information is fused with the ciphertext of the corresponding candidate coordinates to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  15. 一种计算机可读存储介质,其中,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行以下方法:A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, the computer program comprising program instructions that, when executed by a processor, cause the processor to perform the following method:
    获取用于描述信息的目标函数,以及待处理的目标信息中每条子信息的属性信息,所述目标信息包括至少两条子信息,所述每条子信息的属性信息包括所述每条子信息所属的机构、所述每条子信息的生成地址以及所述每条子信息的数据类型中的至少一种;Obtain the objective function used to describe the information, and attribute information of each piece of sub-information in the target information to be processed, where the target information includes at least two pieces of sub-information, and the attribute information of each piece of sub-information includes the institution to which each piece of sub-information belongs , at least one of the generation address of each piece of sub-information and the data type of each piece of sub-information;
    根据所述每条子信息的属性信息生成所述每条子信息对应的密钥;Generate a key corresponding to each piece of sub-information according to the attribute information of each piece of sub-information;
    获取所述每条子信息对应的第一随机数,根据所述第一随机数对所述每条子信息进行调整,得到调整后的每条子信息;obtaining a first random number corresponding to each piece of sub-information, and adjusting each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information;
    根据所述目标函数以及所述调整后的每条子信息,获取所述至少两条子信息中每条子信息对应的坐标信息;According to the objective function and each piece of adjusted sub-information, obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information;
    采用所述每条子信息对应的密钥,对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文;Using the key corresponding to each piece of sub-information, encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information, and obtain the ciphertext of the coordinate information corresponding to each of the sub-information;
    将所述每条子信息对应的坐标信息的密文确定为所述目标信息的密文,将所述目标信息的密文存储至区块链网络中。The ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  16. 根据权利要求15所述的计算机可读存储介质,其中,所述每条子信息的属性信息包括所述每条子信息所属的机构;执行所述根据所述每条子信息的属性信息生成所述每条子信息对应的密钥,包括:The computer-readable storage medium according to claim 15, wherein the attribute information of each piece of sub-information includes a mechanism to which each piece of sub-information belongs; and performing the generating of the each piece of sub-information according to the attribute information of each piece of sub-information The key corresponding to the information, including:
    获取所述每条子信息所属的机构向所述区块链网络中写入信息的时间以及写入信息的条数;Obtain the time and the number of pieces of information written into the blockchain network by the organization to which each piece of sub-information belongs;
    根据所述写入信息的时间以及所述写入信息的条数确定所述每条子信息所属的机构的活跃度;Determine the activity of the organization to which each piece of sub-information belongs according to the time of writing the information and the number of pieces of the writing information;
    分别对所述每条子信息所属的机构的活跃度进行哈希运算,得到所述每条子信息对应的密钥。Perform a hash operation on the activity of the organization to which each piece of sub-information belongs to obtain a key corresponding to each of the sub-information.
  17. 根据权利要求15所述的计算机可读存储介质,其中,所述每条子信息的属性信息包括所述每条子信息的生成地址;执行所述根据所述每条子信息的属性信息生成所述每条子信息对应的密钥,包括:The computer-readable storage medium according to claim 15, wherein the attribute information of each piece of sub-information includes a generation address of the each piece of sub-information; performing the generating of the each piece of sub-information according to the attribute information of the each piece of sub-information The key corresponding to the information, including:
