Summary of the invention
The embodiment of the present application provides a kind of data sending, receiving method, device and electronic equipment, to guarantee received number
According to authenticity.
In order to solve the above technical problems, the embodiment of the present application is achieved in that
In a first aspect, proposing a kind of data transmission method for uplink, comprising:
Acquire initial data, wherein it is stored with default private key and First Certificate in the data acquisition device, described first
Certificate, which is the private key based on the second certificate, carries out signature generation to the corresponding public key of the default private key, and second certificate is
Trusted certificate;
It is signed based on the default private key to the initial data, obtains digital signature;
Target data is sent to data receiver object, the target data includes the initial data, the digital signature
With the First Certificate, wherein the digital signature and the First Certificate are for verifying the authenticity of the initial data.
Second aspect proposes a kind of data acquisition device, comprising:
Data acquisition module, for acquiring initial data, wherein be stored in the data acquisition device default private key and
First Certificate, the First Certificate, which is the private key based on the second certificate, carries out signature generation to the corresponding public key of the default private key
, second certificate is trusted certificate;
Data signature module obtains digital signature for signing based on the default private key to the initial data;
Data transmission blocks, for sending target data to data receiver object, the target data includes described original
Data, the digital signature and the First Certificate, wherein the digital signature and the First Certificate are for verifying the original
The authenticity of beginning data.
The third aspect proposes a kind of data receiver method, comprising:
Target data is received, the target data includes initial data, digital signature and First Certificate, the digital signature
It is used to verify the authenticity of the initial data with the First Certificate;
Public key based on the First Certificate verifies the digital signature;
The First Certificate is verified based on the second certificate, second certificate is trusted certificate;
When the verifying to the digital signature and the First Certificate passes through, determine that the initial data really may be used
Letter.
Fourth aspect proposes a kind of data sink, comprising:
Data reception module, for receiving target data, the target data includes initial data, digital signature and first
Certificate, the digital signature and the First Certificate are used to verify the authenticity of the initial data;
First authentication module verifies the digital signature for the public key based on the First Certificate;
Second authentication module, for being verified to the First Certificate based on the second certificate, second certificate be by
The certificate of trust;
Determining module, for determining the original when the verifying to the digital signature and the First Certificate passes through
Beginning data are genuine and believable.
5th aspect, proposes a kind of electronic equipment, comprising:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executed
It manages device and executes following operation:
Acquire initial data, wherein it is stored with default private key and First Certificate in the data acquisition device, described first
Certificate, which is the private key based on the second certificate, carries out signature generation to the corresponding public key of the default private key, and second certificate is
Trusted certificate;
It is signed based on the default private key to the initial data, obtains digital signature;
Target data is sent to data receiver object, the target data includes the initial data, the digital signature
With the First Certificate, wherein the digital signature and the First Certificate are for verifying the authenticity of the initial data.
6th aspect, proposes a kind of computer readable storage medium, the computer-readable recording medium storage one
Or multiple programs, one or more of programs are when the electronic equipment for being included multiple application programs executes, so that the electricity
Sub- equipment executes following operation:
Acquire initial data, wherein it is stored with default private key and First Certificate in the data acquisition device, described first
Certificate, which is the private key based on the second certificate, carries out signature generation to the corresponding public key of the default private key, and second certificate is
Trusted certificate;
It is signed based on the default private key to the initial data, obtains digital signature;
Target data is sent to data receiver object, the target data includes the initial data, the digital signature
With the First Certificate, wherein the digital signature and the First Certificate are for verifying the authenticity of the initial data.
7th aspect, proposes a kind of electronic equipment, comprising:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executed
It manages device and executes following operation:
Target data is received, the target data includes initial data, digital signature and First Certificate, the digital signature
It is used to verify the authenticity of the initial data with the First Certificate;
Public key based on the First Certificate verifies the digital signature;
The First Certificate is verified based on the second certificate, second certificate is trusted certificate;
When the verifying to the digital signature and the First Certificate passes through, determine that the initial data really may be used
Letter.
Eighth aspect proposes a kind of computer readable storage medium, the computer-readable recording medium storage one
Or multiple programs, one or more of programs are when the electronic equipment for being included multiple application programs executes, so that the electricity
Sub- equipment executes following operation:
Target data is received, the target data includes initial data, digital signature and First Certificate, the digital signature
It is used to verify the authenticity of the initial data with the First Certificate;
Public key based on the First Certificate verifies the digital signature;
The First Certificate is verified based on the second certificate, second certificate is trusted certificate;
When the verifying to the digital signature and the First Certificate passes through, determine that the initial data really may be used
Letter.
As can be seen from the technical scheme provided by the above embodiments of the present application, scheme provided by the embodiments of the present application at least have as
A kind of lower technical effect: due to being stored with default private key and First Certificate in data acquisition device, and data acquisition device can be with
It presets private key by this to be digitally signed the initial data of transmission, and by initial data, digital signature and First Certificate one
With data receiver object is sent to, data receiver object is allowed to pass through verifying First Certificate and digital signature to verify and receive
The authenticity of the initial data arrived, to ensure that the authenticity of the received initial data of data receiver object.
Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and
Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one
Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.
For the authenticity for guaranteeing received data, this specification embodiment provides a kind of data transmission method for uplink and a kind of data
Method of reseptance.The executing subject for the data transmission method for uplink that this specification embodiment provides can be data acquisition device, such as take the photograph
As the sensors such as head, scanning device.The executing subject of data receiver method that this specification embodiment provides includes but is not limited to
Server-side, terminal etc. can be configured as executing at least one of the electronic equipment of this method provided in an embodiment of the present invention.
In other words, the data receiver method can be executed by being mounted on software or the hardware of terminal device or server device, institute
Stating software can be block platform chain.The server-side includes but is not limited to: single server, server cluster, cloud service
Device or cloud server cluster etc..
Fig. 1 is the flow diagram for the data transmission method for uplink that one embodiment of this specification provides, as shown in Figure 1, should
Data transmission method for uplink may include:
Step 102, acquisition initial data, wherein default private key and First Certificate are stored in the data acquisition device,
The First Certificate, which is the private key based on the second certificate, carries out signature generation to the corresponding public key of the default private key, and described the
Two certificates are trusted certificate.
Data acquisition device can be the sensor that data can be directly acquired from physical world (or physical environment), example
The camera of video data can be such as acquired from physical world.Correspondingly, initial data, refers to data acquisition device from physics
Collected true data in the world.
Certificate refers to that digital certificate, digital certificate are usually one close comprising disclosing through certificate authority digital signature
The file of key owner information and public key.
Public key is that key disclosed in rivest, shamir, adelman, and public key can be used for verifying signature or encryption data.It is private
Key is that key to maintain secrecy in rivest, shamir, adelman, and private key can be used for signing or ciphertext data.
Default private key is created and is saved by data acquisition device, and First Certificate can be by the production firm of data acquisition device
The data acquisition device is created and is written, First Certificate can be regarded as data acquisition device certificate and (work as data acquisition device
When for sensor, it is properly termed as sensor certificate).Accordingly alternatively, a kind of data transmission method for uplink shown in FIG. 1, in step 102
Before, it can also include: creation and store the default private key, and receive and store the First Certificate.
The process and production firm's creation the of default private key are created and saved to data acquisition device below with reference to Fig. 2
The one certificate and process that the data acquisition device is written is illustrated.As shown in Fig. 2, the process may include:
Step 201, data acquisition device 22 create key pair and save, and the private key of the cipher key pair is the default private
Key.
Step 202, production firm first electronic equipment 21 from being created in read step 201 in data acquisition device 22
The public key of cipher key pair.That is, the first electronic equipment 21 reads the corresponding public affairs of the default private key from data acquisition device 22
Key.
First electronic equipment 21 can be the production equipment of production firm, specifically can be an electronic equipment, such as one
Platform computer.
Step 203, the first electronic equipment 21 are from preset-key management system KMS/ predetermined hardware security module HSM 23
Read the private key of the second certificate.
Key management system (Key Management System, KMS) is for generating, distributing and management equipment and answer
With a kind of integrated system of the key of program.
Hardware security module (Hardware Security Module, HSM) is a kind of for protecting and managing strong authentication
Key used in system, and the computer hardware equipment of associated cryptographic operation is provided simultaneously.Hardware security module is generally logical
The form for crossing expansion card or external equipment is directly connected to computer or network server.
Second certificate can be signed and issued by the trusted third-party institution;Alternatively, the second certificate can be based at least one level
Third certificate issuance, and the third certificate is signed and issued by the trusted third-party institution.Wherein, the third-party institution, which can be, recognizes
It demonstrate,proves authorized organization (CA, Certificate Authority).
Second certificate can send jointly to data receiver object in company with target data, and disclosure can also be passed through by receiving object
Downloading channel obtain the second certificate.Third certificate can be obtained by disclosed downloading channel by receiving object.
In one example, when the second certificate is signed and issued by the trusted third-party institution, the second certificate can be third
The root certificate that square mechanism is signed and issued is also possible to the junior's certificate for the root certificate that the third-party institution signs and issues.
In another example, when the second certificate is based at least one level third certificate issuance, and the third certificate
When being signed and issued by the trusted third-party institution, the second certificate can be regarded as the third-party institution to the factory of data acquisition device
Manufacturer's certificate that quotient signs and issues, third certificate can be the root certificate that the third-party institution signs and issues, and are also possible to the third-party institution and sign and issue
Root certificate junior's certificate.Table 1 lists the relationship of a kind of possible First Certificate, the second certificate and third certificate.
Table 1
In table 1, SE refers to that safety element (Secure Element), TEE refer to credible performing environment (Trusted
Execution Environment), TPM refers to safety chip (Trusted Platform Module).
Seen from table 1, the private key of the second certificate is often stored in preset-key management system or predetermined hardware security module.
Step 204, the first private key of the electronic equipment 21 based on the second certificate read are corresponding to the default private key
Public key is signed, and First Certificate is obtained.
Data acquisition device 22 is written in First Certificate by step 205, the first electronic equipment 21.
By above-mentioned steps 201 to 205, it may be implemented to distribute First Certificate to data acquisition device 22 and be adopted in data
Safe preservation presets the purpose of private key in acquisition means.
Step 104 signs to the initial data based on the default private key, obtains digital signature.
As an example, data acquisition device can calculate the Hash of the initial data based on preset algorithm
(HASH) then value carries out the digital signature that signature generates the initial data to the cryptographic Hash using the default private key.
Step 106 sends target data to data receiver object, and the target data includes the initial data, described
Digital signature and the First Certificate, wherein the digital signature and the First Certificate are for verifying the initial data
Authenticity.
Namely initial data, the signature of initial data and First Certificate are sent jointly to data receiver by data acquisition device
Object.
Data receiver object can be the executing subject of the data receiver method of this specification embodiment offer, specifically
, data receiver object may be mounted at the program in the executing subject of the data receiver method of this specification embodiment offer,
Such as block platform chain.
It can be appreciated that data receiver object can verify whether the initial data received is tampered by digital signature,
It can be verified by First Certificate and whether receive initial data from trust data acquisition device, can also verified
The data acquisition device for sending initial data is what official produced.
In short, a kind of data transmission method for uplink that embodiment shown in Fig. 3 provides, pre- due to being stored in data acquisition device
If private key and First Certificate, and data acquisition device can preset private key by this and carry out digital label to the initial data of transmission
Name, and is sent to data receiver object for initial data, digital signature and First Certificate together, so that data receiver object can be with
The authenticity of the initial data received is verified by verifying First Certificate and digital signature, to ensure that data receiver pair
As the authenticity of received initial data.
Optionally, in another embodiment, when second certificate is based at least one level third certificate issuance, and institute
When stating third certificate and being signed and issued by the trusted third-party institution, namely when second certificate is the third based on the third-party institution
When manufacturer's certificate of certificate issuance, the target data that step 106 is sent can also include second certificate, and described second demonstrate,proves
Book can be used for verifying the authenticity of the initial data.
It is same it can be appreciated that when the second certificate is manufacturer's certificate, if the second certificate of verifying is based on trusted the
The third certificate issuance that tripartite mechanism is signed and issued when, can further prove initial data come from trust data acquisition dress
It sets, which is official's production, better assures that data receiver object connects the true of received initial data
Property.
A kind of data transmission method for uplink that this specification embodiment provides is illustrated below with reference to Fig. 3.As shown in figure 3,
This specification embodiment provide a kind of data transmission method for uplink, may include:
Step 301, data acquisition device 22 acquire initial data from physical world 25.
Wherein, default private key and First Certificate are stored in data acquisition device 22, First Certificate is based on the second certificate
Private key signature generation is carried out to the corresponding public key of the default private key, second certificate is trusted certificate.
Step 302, data acquisition device 22 are based on the default private key and sign to the initial data, obtain original
The digital signature of data.
Step 303, data acquisition device 22 send target data to the second electronic equipment 24, and the target data includes institute
State initial data, the digital signature and the First Certificate, wherein the digital signature and the First Certificate are for verifying
The authenticity of the initial data.
Wherein, the second electronic equipment 24 can be data receiver object namely the second electronic equipment 24 can be this explanation
The executing subject for the data receiver method that book provides.
Data transmission method for uplink similar with embodiment shown in FIG. 1, that embodiment shown in Fig. 3 provides, since data acquire
Default private key and First Certificate are stored in device 22, and data acquisition device 22 can preset private key to the original of transmission by this
Beginning data are digitally signed, and initial data, digital signature and First Certificate are sent to the second electronic equipment 24 together, are made
The authenticity of the initial data received can be verified by verifying First Certificate and digital signature by obtaining the second electronic equipment 24,
To ensure that the authenticity of the received initial data of the second electronic equipment 24.
It is a kind of explanation of the data transmission method for uplink provided this specification embodiment above, below with reference to Fig. 4 to this theory
A kind of data receiver method that bright book embodiment provides is introduced.
As shown in figure 4, a kind of data receiver method that this specification embodiment provides, is applied to data receiver object, number
It can be the electronic equipments such as server-side, terminal according to object is received, this method may include:
Step 402 receives target data, and the target data includes initial data, digital signature and First Certificate, described
Digital signature and the First Certificate are used to verify the authenticity of the initial data.
Step 404, the public key based on the First Certificate verify the digital signature.
As an example, data receiver object can calculate the Hash of the initial data based on preset algorithm
(HASH) then value carries out solution label to the digital signature using the public key in the First Certificate and obtains solution label value, described
It when solution label value is consistent with the cryptographic Hash being calculated, determines that the initial data is not tampered with, namely determines the digital signature
Be verified.
Step 406 verifies the First Certificate based on the second certificate, and second certificate is trusted card
Book.
As an example, data receiver object can based on the corresponding public key of the second certificate to the signature of First Certificate into
Row verifying, and when the signature verification to First Certificate passes through, determine being verified for First Certificate, namely determine First Certificate
It is the certificate that official issues, it is corresponding to prove that the data acquisition device for sending initial data is official's production.
Second certificate is signed and issued by the trusted third-party institution;Alternatively, the second certificate is based at least one level third certificate
It signs and issues, and the third certificate is signed and issued by the trusted third-party institution.
Step 408, when the verifying to the digital signature and the First Certificate passes through, determine the initial data
It is genuine and believable.
Specifically, determining the initial data when the verifying to the digital signature and the First Certificate passes through
From trusted data acquisition device, the default private for generating the digital signature is stored in the data acquisition device
Key and the First Certificate.
It is appreciated that data receiver object can verify whether the initial data received is tampered by digital signature,
It can be verified by First Certificate and whether receive initial data from trust data acquisition device, can also verified
The data acquisition device for sending initial data is what official produced.
In the present embodiment, data acquisition device can be sensor.
It optionally, is based at least one level third certificate issuance in the second certificate, and the third certificate is by trust
The third-party institution sign and issue, when the target data further includes second certificate, method shown in Fig. 4 can also include: base
Second certificate is verified in the third certificate.
On this basis, step 408 may include: to the digital signature, the First Certificate and second card
When the verifying of book passes through, determine that the initial data is genuine and believable.Wherein, the second certificate is verified based on third certificate
Process, it is similar with the process based on the second certification authentication First Certificate, be not added and repeat herein.
A kind of data receiver method that embodiment shown in Fig. 4 provides, due to including for testing in received target data
The digital signature and First Certificate for demonstrate,proving the authenticity of received initial data allow data receiver object to pass through verifying first
Certificate and digital signature verify the authenticity of the initial data received, to ensure that data receiver object is received original
The authenticity of data.
It is a kind of explanation of the data receiver method provided this specification embodiment above, it should be noted that this theory
The data receiver method that bright book embodiment provides corresponds to the data transmission method for uplink that this specification embodiment provides, and related place is asked
Referring to above to the introduction of data transmission method for uplink, repetition introduction is not done herein.
The electronic equipment provided below this specification embodiment is illustrated.
Fig. 5 is the structural schematic diagram for the electronic equipment that one embodiment of this specification provides.Referring to FIG. 5, in hardware
Level, the electronic equipment include processor, optionally further comprising internal bus, network interface, memory.Wherein, memory can
It can include memory, such as high-speed random access memory (Random-Access Memory, RAM), it is also possible to further include non-easy
The property lost memory (non-volatile memory), for example, at least 1 magnetic disk storage etc..Certainly, which is also possible to
Including hardware required for other business.
Processor, network interface and memory can be connected with each other by internal bus, which can be ISA
(Industry Standard Architecture, industry standard architecture) bus, PCI (Peripheral
Component Interconnect, Peripheral Component Interconnect standard) bus or EISA (Extended Industry Standard
Architecture, expanding the industrial standard structure) bus etc..The bus can be divided into address bus, data/address bus, control always
Line etc..Only to be indicated with a four-headed arrow in Fig. 5, it is not intended that an only bus or a type of convenient for indicating
Bus.
Memory, for storing program.Specifically, program may include program code, and said program code includes calculating
Machine operational order.Memory may include memory and nonvolatile memory, and provide instruction and data to processor.
Processor is from the then operation into memory of corresponding computer program is read in nonvolatile memory, in logical layer
Data acquisition device is formed on face.Processor executes the program that memory is stored, and is specifically used for executing following operation:
Acquire initial data, wherein it is stored with default private key and First Certificate in the data acquisition device, described first
Certificate, which is the private key based on the second certificate, carries out signature generation to the corresponding public key of the default private key, and second certificate is
Trusted certificate;
It is signed based on the default private key to the initial data, obtains digital signature;
Target data is sent to data receiver object, the target data includes the initial data, the digital signature
With the First Certificate, wherein the digital signature and the First Certificate are for verifying the authenticity of the initial data.
Data transmission method for uplink disclosed in the above-mentioned embodiment illustrated in fig. 1 such as this specification can be applied in processor, or
It is realized by processor.Processor may be a kind of IC chip, the processing capacity with signal.During realization, on
Each step for stating method can be completed by the integrated logic circuit of the hardware in processor or the instruction of software form.It is above-mentioned
Processor can be general processor, including central processing unit (Central Processing Unit, CPU), network processes
Device (Network Processor, NP) etc.;Can also be digital signal processor (Digital Signal Processor,
DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate
Array (Field-Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or crystalline substance
Body pipe logical device, discrete hardware components.It may be implemented or execute and is in this specification one or more embodiment disclosed
Each method, step and logic diagram.General processor can be microprocessor or the processor be also possible to it is any conventional
Processor etc..The step of method in conjunction with disclosed in this specification one or more embodiment, can be embodied directly in hardware decoding
Processor executes completion, or in decoding processor hardware and software module combination execute completion.Software module can position
In random access memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register
In the storage medium of equal this fields maturation.The storage medium is located at memory, and processor reads the information in memory, in conjunction with it
Hardware completes the step of above method.
The electronic equipment can also carry out the data transmission method for uplink of Fig. 1, and details are not described herein for this specification.
Certainly, other than software realization mode, other implementations are not precluded in the electronic equipment of this specification, such as
Logical device or the mode of software and hardware combining etc., that is to say, that the executing subject of following process flow is not limited to each
Logic unit is also possible to hardware or logical device.
Fig. 6 shows the structural schematic diagram of another electronic equipment of this specification embodiment offer, electronics shown in fig. 6
Equipment and electronic equipment shown in fig. 5 the difference is that, processor reads corresponding calculating from nonvolatile memory
Then machine program is run into memory, data sink is formed on logic level.Processor executes what memory was stored
Program, and be specifically used for executing following operation:
Target data is received, the target data includes initial data, digital signature and First Certificate, the digital signature
It is used to verify the authenticity of the initial data with the First Certificate;
Public key based on the First Certificate verifies the digital signature;
The First Certificate is verified based on the second certificate, second certificate is trusted certificate;
When the verifying to the digital signature and the First Certificate passes through, determine that the initial data really may be used
Letter.
Data receiver method disclosed in the above-mentioned embodiment illustrated in fig. 4 such as this specification can be applied to the processor in Fig. 6
In, or by the processor realization in Fig. 6.
This specification embodiment also proposed a kind of computer readable storage medium, the computer-readable recording medium storage
One or more programs, the one or more program include instruction, and the instruction is when by the portable electric including multiple application programs
When sub- equipment executes, the method that the portable electronic device can be made to execute embodiment illustrated in fig. 1, and be specifically used for executing following
Operation:
Acquire initial data, wherein it is stored with default private key and First Certificate in the data acquisition device, described first
Certificate, which is the private key based on the second certificate, carries out signature generation to the corresponding public key of the default private key, and second certificate is
Trusted certificate;
It is signed based on the default private key to the initial data, obtains digital signature;
Target data is sent to data receiver object, the target data includes the initial data, the digital signature
With the First Certificate, wherein the digital signature and the First Certificate are for verifying the authenticity of the initial data.
This specification embodiment also proposed a kind of computer readable storage medium, the computer-readable recording medium storage
One or more programs, the one or more program include instruction, and the instruction is when by the portable electric including multiple application programs
When sub- equipment executes, the method that the portable electronic device can be made to execute embodiment illustrated in fig. 4, and be specifically used for executing following
Operation:
Target data is received, the target data includes initial data, digital signature and First Certificate, the digital signature
It is used to verify the authenticity of the initial data with the First Certificate;
Public key based on the First Certificate verifies the digital signature;
The First Certificate is verified based on the second certificate, second certificate is trusted certificate;
When the verifying to the digital signature and the First Certificate passes through, determine that the initial data really may be used
Letter.
The data acquisition device 700 and data sink 800 of the offer of this specification embodiment are introduced below.
Fig. 7 is the structural schematic diagram for the data acquisition device 700 that this specification provides.Referring to FIG. 7, real in a kind of software
It applies in mode, data acquisition device 700 can include: data acquisition module 701, data signature module 702 and data transmission blocks
703。
Data acquisition module 701, for acquiring initial data, wherein default private is stored in the data acquisition device
Key and First Certificate, the First Certificate, which is the private key based on the second certificate, signs to the corresponding public key of the default private key
It generates, second certificate is trusted certificate.
Data acquisition device can be the sensor that data can be directly acquired from physical world (or physical environment).It is former
Beginning data refer to data acquisition device collected true data from physical world.
Default private key is created and is saved by data acquisition device, and First Certificate can be by the production firm of data acquisition device
The data acquisition device is created and is written, First Certificate can be regarded as data acquisition device certificate and (work as data acquisition device
When for sensor, it is properly termed as sensor certificate).Accordingly alternatively, data acquisition device 700 shown in Fig. 7, can also wrap
Include: preserving module is used for before acquiring initial data, creates and store the default private key, and receives and stores described
First Certificate.
Second certificate can be signed and issued by the trusted third-party institution;Alternatively, the second certificate can be based at least one level
Third certificate issuance, and the third certificate is signed and issued by the trusted third-party institution.Wherein, the third-party institution, which can be, recognizes
It demonstrate,proves authorized organization (CA, Certificate Authority).
In one example, when the second certificate is signed and issued by the trusted third-party institution, the second certificate can be third
The root certificate that square mechanism is signed and issued is also possible to the junior's certificate for the root certificate that the third-party institution signs and issues.
In another example, when the second certificate is based at least one level third certificate issuance, and the third certificate
When being signed and issued by the trusted third-party institution, the second certificate can be regarded as the third-party institution to the factory of data acquisition device
Manufacturer's certificate that quotient signs and issues, third certificate can be the root certificate that the third-party institution signs and issues, and are also possible to the third-party institution and sign and issue
Root certificate junior's certificate.
The private key of second certificate is often stored in preset-key management system or predetermined hardware security module.
Data signature module 702 obtains digital label for signing based on the default private key to the initial data
Name.
As an example, data signature module 702 can calculate the Hash of the initial data based on preset algorithm
(HASH) then value carries out the digital signature that signature generates the initial data to the cryptographic Hash using the default private key.
Data transmission blocks 703, for sending target data to data receiver object, the target data includes the original
Beginning data, the digital signature and the First Certificate, wherein the digital signature and the First Certificate are described for verifying
The authenticity of initial data.
Namely data transmission blocks 703 can send jointly to initial data, the signature of initial data and First Certificate
Data receiver object.
Data receiver object can be the executing subject of the data receiver method of this specification embodiment offer, specifically
, data receiver object may be mounted at the program in the executing subject of the data receiver method of this specification embodiment offer,
Such as block platform chain.
It can be appreciated that data receiver object can verify whether the initial data received is tampered by digital signature,
It can be verified by First Certificate and whether receive initial data from trust data acquisition device, can also verified
The data acquisition device for sending initial data is what official produced.
Data acquisition device 700 shown in Fig. 7, due to being stored with default private key and the first card in data acquisition device 700
Book, and data acquisition device can preset private key by this and be digitally signed to the initial data of transmission, and by initial data,
Digital signature and First Certificate are sent to data receiver object together, allow data receiver object by verifying First Certificate
The authenticity of the initial data received is verified with digital signature, to ensure that the received initial data of data receiver object
Authenticity.
Optionally, in another embodiment, when second certificate is based at least one level third certificate issuance, and institute
When stating third certificate and being signed and issued by the trusted third-party institution, namely when second certificate is the certificate based on the third-party institution
When the manufacturer's certificate signed and issued, the target data that data transmission blocks 703 are sent can also include second certificate, and described the
Two certificates can be used for verifying the authenticity of the initial data.
It is same it can be appreciated that when the second certificate is manufacturer's certificate, if the second certificate of verifying is based on trusted the
The third certificate issuance that tripartite mechanism is signed and issued when, can further prove initial data come from trust data acquisition dress
It sets, which is official's production, better assures that data receiver object connects the true of received initial data
Property.
The method that data acquisition device 700 can be realized the embodiment of the method for Fig. 1, specifically refers to embodiment illustrated in fig. 1
Data transmission method for uplink, repeat no more.
Fig. 8 is the structural schematic diagram for the data sending device 800 that this specification provides.Referring to FIG. 8, real in a kind of software
It applies in mode, data sending device 800 can include: data reception module 801, the first authentication module 802, the second authentication module
803 and determining module 804.
Data reception module 801, for receiving target data, the target data include initial data, digital signature and
First Certificate, the digital signature and the First Certificate are used to verify the authenticity of the initial data.
First authentication module 802 verifies the digital signature for the public key based on the First Certificate.
As an example, the first authentication module 802 can calculate the Hash of the initial data based on preset algorithm
(HASH) then value carries out solution label to the digital signature using the public key in the First Certificate and obtains solution label value, described
It when solution label value is consistent with the cryptographic Hash being calculated, determines that the initial data is not tampered with, namely determines the digital signature
Be verified.
Second authentication module 803, for being verified based on the second certificate to the First Certificate, second certificate is
Trusted certificate.
As an example, the second authentication module 803 can be based on the corresponding public key of the second certificate to the label of First Certificate
Name is verified, and when the signature verification to First Certificate passes through, and determines being verified for First Certificate, namely determine first
Certificate is the certificate that official issues, corresponding to prove that the data acquisition device for sending initial data is official's production.
Second certificate is signed and issued by the trusted third-party institution;Alternatively, the second certificate is based at least one level third certificate
It signs and issues, and the third certificate is signed and issued by the trusted third-party institution.
Determining module 804, described in determining when the verifying to the digital signature and the First Certificate passes through
Initial data is genuine and believable.
Specifically, determining module 804 can be when the verifying to the digital signature and the First Certificate passes through, really
The fixed initial data comes from trusted data acquisition device, is stored in the data acquisition device for generating the number
The default private key and the First Certificate of word signature.
It is appreciated that data sink can verify whether the initial data received is tampered by digital signature,
It can be verified by First Certificate and whether receive initial data from trust data acquisition device, can also verified
The data acquisition device for sending initial data is what official produced.
In the present embodiment, data acquisition device can be sensor.
It optionally, is based at least one level third certificate issuance in the second certificate, and the third certificate is by trust
The third-party institution sign and issue, when the target data further includes second certificate, data sink 800 shown in Fig. 8 also
It may include: third authentication module, for being verified based on the third certificate to second certificate.
On this basis, determining module 804 can be used for: to the digital signature, the First Certificate and described second
When the verifying of certificate passes through, determine that the initial data is genuine and believable.Wherein, the second certificate is tested based on third certificate
The process of card, it is similar with the process based on the second certification authentication First Certificate, it is not added and repeats herein.
Data sink 800 shown in Fig. 8, due to including for verifying received original number in received target data
According to authenticity digital signature and First Certificate, allow data sink to pass through verifying First Certificate and digital signature
The authenticity of the initial data received is verified, to ensure that the authenticity of the received initial data of data receiver object.
The method that data sending device 800 can be realized the embodiment of the method for Fig. 4, specifically refers to embodiment illustrated in fig. 4
Data transmission method for uplink, repeat no more.
In short, being not intended to limit the protection of this specification the foregoing is merely the preferred embodiment of this specification
Range.With within principle, made any modification, changes equivalent replacement all spirit in this specification one or more embodiment
Into etc., it should be included within the protection scope of this specification one or more embodiment.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used
Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment
The combination of equipment.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.When not limiting more, the element that is limited by sentence "including a ...", it is not excluded that in the mistake including the element
There is also other identical elements in journey, method, commodity or equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.