CN110011807A - A kind of key message maintaining method and system - Google Patents

A kind of key message maintaining method and system Download PDF

Info

Publication number
CN110011807A
CN110011807A CN201910228758.3A CN201910228758A CN110011807A CN 110011807 A CN110011807 A CN 110011807A CN 201910228758 A CN201910228758 A CN 201910228758A CN 110011807 A CN110011807 A CN 110011807A
Authority
CN
China
Prior art keywords
information
request
management service
key message
semantic actions
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910228758.3A
Other languages
Chinese (zh)
Other versions
CN110011807B (en
Inventor
于岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201910228758.3A priority Critical patent/CN110011807B/en
Publication of CN110011807A publication Critical patent/CN110011807A/en
Application granted granted Critical
Publication of CN110011807B publication Critical patent/CN110011807B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Document Processing Apparatus (AREA)
  • Storage Device Security (AREA)

Abstract

Disclose a kind of key message maintaining method and system.A kind of key message maintaining method, endorses to information editing's request that user inputs this method comprises: information provides client, and the information editing's request endorsed by encryption is sent to information management service end;The information editing to endorse by encryption is requested to carry out sign test decryption in information management service end, if requesting sign test successful decryption to the information editing to endorse by encryption, information editing's request by decryption sign test is converted to Semantic Actions to execute instruction, Semantic Actions are executed instruction and are distributed to Information application end;Information application end executes instruction according to Semantic Actions and safeguards to key message to be edited.

Description

A kind of key message maintaining method and system
Technical field
This specification embodiment is related to field of computer technology more particularly to a kind of key message maintaining method and system.
Background technique
Currently in some mechanisms, it will usually which there are some key messages to be safeguarded jointly by multiple cooperative institutions simultaneously, respectively There is the demand edited to oneself exclusive key message in a cooperative institution.For example, for some payment mechanisms (it is subsequent in order to Description is convenient, and payment mechanism place server-side is referred to as information management service end), need for each cooperative institution it is (subsequent in order to retouch State conveniently, client where cooperative institution is referred to as that information provides client) configuration user information white list (i.e. key message), it uses Family information white list is safeguarded jointly by each cooperative institution, unified to be managed by the payment mechanism, is uniformly stored in message tube Manage the Information application end of server-side subordinate, so as to it is subsequent contracted in each cooperative institution in Information application end, paid, reimbursement, The direction splitter of the channels such as inquiry.The editing authority of user information white list transfers the user having permission to each cooperative institution, User can edit the user information white list of oneself affiliated cooperative institution, while the payment mechanism needs to avoid user The user information white list of other cooperative institutions is edited.It is badly in need of a kind of for multiple role securities concurrent maintenance thus And it can only safeguard the technical solution of oneself exclusive key message.
Summary of the invention
In view of the above technical problems, this specification embodiment provides a kind of key message maintaining method and system, technical side Case is as follows:
A kind of key message maintaining method is applied to key message maintenance system, and the system comprises the offers of multiple information Client, an information management service end and the Information application end for being subordinated to the information management service end, any letter Breath provides client and pre-generates public key and private key, and by own public key notification management server end, information management service end is pre- Public key and private key are first generated, provides own public key informing any information to client, this method comprises:
Information provides information editing's request that client receives user's input, using information management service end public key to described Information editing's request encrypts, and is digitally signed using own private key to information editing request;
Information provides client will be by encryption and the request of the information editing Jing Guo digital signature and the information The corresponding information of the key message to be edited that edit requests are directed to provides client identification and is sent to information management service end;
Information management service end, which is searched, provides the information offer client public key that client identification matches with the information, Utilize found information provide client public key to by encryption and the information editing Jing Guo digital signature request into Row digital signature authentication is solved using own private key to by encryption and the request of the information editing Jing Guo digital signature It is close;
If the digital label of progress are requested to by encryption and the information editing Jing Guo digital signature in information management service end Name is proved to be successful and successful decryption, will pass through the information decrypted and pass through digital signature authentication according to preset transformation rule Edit requests are converted to Semantic Actions and execute instruction, and the Semantic Actions are executed instruction and are distributed to Information application end;
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to the semanteme Movement, which executes instruction, safeguards key message to be edited.
A kind of key message maintaining method is applied to information and provides client, this method comprises:
Receive information editing's request of user's input;
Information editing request is encrypted using information management service end public key, using own private key to the letter Breath edit requests are digitally signed;
By what is be directed to by encryption and the request of the information editing Jing Guo digital signature and information editing request The corresponding information of key message to be edited provides client identification and is sent to information management service end, so that information management service end It searches and provides the information offer client public key that client identification matches with the information, found information is utilized to provide Client public key is digitally signed verifying to by encryption and the request of the information editing Jing Guo digital signature, utilizes itself Private key is decrypted to by encryption and the request of the information editing Jing Guo digital signature, if to by encrypting and by number The information editing request of signature, which is digitally signed, to be proved to be successful and successful decryption, will be passed through according to preset transformation rule Decryption and the information editing request for passing through digital signature authentication are converted to Semantic Actions and execute instruction, by the Semantic Actions It executes instruction and is distributed to Information application end.
A kind of key message maintaining method is applied to information management service end, this method comprises:
It receives information and the information editing's request and information by encrypting and Jing Guo digital signature that client is sent is provided The corresponding information of the key message to be edited that edit requests are directed to provides client identification;
It searches and provides the information offer client public key that client identification matches with the information;
It utilizes found information to provide client public key to compile to by encryption and the information Jing Guo digital signature It collects request and is digitally signed verifying;
It is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature;
If being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and solve Close success, will be by decrypting and being converted to by the information editing of digital signature authentication request according to preset transformation rule Semantic Actions execute instruction;
The Semantic Actions are executed instruction and are distributed to Information application end, so that Information application end is determining dynamic with the semanteme Corresponding key message to be edited is executed instruction, is executed instruction according to the Semantic Actions and key message to be edited is tieed up Shield.
A kind of key message maintaining method is applied to Information application end, this method comprises:
The Semantic Actions that information management service end issues are received to execute instruction;
It determines and executes instruction corresponding key message to be edited with the Semantic Actions;
It is executed instruction according to the Semantic Actions and key message to be edited is safeguarded.
A kind of key message maintenance system, the system comprises:
Multiple information provide client, an information management service end and the letter for being subordinated to the information management service end Application end is ceased, any information provides client and pre-generates public key and private key, by own public key notification management service End, information management service end pre-generate public key and private key, provide own public key informing any information to client;
Information provides information editing's request that client receives user's input, using information management service end public key to described Information editing's request encrypts, and is digitally signed using own private key to information editing request;
Information provides client will be by encryption and the request of the information editing Jing Guo digital signature and the information The corresponding information of the key message to be edited that edit requests are directed to provides client identification and is sent to information management service end;
Information management service end, which is searched, provides the information offer client public key that client identification matches with the information, Utilize found information provide client public key to by encryption and the information editing Jing Guo digital signature request into Row digital signature authentication is solved using own private key to by encryption and the request of the information editing Jing Guo digital signature It is close;
If the digital label of progress are requested to by encryption and the information editing Jing Guo digital signature in information management service end Name is proved to be successful and successful decryption, will pass through the information decrypted and pass through digital signature authentication according to preset transformation rule Edit requests are converted to Semantic Actions and execute instruction, and the Semantic Actions are executed instruction and are distributed to Information application end;
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to the semanteme Movement, which executes instruction, safeguards key message to be edited.
A kind of key message maintenance device is applied to information and provides client, which includes:
Request receiving module, for receiving information editing's request of user's input;
It endorses module, for being encrypted using information management service end public key to information editing request, benefit Information editing request is digitally signed with own private key;
Sending module, information editing request and the information for encryption will to be passed through and Jing Guo digital signature The corresponding information of the key message to be edited that edit requests are directed to provides client identification and is sent to information management service end, so that Information management service end, which is searched, to be provided the information that matches of client identification with the information and provides client public key, using being looked into The information found, which provides client public key, requests the digital label of progress to by encryption and the information editing Jing Guo digital signature Name verifying is decrypted, if to warp to by encryption and the request of the information editing Jing Guo digital signature using own private key It crosses encryption and the information editing request Jing Guo digital signature is digitally signed and is proved to be successful and successful decryption, according to presetting Transformation rule by decryption and Semantic Actions execution will be converted to by the information editing of digital signature authentication request refer to It enables, the Semantic Actions is executed instruction and are distributed to Information application end.
A kind of key message maintenance device, is applied to information management service end, which includes:
Receiving module provides the information editing by encrypting and Jing Guo digital signature that client is sent for receiving information The corresponding information of key message to be edited that request and information editing's request are directed to provides client identification;
Public key lookup module provides the information offer client public affairs that client identification matches with the information for searching Key;
Sign test module, for utilizing found information to provide client public key to by encrypting and by digital signature The information editing request be digitally signed verifying;
Deciphering module, for using own private key to by encryption and the information editing Jing Guo digital signature request into Row decryption;
Conversion module, if for being digitally signed to by encryption and the request of the information editing Jing Guo digital signature It is proved to be successful and successful decryption, it will be by decrypting and being compiled by the information of digital signature authentication according to preset transformation rule Volume request is converted to Semantic Actions and executes instruction;
Distribution module is instructed, Information application end is distributed to for executing instruction the Semantic Actions, so that Information application End, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, is executed instruction and is treated according to the Semantic Actions Editor's key message is safeguarded.
A kind of key message maintenance device, is applied to Information application end, which includes:
Command reception module is executed instruction for receiving the Semantic Actions that information management service end issues;
Information determination module executes instruction corresponding key message to be edited with the Semantic Actions for determining;
Maintenance of information module safeguards key message to be edited for being executed instruction according to the Semantic Actions.
Technical solution provided by this specification embodiment by using the encryption and decryption based on Asymmetric encryption and adds The identification authentication mechanism of sign test is signed, concurrent maintenance and can only safeguard oneself exclusive key message with determining multiple role securities.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not This specification embodiment can be limited.
In addition, any embodiment in this specification embodiment does not need to reach above-mentioned whole effects.
Detailed description of the invention
In order to illustrate more clearly of this specification embodiment or technical solution in the prior art, below will to embodiment or Attached drawing needed to be used in the description of the prior art is briefly described, it should be apparent that, the accompanying drawings in the following description is only The some embodiments recorded in this specification embodiment for those of ordinary skill in the art can also be attached according to these Figure obtains other attached drawings.
Fig. 1 is that the information of this specification embodiment provides client, information management service end, between the three of Information application end Connection schematic diagram;
Fig. 2 is the interaction flow schematic diagram of the key message maintaining method of this specification embodiment;
Fig. 3 is the structural representation for being applied to information and improving the key message maintenance device of client of this specification embodiment Figure;
Fig. 4 is the structural representation of the key message maintenance device applied to information management service end of this specification embodiment Figure;
Fig. 5 is the structural schematic diagram of the key message maintenance device applied to Information application end of this specification embodiment;
Fig. 6 is the structural schematic diagram for configuring a kind of equipment of this specification embodiment device.
Specific embodiment
Currently in some mechanisms, it will usually there are some key messages to be responsible for management by the mechanism, and by with the mechanism Multiple cooperative institutions of cooperation safeguard that each cooperative institution exists simultaneously the need edited to oneself exclusive key message jointly It asks.By taking key message is user's white list as an example, some payment mechanisms (subsequent for convenience, claims clothes where payment mechanism Business end be information management service end) it needs (subsequent for convenience, to claim cooperative institution's place client for each cooperative institution Client is provided for information) configuration user information white list, user information white list is safeguarded jointly by each cooperative institution, unified It is managed by the payment mechanism, the Information application end of information management service end subordinate is uniformly stored in, so as to subsequent in information The direction splitter of the channels such as each cooperative institution of application end contracted, paid, reimbursement, inquiry.Since each cooperative institution deposits In the demand edited to oneself exclusive key message, the payment mechanism by the editing authority of user information white list transfer to There are the user of editing authority, users can carry out to the user information white list of oneself affiliated cooperative institution for each cooperative institution Editor, while the payment mechanism needs that user is avoided to edit the user information white list of other cooperative institutions.Based on this, It is badly in need of a kind of for multiple role securities concurrent maintenance and can only safeguards the technical solution of oneself exclusive key message.
In view of the above-mentioned problems, this specification embodiment provides a kind of technical solution, by using based on unsymmetrical key body The encryption and decryption of system and the identification authentication mechanism of sign test of endorsing concurrent maintenance and can only safeguard oneself specially with determining multiple role securities Belong to key message.
Specifically, this illustrates that the technical solution that embodiment provides is as follows:
Information provides information editing's request that client receives user's input, using information management service end public key to described Information editing's request encrypts, and is digitally signed using own private key to information editing request;Information provides client End will be directed to be edited by encryption and the request of the information editing Jing Guo digital signature and information editing request The corresponding information of key message provides client identification and is sent to information management service end;Information management service end search with it is described Information provides the information that client identification matches and provides client public key, and found information is utilized to provide client public key It is digitally signed verifying to by encryption and the request of the information editing Jing Guo digital signature, using own private key to process It encrypts and the information editing request Jing Guo digital signature is decrypted;If information management service end is to by encrypting and passing through The information editing request of digital signature, which is digitally signed, to be proved to be successful and successful decryption, will according to preset transformation rule It is executed instruction by decrypting and being converted to Semantic Actions by the information editing of digital signature authentication request, by the semanteme Movement, which executes instruction, is distributed to Information application end;The determination of Information application end executes instruction corresponding to be edited with the Semantic Actions Key message is executed instruction according to the Semantic Actions and is safeguarded to key message to be edited.
In the present specification, including multiple information provide client, an information management service end and are subordinated to the letter Cease management server end Information application end, wherein information provide client, Information application end, information management service end three company Relation schematic diagram is connect as shown in Figure 1, the Information application end for being subordinated to the information management service end can in this specification embodiment Think one or more.Any information provides client and is based on the pre-generated public key of Asymmetric encryption and private key, appoints One information provides client and own public key notification management server end will record this in this side of information management service end The corresponding information of public key provides client identification, and information management service end is equally based on Asymmetric encryption and pre-generates public key And private key, provide own public key informing any information to client.In this way, which any information, which provides client, can learn letter Management server end public key is ceased, information management service end can learn that any information provides client public key.
In order to make those skilled in the art more fully understand the technical solution in this specification embodiment, below in conjunction with this Attached drawing in specification embodiment is described in detail the technical solution in this specification embodiment, it is clear that described Embodiment is only a part of the embodiment of this specification, instead of all the embodiments.The embodiment of base in this manual, Those of ordinary skill in the art's every other embodiment obtained, all should belong to the range of protection.
As shown in Fig. 2, being the interaction flow schematic diagram of this specification embodiment key message maintaining method, this method is specific It may comprise steps of:
S201, information provide information editing's request that client receives user's input;
Information provides client and veritifies to user identity, and specific implementation, which can be, veritifies account password, face Identification etc., this specification embodiment is not construed as limiting this.
After user identity veritification passes through, user can provide client with logon information, can then provide information to visitor Family end inputs information editing's request, and information provides information editing's request that client receives user's input, information editing request In can carry pending edit instruction, such as increase, modification, edit instructions and the pending information editing such as delete Instruct the object being directed to, i.e., key message to be edited, such as a data A1.1 in user information white list in list item A1.Separately When the outer pending edit instruction is modification instruction, can also additionally it be carried and key message to be edited in information editing's request Corresponding edited key message, such as A1.1a.
S202, information are provided client and are encrypted using information management service end public key to information editing request, Information editing request is digitally signed using own private key;
There is provided client institute received information editing's request for information in S201, information provides client and utilizes message tube Reason server-side public key encrypts information editing request, and it is non-that the Encryption Algorithm specifically used can be RSA, Elgamal etc. Symmetric encipherment algorithm can also be other rivest, shamir, adelmans, rivest, shamir, adelman of this specification embodiment to use It is not construed as limiting, can be any one current rivest, shamir, adelman.
In addition to this, information is provided client and also needs to be requested using own private key the information editing to carry out digital label Name, that is, endorse.
It is worth noting that, above-mentioned encryption, the execution sequencing this specification endorsed are not limited thereto.In this explanation In one embodiment of book, information is provided client and is encrypted using information management service end public key to information editing request, together Shi Liyong own private key is digitally signed information editing request, and such information editing requests by encryption, can be true Breath edit requests information-preserving will not be maliciously tampered, and information editing requests by endorsing, it can be ensured that user only edits oneself specially Belong to key message.
S203, information provide client and will request by encryption and the information editing Jing Guo digital signature, Yi Jisuo The corresponding information offer client identification of key message to be edited that information editing's request is directed to is provided and is sent to information management service End;
Information editing is requested after encryption and endorsing above-mentioned, will be asked by encryption, the information editing to endorse It asks and is sent to information management service end.
In addition to this, information provides client and also needs information editing requesting the corresponding letter of key message to be edited being directed to Breath provides client identification and is sent to information management service end.
For example, user is the operator a under mechanism A, operator a modifies the key message under mechanism A, then information editing asks Asking the corresponding information of the key message to be edited being directed to provide client identification is A, information editing's request is directed to be edited The corresponding information of key message provides client identification A and is sent to information management service end.
In another example user is the operator a under mechanism A, operator a modifies the key message under mechanism B, then information editing Requesting the corresponding information of the key message to be edited that is directed to provide client identification is B, information editing's request be directed to wait compile The corresponding information offer client identification B of key message is provided and is sent to information management service end.
It can be seen from the above, information, which provides client, requests information editing the corresponding information of key message to be edited being directed to Client identification is provided and is sent to information management service end, information provide the information that client is sent client identification is provided can be with It is consistent or inconsistent that client self identification is provided with information.
The corresponding information of key message to be edited that wherein information editing request is directed to, which provides client identification, can be The mark that user is actively entered is also possible to information and provides the crucial letter to be edited that client is directed to according to information editing request Breath, the mark corresponding with key message to be edited obtained to information management service end, this specification embodiment do not limit this It is fixed.
S204, information management service end, which is searched, provides the information offer client that client identification matches with the information Public key utilizes found information to provide client public key and asks to by encryption and the information editing Jing Guo digital signature It asks and is digitally signed verifying, request to carry out to by encryption and the information editing Jing Guo digital signature using own private key Decryption;
Information management service termination collection of letters breath provides the information by encrypting and Jing Guo digital signature that client is sent and compiles It collects the key message to be edited corresponding information that request and information editing request are directed to and client identification, message tube is provided The operation such as sign test is decrypted to by encryption and the request of the information editing Jing Guo digital signature in reason server-side, specific as follows:
Information management service end, which is searched, provides the information offer client public key that client identification matches with information, utilizes The information found provides client public key, requests the digital label of progress to by encryption and the information editing Jing Guo digital signature Name verifying, i.e. sign test are decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature.
Here, it searches and provides the information that matches of client identification with information client public key is provided, using being found Information client public key is provided, request to be digitally signed verifying to by encryption and information editing Jing Guo digital signature, It is in order to ensure user safeguards oneself exclusive key message.For example, user is the operator a, operator a under mechanism A The key message under mechanism A is modified, then it is A that information, which provides client identification, and providing client identification A according to the information can look into It finds the information to match and client public key is provided, provide client public key to by encrypting and by number label using the information Name information editing request be digitally signed verifying, can with sign test successfully, it is subsequent can be to the exclusive key message under mechanism A It is safeguarded.In another example user is the operator a under mechanism A, operator a modifies the key message under mechanism B, then information provides Client identification is B, and the information offer client public key to match can be found by providing client identification B according to the information, Client public key is provided using the information to be digitally signed and test to by encryption and the request of the information editing Jing Guo digital signature Card, sign test failure, prevents operator a from safeguarding the key message under mechanism B.
Wherein, in this specification embodiment, the execution sequence of above-mentioned decryption, sign test operation is not construed as limiting.In this theory In bright one embodiment of book, information management service end, which is searched, provides the public key that matches of client identification with information, using being searched The information arrived provides client public key, encrypts to the process and information editing's request Jing Guo digital signature is digitally signed and tests Card is proved to be successful, information management clothes if information editing's request to process encryption and Jing Guo digital signature is digitally signed Business end encrypts process using own private key and information editing Jing Guo digital signature requests to be decrypted, otherwise without using Own private key encrypts the process and information editing's request Jing Guo digital signature is decrypted.
In addition, if information editing's request to process encryption and Jing Guo digital signature is digitally signed authentication failed, Or decryption failure is requested by encryption and the information editing Jing Guo digital signature to this, information management service end provides information to Client sends key message and safeguards failure notification, and failure cause is back to information and provides client.
S205, if information management service end is counted to by encryption and the request of the information editing Jing Guo digital signature Word signature verification success and successful decryption, will be by decrypting and by described in digital signature authentication according to preset transformation rule Information editing's request is converted to Semantic Actions and executes instruction;
It is above-mentioned to be decrypted by encryption and the request of the information editing Jing Guo digital signature, sign test whole successes Afterwards, information management service end can will be converted to Semantic Actions by decrypting and requesting by the information editing of digital signature authentication It executes instruction, it is a kind of interactive mode of this specification based on semantical definition that Semantic Actions, which execute instruction, i.e., will be believed based on semantic Breath edit requests are converted to several movements and execute instruction.For example, an information editing requests the information such as the following table 1 institute carried Show:
Operator Institutional affiliation Edit instruction Object Edited object
a A Modification A1.1 A1.1a
Table 1
It is executed instruction as follows by the Semantic Actions that above- mentioned information edit requests are converted:
1, the operator a for being subordinated to mechanism A executes operation in 10:00;
2, the data A1.1 in key message list item A is deleted in part;
3, the data A1.1a in the newly-increased key message list item A in part.
Form Semantic Actions by above-mentioned three parts and execute instruction (modification be divided into deletion and newly-increased two parts), by it is above-mentioned can be with Find out that by information editing's request be that several movements execute instruction based on semantic conversion.
The Semantic Actions are executed instruction and are distributed to Information application end by S206, information management service end.
It is executed instruction for Semantic Actions obtained in S205, in this specification embodiment, information management service end can To be distributed to Information application end at once.
User frequently edits the problems such as network blockage caused by oneself exclusive key message in order to prevent, in information management This side of server-side can periodically summarize Semantic Actions instruction and be distributed to Information application end, specifically: it information management service end will The Semantic Actions, which execute instruction, to be stored, and recording the state that the Semantic Actions execute instruction is to be not carried out, information management clothes End be engaged according to preset release cycle, obtains the Semantic Actions being not carried out stored and executes instruction, information management service end will The Semantic Actions being not carried out stored obtained, which execute instruction, is distributed to Information application end.
Wherein information management service end, which executes instruction the Semantic Actions, stores into key message maintenance log, and records The state that the Semantic Actions execute instruction is to be not carried out, and key message maintenance log is for checking key message maintenance record.
It is executed instruction in addition to preventing from frequently sending Semantic Actions, log can be safeguarded based on key message, send and close Key information safeguards log, and Information application end can parse the Semantic Actions being wherein not carried out and execute instruction, specific as follows: message tube Server-side is managed according to preset release cycle, obtains the key message maintenance day that the Semantic Actions that storage is not carried out execute instruction Will, the maintenance log of key message that information management service end will acquire are distributed to Information application end, and follow-up application end is from pass The Semantic Actions being not carried out are parsed in key information maintenance log to execute instruction.
S207, Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to institute It states Semantic Actions and executes instruction and key message to be edited is safeguarded.
In this side of Information application end, it can determine and execute instruction corresponding key message to be edited with the Semantic Actions, It is executed instruction according to the Semantic Actions and key message to be edited is safeguarded.
Such as above-mentioned described Semantic Actions execute instruction:
1, the operator a for being subordinated to mechanism A executes operation in 10:00;
2, the data A1.1 in key message list item A is deleted in part;
3, the data A1.1a in the newly-increased key message list item A in part.
It can determine that executing instruction corresponding key message to be edited with the Semantic Actions is the number in key message list item A It according to A1.1, is executed instruction according to the Semantic Actions and key message to be edited is safeguarded: executed instruction according to the Semantic Actions Delete the data A1.1 in key message list item A, the data A1.1a in the newly-increased key message list item A in part in part.
Wherein, information management service end timing summarize Semantic Actions instruction be distributed to Information application end, information management service It holds the Semantic Actions being not carried out stored that will acquire to execute instruction and is distributed to Information application end, Information application end determines and should The Semantic Actions being not carried out execute instruction corresponding key message to be edited, are executed instruction pair according to the Semantic Actions that this is not carried out Key message to be edited is safeguarded that the Semantic Actions being not carried out are executed instruction to be executed instruction including several Semantic Actions, letter Breath application end, which can be executed instruction disposably according to the Semantic Actions that this is not carried out, safeguards key message to be edited.
In addition, information management service end group safeguards log in key message, the key message maintenance log distribution that will acquire To Information application end, Information application end parses the Semantic Actions being not carried out from key message maintenance log and executes instruction, Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions that this is not carried out, the semanteme being not carried out Movement is executed instruction to be executed instruction including several Semantic Actions, and Information application end can be disposably dynamic according to the semanteme being not carried out It executes instruction and key message to be edited is safeguarded.
By the description of the above-mentioned technical solution provided this specification embodiment, this side of client is provided in information, The information editing's request for receiving user's input encrypts information editing request using information management service end public key, benefit Information editing request is digitally signed with own private key, will be asked by encryption and the information editing Jing Guo digital signature It asks and the information editing requests the corresponding information offer client identification of the key message to be edited being directed to be sent to message tube Server-side is managed, in this side of information management service end, searches and provides the information offer visitor that client identification matches with the information Family end public key utilizes found information to provide client public key to by encryption and the information editing Jing Guo digital signature Request is digitally signed verifying, requests to carry out to by encryption and the information editing Jing Guo digital signature using own private key Decryption, if being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and be decrypted into Function will be converted to semantic dynamic according to preset transformation rule by decrypting and by the information editing of digital signature authentication request It executes instruction, which is executed instruction and is distributed to Information application end, in this side of Information application end, the determining and language Justice movement executes instruction corresponding key message to be edited, is executed instruction according to the Semantic Actions and is carried out to key message to be edited Maintenance.So by using the identification authentication mechanism of the encryption and decryption based on Asymmetric encryption and sign test of endorsing, determine multiple Concurrent maintenance and it can only safeguard oneself exclusive key message to role security.
In order to illustrate more clearly of the technical solution of this specification embodiment, separately below again from unilateral angle, to holding Capable method is illustrated:
Client is provided for information, needing to be implemented for task is mainly as follows:
A, information editing's request of user's input is received;
B, information editing request is encrypted using information management service end public key, using own private key to the information Edit requests are digitally signed;
C, by by encryption and Jing Guo digital signature the information editing request and the information editing request be directed to The corresponding information of editor's key message provides client identification and is sent to information management service end;
For information management service end, needing to be implemented for task is mainly as follows:
A, it searches and provides the information that matches of client identification with the information client public key is provided, utilize and found Information provides client public key and is digitally signed verifying to by encryption and the request of the information editing Jing Guo digital signature, benefit It is decrypted with own private key to by encryption and the request of the information editing Jing Guo digital signature;
If b, being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and solve Close success, will be by decrypting and being converted to language by the information editing of digital signature authentication request according to preset transformation rule Justice movement executes instruction, which is executed instruction and is distributed to Information application end;
For Information application end, needing to be implemented for task is mainly as follows:
It determines and with the Semantic Actions executes instruction corresponding key message to be edited, executed instruction pair according to the Semantic Actions Key message to be edited is safeguarded.
Corresponding with above method embodiment, this specification embodiment also provides a kind of key message maintenance device, application Client is provided in information, as shown in figure 3, the apparatus may include: request receiving module 310, module of endorsing 320, hair Send module 330.
Request receiving module 310, for receiving information editing's request of user's input;
Module of endorsing 320, for being encrypted using information management service end public key to information editing request, Information editing request is digitally signed using own private key;
Sending module 330, information editing request and the letter for encryption will to be passed through and Jing Guo digital signature The corresponding information of key message to be edited that breath edit requests are directed to provides client identification and is sent to information management service end, with It searches information management service end and provides the information offer client public key that client identification matches with the information, utilize institute The information found provides client public key and requests to carry out number to by encryption and the information editing Jing Guo digital signature Signature verification is decrypted, if right to by encryption and the request of the information editing Jing Guo digital signature using own private key Information editing request by encrypting and Jing Guo digital signature, which is digitally signed, to be proved to be successful and successful decryption, according to pre- If transformation rule will be converted to Semantic Actions execution by decryption and by the information editing of digital signature authentication request Instruction, the Semantic Actions are executed instruction and are distributed to Information application end.
This specification embodiment also provides a kind of key message maintenance device, is applied to information management service end, such as Fig. 4 institute Show, the apparatus may include: receiving module 410, public key lookup module 420, sign test module 430, deciphering module 440, modulus of conversion Block 450, instruction distribution module 460.
Receiving module 410 provides the information by encrypting and Jing Guo digital signature that client is sent for receiving information The corresponding information of key message to be edited that edit requests and information editing's request are directed to provides client identification;
Public key lookup module 420 provides the information offer client that client identification matches with the information for searching Hold public key;
Sign test module 430, for utilizing found information to provide client public key to by encrypting and by number The information editing request of signature is digitally signed verifying;
Deciphering module 440, for being asked using own private key to by encryption and the information editing Jing Guo digital signature It asks and is decrypted;
Conversion module 450, if for requesting to carry out number to by encryption and the information editing Jing Guo digital signature Signature verification success and successful decryption will pass through the letter decrypted and pass through digital signature authentication according to preset transformation rule Breath edit requests are converted to Semantic Actions and execute instruction;
Distribution module 460 is instructed, Information application end is distributed to for executing instruction the Semantic Actions, so that information is answered It is determined with end and with the Semantic Actions executes instruction corresponding key message to be edited, executed instruction pair according to the Semantic Actions Key message to be edited is safeguarded.
This specification embodiment also provides a kind of key message maintenance device, is applied to Information application end, as shown in figure 5, The apparatus may include: command reception module 510, information determination module 520, maintenance of information module 530.
Command reception module 510 is executed instruction for receiving the Semantic Actions that information management service end issues;
Information determination module 520 executes instruction corresponding key message to be edited with the Semantic Actions for determining;
Maintenance of information module 530 safeguards key message to be edited for being executed instruction according to the Semantic Actions.
This specification embodiment also provides a kind of key message maintenance system, the system comprises:
Multiple information provide client, an information management service end and the letter for being subordinated to the information management service end Application end is ceased, any information provides client and pre-generates public key and private key, by own public key notification management service End, information management service end pre-generate public key and private key, provide own public key informing any information to client;
Information provides information editing's request that client receives user's input, using information management service end public key to described Information editing's request encrypts, and is digitally signed using own private key to information editing request;
Information provides client will be by encryption and the request of the information editing Jing Guo digital signature and the information The corresponding information of the key message to be edited that edit requests are directed to provides client identification and is sent to information management service end;
Information management service end, which is searched, provides the information offer client public key that client identification matches with the information, Utilize found information provide client public key to by encryption and the information editing Jing Guo digital signature request into Row digital signature authentication is solved using own private key to by encryption and the request of the information editing Jing Guo digital signature It is close;
If the digital label of progress are requested to by encryption and the information editing Jing Guo digital signature in information management service end Name is proved to be successful and successful decryption, will pass through the information decrypted and pass through digital signature authentication according to preset transformation rule Edit requests are converted to Semantic Actions and execute instruction, and the Semantic Actions are executed instruction and are distributed to Information application end;
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to the semanteme Movement, which executes instruction, safeguards key message to be edited.
The function of modules and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
By the description of the above-mentioned technical solution provided this specification embodiment, this side of client is provided in information, The information editing's request for receiving user's input encrypts information editing request using information management service end public key, benefit Information editing request is digitally signed with own private key, will be asked by encryption and the information editing Jing Guo digital signature It asks and the information editing requests the corresponding information offer client identification of the key message to be edited being directed to be sent to message tube Server-side is managed, in this side of information management service end, searches and provides the information offer visitor that client identification matches with the information Family end public key utilizes found information to provide client public key to by encryption and the information editing Jing Guo digital signature Request is digitally signed verifying, requests to carry out to by encryption and the information editing Jing Guo digital signature using own private key Decryption, if being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and be decrypted into Function will be converted to semantic dynamic according to preset transformation rule by decrypting and by the information editing of digital signature authentication request It executes instruction, which is executed instruction and is distributed to Information application end, in this side of Information application end, the determining and language Justice movement executes instruction corresponding key message to be edited, is executed instruction according to the Semantic Actions and is carried out to key message to be edited Maintenance.So by using the identification authentication mechanism of the encryption and decryption based on Asymmetric encryption and sign test of endorsing, determine multiple Concurrent maintenance and it can only safeguard oneself exclusive key message to role security.
This specification embodiment also provides a kind of computer equipment, includes at least memory, processor and is stored in On reservoir and the computer program that can run on a processor, wherein processor realizes key above-mentioned when executing described program Information maintenance method, this method include at least:
Receive information editing's request of user's input;
Information editing request is encrypted using information management service end public key, using own private key to the letter Breath edit requests are digitally signed;
By what is be directed to by encryption and the request of the information editing Jing Guo digital signature and information editing request The corresponding information of key message to be edited provides client identification and is sent to information management service end.
This specification embodiment also provides a kind of computer equipment, includes at least memory, processor and is stored in On reservoir and the computer program that can run on a processor, wherein processor realizes key above-mentioned when executing described program Information maintenance method, this method include at least:
It receives information and the information editing's request and information by encrypting and Jing Guo digital signature that client is sent is provided The corresponding information of the key message to be edited that edit requests are directed to provides client identification;
It searches and provides the information offer client public key that client identification matches with the information;
It utilizes found information to provide client public key to compile to by encryption and the information Jing Guo digital signature It collects request and is digitally signed verifying;
It is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature;
If being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and solve Close success, will be by decrypting and being converted to by the information editing of digital signature authentication request according to preset transformation rule Semantic Actions execute instruction;
The Semantic Actions are executed instruction and are distributed to Information application end.
This specification embodiment also provides a kind of computer equipment, includes at least memory, processor and is stored in On reservoir and the computer program that can run on a processor, wherein processor realizes key above-mentioned when executing described program Information maintenance method, this method include at least:
The Semantic Actions that information management service end issues are received to execute instruction;
It determines and executes instruction corresponding key message to be edited with the Semantic Actions;
It is executed instruction according to the Semantic Actions and key message to be edited is safeguarded.
This specification embodiment also provides a kind of computer equipment, as shown in fig. 6, the equipment may include: processor 610, memory 620, input/output interface 630, communication interface 640 and bus 650.Wherein processor 610, memory 620, Input/output interface 630 and communication interface 640 pass through the communication connection between the realization of bus 650 inside equipment.
Processor 610 can use general CPU (Central Processing Unit, central processing unit), micro process Device, application specific integrated circuit (Application Specific Integrated Circuit, ASIC) or one or The modes such as multiple integrated circuits are realized, for executing relative program, to realize technical solution provided by this specification embodiment.
Memory 620 can use ROM (Read Only Memory, read-only memory), RAM (Random Access Memory, random access memory), static storage device, the forms such as dynamic memory realize.Memory 620 can store Operating system and other applications are realizing technical solution provided by this specification embodiment by software or firmware When, relevant program code is stored in memory 620, and execution is called by processor 610.
Input/output interface 630 is for connecting input/output module, to realize information input and output.Input and output/ Module can be used as component Configuration (not shown) in a device, can also be external in equipment to provide corresponding function.Wherein Input equipment may include keyboard, mouse, touch screen, microphone, various kinds of sensors etc., output equipment may include display, Loudspeaker, vibrator, indicator light etc..
Communication interface 640 is used for connection communication module (not shown), to realize the communication of this equipment and other equipment Interaction.Wherein communication module can be realized by wired mode (such as USB, cable etc.) and be communicated, can also be wirelessly (such as mobile network, WIFI, bluetooth etc.) realizes communication.
Bus 650 includes an access, in various components (such as the processor 610, memory 620, input/output of equipment Interface 630 and communication interface 640) between transmit information.
It should be noted that although above equipment illustrates only processor 610, memory 620, input/output interface 630, communication interface 640 and bus 650, but in the specific implementation process, which can also include realizing to operate normally Necessary other assemblies.In addition, it will be appreciated by those skilled in the art that, it can also be only comprising realizing in above equipment Component necessary to this specification example scheme, without including all components shown in figure.
This specification embodiment also provides a kind of computer readable storage medium, is stored thereon with computer program, the journey Key message maintaining method above-mentioned is realized when sequence is executed by processor, this method includes at least:
Receive information editing's request of user's input;
Information editing request is encrypted using information management service end public key, using own private key to the letter Breath edit requests are digitally signed;
By what is be directed to by encryption and the request of the information editing Jing Guo digital signature and information editing request The corresponding information of key message to be edited provides client identification and is sent to information management service end.
This specification embodiment also provides a kind of computer readable storage medium, is stored thereon with computer program, the journey Key message maintaining method above-mentioned is realized when sequence is executed by processor, this method includes at least:
It receives information and the information editing's request and information by encrypting and Jing Guo digital signature that client is sent is provided The corresponding information of the key message to be edited that edit requests are directed to provides client identification;
It searches and provides the information offer client public key that client identification matches with the information;
It utilizes found information to provide client public key to compile to by encryption and the information Jing Guo digital signature It collects request and is digitally signed verifying;
It is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature;
If being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and solve Close success, will be by decrypting and being converted to by the information editing of digital signature authentication request according to preset transformation rule Semantic Actions execute instruction;
The Semantic Actions are executed instruction and are distributed to Information application end.
This specification embodiment also provides a kind of computer readable storage medium, is stored thereon with computer program, the journey Key message maintaining method above-mentioned is realized when sequence is executed by processor, this method includes at least:
The Semantic Actions that information management service end issues are received to execute instruction;
It determines and executes instruction corresponding key message to be edited with the Semantic Actions;
It is executed instruction according to the Semantic Actions and key message to be edited is safeguarded.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media, can be by any side Method or technology realize that information stores.Information can be computer readable instructions, data structure, the module of program or other numbers According to.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory techniques, CD-ROM are read-only Memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or Other magnetic storage devices or any other non-transmission medium, can be used for storage can be accessed by a computing device information.According to Herein defines, and computer-readable medium does not include temporary computer readable media (transitory media), such as modulation Data-signal and carrier wave.
As seen through the above description of the embodiments, those skilled in the art can be understood that this specification Embodiment can be realized by means of software and necessary general hardware platform.Based on this understanding, this specification is implemented Substantially the part that contributes to existing technology can be embodied in the form of software products the technical solution of example in other words, The computer software product can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are to make It is each to obtain computer equipment (can be personal computer, server or the network equipment etc.) execution this specification embodiment Method described in certain parts of a embodiment or embodiment.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment The combination of any several equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality For applying example, since it is substantially similar to the method embodiment, so describing fairly simple, related place is referring to embodiment of the method Part explanation.The apparatus embodiments described above are merely exemplary, wherein described be used as separate part description Module may or may not be physically separated, can be each module when implementing this specification example scheme Function realize in the same or multiple software and or hardware.Can also select according to the actual needs part therein or Person's whole module achieves the purpose of the solution of this embodiment.Those of ordinary skill in the art are not the case where making the creative labor Under, it can it understands and implements.
The above is only the specific embodiment of this specification embodiment, it is noted that for the general of the art For logical technical staff, under the premise of not departing from this specification embodiment principle, several improvements and modifications can also be made, this A little improvements and modifications also should be regarded as the protection scope of this specification embodiment.

Claims (21)

1. a kind of key message maintaining method is applied to key message maintenance system, the system comprises multiple information to provide visitor Family end, an information management service end and the Information application end for being subordinated to the information management service end, any information Client is provided and pre-generates public key and private key, by own public key notification management server end, information management service end is preparatory Public key and private key are generated, provides own public key informing any information to client, this method comprises:
Information provides information editing's request that client receives user's input, using information management service end public key to the information Edit requests are encrypted, and are digitally signed using own private key to information editing request;
Information provides client will be by encryption and the request of the information editing Jing Guo digital signature and the information editing It requests the corresponding information of the key message to be edited being directed to provide client identification and is sent to information management service end;
Information management service end, which is searched, provides the information offer client public key that client identification matches with the information, utilizes The information found provides client public key and counts to by encryption and the request of the information editing Jing Guo digital signature Word signature verification is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature;
If information management service end is digitally signed and tests to by encryption and the request of the information editing Jing Guo digital signature It demonstrate,proves successfully and successful decryption, it will be by decrypting and passing through the information editing of digital signature authentication according to preset transformation rule Request is converted to Semantic Actions and executes instruction, and the Semantic Actions are executed instruction and are distributed to Information application end;
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to the Semantic Actions It executes instruction and key message to be edited is safeguarded.
2. according to the method described in claim 1, the information management service end utilizes found information to provide client Public key is digitally signed verifying to by encryption and the request of the information editing Jing Guo digital signature, utilizes own private key pair Information editing request by encrypting and Jing Guo digital signature is decrypted, comprising:
Information management service end utilizes found information to provide client public key to by encrypting and by digital signature Information editing's request is digitally signed verifying;
If information management service end is digitally signed and tests to by encryption and the request of the information editing Jing Guo digital signature It demonstrate,proves successfully, is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature.
3. according to the method described in claim 1, the method also includes:
The Semantic Actions are executed instruction and are stored by information management service end, and record what the Semantic Actions executed instruction State is to be not carried out;
Information management service end obtains the Semantic Actions being not carried out stored and executes instruction according to preset release cycle;
The information management service end, which executes instruction the Semantic Actions, is distributed to Information application end, comprising:
The Semantic Actions being not carried out that information management service end will acquire stored, which execute instruction, is distributed to Information application end;
The Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to the semanteme Movement, which executes instruction, safeguards key message to be edited, comprising:
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions being not carried out, according to described The Semantic Actions being not carried out, which execute instruction, safeguards key message to be edited.
4. according to the method described in claim 3, the Semantic Actions are executed instruction and are deposited by the information management service end Storage, and recording the state that the Semantic Actions execute instruction is to be not carried out, comprising:
Information management service end, which executes instruction the Semantic Actions, to be stored into key message maintenance log, and records institute's predicate The state that justice movement executes instruction is to be not carried out, and the key message maintenance log is for checking key message maintenance record.
5. according to the method described in claim 4, the information management service end, according to preset release cycle, acquisition is stored The Semantic Actions being not carried out execute instruction, comprising:
Information management service end obtains the crucial letter that the Semantic Actions that storage is not carried out execute instruction according to preset release cycle Breath maintenance log;
The Semantic Actions being not carried out stored that the information management service end will acquire, which execute instruction, is distributed to Information application End, comprising:
The key message maintenance log that information management service end will acquire is distributed to Information application end;
The Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions being not carried out, according to The Semantic Actions being not carried out, which execute instruction, safeguards key message to be edited, comprising:
Information application end parses the Semantic Actions being not carried out from key message maintenance log and executes instruction;
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions being not carried out, according to described The Semantic Actions being not carried out, which execute instruction, safeguards key message to be edited.
6. method according to any one of claims 1 to 5, the method also includes:
If information management service end is digitally signed and tests to by encryption and the request of the information editing Jing Guo digital signature Card failure, or decryption failure is requested to by encryption and the information editing Jing Guo digital signature, provide information to client It sends key message and safeguards failure notification, and failure cause is back to information, client is provided.
7. a kind of key message maintaining method is applied to information and provides client, this method comprises:
Receive information editing's request of user's input;
Information editing request is encrypted using information management service end public key, the information is compiled using own private key Request is collected to be digitally signed;
By by encryption and Jing Guo digital signature the information editing request and the information editing request be directed to wait compile The corresponding information offer client identification of key message is provided and is sent to information management service end, so that information management service end is searched The information that client identification matches being provided with the information, client public key being provided, found information is utilized to provide client End public key is digitally signed verifying to by encryption and the request of the information editing Jing Guo digital signature, utilizes own private key It is decrypted to by encryption and the request of the information editing Jing Guo digital signature, if to by encrypting and passing through digital signature Information editing request be digitally signed and be proved to be successful and successful decryption, will be by decryption according to preset transformation rule And Semantic Actions are converted to by the information editing of digital signature authentication request and are executed instruction, the Semantic Actions are executed Instruction is distributed to Information application end.
8. a kind of key message maintaining method is applied to information management service end, this method comprises:
It receives information and the information editing's request and information editing by encrypting and Jing Guo digital signature that client is sent is provided The corresponding information of the key message to be edited being directed to is requested to provide client identification;
It searches and provides the information offer client public key that client identification matches with the information;
It utilizes found information to provide client public key to ask to by encryption and the information editing Jing Guo digital signature It asks and is digitally signed verifying;
It is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature;
If being digitally signed to by encryption and the request of the information editing Jing Guo digital signature and being proved to be successful and be decrypted into Function, will be by decrypting and being converted to semanteme by the information editing of digital signature authentication request according to preset transformation rule Movement executes instruction;
The Semantic Actions are executed instruction and are distributed to Information application end, so that the determination of Information application end is held with the Semantic Actions Row instructs corresponding key message to be edited, is executed instruction according to the Semantic Actions and is safeguarded to key message to be edited.
9. a kind of key message maintaining method is applied to Information application end, this method comprises:
The Semantic Actions that information management service end issues are received to execute instruction;
It determines and executes instruction corresponding key message to be edited with the Semantic Actions;
It is executed instruction according to the Semantic Actions and key message to be edited is safeguarded.
10. a kind of key message maintenance system, the system comprises:
Multiple information provide clients, an information management service end and are subordinated to the information at the information management service end and answer With end, any information provides client and pre-generates public key and private key, by own public key notification management server end, letter It ceases management server end and pre-generates public key and private key, provide own public key informing any information to client;
Information provides information editing's request that client receives user's input, using information management service end public key to the information Edit requests are encrypted, and are digitally signed using own private key to information editing request;
Information provides client will be by encryption and the request of the information editing Jing Guo digital signature and the information editing It requests the corresponding information of the key message to be edited being directed to provide client identification and is sent to information management service end;
Information management service end, which is searched, provides the information offer client public key that client identification matches with the information, utilizes The information found provides client public key and counts to by encryption and the request of the information editing Jing Guo digital signature Word signature verification is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature;
If information management service end is digitally signed and tests to by encryption and the request of the information editing Jing Guo digital signature It demonstrate,proves successfully and successful decryption, it will be by decrypting and passing through the information editing of digital signature authentication according to preset transformation rule Request is converted to Semantic Actions and executes instruction, and the Semantic Actions are executed instruction and are distributed to Information application end;
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions, according to the Semantic Actions It executes instruction and key message to be edited is safeguarded.
11. system according to claim 10, the information management service end is especially by following manner to by encrypting And information editing request and decryption Jing Guo digital signature:
Information management service end utilizes found information to provide client public key to by encrypting and by digital signature Information editing's request is digitally signed verifying;
If information management service end is digitally signed and tests to by encryption and the request of the information editing Jing Guo digital signature It demonstrate,proves successfully, is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature.
12. system according to claim 10, the system also includes:
The Semantic Actions are executed instruction and are stored by information management service end, and record what the Semantic Actions executed instruction State is to be not carried out;
Information management service end obtains the Semantic Actions being not carried out stored and executes instruction according to preset release cycle;
Semantic Actions are executed instruction especially by following manner and are distributed to Information application end by information management service end:
The Semantic Actions being not carried out that information management service end will acquire stored, which execute instruction, is distributed to Information application end;
Key message to be edited is safeguarded especially by following manner at the Information application end:
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions being not carried out, according to described The Semantic Actions being not carried out, which execute instruction, safeguards key message to be edited.
13. system according to claim 12, the information management service end stores institute's predicate especially by following manner Justice movement executes instruction:
Information management service end, which executes instruction the Semantic Actions, to be stored into key message maintenance log, and records institute's predicate The state that justice movement executes instruction is to be not carried out, and the key message maintenance log is for checking key message maintenance record.
14. system according to claim 13, the information management service end is stored especially by following manner acquisition The Semantic Actions being not carried out execute instruction:
Information management service end obtains the crucial letter that the Semantic Actions that storage is not carried out execute instruction according to preset release cycle Breath maintenance log;
The information management service end refers to especially by the Semantic Actions execution being not carried out stored that following manner will acquire Order is distributed to Information application end:
The key message maintenance log that information management service end will acquire is distributed to Information application end;
Key message to be edited is safeguarded especially by following manner at the Information application end:
Information application end parses the Semantic Actions being not carried out from key message maintenance log and executes instruction;
Information application end, which is determined, executes instruction corresponding key message to be edited with the Semantic Actions being not carried out, according to described The Semantic Actions being not carried out, which execute instruction, safeguards key message to be edited.
15. system according to any one of claims 10 to 14, the system also includes:
If information management service end is digitally signed and tests to by encryption and the request of the information editing Jing Guo digital signature Card failure, or decryption failure is requested to by encryption and the information editing Jing Guo digital signature, provide information to client It sends key message and safeguards failure notification, and failure cause is back to information, client is provided.
16. a kind of key message maintenance device is applied to information and provides client, which includes:
Request receiving module, for receiving information editing's request of user's input;
Module of endorsing utilizes oneself for encrypting using information management service end public key to information editing request Body private key is digitally signed information editing request;
Sending module, information editing request and the information editing for encryption will to be passed through and Jing Guo digital signature It requests the corresponding information of the key message to be edited being directed to provide client identification and is sent to information management service end, so that information Management server end, which is searched, to be provided the information that matches of client identification with the information and provides client public key, using being found Information client public key be provided request to be digitally signed to test to by encryption and the information editing Jing Guo digital signature It demonstrate,proves, is decrypted using own private key to by encryption and the request of the information editing Jing Guo digital signature, if to by adding Close and Jing Guo digital signature information editing request, which is digitally signed, to be proved to be successful and successful decryption, according to preset turn Changing rule will execute instruction by decrypting and being converted to Semantic Actions by the information editing of digital signature authentication request, will The Semantic Actions, which execute instruction, is distributed to Information application end.
17. a kind of key message maintenance device, is applied to information management service end, which includes:
Receiving module provides information editing's request by encrypting and Jing Guo digital signature that client is sent for receiving information And the corresponding information of key message to be edited that information editing's request is directed to provides client identification;
Public key lookup module provides the information offer client public key that client identification matches with the information for searching;
Sign test module, for utilizing found information to provide client public key to by encryption and the institute Jing Guo digital signature It states information editing's request and is digitally signed verifying;
Deciphering module, for being solved using own private key to by encryption and the request of the information editing Jing Guo digital signature It is close;
Conversion module, if for being digitally signed verifying to by encryption and the request of the information editing Jing Guo digital signature Success and successful decryption, will be by decrypting and being asked by the information editing of digital signature authentication according to preset transformation rule It asks and is converted to Semantic Actions and executes instruction;
Distribution module is instructed, Information application end is distributed to for executing instruction the Semantic Actions, so that Information application end is true It is fixed to execute instruction corresponding key message to be edited with the Semantic Actions, it is executed instruction according to the Semantic Actions to be edited Key message is safeguarded.
18. a kind of key message maintenance device, is applied to Information application end, which includes:
Command reception module is executed instruction for receiving the Semantic Actions that information management service end issues;
Information determination module executes instruction corresponding key message to be edited with the Semantic Actions for determining;
Maintenance of information module safeguards key message to be edited for being executed instruction according to the Semantic Actions.
19. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, wherein the processor is realized the method for claim 7 when executing described program.
20. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, wherein the processor realizes method according to claim 8 when executing described program.
21. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, wherein the processor realizes method as claimed in claim 9 when executing described program.
CN201910228758.3A 2019-03-25 2019-03-25 Key information maintenance method and system Active CN110011807B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910228758.3A CN110011807B (en) 2019-03-25 2019-03-25 Key information maintenance method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910228758.3A CN110011807B (en) 2019-03-25 2019-03-25 Key information maintenance method and system

Publications (2)

Publication Number Publication Date
CN110011807A true CN110011807A (en) 2019-07-12
CN110011807B CN110011807B (en) 2021-12-24

Family

ID=67167953

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910228758.3A Active CN110011807B (en) 2019-03-25 2019-03-25 Key information maintenance method and system

Country Status (1)

Country Link
CN (1) CN110011807B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112163839A (en) * 2020-09-30 2021-01-01 北京致远互联软件股份有限公司 Personnel distinguishing and selecting method based on cooperative office system
CN113468566A (en) * 2021-07-01 2021-10-01 深圳海付移通科技有限公司 Encryption method, device, computer equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101128795A (en) * 2004-05-11 2008-02-20 米斯特科技有限公司 Semantic processor storage server architecture
US20080301261A1 (en) * 2007-05-30 2008-12-04 Fuji Xerox Co., Ltd. Data file edit system, storage medium, process server, and user client
CN101478437A (en) * 2009-01-13 2009-07-08 深圳市同洲电子股份有限公司 Network resource management method, system and network management server
CN102104498A (en) * 2011-02-21 2011-06-22 奇智软件(北京)有限公司 Remote terminal maintenance method and system
US20130232314A1 (en) * 2012-03-01 2013-09-05 Kabushiki Kaisha Toshiba Communication management apparatus, communication management method, and computer program product
CN103384211A (en) * 2013-06-28 2013-11-06 百度在线网络技术(北京)有限公司 Data manipulation method with fault tolerance and distributed type data storage system
WO2016192511A1 (en) * 2015-06-05 2016-12-08 腾讯科技(深圳)有限公司 Method and apparatus for remotely deleting information
CN107231368A (en) * 2017-06-22 2017-10-03 四川长虹电器股份有限公司 The method for lifting the software interface security that Internet is opened

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101128795A (en) * 2004-05-11 2008-02-20 米斯特科技有限公司 Semantic processor storage server architecture
US20080301261A1 (en) * 2007-05-30 2008-12-04 Fuji Xerox Co., Ltd. Data file edit system, storage medium, process server, and user client
CN101478437A (en) * 2009-01-13 2009-07-08 深圳市同洲电子股份有限公司 Network resource management method, system and network management server
CN102104498A (en) * 2011-02-21 2011-06-22 奇智软件(北京)有限公司 Remote terminal maintenance method and system
US20130232314A1 (en) * 2012-03-01 2013-09-05 Kabushiki Kaisha Toshiba Communication management apparatus, communication management method, and computer program product
CN103384211A (en) * 2013-06-28 2013-11-06 百度在线网络技术(北京)有限公司 Data manipulation method with fault tolerance and distributed type data storage system
WO2016192511A1 (en) * 2015-06-05 2016-12-08 腾讯科技(深圳)有限公司 Method and apparatus for remotely deleting information
CN107231368A (en) * 2017-06-22 2017-10-03 四川长虹电器股份有限公司 The method for lifting the software interface security that Internet is opened

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112163839A (en) * 2020-09-30 2021-01-01 北京致远互联软件股份有限公司 Personnel distinguishing and selecting method based on cooperative office system
CN113468566A (en) * 2021-07-01 2021-10-01 深圳海付移通科技有限公司 Encryption method, device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN110011807B (en) 2021-12-24

Similar Documents

Publication Publication Date Title
US11665006B2 (en) User authentication with self-signed certificate and identity verification
US10277591B2 (en) Protection and verification of user authentication credentials against server compromise
CN110537183B (en) Data marking method and system
US10250613B2 (en) Data access method based on cloud computing platform, and user terminal
EP3813292A1 (en) Blockchain-based service data encryption method and apparatus
US8875269B2 (en) User initiated and controlled identity federation establishment and revocation mechanism
US10007803B2 (en) Searching over encrypted keywords in a database
CN108154038B (en) Data processing method and device
US10938572B2 (en) Revocable biometric-based keys for digital signing
Shetty et al. Data security in Hadoop distributed file system
US20170104762A1 (en) Encryption policies for various nodes of a file
CN113806777A (en) File access realization method and device, storage medium and electronic equipment
CN111190974B (en) Method, device and equipment for forwarding and acquiring verifiable statement
US11044079B2 (en) Enhanced key availability for data services
CN110011807A (en) A kind of key message maintaining method and system
CN109325360B (en) Information management method and device
EP3809300A1 (en) Method and apparatus for data encryption, method and apparatus for data decryption
KR20160040399A (en) Personal Information Management System and Personal Information Management Method
CN103916237A (en) Method and system for managing user encrypted-key retrieval
WO2022151888A1 (en) Data sharing method and apparatus
Kumar et al. Data security and encryption technique for cloud storage
CN113609531B (en) Information interaction method, device, equipment, medium and product based on block chain
CN112995109A (en) Data encryption system and method, data processing method and device and electronic equipment
US20230269298A1 (en) Protecting api keys for accessing services
Gupta et al. Data Security Threats Arising Between a Cloud and Its Users

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200929

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200929

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

GR01 Patent grant
GR01 Patent grant