    对所述每条子信息的生成地址进行编码,得到所述每条信息对应的第二随机数;Encoding the generation address of each piece of sub-information to obtain a second random number corresponding to each piece of information;
    分别对所述每条信息对应的第二随机数进行哈希运算,得到所述每条子信息对应的密钥。Hash operation is performed on the second random number corresponding to each piece of information, respectively, to obtain a key corresponding to each piece of sub-information.
  18. 根据权利要求15所述的计算机可读存储介质,其中,所述每条子信息的属性信息包括所述每条子信息的数据类型;执行所述根据所述每条子信息的属性信息生成所述每条子信息对应的密钥,包括:The computer-readable storage medium according to claim 15, wherein the attribute information of each piece of sub-information includes a data type of each piece of sub-information; and performing the generating of the each piece of sub-information according to the attribute information of each piece of sub-information The key corresponding to the information, including:
    根据所述每条子信息的数据类型,确定处理所述每条子信息的实时性等级;According to the data type of each piece of sub-information, determine the real-time level of processing each piece of sub-information;
    根据所述每条子信息的实时性等级生成所述每条子信息对应的第三随机数;Generate a third random number corresponding to each piece of sub-information according to the real-time level of each piece of sub-information;
    分别对所述每条信息对应的第三随机数进行哈希运算,得到所述每条子信息对应的密钥。Perform a hash operation on the third random number corresponding to each piece of information, respectively, to obtain a key corresponding to each piece of sub-information.
  19. 根据权利要求15所述的计算机可读存储介质,其中,执行所述对所述至少两条子信息中的对应子信息的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文,包括:The computer-readable storage medium according to claim 15, wherein the encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information is performed to obtain the ciphertext of the coordinate information corresponding to each of the sub-information, include:
    获取所述目标信息所属的终端的私钥,以及所述每条子信息对应的密钥;Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information;
    根据所述终端的私钥以及所述每条子信息对应的密钥,对所述至少两条子信息中每条子信息对应的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文。According to the private key of the terminal and the key corresponding to each piece of sub-information, the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information is encrypted to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  20. 根据权利要求19所述的计算机可读存储介质,其中,执行所述根据所述私钥以及所述每条子信息对应的密钥,对所述至少两条子信息中每条子信息对应的坐标信息进行加密,得到所述每条子信息对应的坐标信息的密文,包括:The computer-readable storage medium according to claim 19, wherein, performing the step of performing the process on the coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the private key and the key corresponding to each piece of sub-information Encryption to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information, including:
    获取所述目标函数的曲线的基点坐标;Obtain the base point coordinates of the curve of the objective function;
    获取所述基点坐标与所述终端的私钥的乘积,得到候选坐标;Obtain the product of the base point coordinates and the private key of the terminal to obtain candidate coordinates;
    根据所述每条子信息对应的密钥对所述候选坐标进行加密,得到所述候选坐标的密文;Encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates;
    对所述每条子信息对应的坐标信息与对应的候选坐标的密文进行融合,得到所述每条子信息对应的坐标信息的密文。The coordinate information corresponding to each piece of sub-information is fused with the ciphertext of the corresponding candidate coordinates to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
PCT/CN2021/097120 2020-09-29 2021-05-31 Information processing method and apparatus for generating key on the basis of attribute of information, and device WO2022068237A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011054352.7 2020-09-29
CN202011054352.7A CN112202554B (en) 2020-09-29 2020-09-29 Information processing method, device and equipment for generating key based on attribute of information

Publications (1)

Publication Number Publication Date
WO2022068237A1 true WO2022068237A1 (en) 2022-04-07

Family

ID=74008090

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/097120 WO2022068237A1 (en) 2020-09-29 2021-05-31 Information processing method and apparatus for generating key on the basis of attribute of information, and device

Country Status (2)

Country Link
CN (1) CN112202554B (en)
WO (1) WO2022068237A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116016931A (en) * 2023-03-24 2023-04-25 深圳市聚力得电子股份有限公司 Video encoding and decoding method of vehicle-mounted display

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112069525A (en) * 2020-09-29 2020-12-11 深圳壹账通智能科技有限公司 Encryption method, device and equipment for generating key based on attribute of information
CN112202554B (en) * 2020-09-29 2022-03-08 平安科技(深圳)有限公司 Information processing method, device and equipment for generating key based on attribute of information
CN112202555B (en) * 2020-09-29 2023-07-18 平安科技(深圳)有限公司 Information processing method, device and equipment for generating random number based on information attribute
CN116756761B (en) * 2023-08-22 2024-01-12 广东南方电信规划咨询设计院有限公司 Method and device for encrypting data

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1890916A (en) * 2003-10-03 2007-01-03 松下电器产业株式会社 Information transfer system, encryption device, and decryption device using elliptic curve cryptography
US20100111296A1 (en) * 2008-10-30 2010-05-06 Certicom Corp. Collision-resistant elliptic curve hash functions
CN102571790A (en) * 2011-12-31 2012-07-11 上海聚力传媒技术有限公司 Method and device for implementing encrypted transmission of target files
CN102624522A (en) * 2012-03-30 2012-08-01 华中科技大学 Key encryption method based on file attribution
CN110839026A (en) * 2019-11-12 2020-02-25 深圳市网心科技有限公司 Data processing method based on block chain and related equipment
CN112199697A (en) * 2020-09-29 2021-01-08 深圳壹账通智能科技有限公司 Information processing method, device, equipment and medium based on shared root key
CN112202554A (en) * 2020-09-29 2021-01-08 平安科技(深圳)有限公司 Information processing method, device and equipment for generating key based on attribute of information

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1890916A (en) * 2003-10-03 2007-01-03 松下电器产业株式会社 Information transfer system, encryption device, and decryption device using elliptic curve cryptography
US20100111296A1 (en) * 2008-10-30 2010-05-06 Certicom Corp. Collision-resistant elliptic curve hash functions
CN102571790A (en) * 2011-12-31 2012-07-11 上海聚力传媒技术有限公司 Method and device for implementing encrypted transmission of target files
CN102624522A (en) * 2012-03-30 2012-08-01 华中科技大学 Key encryption method based on file attribution
CN110839026A (en) * 2019-11-12 2020-02-25 深圳市网心科技有限公司 Data processing method based on block chain and related equipment
CN112199697A (en) * 2020-09-29 2021-01-08 深圳壹账通智能科技有限公司 Information processing method, device, equipment and medium based on shared root key
CN112202554A (en) * 2020-09-29 2021-01-08 平安科技(深圳)有限公司 Information processing method, device and equipment for generating key based on attribute of information

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116016931A (en) * 2023-03-24 2023-04-25 深圳市聚力得电子股份有限公司 Video encoding and decoding method of vehicle-mounted display

Also Published As

Publication number Publication date
CN112202554B (en) 2022-03-08
CN112202554A (en) 2021-01-08

Similar Documents

Publication Publication Date Title
WO2022068237A1 (en) Information processing method and apparatus for generating key on the basis of attribute of information, and device
US11153072B2 (en) Processing blockchain data based on smart contract operations executed in a trusted execution environment
US11869012B2 (en) Systems, devices, and methods for DLT-based data management platforms and data products
US20210174368A1 (en) Techniques For Expediting Processing Of Blockchain Transactions
US10860710B2 (en) Processing and storing blockchain data under a trusted execution environment
US20220318907A1 (en) Systems and methods for generating secure, encrypted communications across distributed computer networks for authorizing use of cryptography-based digital repositories in order to perform blockchain operations in decentralized applications
WO2022068360A1 (en) Shared root key-based information processing method and apparatus, and device and medium
US11514446B2 (en) Method and apparatus for starting smart contract, electronic device, and storage medium
WO2022068356A1 (en) Blockchain-based information encryption method and apparatus, device and medium
WO2022068235A1 (en) Information processing method and apparatus for generating random number on the basis of attribute of information, and device
WO2022068362A1 (en) Block chain-based information processing method and apparatus, device, and medium
WO2022068358A1 (en) Encryption method and apparatus for generating keys on basis of attributes of information, and device
CN111861462B (en) Financial product transaction method and device based on blockchain
WO2022068361A1 (en) Encryption method and apparatus based on amendment amount, and device, and medium
US11625391B2 (en) Transaction processing failover
WO2022068234A1 (en) Encryption method and apparatus based on shared root key, device and medium
US20230336355A1 (en) Data protection on distributed data storage (dds) protection networks
CN112202453A (en) Information processing method, device, equipment and medium for compressing ciphertext

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21873899

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21873899

Country of ref document: EP

Kind code of ref document: A1