CN105868987B - A kind of method and system of shared information between devices - Google Patents

A kind of method and system of shared information between devices Download PDF

Info

Publication number
CN105868987B
CN105868987B CN201610182143.8A CN201610182143A CN105868987B CN 105868987 B CN105868987 B CN 105868987B CN 201610182143 A CN201610182143 A CN 201610182143A CN 105868987 B CN105868987 B CN 105868987B
Authority
CN
China
Prior art keywords
equipment
hit
server
item
hashed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610182143.8A
Other languages
Chinese (zh)
Other versions
CN105868987A (en
Inventor
肖梁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN201610182143.8A priority Critical patent/CN105868987B/en
Publication of CN105868987A publication Critical patent/CN105868987A/en
Application granted granted Critical
Publication of CN105868987B publication Critical patent/CN105868987B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Abstract

The present invention discloses a kind of method and system of shared information between devices.According to an embodiment of the present invention, information to be sharing is black list information.Some embodiments of the present invention enhance control of each participation main body to respective black list information, prevent black list information from revealing from third party.

Description

A kind of method and system of shared information between devices
Technical field
The embodiment of the present invention is related to the method and system of shared information between devices.
Background technique
The blacklist of finance and payment technical field plays an important role in business, and the participation main body in market is intended in time Obtain the blacklist of most time-effectiveness, but be often limited to information and close rule and secret protection requirement, can not directly by oneself Blacklist is shared with other people.
The common mode of the shared one kind of blacklist is the big supplier couple by a neutral third party or blacklist Black list information is distributed to all participation main bodys after being summarized, but participation main body is not high for third-party degree of belief, respectively It is weaker for the degree of control of shared information to participate in main body.Therefore, participant's enthusiasm is relatively low under this mechanism, after in addition summarizing Blacklist distribution be also easy to cause the leakage of whole black list information because of the leakage of a certain participant.
Another common blacklist shared mechanism is to be aggregated to form blacklist library by a neutral third party, each to participate in Main body provides the inquiry that keyword carries out shared information to third party, whether has blacklist hit by third party's feedback query information Keyword.Due to needing issuer to provide keyword message, third party's a large amount of participation main bodys easy to collect need privacy to be protected Information.Furthermore there is also whole a possibility that revealing in the blacklist library that third party summarizes.
Summary of the invention
A method of shared information between devices, comprising: step 1: inquiry is sent to server from the first equipment and is asked It asks, which includes the first hashed value and corresponding hashed password of the major key of item to be checked;Step 2: from the server To the first hashed value described in multiple second device broadcasts and the hashed password;Step 3: in each of the multiple second equipment It is a, the second hashed value of the major key for the item that the equipment is included is calculated using received hashed password respectively, when second hash When value is with first Hash value matches, the item of major key corresponding with second hashed value is hit item, which is that hit is set It is standby;Step 4: in the server, the shared key encrypted by the hit equipment is received from one or more hit equipment, In, the major key of the hit equipment utilization hit item encrypts the shared key;Step 5: being sent out from the server to first equipment Send the shared key of the encryption;Step 6: the shared key is used, in first equipment and one or more of Hit the information that hit item is shared between equipment.
A kind of system of shared information between devices, comprising: first unit, for being sent from the first equipment to server Inquiry request, the inquiry request include the first hashed value and corresponding hashed password of the major key of item to be checked;Second unit is used In from the server to the first hashed value described in multiple second device broadcasts and the hashed password;Third unit, in institute Each for stating multiple second equipment, calculates the second of the major key for the item that the equipment is included using received hashed password respectively Hashed value, when second hashed value and first Hash value matches, the Xiang Weiming of major key corresponding with second hashed value Middle term, the equipment are hit equipment;Unit the 4th, for being received by this from one or more hit equipment in the server Hit the shared key of equipment encryption, wherein the major key of the hit equipment utilization hit item encrypts the shared key;5th is single Member, for sending the shared key of the encryption from the server to first equipment;Unit the 6th, for using described shared Key shares the information of hit item between first equipment and one or more of hit equipment.
The other feature and advantage that also will be understood that the embodiment of the present invention when being read in conjunction with the figure and being described below, wherein attached Figure shows the principle of the embodiment of the present invention by means of example.
Detailed description of the invention
Fig. 1 be it is according to an embodiment of the invention by shared platform participate in main body between share black list information Architecture diagram.
Fig. 2 is the schematic diagram of shared information between devices according to an embodiment of the invention.
Fig. 3 is the message transmission schematic diagram of the method for shared information between devices according to an embodiment of the invention.
Specific embodiment
Hereinafter, the principle that invention will be described in conjunction with the embodiments.It should be understood that the embodiment provided is only Those skilled in the art more fully understand and practice the present invention, are not intended to limit the scope of the invention.It is wrapped in this specification It is not necessarily to be construed as the limitation to the range or the range that may be claimed of invention containing many specific implementation details, but It should be considered as the description specific to embodiment.According to specific application, it will be appreciated to those of skill in the art that in each reality The feature for applying the context-descriptive of example, which can be combined in single embodiment, to be implemented, in the described in the text up and down of single embodiment Feature can implement in multiple embodiments.
Fig. 1 is to participate in sharing black list information between main body by shared platform according to embodiment of the present invention Architecture diagram.In this embodiment, information to be sharing is black list information.In order to reinforce each participation main body to respective black name The identity of black list information supplier is protected in the control of single information, prevents black list information from revealing from third party, is devised such as figure Framework shown in 1.In this architecture, shared platform P and each participation main body pass through network connection, and independently of each ginseng With main body;Each main body Q that participates in has the blacklist BL safeguarded by oneself.Main body Q is participated in by initiating black name to shared platform P Single inquiry request, shared platform realize the shared of black list information to main body feedback blacklist query result is participated in.According to this hair Bright one or more embodiments can be kept away during information sharing by the case where shared platform P leakage black list information Exempt from.
The following table 1 shows an example of a blacklist, and there are two items on this blacklist.Participating in main body can basis Different blacklists is arranged in the difference of type of service.One record (item) of blacklist includes blacklist major key M and one or more A blacklist attribute S.One or more embodiment according to the present invention, initiates major key to shared platform from a participation main body and looks into It askes, find matched major key in other participation main bodys and then is carried out between the participation main body and other participation main bodys a little pair The attribute value of point is shared.
M: major key S1: name S2: residence S3: risk class S4: chain of evidence S5: source
001 Zhang San Shanghai It is high A Source data
002 Li Si Beijing It is medium B Shared data
Table 1
Fig. 2 is the schematic diagram of shared information between devices according to an embodiment of the invention.
Firstly, initiating inquiry request from the first equipment to server, it is desirable that the information for obtaining the item that major key is M, such as arrow 1 It is shown.The inquiry request includes the first hashed value HM and corresponding hashed password SQi of the major key M of item to be checked.
Then, server is close to the first hashed value described in multiple second device broadcasts and the hash according to the inquiry request Code, as shown in arrow 2.
Then, the multiple second equipment each, calculate the equipment using received hashed password respectively and wrapped Second hashed value of the major key of the item contained, when second hashed value and first Hash value matches, with second hashed value The item of corresponding major key is hit item, which is hit equipment.From one or more hit equipment to server send by The shared key of hit equipment encryption, as shown in arrow 3.Wherein, the major key of the hit equipment utilization hit item encrypts this Shared key.
Then, the shared key of the encryption, as shown in arrow 11 are sent from the server to first equipment
The first equipment is just able to use the shared key as a result, is total to from one or more of hit equipment Enjoy the information of hit item.
In one embodiment according to fig. 2, the method for shared information includes following procedure between devices.
Step 1: sending inquiry request from the first equipment to server, which includes the of the major key of item to be checked One hashed value and corresponding hashed password.
Step 2: from the server to the first hashed value described in multiple second device broadcasts and the hashed password.
Step 3: in each of the multiple second equipment, calculating the equipment using received hashed password respectively and wrapped Second hashed value of the major key of the item contained, when second hashed value and first Hash value matches, with second hashed value The item of corresponding major key is hit item, which is hit equipment.
Step 4: in the server, being received from one or more hit equipment close by sharing of encrypting of the hit equipment Key, wherein the major key of the hit equipment utilization hit item encrypts the shared key.
Step 5: the shared key of the encryption is sent from the server to first equipment.
Step 6: using the shared key, between first equipment and one or more of hit equipment altogether Enjoy the information of hit item.
In one embodiment, step 6 described above includes following procedure.
(1) in first equipment, the shared key of the encryption is decrypted using the major key of the item to be checked, and use The shared key encrypts the attribute-name to be checked, and the attribute-name of encryption is sent to the server.
(2) attribute-name of the encryption is sent from the server to one or more of hit equipment.
(3) in each one or more of for hitting equipment, the encryption is decrypted using the major key of the hit item Attribute-name, obtain the attribute-name, and encrypt corresponding attribute value using the major key of the hit item, and to the server Send the attribute value of encryption.
(4) attribute value of the encryption is sent from the server to first equipment.
(5) in first equipment, the attribute value of the encryption is decrypted using the major key of the item to be checked, obtains the life The attribute value of middle term.
In one embodiment, the hashed password is dynamic hashed password, which is based on described first and sets The public key of standby inquiry dynamic serial number and first equipment generates, wherein the inquiry dynamic serial number is by the service Device is pre-assigned to first equipment.The method of shared information between devices further include: from the server to multiple Before first hashed value and the hashed password described in two device broadcasts, first equipment is verified, wherein using being stored in this The inquiry dynamic serial number of server and the public key of the first equipment generate control code, but the control code is matched with the hashed password When, determination is proved to be successful;The inquiry dynamic serial number updated is sent from the server to first equipment.It is dissipated using dynamic Column password, server can prevent the inquiry request forged.
In one embodiment, the hashed password is unified static hashed password, by the server predetermined Time be distributed to first equipment and the multiple second equipment;Wherein, in the step 2: in response to inquiry request From the server to the first hashed value described in multiple second device broadcasts, at predetermined intervals, from the server to institute State the first equipment and the multiple second equipment distribution static hash password;The method of shared information between devices further include: It is somebody's turn to do in the scheduled time interval using received static hash cryptographic calculations in each of the multiple second equipment Second hashed value of the major key for the item that equipment is included, to prepare with the matching operation in future.It is received as a result, in the second equipment When to inquiry request, pre-prepd second hashed value can be used and directly matched with received first hashed value, improves Search efficiency.
In one embodiment, in the multiple second equipment, the hit record of item is safeguarded, wherein set when one second It is standby to receive first hashed value and the hashed password, and determine there are when hit item, it is recorded for the hit of the hit item Increase by 1;And it receives and sends the signature that first equipment of first hashed value records the hit.Hit record and life The signature of middle record can be used as chain of evidence and be stored in item.
Fig. 3 is the message transmission schematic diagram of the method for shared information between devices according to an embodiment of the invention. In this embodiment, equipment Qi requests the information of query term by server P to other equipment Qs.Here, Qs refers to other one A or multiple equipment.It is appreciated that in other embodiments, Qi can in a similar way with it is any in addition to Qi equipment Preserve the other collaborative share information of information.Some steps of the embodiment are described below, but it is understood that, these steps Some processes in rapid are only exemplary, and are not limited the invention.
Step 301
Inquiry request is sent from the first equipment Qi to server P, which includes the first of the major key M of item to be checked Hashed value HM and corresponding first hashed password SQi, wherein HM=HASH (M, SQi).
In some instances, HASH (A, B) is indicated for text A, carries out mould and operation with B, then carry out uni-directional hash fortune It calculates.Such as MD5, the algorithm of the uni-directional hash operation such as SHA-1, SHA-256 can be used.
In some instances, optionally, inquiry business type Type also is sent to server P from the first equipment Qi.This can To allow server P that inquiry request is targetedly forwarded to other equipment of the item with the type of service.
In some instances, first hashed password SQi is the hashed value based on search sequence QiID, corresponding to hash Password is the public key PKQi of the first equipment Qi, wherein SQi=HASH (QiID, PKQi).In other examples, this One hashed password SQi is the hashed value based on search sequence QiID and Query Dates Date, at this moment SQi=HASH (QiID+ Date,PKQi).The default starting QiID of first equipment Qi can be set to 0, and subsequent QiID can be sent to Qi from by P.
After sending inquiry request to server P from the first equipment Qi, the Type, HM, SQi of Qi storage this time inquiry, M。
Step 302
It include the information of the first hashed value HM and the first hashed password SQi from server P to the second equipment Qs forwarding.
In some instances, to improve safety, at server P, inquiry of the verifying from the first equipment Qi is asked It asks, wherein using the search sequence QiID " and public key of the first equipment Qi for being stored in advance in server P, PKQi ", Hashed value SQi " is calculated using hash function using public key as hashed password as initial data in search sequence number, In, SQi "=HASH (QiID ", PKQi ").When the hashed value SQi " is consistent with the first hashed password SQi, the verifying is judged Success.
In some instances, after being proved to be successful, Type, HM, SQi are broadcasted from server P to Qs, and can also be thus Start timing.
Step 303
Second equipment Qs obtains Type, HM, SQi of P broadcast.At second equipment Qs, for being taken care of by the second equipment Item major key N, the hashed value HN of the major key N is calculated according to the first hashed password SQi, wherein NH=HASH (N, SQi), and its hashed value HN item corresponding with the matched major key N of the first hashed value HM is determined.
In some instances, in the second equipment Qs, using SQi to multiple major key N of the business of parameter Type one by one It carries out hash operations and obtains hash value list.
Then, the shared key TK encrypted and first hashed value are sent from the second equipment Qs to the server P In some instances, shared key TKs, which can be, to be generated by Qs by the hashed value (that is, HM) matched, the first hashed password SQi Random number, and TK can obtain TK=C (TKs, M) by following formula.Here, C (A, B) is indicated for text A, the use of B is secret The result of key progress symmetric cryptography.C " (A, B) is indicated for text A, the use of B is that code key is symmetrically decrypted.It can be used The symmetric cryptographic algorithms such as 3DES, AES, SM1.In other examples, symmetric cryptography is carried out using the hash value of M to TKs, at this time TK=C (TKs, HASH (M, 0)).Second equipment Qs records TKs, TK, M.
Step 304
The shared key TK of the encryption is forwarded from the server P to the first equipment Qi, is hashed with described first It is worth matched hashed value, the first hashed password SQi.P records TK and Qs mapping relations.
In some instances, P is after the feedback result for receiving all Qs, or after timing reaches default maximum duration, shape At the quantity N of final query result R, Qs, shared code key list TKlist.It is then possible to from P to Qi send Type, SQi, R, N, TKlist, QiID ", QiID " is the search sequence number for initiating inquiry next time here.
Step 305
After first equipment Qi obtains Type, SQi, R, N, M can be obtained by Type, SQi in inquiry record.First Equipment Qi can also judge whether shared range is enough by the size of N numerical value, and updating QiID is QiID '.
In the first equipment Qi, the shared key TK of the encryption is decrypted using the major key M of the item to be checked, and using should Shared key TKs encrypts the attribute-name Si to be checked, and the attribute-name CSi and TK of encryption are sent to the server.Here, TKs=C (TKs, M).In one example, acquisition is decrypted using HM0=HASH (M, 0) for each TK in TKlist It is point-to-point to share symmetrical code key TKs, i.e. TKs=C " (TK, HM0).The mapping relations of Qi record TK and M, TKs.
Step 306
According to the mapping relations of TK and Qs, sending from server P to one or more of hit equipment Qs should add Close attribute-name CSi and TK.P supplements TK and Qi relationship.
Step 307
In each of one or more of hit equipment Qs, the major key or HM0=of the hit item are utilized The attribute-name that HASH (M, 0) decrypts the encryption obtains the attribute-name, and encrypts corresponding category using the major key of the hit item Property value Si_V, and to server P send encryption attribute value CSi_V, TK.
Step 308
Attribute value CSi_V, TK of the encryption are sent from server P to the first equipment Qi.Qi obtains CSi_V, It is mapped, is decrypted Si_V=(CSi_V, TKs) according to TK, M, Tks.
Black chain of evidence mechanism
According to another embodiment of the invention, when the item to be inquired is that record in blacklist is, black is introduced Chain of evidence mechanism, to improve the reliability of inquiry.In one example, the chain of evidence attribute of every blacklist of Qs record is initial Value is that CH0 includes 0, SIGN (0, SKQs), and wherein the former is the number being queried to, and the latter is label of the inquiry to the record Name.Every increase hit at first time then updates CHn=(n, SIGN (CHn-1, SKQi)) by inquiry Qi.Qs is in point-to-point shared rank The value of chain of evidence is sent to Qi and confirmed for inquiry by section.If CHn-1 can be submitted in this way, Qi has a question for CHn-1 Server P carries out layer-by-layer signature verification, prevents Qs fabrication of evidence chained record.
According to another embodiment of the invention, introduces and simplify inquiry mechanism.Each ginseng is required due to inquiring every time The hash for carrying out a full list of blacklist with main body calculates, and it is longer to need to calculate the time when blacklist list is larger, The phenomenon that each participation main body is easy to happen feedback time-out to simplify the calculation can whithin a period of time, for example in 1 hour or 1 day One fixed hash factor S Q is issued by platform P, query originator carries out uni-directional hash, each participant for keyword with SQ It is calculated in advance using the uni-directional hash that SQ completes blacklist, and the inquiry request received is directly matched.
Each arrow shown in Fig. 3 can be considered as method and step, and/or be considered as due to operation computer program code and It is caused to operate, and/or be considered as being configured to implement the logic circuit component of multiple couplings of correlation function.Although operation is by spy Fixed sequence is depicted in figure, but this is understood not to require shown in particular order or execute in sequential order These operations, or the operation of all illustrations is required to be performed, to do the trick.In some cases, multi-task parallel Processing may be advantageous.
According to other embodiments, invention additionally discloses the following contents.
A kind of scheme 1: system of shared information between devices, comprising: first unit, for from the first equipment to service Device sends inquiry request, which includes the first hashed value and corresponding hashed password of the major key of item to be checked;Second Unit, for from the server to the first hashed value described in multiple second device broadcasts and the hashed password;Third unit is used In the multiple second equipment each, the major key for the item that the equipment is included is calculated using received hashed password respectively The second hashed value, when second hashed value and when first Hash value matches, major key corresponding with second hashed value Item is hit item, which is hit equipment;Unit the 4th, for being connect from one or more hit equipment in the server Receive the shared key that is encrypted by the hit equipment, wherein the major key of the hit equipment utilization hit item encrypts the shared key; Unit the 5th, for sending the shared key of the encryption from the server to first equipment;Unit the 6th, for using institute Shared key is stated, the information of hit item is shared between first equipment and one or more of hit equipment.
System as described in scheme 1, Unit the 6th are configured to: in first equipment, using described to be checked The major key of item decrypts the shared key of the encryption, and encrypts the attribute-name to be checked using the shared key, to the clothes Business device sends the attribute-name of encryption;The attribute-name of the encryption is sent from the server to one or more of hit equipment; In each of one or more of hit equipment, the attribute-name of the encryption is decrypted using the major key of the hit item, is obtained Corresponding attribute value is encrypted to the attribute-name, and using the major key of the hit item, and sends encryption to the server Attribute value;The attribute value of the encryption is sent from the server to first equipment;In first equipment, using it is described to The major key of query term decrypts the attribute value of the encryption, obtains the attribute value of the hit item.
System as described in scheme 1, the hashed password are dynamic hashed passwords, which is based on described first The public key of the inquiry dynamic serial number of equipment and first equipment generates, wherein the inquiry dynamic serial number is by the clothes Business device is pre-assigned to first equipment;The system also includes: from the server to described in multiple second device broadcasts Before first hashed value and the hashed password, the device of first equipment is verified, wherein using being stored in the server The public key for inquiring dynamic serial number and the first equipment generates control code, but when the control code is matched with the hashed password, determines and test It demonstrate,proves successfully;The device of the inquiry dynamic serial number updated is sent from the server to first equipment.
System as described in scheme 1, the hashed password is unified static hashed password, by the server pre- The fixed time is distributed to first equipment and the multiple second equipment;Wherein, the second device is configured to: in response to Inquiry request is from the server to the first hashed value described in multiple second device broadcasts, at predetermined intervals, from the clothes Business device distributes static hash password to first equipment and the multiple second equipment;The system also includes: described more Each of a second equipment is wrapped in the scheduled time interval using received static hash cryptographic calculations equipment The device of second hashed value of the major key of the item contained, to prepare with the matching operation in future.
System as described in scheme 1, further includes: in the multiple second equipment, safeguard the device of the hit record of item, It is configured to: when second equipment receives first hashed value and the hashed password, and determining there are when hit item, Increase by 1 for the hit record of the hit item;And first equipment for sending first hashed value is received to hit note The signature of record.
Exemplary embodiment can be implemented in hardware, software, or a combination thereof.For example, certain aspects of the invention can be hard Implement in part, and other aspects can then be implemented in software.Although the aspect of exemplary embodiment of the present invention can be shown and It is described as block diagram, flow chart, but is well understood that, these devices described herein or method can be as non-limiting reality Functional module is implemented as in the system of example.In addition, above-mentioned apparatus is understood not to require to carry out in all of the embodiments illustrated This separation, and should be understood that described program assembly and system and generally can be integrated in single software product Or it is packaged into multiple software product.
Those skilled in the relevant art implement aforementioned exemplary of the invention when aforementioned specification is read in conjunction with the figure The various modifications of example and deformation can become obvious for those skilled in the relevant art.Therefore, the embodiment of the present invention is not limited to Disclosed specific embodiment, and variation and other embodiments are intended within the scope of the appended claims.

Claims (10)

1. a kind of method of shared information between devices characterized by comprising
Step 1: from the first equipment to server send inquiry request, the inquiry request include the major key of item to be checked first dissipate Train value and corresponding hashed password;
Step 2: from the server to the first hashed value described in multiple second device broadcasts and the hashed password;
Step 3: in each of the multiple second equipment, calculating the equipment using received hashed password respectively is included Second hashed value of the major key of item, it is corresponding with second hashed value when second hashed value and first Hash value matches Major key item be hit item, the equipment be hit equipment;
Step 4: in the server, the shared key encrypted by the hit equipment is received from one or more hit equipment, In, the major key of the hit equipment utilization hit item encrypts the shared key;
Step 5: the shared key of the encryption is sent from the server to first equipment;
Step 6: using the shared key, life is shared between first equipment and one or more of hit equipment The information of middle term.
2. the method as described in claim 1, which is characterized in that the step 6 includes:
In first equipment, the shared key of the encryption is decrypted using the major key of the item to be checked, and shared using this Key encrypts the attribute-name to be checked, and the attribute-name of encryption is sent to the server;
The attribute-name of the encryption is sent from the server to one or more of hit equipment;
In each of one or more of hit equipment, the attribute of the encryption is decrypted using the major key of the hit item Name obtains the attribute-name, and encrypts corresponding attribute value using the major key of the hit item, and send and add to the server Close attribute value;
The attribute value of the encryption is sent from the server to first equipment;
In first equipment, the attribute value of the encryption is decrypted using the major key of the item to be checked, obtains the hit item Attribute value.
3. the method as described in claim 1, which is characterized in that
The hashed password is dynamic hashed password, inquiry dynamic serial number of the hashed password based on first equipment and The public key of first equipment generates, wherein the inquiry dynamic serial number is pre-assigned to described first by the server Equipment;
The method also includes:
Before from the server to the first hashed value described in multiple second device broadcasts and the hashed password, described the is verified One equipment, wherein control code is generated using the public key for the inquiry dynamic serial number and the first equipment for being stored in the server, when this When control code is matched with the hashed password, determination is proved to be successful;
The inquiry dynamic serial number updated is sent from the server to first equipment.
4. the method as described in claim 1, which is characterized in that
The hashed password is unified static hashed password, is distributed to described first in the scheduled time by the server Equipment and the multiple second equipment;Wherein,
In the step 2:
In response to inquiry request from the server to the first hashed value described in multiple second device broadcasts,
At predetermined intervals, distribute static hash from the server to first equipment and the multiple second equipment Password;
The method also includes:
Received static hash password meter is used in the scheduled time interval in each of the multiple second equipment The second hashed value of the major key for the item that the equipment is included is calculated, to prepare with the matching operation in future.
5. the method as described in claim 1, which is characterized in that further include:
In the multiple second equipment, the hit record of item is safeguarded, wherein
It when second equipment receives first hashed value and the hashed password, and determines there are when hit item, for this The hit record of hit item increases by 1;And
It receives and sends the signature that first equipment of first hashed value records the hit.
6. a kind of system of shared information between devices characterized by comprising
First unit, for sending inquiry request from the first equipment to server, which includes the major key of item to be checked The first hashed value and corresponding hashed password;
Second unit, for from the server to the first hashed value described in multiple second device broadcasts and the hashed password;
Third unit, for the multiple second equipment each, calculate the equipment using received hashed password respectively Second hashed value of the major key for the item for being included second is dissipated when second hashed value and when first Hash value matches with this The item of the corresponding major key of train value is hit item, which is hit equipment;
Unit the 4th, for receiving from one or more hit equipment and being shared by what the hit equipment encrypted in the server Key, wherein the major key of the hit equipment utilization hit item encrypts the shared key;
Unit the 5th, for sending the shared key of the encryption from the server to first equipment;
Unit the 6th, for using the shared key, first equipment and one or more of hit equipment it Between share hit item information.
7. system as claimed in claim 6, which is characterized in that Unit the 6th is configured to:
In first equipment, the shared key of the encryption is decrypted using the major key of the item to be checked, and shared using this Key encrypts the attribute-name to be checked, and the attribute-name of encryption is sent to the server;
The attribute-name of the encryption is sent from the server to one or more of hit equipment;
In each of one or more of hit equipment, the attribute of the encryption is decrypted using the major key of the hit item Name obtains the attribute-name, and encrypts corresponding attribute value using the major key of the hit item, and send and add to the server Close attribute value;
The attribute value of the encryption is sent from the server to first equipment;
In first equipment, the attribute value of the encryption is decrypted using the major key of the item to be checked, obtains the hit item Attribute value.
8. system as claimed in claim 6, which is characterized in that
The hashed password is dynamic hashed password, inquiry dynamic serial number of the hashed password based on first equipment and The public key of first equipment generates, wherein the inquiry dynamic serial number is pre-assigned to described first by the server Equipment;
The system also includes:
Before from the server to the first hashed value described in multiple second device broadcasts and the hashed password, described the is verified The device of one equipment, wherein generate control using the public key for the inquiry dynamic serial number and the first equipment for being stored in the server Code, when the control code is matched with the hashed password, determination is proved to be successful;
The device of the inquiry dynamic serial number updated is sent from the server to first equipment.
9. system as claimed in claim 6, which is characterized in that
The hashed password is unified static hashed password, is distributed to described first in the scheduled time by the server Equipment and the multiple second equipment;Wherein,
The second unit is configured to:
In response to inquiry request from the server to the first hashed value described in multiple second device broadcasts,
At predetermined intervals, distribute static hash from the server to first equipment and the multiple second equipment Password;
The system also includes:
Received static hash password meter is used in the scheduled time interval in each of the multiple second equipment The device of the second hashed value of the major key for the item that the equipment is included is calculated, to prepare with the matching operation in future.
10. system as claimed in claim 6, which is characterized in that further include:
In the multiple second equipment, safeguards the device of the hit record of item, is configured to:
It when second equipment receives first hashed value and the hashed password, and determines there are when hit item, for this The hit record of hit item increases by 1;And
It receives and sends the signature that first equipment of first hashed value records the hit.
CN201610182143.8A 2016-03-28 2016-03-28 A kind of method and system of shared information between devices Active CN105868987B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610182143.8A CN105868987B (en) 2016-03-28 2016-03-28 A kind of method and system of shared information between devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610182143.8A CN105868987B (en) 2016-03-28 2016-03-28 A kind of method and system of shared information between devices

Publications (2)

Publication Number Publication Date
CN105868987A CN105868987A (en) 2016-08-17
CN105868987B true CN105868987B (en) 2019-08-13

Family

ID=56626069

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610182143.8A Active CN105868987B (en) 2016-03-28 2016-03-28 A kind of method and system of shared information between devices

Country Status (1)

Country Link
CN (1) CN105868987B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327418A (en) * 2017-07-31 2019-02-12 平安科技(深圳)有限公司 Data sharing method, device and computer readable storage medium
CN109948358A (en) * 2019-01-17 2019-06-28 平安科技(深圳)有限公司 Blacklist sharing method and device, storage medium, computer equipment
CN111200613B (en) * 2020-01-07 2022-06-07 北京链道科技有限公司 End-to-end model-based code trusted execution method
CN112187758A (en) * 2020-09-21 2021-01-05 上海同态信息科技有限责任公司 Aging privacy protection system and method for outflow data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873236A (en) * 2012-12-12 2014-06-18 华为技术有限公司 Searchable encryption method and equipment thereof
CN104394155A (en) * 2014-11-27 2015-03-04 暨南大学 Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness
CN104980436A (en) * 2015-06-11 2015-10-14 努比亚技术有限公司 Encryption transmission system, method and terminal and intermediate server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9361476B2 (en) * 2014-05-16 2016-06-07 Safe Text Ltd. Messaging systems and methods

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873236A (en) * 2012-12-12 2014-06-18 华为技术有限公司 Searchable encryption method and equipment thereof
CN104394155A (en) * 2014-11-27 2015-03-04 暨南大学 Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness
CN104980436A (en) * 2015-06-11 2015-10-14 努比亚技术有限公司 Encryption transmission system, method and terminal and intermediate server

Also Published As

Publication number Publication date
CN105868987A (en) 2016-08-17

Similar Documents

Publication Publication Date Title
CN109033855B (en) Data transmission method and device based on block chain and storage medium
US10810315B2 (en) Enabling access to data
CN109729041B (en) Method and device for issuing and acquiring encrypted content
JP5562687B2 (en) Securing communications sent by a first user to a second user
CN109034796B (en) Alliance chain-based transaction supervision method, electronic device and readable storage medium
KR101985179B1 (en) Blockchain based id as a service
US20160294553A1 (en) Information delivery system
US9178881B2 (en) Proof of device genuineness
US9372987B1 (en) Apparatus and method for masking a real user controlling synthetic identities
CN105868987B (en) A kind of method and system of shared information between devices
CN107370595A (en) One kind is based on fine-grained ciphertext access control method
KR101615137B1 (en) Data access method based on attributed
CN107613316A (en) A kind of network direct broadcasting plug-flow verification method and system
EP3939202A1 (en) Method and apparatus for effecting a data-based activity
CN106850229A (en) SM2 digital signature generation method and system based on the secret segmentation of product
CN110958253A (en) Electronic voting method, device and storage medium based on block chain
CN109492424B (en) Data asset management method, data asset management device, and computer-readable medium
CN107070856A (en) Encryption/decryption speed improvement method of encryption is applied compoundly
KR102298266B1 (en) Data access control method and system using attribute-based password for secure and efficient data sharing in cloud environment
CN108616516A (en) A kind of third party's plaintext password method of calibration based on multiple encryption algorithms
Reedy et al. A Secure Framework for Ensuring EHR's Integrity Using Fine-Grained Auditing and CP-ABE
CN109525747B (en) Picture uploading method, encryption and decryption method, device and system and electronic equipment
CN116366289A (en) Safety supervision method and device for remote sensing data of unmanned aerial vehicle
CN106357659B (en) Cloud storage authentication system and method and data transmission method
KR100989371B1 (en) DRM security mechanism for the personal home domain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant