CN110266478B - Information processing method and electronic equipment - Google Patents

Information processing method and electronic equipment Download PDF

Info

Publication number
CN110266478B
CN110266478B CN201910472125.7A CN201910472125A CN110266478B CN 110266478 B CN110266478 B CN 110266478B CN 201910472125 A CN201910472125 A CN 201910472125A CN 110266478 B CN110266478 B CN 110266478B
Authority
CN
China
Prior art keywords
key
key parameter
response
parameter
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910472125.7A
Other languages
Chinese (zh)
Other versions
CN110266478A (en
Inventor
马逸龙
过晓冰
王云浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201910472125.7A priority Critical patent/CN110266478B/en
Publication of CN110266478A publication Critical patent/CN110266478A/en
Application granted granted Critical
Publication of CN110266478B publication Critical patent/CN110266478B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communication the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The embodiment of the invention provides an information processing method and electronic equipment. The information processing method comprises the following steps: receiving a key application sent by a request end, wherein the key application carries a first intermediate value; the first intermediate value is generated by the request terminal based on the first key parameter; generating at least two levels of second key parameters based on the first intermediate value; sending the second key parameters of the at least two levels to the request terminal; the second key parameter and the first key parameter of the at least two levels are used together for the request end to generate a private key.

Description

Information processing method and electronic equipment
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an information processing method and an electronic device.
Background
At present, the public key cryptosystem has the following three schemes: a certificate-based public key cryptosystem PKI, an identity-based public key cryptosystem IBC and a certificate-less public key cryptosystem CLPKC. In which PKI is adopted, a certificate authority CA is used to issue a certificate to establish a connection between a user entity and a public key, however, management (e.g., issuing, updating, and revoking) of the certificate is not only complicated, but also consumes many computing resources and storage resources. Wherein IBC eliminates reliance on certificates; but the user's public key is uniquely determined by the user identification and the user's private key is generated by the trust authority. Employing IBC thus introduces the problem of private key escrow, and the user signature is not unique and non-repudiatable. Although the CLPKC does not use certificates, the CLPKC is an architecture that only uses one key generation center, and thus there is a system security problem caused by the key generation center being badly or hacked when using this scheme.
Disclosure of Invention
The embodiment of the invention provides an information processing method and electronic equipment.
The technical scheme of the invention is realized as follows:
an information processing method comprising:
receiving a key application sent by a request end, wherein the key application carries a first intermediate value; the first intermediate value is generated by the request terminal based on the first key parameter;
generating at least two levels of second key parameters based on the first intermediate value;
sending the second key parameters of the at least two levels to the request terminal; the second key parameter and the first key parameter of the at least two levels are used together for the request end to generate a private key.
In the foregoing solution, the generating at least two levels of second key parameters based on the first intermediate value includes:
if the current response end is the first-stage response end, receiving the first intermediate value; generating a second key parameter of the first-stage response end based on the first intermediate value; sending the second key parameter of the first-stage response end to a second-stage response end;
if the current response end is the middle-level response end, receiving a second key parameter of the previous-level response end; generating a second key parameter of the middle-level response end based on the second key parameter of the previous-level response end; sending the second key parameter of the middle-stage response end to a next-stage response end;
if the current response end is the last-stage response end, receiving a second key parameter of the previous-stage response end; and generating a second key parameter of the last-stage response end based on the second key parameter of the previous-stage response end.
In the foregoing solution, the sending the second key parameters of the at least two levels to the request end includes:
and sending the second key parameter of the first-stage response end, the second key parameter of the middle-stage response end and the second key parameter of the last-stage response end to the request end.
In the foregoing solution, the second key parameter includes: a public key parameter;
the method further comprises the following steps:
and recording the public key parameters of the at least two stages in a block chain after passing the consensus verification of the block chain.
In the foregoing solution, the second key parameter includes: a private key parameter;
generating at least two levels of second key parameters based on the first intermediate value, including:
acquiring identification information sent by a request end;
generating a random number and a third key parameter;
generating a hash value based on the first intermediate value, the identification information, and the random number;
and calculating to obtain a private key parameter by using a first function and taking the hash value, the random number and the third key parameter as known quantities.
In the above scheme, the calculating by using the first function and taking the hash value, the random number, and the third key parameter as known quantities to obtain a private key parameter includes:
binary conversion is carried out on the hash value to obtain a first numerical value of 32 bits;
obtaining an upper 16-bit binary system and a lower 16-bit binary system of the first numerical value;
performing decimal conversion on the high 16-bit binary system to obtain a first sub-value;
decimal conversion is carried out on the low 16-bit binary system to obtain a second sub-value;
and calculating to obtain a private key parameter based on the product of the first sub-numerical value and the random number and the product of the second sub-numerical value and the third key parameter.
In the above scheme, the method further comprises:
if the current response end is the first-stage response end, sending the public key parameter in the third key parameter of the first-stage response end to the middle-stage response end and/or the last-stage response end;
if the current response end is the middle-level response end, sending the public key parameter in the third key parameter of the middle-level response end to the first-level response end and/or the last-level response end;
and if the current response end is the last-stage response end, sending the public key parameter in the third key parameter of the last-stage response end to the first-stage response end and/or the middle-stage response end.
The embodiment of the invention also provides an information processing method, which comprises the following steps:
obtaining a first intermediate value based on the first key parameter;
sending a key application carrying the first intermediate value to a response end;
receiving at least two levels of second key parameters returned by the responding end based on the first intermediate value;
and generating a private key based on the second key parameter of the at least two levels and the first key parameter.
In the foregoing solution, the obtaining a first intermediate value based on a first key parameter includes:
and calculating to obtain a first intermediate value by using a one-way function and taking the first key parameter as a known quantity.
In the foregoing solution, the receiving the at least two levels of second key parameters returned by the response end based on the first intermediate value includes:
receiving a second key parameter of the first-stage response end, a second key parameter of the middle-stage response end and a second key parameter of the last-stage response end, which are returned by the response ends;
generating a second key parameter of the first-stage response end based on the first intermediate value; the second key parameter of the first-stage response end is used for being sent to the second-stage response end;
the second key parameter of the middle-stage response end is generated based on the second key parameter of the previous-stage response end; the second key parameter of the middle-stage response end is used for being sent to the next-stage response end;
the second key parameter of the last-stage response end is generated based on the second key parameter of the previous-stage response end; and the second key parameter of the last-stage response end is used for sending to the request end.
In the foregoing solution, the second key parameter includes: private key parameters and public key parameters;
generating a private key based on the second key parameter and the first key parameter of the at least two levels, including:
determining a temporary private key parameter based on the private key parameter of the last-stage response end and the first key parameter;
verifying the corresponding relation between the temporary private key parameter and the public key parameters of the at least two stages;
and if the verification is passed, determining the temporary private key parameter as a private key.
In the foregoing solution, the second key parameter includes: a public key parameter;
the method further comprises the following steps:
acquiring at least two levels of third key parameters and the at least two levels of public key parameters;
and generating a public key based on the at least two stages of public key parameters, the identification information and the at least two stages of third key parameters.
In the foregoing solution, the obtaining at least two levels of the public key parameters includes:
acquiring at least two levels of public key parameters recorded in a block chain; and the public key parameter recorded in the block chain is the public key parameter after the block chain consensus verification.
In the foregoing scheme, the obtaining at least two levels of third key parameters includes:
and acquiring the public key parameter in the third key parameter of each response terminal based on at least one response terminal of the first-stage response terminal, the middle-stage response terminal and the last-stage response terminal.
An embodiment of the present invention further provides an electronic device, including:
the first receiving module is used for receiving a key application sent by a request end, wherein the key application carries a first intermediate value; the first intermediate value is generated by the request terminal based on the first key parameter;
the first generation module is used for generating at least two levels of second key parameters based on the first intermediate value;
the first sending module is used for sending the second key parameters of the at least two levels to the request end; the second key parameter and the first key parameter of the at least two levels are used together for the request end to generate a private key.
An embodiment of the present invention further provides an electronic device, including:
the calculation module is used for obtaining a first intermediate value based on the first key parameter;
a second sending module, configured to send a key application carrying the first intermediate value to a response end;
a second receiving module, configured to receive the at least two levels of second key parameters returned by the response end based on the first intermediate value;
and the second generation module is used for generating a private key based on the second key parameter of the at least two levels and the first key parameter.
In the information processing method provided by the embodiment of the invention, a response end receives a key application sent by a request end, wherein the key application carries a first intermediate value; the first intermediate value is generated by the request terminal based on the first key parameter; generating at least two levels of second key parameters based on the first intermediate value, instead of directly generating a private key, and generating the private key by the request terminal based on the at least two levels of second key parameters and the first key parameter; therefore, the response end does not need to host the private key of the request end and does not transmit the private key in the network, the leakage phenomenon of the private key in the process of host and transmission is reduced, and the safety problem caused by leakage is reduced.
In addition, in the embodiment of the present invention, at least two levels of second key parameters may be generated based on the first intermediate value, that is, the generation of the private key is not generated based on the second key parameter of one responding end, but generated based on the second key parameters of at least two levels of responding ends; therefore, even if part of the response ends of at least two levels of response ends are broken or badly done (for example, part of the second key parameters are leaked), the private key is not easy to be cracked, and the safety of the private key is further improved.
Drawings
Fig. 1 is a schematic flowchart of an information processing method according to an embodiment of the present invention;
FIG. 2 is a block chain structure in accordance with an embodiment of the present invention;
FIG. 3 is a flow chart illustrating another information processing method according to an embodiment of the present invention;
FIG. 4 is a diagram of an information processing apparatus according to an embodiment of the present invention;
FIG. 5 is a diagram of another information processing apparatus according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating another information processing method according to an embodiment of the present invention;
FIG. 7 is a diagram illustrating signature verification algorithm signatures in accordance with an embodiment of the present invention;
fig. 8 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
As shown in fig. 1, an embodiment of the present invention provides an information processing method, including:
step S110: receiving a key application sent by a request end, wherein the key application carries a first intermediate value; the first intermediate value is generated by the request terminal based on the first key parameter;
step S120: generating at least two levels of second key parameters based on the first intermediate value;
step S130: sending the second key parameters of the at least two levels to the request terminal; the second key parameter and the first key parameter of the at least two levels are used together for the request end to generate a private key.
Here, the first key parameter may be a secret value randomly generated by the requesting end; the second key parameter includes, but is not limited to, a private key parameter and/or a private key parameter of each responding end.
The information processing method provided by the embodiment of the invention is applied to a response end; the response end comprises at least two stages of response ends; the response end is various types of electronic equipment; the electronic equipment comprises a terminal, a server or a communication network element and the like.
In some embodiments, the responder comprises N Key Generation Centers (KGC); and N is a natural number greater than or equal to 2.
The response end receives a key application from the request end, and in the embodiment of the invention, the key application carries a first intermediate value; the first intermediate value may be generated by the requesting end based on a first key parameter. And after receiving the first intermediate value, the response end generates a second key parameter based on the first intermediate value instead of directly generating a private key. The second key parameter is used for the request terminal to generate a private key according to the first key parameter and the second key parameter. Therefore, the response end does not need to manage the private key of the request end and transmit the private key to the request end through the network, the private key leakage phenomenon caused by the escrow and transmission of the private key is reduced, and the safety problem caused by leakage is reduced.
And because the response end comprises at least two stages, generating at least two stages of second key parameters; that is, the private key is not generated based on the second key parameter of one responding end, but generated based on the second key parameters of at least two levels of responding ends; therefore, even if part of the at least two levels of response terminals are broken or badly done (for example, part of the second key parameters are leaked), the private key is not easy to be cracked, and the security of the private key is further improved.
In some embodiments, the step S120 includes:
if the current response end is the first-stage response end, receiving the first intermediate value; generating a second key parameter of the first-stage response end based on the first intermediate value; sending the second key parameter of the first-stage response end to a second-stage response end;
if the current response end is the middle-level response end, receiving a second key parameter of the previous-level response end; generating a second key parameter of the middle-level response end based on the second key parameter of the previous-level response end; sending the second key parameter of the middle-stage response end to a next-stage response end;
if the current response end is the last-stage response end, receiving a second key parameter of the previous-stage response end; and generating a second key parameter of the last-stage response end based on the second key parameter of the previous-stage response end.
For example, if the responding end includes N key generation centers; the N key generation centers are respectively a 1 st key generation center, a 2 nd key generation center, an … … (N-1 st key generation center) and an Nth key generation center; n is a natural number greater than or equal to 2; the 1 st key generation center is a first-stage response end, and the 2 nd key generation centers, … … and the (N-1) th key generation center are middle-stage response ends; the Nth key generation center is the last stage response end.
In some embodiments, the sending the second key parameter of the at least two levels to the request end includes:
and sending the second key parameter of the first-stage response end, the second key parameter of the middle-stage response end and the second key parameter of the last-stage response end to the request end.
In one embodiment, the responding end comprises N key generation centers; the N key generation centers are respectively a 1 st key generation center, a 2 nd key generation center, an … … (N-1 st key generation center) and an Nth key generation center; the 1 st key generation center receives a key application sent by a request end, wherein the key application carries a first intermediate value XA(ii) a And based on said XAGenerating said 1 st keyGenerating a second key Parameter (PA) of the center1、z1) (ii) a The 2 nd key generation center receives (PA) transmitted by the 1 st key generation center1、z1) (ii) a Based on the (PA)1、z1) Generating a second key Parameter (PA) for the 2 nd key generation center2、z2) (ii) a And will be (PA)2、z2) Sending to the 3 rd key generation center; and so on; the N-1 key generation center receives (PA) sent by the N-2 key generation centerN-2、zn-2) (ii) a Based on the (PA)N-2、zn-2) Generating a second key Parameter (PA) for an N-1 th key generation centerN-1、zn-1) (ii) a And will be (PA)N-1、zn-1) Sending an Nth key generation center; said Nth key generation center receiving said Nth-1 th key generation transmission (PA)N-1、zn-1) (ii) a Based on the (PA)N-1、zn-1) Generating a second key Parameter (PA) of the Nth key generation centern、zn) (ii) a Wherein, the PA1、PA2、……PAN-1、PANThe second key parameter is a public key parameter in the second key parameters; z is1、z2、……zn-1、znA private key parameter that is the second key parameter; the 1 st key generation center, the 2 nd key generation center, the … … N-1 st key generation center and the Nth key generation center respectively generate PA1、PA2、……PAN-1、PANSending the request to the request end; the Nth key generation center combines the znAnd sending the request to the request end.
In another embodiment, the responding end comprises N key generation centers; the N key generation centers are respectively a 1 st key generation center, a 2 nd key generation center, an … … (N-1 st key generation center) and an Nth key generation center; the 1 st key generation center receives a key application sent by a request end, wherein the key application carries a first intermediate value XA(ii) a And based on said XAGenerating a second key parameter of the 1 st key generation center(PA1、z1) (ii) a The 2 nd key generation center receives (PA) transmitted by the 1 st key generation center1、z1) (ii) a Based on the (PA)1、z1) Generating a second key Parameter (PA) for the 2 nd key generation center2、z2) (ii) a And will be (PA)1、PA2、z2) Sending to the 3 rd key generation center; and so on; the N-1 key generation center receives (PA) sent by the N-2 key generation center1、PA2、……PAN-2、zN-2) (ii) a Based on the (PA)N-2、zn-2) Generating a second key Parameter (PA) for an N-1 th key generation centerN-1、zn-1) (ii) a And will be (PA)1、PA2、……PAN-2、PAN-1、zn-1) Sending an Nth key generation center; said Nth key generation center receiving said Nth-1 th key generation transmission (PA)1、PA2、……PAn-2、PAN-1、zn-1) (ii) a Based on the (PA)N-1、zn-1) Generating a second key Parameter (PA) of the Nth key generation centerN、zn) (ii) a Wherein, the PA1、PA2、……PAN-1、PANThe second key parameter is a public key parameter in the second key parameters; z is1、z2、……zn-1、znA private key parameter that is the second key parameter; the Nth key generation center will (PA)1、PA2、……PAN-1、PAN、zn) And sending the request to the request end.
In some embodiments, the responder further receives identification information of a user, where the identification information is used for generating a hash value together with a public key parameter in the second key parameter; and generating a private key parameter of the second key parameter based on the hash value.
In the embodiment of the invention, a key generation system with multiple response ends is constructed, a plurality of second key parameters can be generated based on the multiple response ends, wherein the second key parameter of the latter response end in the multiple response ends is generated based on the key generation parameter of the former response end, and the private key can be generated based on the second key parameters of all the response ends; therefore, when a part of response ends are badly done or second key generation parameters of the part of response ends are leaked, the private key is not easy to crack. Therefore, the key generation system with multiple response ends of the embodiment of the invention can tolerate the situation that a certain number of response ends are broken, and can greatly improve the safety of the private key.
In some applications, the multi-response-end key generation system can be applied to a block chain, and the problem that a CA certificate system in a alliance chain is too bulky can be solved.
For example, in some embodiments, the second key parameter comprises: a public key parameter; the method further comprises the following steps: and recording the public key parameters of the at least two stages in a block chain after passing the consensus verification of the block chain.
In the embodiment of the present invention, the public key parameter may obtain trust of each node in the block chain through consensus verification. Recording the key parameters in the blockchain, so that any node can acquire the public key parameters of each KGC (namely, a response end) corresponding to the user from the blockchain; therefore, a multi-party operator does not need to store the public key parameters of each KGC corresponding to each user, and storage resources can be saved; meanwhile, the key generation system of the multi-response end in the embodiment of the invention is used for replacing a CA certificate system in a alliance chain, so that the problem that the CA certificate system in the alliance chain is too bulky can be solved.
In some embodiments, the method further comprises: if the current response end is the first-stage response end, sending the public key parameter in the third key parameter of the first-stage response end to the middle-stage response end and/or the last-stage response end;
if the current response end is the middle-level response end, sending the public key parameter in the third key parameter of the middle-level response end to the first-level response end and/or the last-level response end;
and if the current response end is the last-stage response end, sending the public key parameter in the third key parameter of the last-stage response end to the first-stage response end and/or the middle-stage response end.
In the embodiment of the present invention, each node in the block chain may obtain the public key parameter of the response end (e.g., KGC) corresponding to other nodes, so that the public key parameter of each KGC may be shared; therefore, a certain node can acquire part or all of the KGCs to perform operations such as encryption, decryption and/or signature authentication.
In practical application, the key generation system of the multi-response end is applied to replace the existing CA system. As shown in fig. 2, a federation chain takes a node as a basic unit, and one federation chain may include several organizations, each organization may include several nodes; wherein one tissue may comprise one KGC. The key generation system of the multi-response end comprises KGC1、KGC2And KGC3(ii) a The KGC1The KGC2And said KGC3Respectively connected with a plurality of nodes Peer. The information processing method of the key generation system applied to the multi-response end in the block chain comprises the following steps:
step S1: initializing a block chain system;
specifically, each tissue initiates its own KGC; and sharing the master public key between the KGCs by using a trusted means. Each node peer generates a second key parameter based on the registered identification information ID and the master private key in the respective third key parameter. Wherein the second key parameter comprises a public key parameter and a private key parameter; the third key parameter includes a master public key and a master private key.
In an alternative embodiment, part of the public key parameters of the nodes under the organization to which each KGC belongs are written into the created block.
Step S2: an endorsement link;
specifically, the initiating node encapsulates the transaction message; the private key parameter is used for signing to obtain the signature result; and sending the identity, the transaction message, the public key parameter and the signature result to an endorsement node. The endorsement node executes an endorsement algorithm, if the endorsement passes the endorsement algorithm, the transaction is simulated and executed, and an execution result is returned to the initiating node; and if the initiating node is determined to receive enough transaction messages passed by the endorsement node, packaging the transaction messages and sending the packaged transaction messages to the sequencing node.
In an optional embodiment, the initiating node does not send the public key parameter; and the endorsement node acquires the public key parameter through the starting block information of the block chain.
Step S3: a sorting link;
specifically, the sorting node sorts and blocks all valid transactions in a time window; the block information is broadcast to all nodes in the block chain using an inverse entropy algorithm.
Step S4: and (5) confirming a link.
Specifically, all nodes verify, record, and confirm transactions within block information, write the transactions into a block chain, and update the ledger state.
In some embodiments, the second key parameter comprises: a private key parameter;
the step S120 includes:
acquiring identification information sent by a request end;
generating a random number and a third key parameter;
generating a hash value based on the first intermediate value, the identification information, and the random number;
and calculating to obtain a private key parameter by using a first function and taking the hash value, the random number and the third key parameter as known quantities.
Wherein, one implementation manner of generating the hash value based on the first intermediate value, the identification information, and the random number is: a public key parameter of a second key parameter may be generated based on the first intermediate parameter and the random number; and generating a hash value based on the identification information and the public key parameter of the second key parameter.
Here, the hash value may be a concatenation of the identification information and a public key parameter of the second key parameter. For example, the ID is 1212, and the public key parameter of the second key parameter is 21345; the hash value is 121221345.
In the embodiment of the invention, the identification information of the user and the public key parameter of the second key parameter are utilized to jointly generate the private key parameter of the second key, namely the identification information of the user and the public key parameter are bound together, so that the situations of replacing public key attack, counterfeit identity attack and counterfeit signature attack can be greatly reduced.
In an embodiment, the calculating, by using the first function and taking the hash value, the random number, and the third key parameter as known quantities, a private key parameter includes:
binary conversion is carried out on the hash value to obtain a first numerical value of 32 bits;
obtaining an upper 16-bit binary system and a lower 16-bit binary system of the first numerical value;
performing decimal conversion on the high 16-bit binary system to obtain a first sub-value;
decimal conversion is carried out on the low 16-bit binary system to obtain a second sub-value;
and calculating to obtain a private key parameter based on the product of the first sub-numerical value and the random number and the product of the second sub-numerical value and the third key parameter.
For example, the hash value is 220Binary conversion is carried out, and the first value of 32 bits is obtained as follows: 00000000000100000000000000000000, respectively; obtaining the high 16-bit binary value of the first value as: 0000000000010000, and the lower 16-bit binary of the first value is: 0000000000000000; decimal conversion is carried out on the high 16-bit binary system, and a first sub-value is obtained: 16; decimal conversion is carried out on the low 16-bit binary system to obtain a second sub-value as follows: 0; here, since the second sub-value is 0, a product of the second sub-value and the third key parameter is 0; the calculating to obtain the private key parameter based on the product of the first sub-numerical value and the random number and the product of the second sub-numerical value and the third key parameter is to obtain the private key parameter based on the product of the first sub-numerical value and the random number.
In this embodiment, the hash value may be split into an upper 16-bit binary system and a lower 16-bit binary system, and the calculation may be performed by performing decimal conversion on a first sub-value obtained by performing decimal conversion on the upper 16-bit binary system and performing decimal conversion on the lower 16-bit binary system; therefore, the algorithm for obtaining the private key parameters is provided, meanwhile, the algorithm is simple and easy to implement, and the calculation of the private key parameters can be simplified. In addition, in the embodiment of the invention, the private key parameter is calculated and obtained by utilizing the product based on the first sub-numerical value and the random number and the product based on the second sub-numerical value and the third key parameter; the calculation method is related to the calculation formula of the elliptic curve, and if the first intermediate value is obtained by using a single-line function based on the known quantity of the generating element of the elliptic curve, the calculation method is matched with the elliptic curve algorithm, so that the algorithm can be further optimized, and the calculation efficiency is improved.
As shown in fig. 3, an embodiment of the present invention provides an information processing method, including:
step S210: obtaining a first intermediate value based on the first key parameter;
step S220: sending a key application carrying the first intermediate value to a response end;
step S230: receiving at least two levels of second key parameters returned by the responding end based on the first intermediate value;
step S240: and generating a private key based on the second key parameter of the at least two levels and the first key parameter.
The information processing method provided by the embodiment of the invention is applied to a request end; the request terminal is various types of electronic equipment; the electronic equipment comprises a terminal, a server or a communication network element and the like.
The first key parameter is a random parameter generated by the request terminal, and the random parameter is a secret value.
In the embodiment of the invention, a request end can randomly generate a first key parameter and obtain a first intermediate value based on the first key parameter; enabling the response end to generate a second key parameter based on the first intermediate value instead of directly generating a private key; the private key is still generated by the requesting end based on the first key parameter and the second key parameter. Therefore, the request end has absolute generation management authority to the private key, the response end does not need to manage the private key of the request end or transmit the private key to the request end through a network, the private key leakage phenomenon caused by the fact that the private key is managed and transmitted is reduced, and the safety problem caused by leakage is reduced.
In addition, in the embodiment of the present invention, since at least two levels of second key parameters returned by the response end are obtained, a private key is generated based on the at least two levels of second key parameters and the first key parameter; therefore, even if part of the second key parameters of the at least two levels of second key parameters are leaked, the private key is not easy to crack, and the safety of the private key is further improved.
In some embodiments, the step S210 includes:
and calculating to obtain a first intermediate value by using a one-way function and taking the first key parameter as a known quantity.
In order to prevent the first intermediate value from being transmitted in the network and being obtained by the illegal terminal, a first key parameter is derived by itself based on the first intermediate value and a function for obtaining the first intermediate value, and a private key of the requesting terminal is derived by intercepting a second key parameter.
The one-way function is also called a single-shot function, and has the following characteristics:
the function value is easy to calculate for each input (polynomial time), but given a function value for a random input, it is difficult to calculate the original input (deterministic turing computer computation cannot be used in polynomial time). Therefore, even if the illegal terminal takes the second key parameter and the one-way function, the difficulty of deducing the first key parameter is very high, so that the difficulty of breaking the first key parameter is greatly increased, the risk of revealing the private key is reduced, and the safety of the private key is improved.
In some embodiments, the step S230 includes:
receiving a second key parameter of the first-stage response end, a second key parameter of the middle-stage response end and a second key parameter of the last-stage response end, which are returned by the response ends;
generating a second key parameter of the first-stage response end based on the first intermediate value; the second key parameter of the first-stage response end is used for being sent to the second-stage response end;
the second key parameter of the middle-stage response end is generated based on the second key parameter of the previous-stage response end; the second key parameter of the middle-stage response end is used for being sent to the next-stage response end;
the second key parameter of the last-stage response end is generated based on the second key parameter of the previous-stage response end; and the second key parameter of the last-stage response end is used for sending to the request end.
One implementation manner of receiving the second key parameter of the first-stage response end, the second key parameter of the middle-stage response end, and the last and second key parameters of the response ends returned by the response ends is as follows: and receiving the second key parameter of the first-stage response end, the second key parameter of the middle-stage response end and the second key parameter of the last-stage response end from the last-stage response end.
Another implementation manner of receiving the second key parameter of the first-stage response end, the second key parameter of the middle-stage response end, and the last second key parameter of the response end returned by the response end is as follows: receiving the second key parameter of the first-stage response end from the first-stage response end, receiving the second key parameter of the middle-stage response end from the middle-stage response end, and receiving the second key parameter of the last-stage response end from the last-stage response end.
In the embodiment of the invention, the second key parameter of each response end is generated based on the second key parameter of the previous response end; therefore, when the second key parameters of part of the response ends are revealed, the private key is not easy to obtain, so that the difficulty of cracking the private key can be greatly improved, and the safety of the private key is improved.
In some embodiments, the second key parameter comprises: private key parameters and public key parameters;
generating a private key based on the second key parameter and the first key parameter of the at least two levels, including:
determining a temporary private key parameter based on the private key parameter of the last-stage response end and the first key parameter;
verifying the corresponding relation between the temporary private key parameter and the public key parameters of the at least two stages;
and if the verification is passed, determining the temporary private key parameter as a private key.
After the request end obtains the public key parameters and the private key parameters, the public key and the private key need to be verified, and the phenomenon that the generated key pair cannot be used due to errors in the key generation process of the request end and/or the response end is reduced. Thus, in this embodiment, the verification relationship between the private key and the public key is verified, so as to obtain the correct private key.
In other embodiments, the method further comprises: acquiring at least two levels of third key parameters and the at least two levels of public key parameters;
and generating a public key based on the at least two stages of public key parameters, the identification information and the at least two stages of third key parameters.
Here, the third key parameter includes: public key parameters and private key parameters; the public key parameter of the third key parameter is a main public key of the response end; the private key parameter of the third key parameter is a main private key of the response end; the master public key is disclosed to other response terminals or request terminals; for example, in a blockchain system, the master public key is recorded in the blockchain; the master private key is not disclosed to other responding terminals and requesting terminals.
In the embodiment of the invention, the request end does not directly obtain the public key from the response end, but obtains the public key parameter and the identification information based on the second key parameter; therefore, the authentication of the user public key can be automatically hidden, and only the user with the identification information being the specific identification information has the public key corresponding to the private key.
In some embodiments, the method further comprises: encrypting a message based on the public key; and obtaining the encrypted ciphertext.
In other embodiments, the method further comprises: decrypting the ciphertext based on the private key; the ciphertext is a message encrypted by using a public key corresponding to the private key.
In some embodiments, the obtaining the public key parameters of at least two levels includes:
acquiring at least two levels of public key parameters recorded in a block chain; and the public key parameter recorded in the block chain is the public key parameter after the block chain consensus verification.
For example, when the key generation system of the multi-responder is applied to the block chain, if the responder records the public key parameter in the second key parameter in the block chain, the requester may obtain the public key parameter in the second key parameter generated by the multi-responder from the block chain; therefore, the system can save the storage space and simplify the operation of obtaining the public key parameters.
In some embodiments, the obtaining of the third key parameter of at least two levels includes:
and acquiring the public key parameter in the third key parameter of each response terminal based on at least one response terminal of the first-stage response terminal, the middle-stage response terminal and the last-stage response terminal.
In the embodiment of the present invention, the public key parameter of the third key parameter of each responding end may be public; when the response end is each node in the blockchain system, the sharing of the public key parameter of each third key parameter can be realized by sharing the information of each node, so that the request end can obtain the public key parameter and the private key parameter only based on one or more response ends, and the operation of obtaining the public key and the private key is further simplified.
As shown in fig. 4, an embodiment of the present invention further provides an electronic device, including:
a first receiving module 31, configured to receive a key application sent by a request end, where the key application carries a first intermediate value; the first intermediate value is generated by the request terminal based on the first key parameter;
a first generating module 32, configured to generate a second key parameter of at least two levels based on the first intermediate value;
a first sending module 33, configured to send the second key parameter of the at least two levels to the request end; the second key parameter and the first key parameter of the at least two levels are used together for the request end to generate a private key.
The electronic device according to the embodiment of the present invention corresponds to the aforementioned responding terminal.
In some embodiments, the first generating module 32 is configured to receive the first intermediate value if the current responder is a first-stage responder; generating a second key parameter of the first-stage response end based on the first intermediate value; sending the second key parameter of the first-stage response end to a second-stage response end;
if the current response end is the middle-level response end, receiving a second key parameter of the previous-level response end; generating a second key parameter of the middle-level response end based on the second key parameter of the previous-level response end; sending the second key parameter of the middle-stage response end to a next-stage response end;
if the current response end is the last-stage response end, receiving a second key parameter of the previous-stage response end; and generating a second key parameter of the last-stage response end based on the second key parameter of the previous-stage response end.
In some embodiments, the first sending module 33 is configured to send the second key parameter of the first-stage responder, the second key parameter of the middle-stage responder, and the second key parameter of the last-stage responder to the requester.
In some embodiments, the second key parameter comprises: a public key parameter;
the electronic device further includes: the first processing module 34 is configured to record the public key parameters of the at least two levels in the blockchain after passing the consensus verification of the blockchain.
In some embodiments, the first sending module 33 is further configured to send, if the current response end is the first-stage response end, the public key parameter in the third key parameter of the first-stage response end to the middle-stage response end and/or the last-stage response end; if the current response end is the middle-level response end, sending the public key parameter in the third key parameter of the middle-level response end to the first-level response end and/or the last-level response end; and if the current response end is the last-stage response end, sending the public key parameter in the third key parameter of the last-stage response end to the first-stage response end and/or the middle-stage response end.
In some embodiments, the second key parameter comprises: a private key parameter;
the first generating module 32 is further configured to obtain identification information sent by the request end; generating a random number and a third key parameter; generating a hash value based on the first intermediate value, the identification information, and the random number; and calculating to obtain a private key parameter by using a first function and taking the hash value, the random number and the third key parameter as known quantities.
In some embodiments, the first generating module 32 is further configured to perform binary conversion on the hash value to obtain a 32-bit first numerical value; obtaining an upper 16-bit binary system and a lower 16-bit binary system of the first numerical value; performing decimal conversion on the high 16-bit binary system to obtain a first sub-value; decimal conversion is carried out on the low 16-bit binary system to obtain a second sub-value; and calculating to obtain a private key parameter based on the product of the first sub-numerical value and the random number and the product of the second sub-numerical value and the third key parameter.
As shown in fig. 5, an embodiment of the present invention further provides an electronic device, including:
a calculating module 41, configured to obtain a first intermediate value based on the first key parameter;
a second sending module 42, configured to send a key application carrying the first intermediate value to a response end;
a second receiving module 43, configured to receive the at least two levels of second key parameters returned by the response end based on the first intermediate value;
a second generating module 44, configured to generate a private key based on the second key parameter of the at least two levels and the first key parameter.
The electronic device according to the embodiment of the present invention corresponds to the aforementioned request terminal.
In some embodiments, the calculating module 41 is configured to calculate a first intermediate value by using a one-way function and using the first key parameter as a known quantity.
In some embodiments, the second receiving module is configured to receive a second key parameter of the first-stage response end, a second key parameter of the middle-stage response end, and a second key parameter of the last-stage response end, which are returned by the response end;
generating a second key parameter of the first-stage response end based on the first intermediate value; the second key parameter of the first-stage response end is used for being sent to the second-stage response end;
the second key parameter of the middle-stage response end is generated based on the second key parameter of the previous-stage response end; the second key parameter of the middle-stage response end is used for being sent to the next-stage response end;
the second key parameter of the last-stage response end is generated based on the second key parameter of the previous-stage response end; and the second key parameter of the last-stage response end is used for sending to the request end.
In some embodiments, the second key parameter comprises: private key parameters and public key parameters;
the second generating module 44 is configured to determine a temporary private key parameter based on the private key parameter of the last-stage response end and the first key parameter;
verifying the corresponding relation between the temporary private key parameter and the public key parameters of the at least two stages;
and if the verification is passed, determining the temporary private key parameter as a private key.
In some embodiments, the second key parameter comprises: a public key parameter;
the second receiving module 43 is configured to obtain at least two levels of third key parameters and the at least two levels of the public key parameters;
the second generating module 44 is configured to generate a public key based on the at least two levels of public key parameters, the identification information, and the at least two levels of third key parameters.
In some embodiments, the second receiving module 43 is further configured to obtain the public key parameters recorded in at least two levels of the blockchain; and the public key parameter recorded in the block chain is the public key parameter after the block chain consensus verification.
In some embodiments, the second receiving module 43 is further configured to obtain a public key parameter in the third key parameters of each responder based on at least one of the first-stage responder, the middle-stage responder, and the last-stage responder.
One specific example is provided below in connection with any of the embodiments described above:
three algorithms are involved in this scheme: a system initialization algorithm, a private key generation algorithm and a public key generation algorithm. As shown in fig. 6, the method provided by the present example may include the following steps:
s21, system initialization:
(1) n KGCs are arranged; the N KGCs use uniform elliptic curve parameters { E, G, N }; wherein, the E: y is2=x3+ ax + b is a finite field FqAn upper elliptic curve; n is a prime number; g is an n-order base point on E; h is0(),h1()...hm() Is a set of {0,1}*→[1,n-1]A hash function of (1); wherein m is a positive integer greater than or equal to 1.
(2) The N KGCs generate respective master public keys PiAnd a master private key si(ii) a S isiNot disclosed, said PiDisclosed is a method for producing a compound; wherein i is a positive integer greater than or equal to 1; the N KGCs include: KGC1、KGC2、……、KGCN(ii) a And N is a positive integer greater than or equal to 2.
Here, the master public key is a public key parameter of the third key parameter in the above embodiment; the master private key is a private key parameter of the third key parameter in the above embodiment.
Step S22, generating a private key:
(1) user entity A with ID as identification information randomly generates secret value xA(based on the public parameter n), calculate the point X on the elliptic curveA=xAG, the ID and XAIs sent to KGC1
Here, x isAIs the first key parameter in the above embodiment; said XAIs the first intermediate value in the above embodiment.
(2)KGC1Receive (ID, X)A) Then, checking the validity of the test paper; if the (ID, X) is determinedA) Legal, random generation of y1(ii) a Calculating point PA on elliptic curve1=XA+y1G; compute abstract e1=h(ID||PA1) E is to be1Splitting and calculating z1=e1[0:15]*y1+e1[16:31]*s1(ii) a Subjecting the PA to1The ID and the z1Is sent to KGC2
Here, the "|" represents concatenation of data; said e1=h(ID||PA1) Indicates that the ID is concatenated with the PA1
Here, the y1Is the random number of the above embodiment.
Here, said e1[0:15]Represents said e1After the binary system is converted into a binary system with 32 bits, extracting a high 16-bit binary system of the binary system with 32 bits, and obtaining a decimal number based on the high 16-bit binary system; said e1[16:31]Represents said e1After the conversion into the 32-bit binary system, the lower 16-bit binary system of the 32-bit binary system is extracted, and the decimal number is obtained based on the lower 16-bit binary system.
Here, the PA1A public key parameter which is the second key parameter in the above embodiment; z is1Is the private key parameter of the second key parameter in the above embodiment. It is understood that the PA1May be considered a partial public key; z is1Can be considered as partial privacyA key.
(3) The KGC2Receiving the PA1The ID and the z1(ii) a And randomly generating y2(ii) a Calculating PA2=PA1+y2G; compute abstract e2=h(ID||PA2) E is to be2Splitting and calculating z2=z1+e2[0:15]*y2+e2[16:31]*s2And will { PA1,PA2The ID and the z2Sent to the following KGC3
Here, the y2Is the random number of the above embodiment.
Here, said e2[0:15]Represents said e2After the binary system is converted into a binary system with 32 bits, extracting a high 16-bit binary system of the binary system with 32 bits, and obtaining a decimal number based on the high 16-bit binary system; said e2[16:31]Represents said e2After the conversion into the 32-bit binary system, the lower 16-bit binary system of the 32-bit binary system is extracted, and the decimal number is obtained based on the lower 16-bit binary system.
Here, the PA2A public key parameter which is the second key parameter in the above embodiment; z is2Is the private key parameter of the second key parameter in the above embodiment. It is understood that the PA2May be considered a partial public key; z is2Can be considered part of the private key.
(4) And so on until the last KGCNReceive KGCN-1Coming { PA1,PA2,…,PAN-1The ID and the zn-1(ii) a And randomly generating yn(ii) a Calculating PAN=PAN-1+ynG; compute abstract en=h(ID||PAN) (ii) a E is to benSplitting and calculating zn=zn-1+en[0:15]*yn+en[16:31]*sn(ii) a And will { PA1,PA2,…,PANAnd said znTo user entity a.
Here, the ynIs the random number of the above embodiment.
Here, said en[0:15]Represents said enAfter the binary system is converted into a binary system with 32 bits, extracting a high 16-bit binary system of the binary system with 32 bits, and obtaining a decimal number based on the high 16-bit binary system; said en[16:31]Represents said enAfter the conversion into the 32-bit binary system, the lower 16-bit binary system of the 32-bit binary system is extracted, and the decimal number is obtained based on the lower 16-bit binary system.
Here, the PANA public key parameter which is the second key parameter in the above embodiment; z isnIs the private key parameter of the second key parameter in the above embodiment. It is understood that the PANMay be considered a partial public key; z isnCan be considered part of the private key.
(5) User receives PA1,PA2,…,PANAnd said znThen, e is calculatedi=h(ID||PAi) Then verifyIf the formula passes the verification, obtaining the private key d of the userA=e1[0:15]*xA+zn
S23, public key generation:
obtaining public key parameters { PA of the N KGCs1,PA2,…,PANAnd the master public key { P) of the N KGCs1,P2,…,PN}; compute abstract ei=h(ID||PAi) (ii) a Calculating a public key:
in practical applications, the above scheme can be applied to key signature. For example, user entity A uses private key dA=e1[0:15]*xA+znSigning the message msg, and obtaining a signature value sig based on the elliptic curve parameters; the user entity A assigns the sig, the ID, the msg, and { PA1,PA2,…,PANIs sent to the userA user entity B; user entity B receives the sig, the ID, the msg, and { PA1,PA2,…,PANCalculate the abstract ei=h(ID||PAi) (ii) a Then calculateAnd verifies the signature verify (sig, msg, Q) using the standard signature verification algorithmA) (ii) a The standard signature verification algorithm is shown in fig. 7.
In other embodiments, the above scheme can also be applied to encryption and decryption algorithms. For example, user entity B obtains partial public key PA of user entity A1,PA2,…,PAN}; calculating an actual public key Q based on the partial public keyA(ii) a A user entity B encrypts a message sig by an actual public key of a user entity A; and the encrypted ciphertext is sent to the user entity A; the user entity A may be based on said own private key dA=e1[0:15]*xA+znAnd decrypting the ciphertext.
Here, it should be noted that: the following description of the electronic device and the storage medium is similar to the above description of the information processing method, and the description of the beneficial effects of the same method is omitted for brevity. For technical details not disclosed in the embodiments of the electronic device of the present invention, please refer to the description of the embodiments of the information processing method of the present invention for understanding.
As shown in fig. 8, an embodiment of the present invention discloses an electronic device, which includes: the electronic device includes: a processor 51, a communication interface 52, and a memory 53; wherein the content of the first and second substances,
the processor 51 generally controls the overall operation of the terminal device or the network device.
The communication interface 52 may enable the terminal device or the network device to communicate with other terminals or servers through a network.
The Memory 53 is configured to store instructions and applications executable by the processor 51, and may also buffer data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or already processed by the processor 51 and modules in the terminal, and may be implemented by a FLASH Memory (FLASH) or a Random Access Memory (RAM).
It will be appreciated that the processor 51 described herein may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 51. The storage medium is located in the memory 53, and the processor 51 reads the information in the memory 53 and performs the steps of the above method in combination with the hardware thereof.
Still another embodiment of the present invention provides a computer storage medium storing an executable program that, when executed by a processor, can implement the steps of an information processing method applied to the electronic device. For example, as one or more of the methods shown in fig. 1, 3, 6.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit. Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The methods disclosed in the several method embodiments provided in the present application may be combined arbitrarily without conflict to obtain new method embodiments.
Features disclosed in several of the product embodiments provided in the present application may be combined in any combination to yield new product embodiments without conflict.
The features disclosed in the several method or apparatus embodiments provided in the present application may be combined arbitrarily, without conflict, to arrive at new method embodiments or apparatus embodiments.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. An information processing method comprising:
receiving a key application sent by a request end, wherein the key application carries a first intermediate value; the first intermediate value is generated by the request terminal based on a first key parameter;
generating at least two levels of second key parameters based on the first intermediate value; the second key parameters of the at least two levels include: the second key parameter of the first-stage response end, the second key parameter of the middle-stage response end and the second key parameter of the last-stage response end;
sending the second key parameters of the at least two levels to the request terminal; the second key parameter and the first key parameter of the at least two levels are used together for the request end to generate a private key.
2. The method of claim 1, the generating at least two levels of second key parameters based on the first intermediate value, comprising:
if the current response end is the first-stage response end, receiving the first intermediate value; generating a second key parameter of the first-stage response end based on the first intermediate value; sending the second key parameter of the first-stage response end to a second-stage response end;
if the current response end is the middle-level response end, receiving a second key parameter of the previous-level response end; generating a second key parameter of the middle-level response end based on the second key parameter of the previous-level response end; sending the second key parameter of the middle-stage response end to a next-stage response end;
if the current response end is the last-stage response end, receiving a second key parameter of the previous-stage response end; and generating a second key parameter of the last-stage response end based on the second key parameter of the previous-stage response end.
3. The method of claim 1, the second key parameter comprising: a public key parameter;
the method further comprises the following steps:
and recording the public key parameters of at least two stages in the blockchain after the public key parameters pass the consensus verification of the blockchain.
4. The method of claim 1, the second key parameter comprising: a private key parameter;
generating at least two levels of second key parameters based on the first intermediate value, including:
acquiring identification information sent by a request end;
generating a random number and a third key parameter;
generating a hash value based on the first intermediate value, the identification information, and the random number;
and calculating to obtain a private key parameter by using a first function and taking the hash value, the random number and the third key parameter as known quantities.
5. The method of claim 4, wherein calculating a private key parameter using a first function with the hash value, the random number, and the third key parameter as known quantities comprises:
binary conversion is carried out on the hash value to obtain a first numerical value of 32 bits;
obtaining an upper 16-bit binary system and a lower 16-bit binary system of the first numerical value;
performing decimal conversion on the high 16-bit binary system to obtain a first sub-value;
decimal conversion is carried out on the low 16-bit binary system to obtain a second sub-value;
and calculating to obtain a private key parameter based on the product of the first sub-numerical value and the random number and the product of the second sub-numerical value and the third key parameter.
6. An information processing method comprising:
obtaining a first intermediate value based on the first key parameter;
sending a key application carrying the first intermediate value to a response end;
receiving at least two levels of second key parameters returned by the responding end based on the first intermediate value; the second key parameters of the at least two levels include: the second key parameter of the first-stage response end, the second key parameter of the middle-stage response end and the second key parameter of the last-stage response end;
and generating a private key based on the second key parameter of the at least two levels and the first key parameter.
7. The method of claim 6, the receiving the at least two levels of second key parameters returned in response to the first intermediate value comprising:
receiving a second key parameter of the first-stage response end, a second key parameter of the middle-stage response end and a second key parameter of the last-stage response end, which are returned by the response ends;
generating a second key parameter of the first-stage response end based on the first intermediate value; the second key parameter of the first-stage response end is used for being sent to the second-stage response end;
the second key parameter of the middle-stage response end is generated based on the second key parameter of the previous-stage response end; the second key parameter of the middle-stage response end is used for being sent to the next-stage response end;
the second key parameter of the last-stage response end is generated based on the second key parameter of the previous-stage response end; and the second key parameter of the last-stage response end is used for sending to the request end.
8. The method of claim 6, the second key parameter comprising: private key parameters and public key parameters;
generating a private key based on the at least two levels of the second key parameter and the first key parameter, including:
determining a temporary private key parameter based on the private key parameter of the last-stage response end and the first key parameter;
verifying the corresponding relation between the temporary private key parameter and the public key parameters of the at least two stages;
and if the verification is passed, determining the temporary private key parameter as a private key.
9. An electronic device, comprising:
the first receiving module is used for receiving a key application sent by a request end, wherein the key application carries a first intermediate value; the first intermediate value is generated by the request terminal based on a first key parameter;
the first generation module is used for generating at least two levels of second key parameters based on the first intermediate value; the second key parameters of the at least two levels include: the second key parameter of the first-stage response end, the second key parameter of the middle-stage response end and the second key parameter of the last-stage response end;
the first sending module is used for sending the second key parameters of the at least two levels to the request end; the second key parameter and the first key parameter of the at least two levels are used together for the request end to generate a private key.
10. An electronic device, comprising:
the calculation module is used for obtaining a first intermediate value based on the first key parameter;
a second sending module, configured to send a key application carrying the first intermediate value to a response end;
a second receiving module, configured to receive the at least two levels of second key parameters returned by the response end based on the first intermediate value; the second key parameters of the at least two levels include: the second key parameter of the first-stage response end, the second key parameter of the middle-stage response end and the second key parameter of the last-stage response end;
and the second generation module is used for generating a private key based on the second key parameter of the at least two levels and the first key parameter.
CN201910472125.7A 2019-05-31 2019-05-31 Information processing method and electronic equipment Active CN110266478B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910472125.7A CN110266478B (en) 2019-05-31 2019-05-31 Information processing method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910472125.7A CN110266478B (en) 2019-05-31 2019-05-31 Information processing method and electronic equipment

Publications (2)

Publication Number Publication Date
CN110266478A CN110266478A (en) 2019-09-20
CN110266478B true CN110266478B (en) 2021-05-18

Family

ID=67916307

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910472125.7A Active CN110266478B (en) 2019-05-31 2019-05-31 Information processing method and electronic equipment

Country Status (1)

Country Link
CN (1) CN110266478B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995443A (en) * 2019-12-02 2020-04-10 联想(北京)有限公司 Data processing method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104539423A (en) * 2014-12-16 2015-04-22 熊荣华 Achievement method of certificate-less public key cryptosystem without bilinear pairing operation
CN107248909A (en) * 2017-03-16 2017-10-13 北京百旺信安科技有限公司 It is a kind of based on SM2 algorithms without Credential-Security endorsement method
CN109672539A (en) * 2019-03-01 2019-04-23 深圳市电子商务安全证书管理有限公司 SM2 algorithm collaboration signature and decryption method, apparatus and system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1655498A (en) * 2004-02-10 2005-08-17 管海明 Multi-center identity-based key management method
CN101166088A (en) * 2007-09-27 2008-04-23 航天信息股份有限公司 Encryption and decryption method based on user identity identifier
CN101562519B (en) * 2009-05-27 2011-11-30 广州杰赛科技股份有限公司 Digital certificate management method of user packet communication network and user terminal for accessing into user packet communication network
WO2014069783A1 (en) * 2012-10-31 2014-05-08 삼성에스디에스 주식회사 Password-based authentication method, and apparatus for performing same
KR20150128081A (en) * 2014-05-08 2015-11-18 삼성전자주식회사 Method For Managing Key And Electronic Device Using The Same
CN104935582B (en) * 2015-05-27 2018-01-16 成都华西公用医疗信息服务有限公司 Big data storage method
CN107317789B (en) * 2016-04-27 2020-07-21 华为技术有限公司 Key distribution and authentication method, device and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104539423A (en) * 2014-12-16 2015-04-22 熊荣华 Achievement method of certificate-less public key cryptosystem without bilinear pairing operation
CN107248909A (en) * 2017-03-16 2017-10-13 北京百旺信安科技有限公司 It is a kind of based on SM2 algorithms without Credential-Security endorsement method
CN109672539A (en) * 2019-03-01 2019-04-23 深圳市电子商务安全证书管理有限公司 SM2 algorithm collaboration signature and decryption method, apparatus and system

Also Published As

Publication number Publication date
CN110266478A (en) 2019-09-20

Similar Documents

Publication Publication Date Title
EP3318043B1 (en) Mutual authentication of confidential communication
JP2019507510A (en) Common secret determination for secure exchange of information and hierarchical and deterministic encryption keys
JP2017517979A (en) Common method RSA key pair for signature generation and encryption / decryption
Li et al. Privacy preserving cloud data auditing with efficient key update
US11108565B2 (en) Secure communications providing forward secrecy
US9705683B2 (en) Verifiable implicit certificates
JP2008507203A (en) Method for transmitting a direct proof private key in a signed group to a device using a distribution CD
US20080095360A1 (en) Signature System and Signature Method
US9185111B2 (en) Cryptographic authentication techniques for mobile devices
JP2013066151A (en) Information processing device, information processing method, and program
US10103894B2 (en) Creating a digital certificate for a service using a local certificate authority
EP3700128A1 (en) Identity authentication method and system, as well as computing device and storage medium
WO2014068427A1 (en) Reissue of cryptographic credentials
CN110266478B (en) Information processing method and electronic equipment
CN111628868B (en) Digital signature generation method and device, computer equipment and storage medium
CN106789087B (en) Method and system for determining data digest of message and multi-party-based digital signature
CN111553686A (en) Data processing method and device, computer equipment and storage medium
CN111147245A (en) Algorithm for encrypting by using national password in block chain
CN110990484A (en) Block chain based information storage method and system, computer equipment and storage medium
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
US10880100B2 (en) Apparatus and method for certificate enrollment
WO2019110399A1 (en) Two-party signature device and method
KR101253683B1 (en) Digital Signing System and Method Using Chained Hash
Cortez et al. Cryptographic Randomness Test of the Modified Hashing Function of SHA256 to Address Length Extension Attack
Sathya et al. A comprehensive study of Blockchain Services: Future of Cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant