CN110266478A - A kind of information processing method, electronic equipment - Google Patents

A kind of information processing method, electronic equipment Download PDF

Info

Publication number
CN110266478A
CN110266478A CN201910472125.7A CN201910472125A CN110266478A CN 110266478 A CN110266478 A CN 110266478A CN 201910472125 A CN201910472125 A CN 201910472125A CN 110266478 A CN110266478 A CN 110266478A
Authority
CN
China
Prior art keywords
key parameter
responder
key
parameter
stage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910472125.7A
Other languages
Chinese (zh)
Other versions
CN110266478B (en
Inventor
马逸龙
过晓冰
王云浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201910472125.7A priority Critical patent/CN110266478B/en
Publication of CN110266478A publication Critical patent/CN110266478A/en
Application granted granted Critical
Publication of CN110266478B publication Critical patent/CN110266478B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The embodiment of the present invention provides a kind of information processing method, electronic equipment.The information processing method includes: the key application for receiving request end and sending, and the key application carries the first median;First median is that the request end is generated based on the first key parameter;Based on first median, the second key parameter of at least two-stage is generated;Second key parameter of at least two-stage is sent to the request end;Second key parameter of at least two-stage and the first key parameter are provided commonly for generating private key for the request end.

Description

A kind of information processing method, electronic equipment
Technical field
The present invention relates to the technical field of the communications field more particularly to a kind of information processing methods, electronic equipment.
Background technique
Public-key cryptosystem has following three kinds of schemes: the public-key cryptosystem PKI based on certificate, the public affairs based on mark at present Key cipher system IBC and without CertPubKey cipher system CLPKC.Wherein, it needs to issue using certificate authority CA using PKI It issues licence to establish contacting between user subject and public key, however the management of certificate (such as issue, update, cancel) is not only grasped Make complicated, it is also necessary to consume many computing resources and storage resource.Wherein although IBC eliminates the dependence to certificate;But it uses The public key at family is uniquely determined by user identifier, and the private key of user is generated by trusting authoritative institution.Private thus can be introduced using IBC Key trustship problem, and user's signature does not have uniqueness and non-repudiation.It, should although wherein CLPKC does not use certificate CLPKC be only with the framework of a key generation centre, thus existed using the program do evil because of the key generation centre or It is broken and bring security of system problem.
Summary of the invention
The embodiment of the invention provides a kind of information processing methods, electronic equipment.
The technical scheme of the present invention is realized as follows:
A kind of information processing method, comprising:
The key application that request end is sent is received, the key application carries the first median;First median It is generated for the request end based on the first key parameter;
Based on first median, the second key parameter of at least two-stage is generated;
Second key parameter of at least two-stage is sent to the request end;Second key of at least two-stage is joined The several and first key parameter is provided commonly for generating private key for the request end.
It is described to be based on first median in above scheme, generate the second key parameter of at least two-stage, comprising:
If current responder is first order responder, first median is received;Based on first median, generate Second key parameter of the first order responder;Second key parameter of the first order responder is sent to the second level to ring Ying Duan;
If current responder is intergrade responder, the second key parameter of previous stage responder is received;Before described Second key parameter of level-one responder generates the second key parameter of the intergrade responder;The intergrade is responded Second key parameter at end is sent to rear stage responder;
If current responder is afterbody responder, the second key parameter of previous stage responder is received;Based on described Second key parameter of previous stage responder generates the second key parameter of the afterbody responder.
In above scheme, second key parameter by at least two-stage is sent to the request end, comprising:
By the second key parameter of the first order responder, the second key parameter of the intergrade responder and described Second key parameter of afterbody responder is sent to the request end.
In above scheme, second key parameter includes: public key parameter;
The method also includes:
After the common recognition verifying that the public key parameter of at least two-stage is passed through block chain, it is recorded in block chain.
In above scheme, second key parameter includes: private key parameter;
It is described to be based on first median, generate the second key parameter of at least two-stage, comprising:
The identification information that acquisition request end is sent;
Generate random number and third key parameter;
Based on first median, the identification information and the random number, cryptographic Hash is generated;
Using first function using the cryptographic Hash, the random number and the third key parameter as known quantity, calculating is obtained Obtain private key parameter.
It is described to utilize first function with the cryptographic Hash, the random number and the third key parameter in above scheme For known quantity, calculates and obtains private key parameter, comprising:
The cryptographic Hash is subjected to Binary Conversion, obtains 32 the first numerical value;
Obtain high 16 binary systems and low 16 binary systems of first numerical value;
High 16 binary systems are subjected to decimal system conversion, obtain the first subnumber value;
Low 16 binary systems are subjected to decimal system conversion, obtain the second subnumber value;
Product and the second subnumber value and the third key based on the first subnumber value and the random number are joined Several products calculates and obtains private key parameter.
In above scheme, the method also includes:
If current responder is first order responder, by public key parameter in the third key parameter of the first order responder It is sent to intergrade responder and/or afterbody responder;
If current responder is intergrade responder, by public key parameter in the third key parameter of the intergrade responder It is sent to first order responder and/or afterbody responder;
If current responder is afterbody responder, by public key in the third key parameter of the afterbody responder Parameter is sent to first order responder and/or intergrade responder.
The embodiment of the invention also provides a kind of information processing methods, comprising:
Based on first key parameter, the first median is obtained;
The key application for carrying first median is sent to responder;
Receive the second key parameter of at least two-stage that the responder is returned based on first median;
The second key parameter and the first key parameter based on at least two-stage generate private key.
It is described to be based on first key parameter in above scheme, obtain the first median, comprising:
Using one-way function using the first key parameter as known quantity, the first median is calculated.
It is described to receive the second close of at least two-stage that the responder is returned based on first median in above scheme Key parameter, comprising:
Receive the second key parameter of the first order responder that the responder returns, the second key of intergrade responder Second key parameter of parameter and afterbody responder;
Wherein, the second key parameter of the first order responder is generated based on first median;The first order Second key parameter of responder is for being sent to second level responder;
Second key parameter of the intergrade responder is generated based on the second key parameter of previous stage responder;It is described Second key parameter of intergrade responder is for being sent to rear stage responder;
Second key parameter of the afterbody responder is generated based on the second key parameter of previous stage responder;Institute The second key parameter of afterbody responder is stated for being sent to request end.
In above scheme, second key parameter includes: private key parameter and public key parameter;
Second key parameter based on at least two-stage and the first key parameter generate private key, comprising:
Private key parameter and the first key parameter based on afterbody responder, determine temporary private parameter;
Verify the corresponding relationship of the public key parameter of the temporary private parameter and at least two-stage;
If being verified, determine that the temporary private parameter is private key.
In above scheme, second key parameter includes: public key parameter;
The method also includes:
Obtain the public key parameter of at least the third key parameter of two-stage and at least two-stage;
The third key parameter of public key parameter, identification information and at least two-stage based on at least two-stage generates Public key.
In above scheme, the public key parameter of the acquisition at least two-stage, comprising:
Obtain the public key parameter for at least two-stage being recorded in block chain;The public key ginseng being recorded in block chain Number is the public key parameter passed through after the common recognition verifying of block chain.
In above scheme, the third key parameter of the acquisition at least two-stage, comprising:
It is obtained based at least one responder in first order responder, intergrade responder and afterbody responder Public key parameter in the third key parameter of each responder.
The embodiment of the invention also provides a kind of electronic equipment, comprising:
First receiving module, for receiving the key application of request end transmission, the key application is carried among first Value;First median is that the request end is generated based on the first key parameter;
First generation module generates the second key parameter of at least two-stage for being based on first median;
First sending module, for the second key parameter of at least two-stage to be sent to the request end;It is described extremely Second key parameter of few two-stage and the first key parameter are provided commonly for generating private key for the request end.
The embodiment of the invention also provides a kind of electronic equipment, comprising:
Computing module obtains the first median for being based on first key parameter;
Second sending module, for sending the key application for carrying first median to responder;
Second receiving module, for receiving the second of at least two-stage that the responder is returned based on first median Key parameter;
Second generation module, for based on at least two-stage the second key parameter and the first key parameter, it is raw At private key.
The information processing method of offer described in the embodiment of the present invention, responder receive the key application that request end is sent, institute It states key application and carries the first median;First median is that the request end is raw based on the first key parameter At;Based on first median, the second key parameter of at least two-stage is generated, and not directly generates private key, and private key The second key parameter and first key parameter by request end based on at least two-stage is generated to generate;In this way, responder without The private key of trustship request end is needed, also reduces leakage of the private key in trustship and transmission process without transmission private key in a network Phenomenon reduces because of safety problem caused by revealing.
And in the embodiment of the present invention, due to can be based on the first median, the second key parameter of at least two-stage is generated, That is the second key parameter that the generation of private key is not based on a responder generates, but based at least two ranks Second key parameter of responder generates;Even if in this way, in the responder of at least two ranks part responder be broken or It does evil (such as the leakage of the second key parameter of part), private key is also not easy to be cracked, to further improve the safety of private key Property.
Detailed description of the invention
Fig. 1 is a kind of flow diagram of information processing method provided in an embodiment of the present invention;
Fig. 2 is the block chain structure schematic diagram in one embodiment of the invention;
Fig. 3 is the flow diagram of another information processing method provided in an embodiment of the present invention;
Fig. 4 is a kind of information processing unit schematic diagram provided in an embodiment of the present invention;
Fig. 5 is another information processing unit schematic diagram provided in an embodiment of the present invention;
Fig. 6 is the flow diagram of another information processing method provided in an embodiment of the present invention;
Fig. 7 is the schematic diagram of sign test algorithm signature in one embodiment of the invention;
Fig. 8 is the hardware structural diagram of a kind of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
Lower combination accompanying drawings and embodiments, the present invention will be described in further detail.It should be appreciated that tool described herein Body embodiment is only used to explain the present invention, is not intended to limit the present invention.
Unless otherwise defined, all technical and scientific terms used herein and belong to technical field of the invention The normally understood meaning of technical staff is identical.Term as used herein in the specification of the present invention is intended merely to description tool The purpose of the embodiment of body, it is not intended that in the limitation present invention.Term as used herein "and/or" includes one or more phases Any and all combinations of the listed item of pass.
As shown in Figure 1, the embodiment of the invention provides a kind of information processing methods, comprising:
Step S110: receiving the key application that request end is sent, and the key application carries the first median;Described One median is that the request end is generated based on the first key parameter;
Step S120: being based on first median, generates the second key parameter of at least two-stage;
Step S130: the second key parameter of at least two-stage is sent to the request end;At least two-stage Second key parameter and the first key parameter are provided commonly for generating private key for the request end.
Here, the first key parameter can be the secret value that request end generates at random;The second key parameter packet Include but be not limited to the private key parameter and/or private key parameter of each responder.
Information processing method provided by the embodiment of the present invention is applied to responder;The responder includes at least two-stage Responder;The responder is various types of electronic equipments;The electronic equipment includes terminal, server or communication network Member etc..
In some embodiments, the responder includes N number of key generation centre (KGC);The N is more than or equal to 2 Natural number.
Responder can receive key application from request end, and in embodiments of the present invention, what key application carried is in first Between be worth;First median can be what request end was generated based on first key parameter.The responder receives in first Between be worth after, the second key parameter is generated based on first median, rather than directly generates private key.Second key parameter is used Private key is generated according to the first key parameter and the second key parameter in request end.In this way, responder does not have to management request The private key at end passes through network transmission to request end without by private key, reduces private key caused by trustship and transmission private key and reveal Phenomenon reduces because of safety problem caused by revealing.
And since the responder is the responder for including at least two-stage, the second key parameter of at least two-stage is generated;? That is the second key parameter that the generation of private key is not based on a responder generates, but based on to less than two ranks Second key parameter of responder generates;Even if in this way, the part responder in the responder of at least two ranks be broken or Person does evil (such as the leakage of the second key parameter of part), and private key is also not easy to be cracked, to further improve the peace of private key Quan Xing.
In some embodiments, the step S120, comprising:
If current responder is first order responder, first median is received;Based on first median, generate Second key parameter of the first order responder;Second key parameter of the first order responder is sent to the second level to ring Ying Duan;
If current responder is intergrade responder, the second key parameter of previous stage responder is received;Before described Second key parameter of level-one responder generates the second key parameter of the intergrade responder;The intergrade is responded Second key parameter at end is sent to rear stage responder;
If current responder is afterbody responder, the second key parameter of previous stage responder is received;Based on described Second key parameter of previous stage responder generates the second key parameter of the afterbody responder.
For example, if the responder includes N number of key generation centre;N number of key generation centre is respectively the 1st close Key generate center, the 2nd key generation centre ... the N-1 key generation centre, n-th key generation centre;The N For the natural number more than or equal to 2;Then the 1st key generation centre is first order responder, in 2 keys generation The heart ..., the N-1 key generation centre be intergrade responder;The n-th key generation centre is afterbody Responder.
In some embodiments, second key parameter by at least two-stage is sent to the request end, comprising:
By the second key parameter of the first order responder, the second key parameter of the intergrade responder and described Second key parameter of afterbody responder is sent to the request end.
In one embodiment, the responder includes N number of key generation centre;N number of key generation centre is respectively 1st key generation centre, the 2nd key generation centre ... the N-1 key generation centre, n-th key generate in The heart;1st key generation centre receives the key application that request end is sent, and carries the first median in the key application XA;And it is based on the XA, generate the second key parameter (PA of the 1st key generation centre1、z1);2nd key Generation center receives the (PA that the 1st key generation centre is sent1、z1);Based on (the PA1、z1), generate the 2nd key Second key parameter (the PA at generation center2、z2);And (the PA by described in2、z2) it is sent to the 3rd key generation centre;Successively class It pushes away;The N-1 key generation centre receives the (PA that the N-2 key generation centre is sentN-2、zn-2);Based on described (PAN-2、zn-2) generate the N-1 key generation centre the second key parameter (PAN-1、zn-1);And (the PA by described inN-1、zn-1) Send a n-th key generation centre;The n-th key generation centre receives the N-1 key and generates transmission (PAN-1、zn-1);Based on (the PAN-1、zn-1) generate the second key parameter (PA of the n-th key generation centren、zn); Wherein, the PA1、PA2、……PAN-1、PANFor the public key parameter in second key parameter;The z1、z2、……zn-1、 znFor the private key parameter of second key parameter;1st key generation centre, the 2nd key generation centre ... N-1 key generation centre, n-th key generation centre are respectively by PA1、PA2、……PAN-1、PANIt is sent to the request end; The n-th key generation centre is by the znIt is sent to the request end.
In another embodiment, the responder includes N number of key generation centre;N number of key generation centre difference For the 1st key generation centre, the 2nd key generation centre ... the N-1 key generation centre, n-th key generate in The heart;1st key generation centre receives the key application that request end is sent, and carries the first median in the key application XA;And it is based on the XA, generate the second key parameter (PA of the 1st key generation centre1、z1);2nd key Generation center receives the (PA that the 1st key generation centre is sent1、z1);Based on (the PA1、z1), generate the 2nd key Second key parameter (the PA at generation center2、z2);And (the PA by described in1、PA2、z2) it is sent to the 3rd key generation centre;Successively Analogize;The N-1 key generation centre receives the (PA that the N-2 key generation centre is sent1、PA2、……PAN-2、zN-2); Based on (the PAN-2、zn-2) generate the N-1 key generation centre the second key parameter (PAN-1、zn-1);And it will be described (PA1、PA2、……PAN-2、PAN-1、zn-1) send a n-th key generation centre;The n-th key generation centre receives institute It states the N-1 key and generates (the PA sent1、PA2、……PAn-2、PAN-1、zn-1);Based on (the PAN-1、zn-1) described in generation Second key parameter (PA of n-th key generation centreN、zn);Wherein, the PA1、PA2、……PAN-1、PANIt is described second Public key parameter in key parameter;The z1、z2、……zn-1、znFor the private key parameter of second key parameter;The N A key generation centre is by (PA1、PA2、……PAN-1、PAN、zn) it is sent to the request end.
In some embodiments, the responder also receives the identification information of user, the identification information be used for it is described Public key parameter in second key parameter is provided commonly for generating cryptographic Hash;Based on the cryptographic Hash, the second key ginseng is generated Several private key parameters.
The embodiment of the present invention, the key for constructing a multiple response end generate system, can be generated based on multiple responders Multiple second key parameters, and the second key parameter of the latter responder is based on previous response in plurality of responder The cipher generating parameter at end and generate, and private key is that the second key parameter based on all responders could generate;In this way, working as Part of responder is done evil or the second cipher generating parameter of part responder is leaked, and the private key is also not easy to be broken Solution.In this way, generating system using the key at the multiple response end of the embodiment of the present invention, can have a certain number of responders of tolerance The case where being broken can greatly improve the safety of private key.
In some applications, the key at the multiple response end generates system and can be applicable in block chain, can solve alliance The excessively too fat to move problem of CA certificate system in chain.
For example, in some embodiments, second key parameter includes: public key parameter;The method also includes: by institute After the common recognition verifying that the public key parameter for stating at least two-stage passes through block chain, it is recorded in block chain.
In embodiments of the present invention, it can be verified by common recognition, so that each of described public key gain of parameter block chain The trust of node.And the key parameter is recorded in block chain, it can make any one node can be from block chain The middle public key parameter for obtaining the corresponding each KGC (i.e. responder) of user;In this way, multi-party operator can be made not need respectively The public key parameter for saving the corresponding each KGC of each user, can save storage resource;Simultaneously as being to have used reality of the present invention The key for applying the multiple response end in example generates system instead of CA certificate system in alliance's chain, so as to solve CA in alliance's chain The excessively too fat to move problem of certificate system.
In some embodiments, the method also includes: if current responder is first order responder, by the first order Public key parameter is sent to intergrade responder and/or afterbody responder in the third key parameter of responder;
If current responder is intergrade responder, by public key parameter in the third key parameter of the intergrade responder It is sent to first order responder and/or afterbody responder;
If current responder is afterbody responder, by public key in the third key parameter of the afterbody responder Parameter is sent to first order responder and/or intergrade responder.
In embodiments of the present invention, each node in block chain can obtain the corresponding responder of other nodes (such as KGC public key parameter) may make the public key parameter of each KGC that can share;In this way, be conducive to some node fetching portion or Person's whole KGC encrypts, decrypts and/or the operations such as signature authentication.
In practical applications, system is generated using the key at above-mentioned multiple response end replace existing CA system.Such as Fig. 2 institute Show, may include several tissues in alliance's chain using node as basic unit in alliance's chain, each tissue may include several A node;Wherein, a tissue may include a KGC.It includes KGC that the key at the multiple response end, which generates system,1、KGC2With KGC3;The KGC1, the KGC2With the KGC3It is connect respectively with multiple node Peer.Apply the multiple response in block chain The key at end generate the information processing method of system the following steps are included:
Step S1: block catenary system initial phase;
Specifically, each tissue starts respective KGC;Share Your Majesty's key using credible means between the KGC.Each node Main private key in identification information ID and respective third key parameter of the peer based on registration generates the second key parameter.Its In, second key parameter includes public key parameter and private key parameter;The third key parameter includes Your Majesty's key and main private key.
In an alternative embodiment, the part public key parameter write-in wound generation block of lower node will be organized belonging to each KGC.
Step S2: endorsement link;
Specifically, node is initiated to be packaged transaction message;And signed using the private key parameter, described in acquisition Signature result;The identity, the transaction message, the public key parameter, the signature result are sent to endorsement node. The endorsement node executes sign test algorithm, and the simulation traded if sign test passes through executes, and implementing result is returned to described Initiate node;If it is determined that after the initiation node receives the transaction message that enough endorsement nodes pass through, by the transaction Ordering joint is issued in the encapsulation of message.
In an alternative embodiment, the initiation node does not send public key parameter;The endorsement node passes through block chain Original block message obtains the public key parameter.
Step S3: sequence link;
Specifically, the ordering joint is ranked up all effective transaction in time window, goes out block;Use negative entropy algorithm All nodes block message being broadcast in block chain.
Step S4: confirmation link.
Specifically, all node verifications, record and confirm transaction in block message, block chain is written into the transaction, and Update account book state.
In some embodiments, second key parameter includes: private key parameter;
The step S120, comprising:
The identification information that acquisition request end is sent;
Generate random number and third key parameter;
Based on first median, the identification information and the random number, cryptographic Hash is generated;
Using first function using the cryptographic Hash, the random number and the third key parameter as known quantity, calculating is obtained Obtain private key parameter.
Wherein, described to be based on first median, the identification information and the random number, generate one kind of cryptographic Hash It is achieved in that: the public key parameter of the second key parameter can be generated based on first intermediate parameters and the random number; Cryptographic Hash is generated based on the public key parameter of the identification information and second key parameter.
Here, the cryptographic Hash can concatenating for the identification information and the public key parameter of second key parameter. For example, the ID is 1212, the public key parameter of second key parameter is 21345;Then the cryptographic Hash is 121221345.
It in embodiments of the present invention, is the public key parameter for utilizing the identification information and the second key parameter of user, it is common raw At the private key parameter of the second key, i.e., the identification information of user can be substantially reduced together with the public key Wire Parameters The case where public key replacement attack, personation identity attack and forgery attack, occurs.
In one embodiment, described to be joined using first function with the cryptographic Hash, the random number and the third key Number is known quantity, calculates and obtains private key parameter, comprising:
The cryptographic Hash is subjected to Binary Conversion, obtains 32 the first numerical value;
Obtain high 16 binary systems and low 16 binary systems of first numerical value;
High 16 binary systems are subjected to decimal system conversion, obtain the first subnumber value;
Low 16 binary systems are subjected to decimal system conversion, obtain the second subnumber value;
Product and the second subnumber value and the third key based on the first subnumber value and the random number are joined Several products calculates and obtains private key parameter.
For example, the cryptographic Hash is 220Binary Conversion is carried out, obtains 32 the first numerical value are as follows: 0000000000010 0000000000000000000;Obtain high 16 binary systems of first numerical value are as follows: 0000000000010000, Yi Jisuo State low 16 binary systems of the first numerical value are as follows: 0000000000000000;High 16 binary systems are subjected to decimal system conversion, Obtain the first subnumber value are as follows: 16;Low 16 binary systems are subjected to decimal system conversion, obtain the second subnumber value are as follows: 0;Here, It is 0 since the second subnumber value is 0, then the second subnumber value and the product of the third key parameter;It is described to be based on institute The product of the first subnumber value and the random number and the product of the second subnumber value and the third key parameter are stated, is calculated Obtaining private key parameter is that the product based on the first subnumber value and the random number calculates acquisition private key parameter.
In the present embodiment, cryptographic Hash can be carried out to high 16 binary systems and low 16 binary fractionations, be based on High 16 binary systems carry out the first subnumber value that decimal system conversion obtains and low 16 binary systems carry out decimal system conversion second It is calculated;In this way, providing a kind of algorithm for obtaining private key parameter, while the algorithm comparison is simply easily realized, can simplify The calculating of private key parameter.And due to the embodiment of the present invention be using based on the first subnumber value and the random number product and The product of the second subnumber value and third key parameter calculates and obtains the private key parameter;And this kind of calculation and ellipse The calculating formula of curve is related, if the acquisition of first median is that the generation member based on elliptic curve utilizes singly for known quantity What line function obtained, then this kind of calculation matches with elliptic curve, can advanced optimize algorithm, is promoted and calculates effect Rate.
As shown in figure 3, the embodiment of the invention provides a kind of information processing methods, comprising:
Step S210: being based on first key parameter, obtains the first median;
Step S220: the key application for carrying first median is sent to responder;
Step S230: the second key ginseng for at least two-stage that the responder is returned based on first median is received Number;
Step S240: the second key parameter and the first key parameter based on at least two-stage generate private key.
Information processing method provided by the embodiment of the present invention is applied to request end;The request end is various types of Electronic equipment;The electronic equipment includes terminal, server or communication network element etc..
Wherein, the first key parameter is that the request end generates random parameter, and the random parameter is secret value.
In embodiments of the present invention, request end can generate first key parameter at random, be based on the first key parameter Obtain the first median;Make responder that can generate the second key parameter from based on first median, rather than directly generates private Key;The private key is still to be based on first key parameter generation and the generation of the second key parameter by the request end.In this way, Request end has absolute generation administration authority to the private key, and responder does not have to the private key of management request end, without will be private Key, to request end, is reduced private key leakage phenomenon caused by trustship and transmission private key, reduced because of leakage by network transmission Caused safety problem.
And in embodiments of the present invention, it due to being the second key parameter for obtaining at least two-stage that responder returns, is based on Second key parameter of at least two-stage and the first key parameter are to generate private key;Even if in this way, at least two-stage The second key parameter of part of the second key parameter be leaked, private key is also not easy to be cracked, to further improve private The safety of key.
In some embodiments, the step S210, comprising:
Using one-way function using the first key parameter as known quantity, the first median is calculated.
The first median is transmitted in a network in order to prevent, after having been got by illegal end, in first Between be worth and obtain the function of first median and voluntarily derive first key parameter, then by intercepting the second key parameter The phenomenon that deriving the private key of request end, in the present embodiment, the first function are one-way function.
One-way function is also referred to as injective function, and one-way function has a characteristic that
For each input, functional value is all easy to calculate (polynomial time), but provides the letter of a stochastic inputs Numerical value, calculating are originally inputted relatively difficult (can not calculate in polynomial time using deterministic Turng machine).Even if in this way, The second key parameter and the one-way function have been taken in illegal end, derive that the difficulty of the first key parameter is also very big , in this way, considerably increasing the difficulty that first key parameter is cracked, the risk that private key is leaked is reduced, private key is improved Safety.
In some embodiments, the step S230, comprising:
Receive the second key parameter of the first order responder that the responder returns, the second key of intergrade responder Second key parameter of parameter and afterbody responder;
Wherein, the second key parameter of the first order responder is generated based on first median;The first order Second key parameter of responder is for being sent to second level responder;
Second key parameter of the intergrade responder is generated based on the second key parameter of previous stage responder;It is described Second key parameter of intergrade responder is for being sent to rear stage responder;
Second key parameter of the afterbody responder is generated based on the second key parameter of previous stage responder;Institute The second key parameter of afterbody responder is stated for being sent to request end.
Wherein, the second key parameter, the intergrade responder for receiving the first order responder that the responder returns The second key parameter and one kind of last and responder the second key parameter be achieved in that: rung from the afterbody Ying Duan receives the second key parameter of the first order responder, the second key parameter of the intergrade responder and institute State the second key parameter of afterbody responder.
The second of second key parameter for receiving the first order responder that the responder returns, intergrade responder The another kind of key parameter and last and responder the second key parameter is achieved in that: being responded and is terminated from the first order The second key parameter for receiving the first order responder receives the second of the intergrade responder from the intergrade responder Key parameter receives the second key parameter of the afterbody responder from the afterbody responder.
In embodiments of the present invention, the second key parameter of each responder is all based on the second key of previous responder Parameter generates;Even if being also not readily available private key in this way, the second key parameter for working as part of responder is leaked, thus The difficulty for cracking private key can be greatly improved, the safety of private key is improved.
In some embodiments, second key parameter includes: private key parameter and public key parameter;
Second key parameter based on at least two-stage and the first key parameter generate private key, comprising:
Private key parameter and the first key parameter based on afterbody responder, determine temporary private parameter;
Verify the corresponding relationship of the public key parameter of the temporary private parameter and at least two-stage;
If being verified, determine that the temporary private parameter is private key.
It after request end obtains public key parameter and private key parameter, needs to verify public key and private key, reduces request Not the phenomenon that key pair that end and/or responder generate caused by the mistake in key generation process is not available.In this way, at this In embodiment, the verifying relationship of the private key and public key can be verified, to obtain correct private key.
In further embodiments, the method also includes: obtain at least the third key parameter of two-stage and it is described extremely The public key parameter of few two-stage;
The third key parameter of public key parameter, identification information and at least two-stage based on at least two-stage generates Public key.
Here, the third key parameter includes: public key parameter and private key parameter;The public key of the third key parameter is joined Number is Your Majesty's key of responder;The private key parameter of the third key parameter is the main private key of the responder;Your Majesty's key Other responders or request end are disclosed;For example, Your Majesty's key is recorded in block chain in block catenary system;It is described Main private key does not disclose other responders and request end.
In embodiments of the present invention, request end and it is indirect from responder obtain public key, but be based on the second key parameter Public key parameter and identification information obtain;In this way, may be implemented to hide the certification to client public key, only identification information automatically Just there is public key corresponding with the private key for the user of specific identification information.
In some embodiments, the method also includes: message is encrypted based on the public key;It obtains encrypted Ciphertext.
In further embodiments, the method also includes: ciphertext is decrypted based on the private key;The ciphertext is The message encrypted using the corresponding public key of the private key.
In some embodiments, the public key parameter of the acquisition at least two-stage, comprising:
Obtain the public key parameter for at least two-stage being recorded in block chain;The public key ginseng being recorded in block chain Number is the public key parameter passed through after the common recognition verifying of block chain.
For example, being applied in block chain when the key at the multiple response end generates system, if responder is by its second key In block chain, the request end can obtain the second of multiple response end generation from block chain for public key reference record in parameter Public key parameter in key parameter;It so, it is possible so that system saving memory space, can simplify the behaviour for obtaining public key parameter Make.
In some embodiments, the third key parameter of the acquisition at least two-stage, comprising:
It is obtained based at least one responder in first order responder, intergrade responder and afterbody responder Public key parameter in the third key parameter of each responder.
In embodiments of the present invention, the public key parameter of the third key parameter of each responder be can be disclosed;Institute It, can be by the way that each third key of shared realization between each nodal information be joined when to state responder be each node in block catenary system Several public key parameters it is shared so that the request end can be based only upon one or several responders obtain public key parameters with And private key parameter, to further simplify the operation for obtaining public key and private key.
As shown in figure 4, the embodiment of the invention also provides a kind of electronic equipment, comprising:
First receiving module 31, for receiving the key application of request end transmission, the key application is carried in first Between be worth;First median is that the request end is generated based on the first key parameter;
First generation module 32 generates the second key parameter of at least two-stage for being based on first median;
First sending module 33, for the second key parameter of at least two-stage to be sent to the request end;It is described At least the second key parameter of two-stage and the first key parameter are provided commonly for generating private key for the request end.
Electronic equipment described in the embodiment of the present invention corresponds to responder above-mentioned.
In some embodiments, first generation module 32 receives if being first order responder for current responder First median;Based on first median, the second key parameter of the first order responder is generated;By described Second key parameter of level-one responder is sent to second level responder;
If current responder is intergrade responder, the second key parameter of previous stage responder is received;Before described Second key parameter of level-one responder generates the second key parameter of the intergrade responder;The intergrade is responded Second key parameter at end is sent to rear stage responder;
If current responder is afterbody responder, the second key parameter of previous stage responder is received;Based on described Second key parameter of previous stage responder generates the second key parameter of the afterbody responder.
In some embodiments, first sending module 33, for joining the second key of the first order responder Second key parameter of the second key parameter of several, the described intergrade responder and the afterbody responder is sent to described Request end.
In some embodiments, second key parameter includes: public key parameter;
The electronic equipment further include: first processing module 34, for the public key parameter of at least two-stage to be led to It crosses after the common recognition verifying of block chain, is recorded in block chain.
In some embodiments, first sending module 33 will if being also used to current responder is first order responder Public key parameter is sent to intergrade responder and/or afterbody response in the third key parameter of the first order responder End;If current responder is intergrade responder, public key parameter in the third key parameter of the intergrade responder is sent To first order responder and/or afterbody responder;If current responder is afterbody responder, by the afterbody Public key parameter is sent to first order responder and/or intergrade responder in the third key parameter of responder.
In some embodiments, second key parameter includes: private key parameter;
First generation module 32 is also used to the identification information of acquisition request end transmission;Generate random number and third Key parameter;Based on first median, the identification information and the random number, cryptographic Hash is generated;Utilize first function Using the cryptographic Hash, the random number and the third key parameter as known quantity, calculates and obtain private key parameter.
In some embodiments, first generation module 32 is also used to the cryptographic Hash carrying out Binary Conversion, obtain Obtain 32 the first numerical value;Obtain high 16 binary systems and low 16 binary systems of first numerical value;It will be described 16 high Binary system carries out decimal system conversion, obtains the first subnumber value;Low 16 binary systems are subjected to decimal system conversion, obtain second Subnumber value;Product and the second subnumber value and the third key based on the first subnumber value and the random number are joined Several products calculates and obtains private key parameter.
As shown in figure 5, the embodiment of the present invention also provides a kind of electronic equipment, comprising:
Computing module 41 obtains the first median for being based on first key parameter;
Second sending module 42, for sending the key application for carrying first median to responder;
Second receiving module 43, for receiving the of at least two-stage that the responder is returned based on first median Two key parameters;
Second generation module 44, for based on at least two-stage the second key parameter and the first key parameter, Generate private key.
Electronic equipment described in the embodiment of the present invention corresponds to request end above-mentioned.
In some embodiments, the computing module 41, for utilizing one-way function with the first key parameter for The first median is calculated in the amount of knowing.
In some embodiments, second receiving module, the first order responder returned for receiving the responder The second key parameter, the second key parameter of intergrade responder and the second key parameter of afterbody responder;
Wherein, the second key parameter of the first order responder is generated based on first median;The first order Second key parameter of responder is for being sent to second level responder;
Second key parameter of the intergrade responder is generated based on the second key parameter of previous stage responder;It is described Second key parameter of intergrade responder is for being sent to rear stage responder;
Second key parameter of the afterbody responder is generated based on the second key parameter of previous stage responder;Institute The second key parameter of afterbody responder is stated for being sent to request end.
In some embodiments, second key parameter includes: private key parameter and public key parameter;
Second generation module 44, for private key parameter and first key ginseng based on afterbody responder Number, determines temporary private parameter;
Verify the corresponding relationship of the public key parameter of the temporary private parameter and at least two-stage;
If being verified, determine that the temporary private parameter is private key.
In some embodiments, second key parameter includes: public key parameter;
Second receiving module 42, for obtaining the third key parameter of at least two-stage and the institute of at least two-stage State public key parameter;
Second generation module 44, for based on at least two-stage public key parameter, identification information and it is described at least The third key parameter of two-stage generates public key.
In some embodiments, second receiving module 42 is also used to obtain at least two-stage being recorded in block chain The public key parameter;The public key parameter being recorded in block chain is by the public key parameter after the common recognition verifying of block chain.
In some embodiments, second receiving module 42 is also used to based on first order responder, intergrade responder And at least one responder in afterbody responder obtains public key parameter in the third key parameter of each responder.
A specific example is provided below in conjunction with above-mentioned any embodiment:
Three algorithms involved in this programme: system initialization algorithm, private key generating algorithm, public key generating algorithm.Such as Fig. 6 Shown, the method that this example provides may include following steps:
S21. system initialization:
(1) it is equipped with N number of KGC;N number of KGC uses unified elliptic curve parameter { E, G, n };Wherein, the E:y2= x3+ ax+b is finite field FqOn elliptic curve;N is prime number;G is a n rank basic point on E;h0(),h1()...hm() is One group { 0,1 }*Hash (hash) function of → [1, n-1];Wherein, the m is the positive integer more than or equal to 1.
(2) N number of KGC generates respective Your Majesty's key PiWith main private key si;The siIt is underground, the PiIt is open;Its In, the i is the positive integer more than or equal to 1;N number of KGC includes: KGC1、KGC2、……、KGCN;The N be greater than or Positive integer equal to 2.
Here, Your Majesty's key is the public key parameter of the third key parameter in above-described embodiment;The main private key is upper State the private key parameter of the third key parameter in embodiment.
Step S22. private key generates:
(1) identification information is that the user subject A of ID generates secret value x at randomAIt (based on open parameter n), calculates oval bent Point X on lineA=xA* G, by described ID, XAIt is sent to KGC1
Here, the xAFor the first key parameter in above-described embodiment;The XAAmong first in above-described embodiment Value.
(2)KGC1Receive (ID, XA) after, examine its legitimacy;If it is determined that (ID, the XA) legal, y is generated at random1;Meter Calculate Point on Elliptic Curve PA1=XA+y1*G;Calculate abstract e1=h (ID | | PA1), by e1It splits and calculates z1=e1[0:15]*y1+ e1[16:31]*s1;By the PA1, the ID and the z1It is sent to KGC2
Here, described " | | " indicates the concatenation of data;The e1=h (ID | | PA1) indicate to concatenate PA behind the ID1
Here, the y1For the random number of above-described embodiment.
Here, the e1[0:15] indicates the e1After being converted to 32 binary systems, extract this 32 binary high by 16 Position binary system, the decimal number obtained based on high 16 binary systems;The e1[16:31] indicates the e1Be converted to 32 Binary system after, extract this 32 binary low 16 binary systems, the decimal number obtained based on low 16 binary systems.
Here, the PA1For the public key parameter of the second key parameter in above-described embodiment;The z1For above-described embodiment In the second key parameter private key parameter.It is understood that the PA1It may be considered part public key;The z1It can recognize To be part private key.
(3) KGC2Receive the PA1, the ID and the z1;And y is generated at random2;Calculate PA2=PA1+y2*G;Meter Calculate abstract e2=h (ID | | PA2), by e2It splits and calculates z2=z1+e2[0:15]*y2+e2[16:31]*s2, and by { PA1, PA2}、 The ID and z2It is sent to subsequent KGC3
Here, the y2For the random number of above-described embodiment.
Here, the e2[0:15] indicates the e2After being converted to 32 binary systems, extract this 32 binary high by 16 Position binary system, the decimal number obtained based on high 16 binary systems;The e2[16:31] indicates the e2Be converted to 32 Binary system after, extract this 32 binary low 16 binary systems, the decimal number obtained based on low 16 binary systems.
Here, the PA2For the public key parameter of the second key parameter in above-described embodiment;The z2For above-described embodiment In the second key parameter private key parameter.It is understood that the PA2It may be considered part public key;The z2It can recognize To be part private key.
(4), to the last KGCNReceive KGCN-1{ the PA sent1, PA2..., PAN-1, the ID and The zn-1;And y is generated at randomn;Calculate PAN=PAN-1+yn*G;Calculate abstract en=h (ID | | PAN);By enIt splits and calculates zn =zn-1+en[0:15]*yn+en[16:31]*sn;And by { PA1, PA2..., PANAnd the znIt is sent to user subject A.
Here, the ynFor the random number of above-described embodiment.
Here, the en[0:15] indicates the enAfter being converted to 32 binary systems, extract this 32 binary high by 16 Position binary system, the decimal number obtained based on high 16 binary systems;The en[16:31] indicates the enBe converted to 32 Binary system after, extract this 32 binary low 16 binary systems, the decimal number obtained based on low 16 binary systems.
Here, the PANFor the public key parameter of the second key parameter in above-described embodiment;The znFor above-described embodiment In the second key parameter private key parameter.It is understood that the PANIt may be considered part public key;The znIt can recognize To be part private key.
(5) user receives { PA1, PA2..., PANAnd the znAfterwards, e is calculatedi=h (ID | | PAi), then verifyIf the formula is verified, obtain user's Private key dA=e1[0:15]*xA+zn
S23. public key generates:
Obtain the public key parameter { PA of N number of KGC1, PA2..., PANAnd N number of KGC Your Majesty's key { P1, P2..., PN};Calculate abstract ei=h (ID | | PAi);Calculate public key:
In practical applications, can by above scheme can using in key signature.For example, user subject A uses private key dA =e1[0:15]*xA+znIt signs to message msg, signature value sig can be obtained based on above-mentioned elliptic curve parameter;It is described User subject A is by the sig, the ID, the msg and { PA1, PA2..., PANIt is sent to user subject B;User subject B Receive the sig, the ID, the msg and { PA1, PA2..., PAN, calculate abstract ei=h (ID | | PAi);Then it counts It calculatesAnd use standard sign test proof of algorithm signature verify (sig, msg, QA);The standard sign test algorithm is as shown in Figure 7.
In further embodiments, above scheme can also be applied to encrypt, in decipherment algorithm.For example, user subject B is obtained Part public key { the PA of user subject A1, PA2..., PAN};Actual public key Q is calculated based on the part public keyA;User subject B is used The actual public key of family entity A encrypts message sig;And the ciphertext encrypted is sent to user subject A;User subject A can be based on described The private key d of itselfA=e1[0:15]*xA+znThe ciphertext is decrypted.
It need to be noted that: the description of following electronic equipment and storage medium is retouched with above- mentioned information processing method item It is similar for stating, and the beneficial effect with method describes, and is not repeated them here.For undisclosed skill in electronic equipment embodiment of the present invention Art details please refers to the description of information processing method embodiment of the present invention and understands.
As described in Figure 8, the embodiment of the invention discloses a kind of electronic equipment, the electronic equipment includes: that the electronics is set Standby includes: processor 51, communication interface 52 and memory 53;Wherein,
The overall operation of the usual controlling terminal equipment of the processor 51 or the network equipment.
Communication interface 52 can make terminal device or the network equipment pass through network and other terminals or server communication.
Memory 53 is configured to store the instruction and application that can be performed by processor 51, can also cache device 51 to be processed with And in terminal each module it is to be processed or processed data (for example, image data, audio data, voice communication data and view Frequency communication data), it can be real by flash memory (FLASH) or random access storage device (Random Access Memory, RAM) It is existing.
It is understood that processor 51 described herein may be a kind of IC chip, the processing with signal Ability.During realization, each step of the above method can by the integrated logic circuit of the hardware in processor 51 or The instruction of software form is completed.The storage medium is located at memory 53, and processor 51 reads the information in memory 53, in conjunction with it Hardware completes the step of above method.
Further embodiment of this invention provides a kind of computer storage medium, which has can Program is executed, it can be achieved that being applied to the information processing method of the electronic equipment when executable code processor executes The step of.For example, such as one or more of Fig. 1, Fig. 3, method shown in fig. 6.
In several embodiments provided herein, it should be understood that disclosed device and method can pass through it Its mode is realized.Apparatus embodiments described above are merely indicative, for example, the division of the unit, only A kind of logical function partition, there may be another division manner in actual implementation, such as: multiple units or components can combine, or It is desirably integrated into another system, or some features can be ignored or not executed.In addition, shown or discussed each composition portion Mutual coupling or direct-coupling or communication connection is divided to can be through some interfaces, the INDIRECT COUPLING of equipment or unit Or communication connection, it can be electrical, mechanical or other forms.
Above-mentioned unit as illustrated by the separation member, which can be or may not be, to be physically separated, aobvious as unit The component shown can be or may not be physical unit, it can and it is in one place, it may be distributed over multiple network lists In member;Some or all of units can be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
In addition, each functional unit in various embodiments of the present invention can be fully integrated into a processing module, it can also To be each unit individually as a unit, can also be integrated in one unit with two or more units;It is above-mentioned Integrated unit both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.This Field those of ordinary skill, which is understood that, realizes that all or part of the steps of above method embodiment can be by program instruction phase The hardware of pass is completed, and program above-mentioned can be stored in a computer readable storage medium, which when being executed, holds Row step including the steps of the foregoing method embodiments;And storage medium above-mentioned include: movable storage device, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. it is various It can store the medium of program code.
Disclosed method in several embodiments of the method provided herein, in the absence of conflict can be any group It closes, obtains new embodiment of the method.
Disclosed feature in several product embodiments provided herein, in the absence of conflict can be any group It closes, obtains new product embodiments.
Disclosed feature in several methods provided herein or apparatus embodiments, in the absence of conflict can be with Any combination obtains new embodiment of the method or apparatus embodiments.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (10)

1. a kind of information processing method, comprising:
The key application that request end is sent is received, the key application carries the first median;First median is institute Request end is stated to generate based on the first key parameter;
Based on first median, the second key parameter of at least two-stage is generated;
Second key parameter of at least two-stage is sent to the request end;Second key parameter of at least two-stage and The first key parameter is provided commonly for generating private key for the request end.
2. generating the second key ginseng of at least two-stage according to the method described in claim 1, described be based on first median Number, comprising:
If current responder is first order responder, first median is received;Based on first median, described in generation Second key parameter of first order responder;Second key parameter of the first order responder is sent to second level response End;
If current responder is intergrade responder, the second key parameter of previous stage responder is received;Based on the previous stage Second key parameter of responder generates the second key parameter of the intergrade responder;By the intergrade responder Second key parameter is sent to rear stage responder;
If current responder is afterbody responder, the second key parameter of previous stage responder is received;Based on described previous Second key parameter of grade responder, generates the second key parameter of the afterbody responder.
3. according to the method described in claim 1, second key parameter includes: public key parameter;
The method also includes:
After the common recognition verifying that the public key parameter of at least two-stage is passed through block chain, it is recorded in block chain.
4. according to the method described in claim 1, second key parameter includes: private key parameter;
It is described to be based on first median, generate the second key parameter of at least two-stage, comprising:
The identification information that acquisition request end is sent;
Generate random number and third key parameter;
Based on first median, the identification information and the random number, cryptographic Hash is generated;
Using first function using the cryptographic Hash, the random number and the third key parameter as known quantity, calculates and obtain private Key parameter.
5. according to the method described in claim 4, it is described using first function with the cryptographic Hash, the random number and described the Three key parameters are known quantity, calculate and obtain private key parameter, comprising:
The cryptographic Hash is subjected to Binary Conversion, obtains 32 the first numerical value;
Obtain high 16 binary systems and low 16 binary systems of first numerical value;
High 16 binary systems are subjected to decimal system conversion, obtain the first subnumber value;
Low 16 binary systems are subjected to decimal system conversion, obtain the second subnumber value;
Product and the second subnumber value and the third key parameter based on the first subnumber value and the random number Product calculates and obtains private key parameter.
6. a kind of information processing method, comprising:
Based on first key parameter, the first median is obtained;
The key application for carrying first median is sent to responder;
Receive the second key parameter of at least two-stage that the responder is returned based on first median;
The second key parameter and the first key parameter based on at least two-stage generate private key.
7. according to the method described in claim 6, the reception responder is returned at least based on first median Second key parameter of two-stage, comprising:
Receive the second key parameter of the first order responder that the responder returns, the second key parameter of intergrade responder And the second key parameter of afterbody responder;
Wherein, the second key parameter of the first order responder is generated based on first median;The first order response Second key parameter at end is for being sent to second level responder;
Second key parameter of the intergrade responder is generated based on the second key parameter of previous stage responder;The centre Second key parameter of grade responder is for being sent to rear stage responder;
Second key parameter of the afterbody responder is generated based on the second key parameter of previous stage responder;It is described most Second key parameter of rear stage responder is for being sent to request end.
8. according to the method described in claim 6, second key parameter includes: private key parameter and public key parameter;
Second key parameter based on at least two-stage and the first key parameter generate private key, comprising:
Private key parameter and the first key parameter based on afterbody responder, determine temporary private parameter;
Verify the corresponding relationship of the public key parameter of the temporary private parameter and at least two-stage;
If being verified, determine that the temporary private parameter is private key.
9. a kind of electronic equipment, comprising:
First receiving module, for receiving the key application of request end transmission, the key application carries the first median;Institute Stating the first median is that the request end is generated based on the first key parameter;
First generation module generates the second key parameter of at least two-stage for being based on first median;
First sending module, for the second key parameter of at least two-stage to be sent to the request end;Described at least two Second key parameter of grade and the first key parameter are provided commonly for generating private key for the request end.
10. a kind of electronic equipment, comprising:
Computing module obtains the first median for being based on first key parameter;
Second sending module, for sending the key application for carrying first median to responder;
Second receiving module, for receiving the second key of at least two-stage that the responder is returned based on first median Parameter;
Second generation module, for based on at least two-stage the second key parameter and the first key parameter, generate private Key.
CN201910472125.7A 2019-05-31 2019-05-31 Information processing method and electronic equipment Active CN110266478B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910472125.7A CN110266478B (en) 2019-05-31 2019-05-31 Information processing method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910472125.7A CN110266478B (en) 2019-05-31 2019-05-31 Information processing method and electronic equipment

Publications (2)

Publication Number Publication Date
CN110266478A true CN110266478A (en) 2019-09-20
CN110266478B CN110266478B (en) 2021-05-18

Family

ID=67916307

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910472125.7A Active CN110266478B (en) 2019-05-31 2019-05-31 Information processing method and electronic equipment

Country Status (1)

Country Link
CN (1) CN110266478B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995443A (en) * 2019-12-02 2020-04-10 联想(北京)有限公司 Data processing method and device
CN111222879A (en) * 2019-12-31 2020-06-02 航天信息股份有限公司 Certificateless authentication method and certificateless authentication system suitable for alliance chain

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1655498A (en) * 2004-02-10 2005-08-17 管海明 Multi-center identity-based key management method
CN101166088A (en) * 2007-09-27 2008-04-23 航天信息股份有限公司 Encryption and decryption method based on user identity identifier
CN101562519A (en) * 2009-05-27 2009-10-21 广州杰赛科技股份有限公司 Digital certificate management method of user packet communication network and user terminal for accessing into user packet communication network
CN103795534A (en) * 2012-10-31 2014-05-14 三星Sds株式会社 Password-based authentication method and apparatus executing the method
CN104539423A (en) * 2014-12-16 2015-04-22 熊荣华 Achievement method of certificate-less public key cryptosystem without bilinear pairing operation
CN104935582A (en) * 2015-05-27 2015-09-23 成都华西公用医疗信息服务有限公司 Big data storage method
US9614673B2 (en) * 2014-05-08 2017-04-04 Samsung Electronics Co., Ltd. Method of managing keys and electronic device adapted to the same
CN107248909A (en) * 2017-03-16 2017-10-13 北京百旺信安科技有限公司 It is a kind of based on SM2 algorithms without Credential-Security endorsement method
CN107317789A (en) * 2016-04-27 2017-11-03 华为技术有限公司 Key distribution, authentication method, apparatus and system
CN109672539A (en) * 2019-03-01 2019-04-23 深圳市电子商务安全证书管理有限公司 SM2 algorithm collaboration signature and decryption method, apparatus and system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1655498A (en) * 2004-02-10 2005-08-17 管海明 Multi-center identity-based key management method
CN101166088A (en) * 2007-09-27 2008-04-23 航天信息股份有限公司 Encryption and decryption method based on user identity identifier
CN101562519A (en) * 2009-05-27 2009-10-21 广州杰赛科技股份有限公司 Digital certificate management method of user packet communication network and user terminal for accessing into user packet communication network
CN103795534A (en) * 2012-10-31 2014-05-14 三星Sds株式会社 Password-based authentication method and apparatus executing the method
US9614673B2 (en) * 2014-05-08 2017-04-04 Samsung Electronics Co., Ltd. Method of managing keys and electronic device adapted to the same
CN104539423A (en) * 2014-12-16 2015-04-22 熊荣华 Achievement method of certificate-less public key cryptosystem without bilinear pairing operation
CN104935582A (en) * 2015-05-27 2015-09-23 成都华西公用医疗信息服务有限公司 Big data storage method
CN107317789A (en) * 2016-04-27 2017-11-03 华为技术有限公司 Key distribution, authentication method, apparatus and system
CN107248909A (en) * 2017-03-16 2017-10-13 北京百旺信安科技有限公司 It is a kind of based on SM2 algorithms without Credential-Security endorsement method
CN109672539A (en) * 2019-03-01 2019-04-23 深圳市电子商务安全证书管理有限公司 SM2 algorithm collaboration signature and decryption method, apparatus and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995443A (en) * 2019-12-02 2020-04-10 联想(北京)有限公司 Data processing method and device
CN111222879A (en) * 2019-12-31 2020-06-02 航天信息股份有限公司 Certificateless authentication method and certificateless authentication system suitable for alliance chain

Also Published As

Publication number Publication date
CN110266478B (en) 2021-05-18

Similar Documents

Publication Publication Date Title
JP7119040B2 (en) Data transmission method, device and system
US20200295952A1 (en) Mutual authentication of confidential communication
CN111740828B (en) Key generation method, device and equipment and encryption and decryption method
Diffie et al. Authentication and authenticated key exchanges
EP2302834B1 (en) System and method for providing credentials
CN114730420A (en) System and method for generating signatures
US10673625B1 (en) Efficient identity-based and certificateless cryptosystems
US9705683B2 (en) Verifiable implicit certificates
CN106357396A (en) Digital signature method, digital signature system and quantum key card
US20200336470A1 (en) Method and apparatus for effecting a data-based activity
US9088419B2 (en) Keyed PV signatures
WO2019110399A1 (en) Two-party signature device and method
CN106789087B (en) Method and system for determining data digest of message and multi-party-based digital signature
GB2597539A (en) Generating shared private keys
CN110266478A (en) A kind of information processing method, electronic equipment
CN108574687A (en) A kind of communication connection method for building up, device and electronic equipment
CN111553686A (en) Data processing method and device, computer equipment and storage medium
CN114205077B (en) Mixed encryption secure communication method based on boom key distribution algorithm
WO2023016729A1 (en) Generating digital signature shares
NL1043779B1 (en) Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge
WO2023055371A1 (en) Replicated secret share generation for distributed symmetric cryptography
GB2610560A (en) Generating shared cryptographic keys
Madathil et al. Practical Decentralized Oracle Contracts for Cryptocurrencies.
CN111639943A (en) Digital currency transaction method and system
CN114584321B (en) Data information encryption deployment method based on PUF device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant