CN110719163A - Information processing method, device and storage medium - Google Patents
Information processing method, device and storage medium Download PDFInfo
- Publication number
- CN110719163A CN110719163A CN201910935927.7A CN201910935927A CN110719163A CN 110719163 A CN110719163 A CN 110719163A CN 201910935927 A CN201910935927 A CN 201910935927A CN 110719163 A CN110719163 A CN 110719163A
- Authority
- CN
- China
- Prior art keywords
- identity
- identifier
- server
- target
- information processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the application discloses an information processing method, which is applied to a server and comprises the following steps: receiving a registration request sent by first equipment; the registration request carries the identity of the first device; determining a target identifier corresponding to the first equipment according to the identity identifier; and sending the identity identifier, the identifier of the server and the target identifier to a block chain so as to enable the block chain to store a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier. The embodiment of the application also discloses an information processing method, an information processing device and a storage medium which are applied to the first device.
Description
Technical Field
The embodiment of the application relates to the technical field of computers, and relates to but is not limited to an information processing method, information processing equipment and a storage medium.
Background
In the related art, the method for managing the user identifier by using a certificate-free secret key system is to apply a certificate management system of a certificate authority to replace a certificate with the user public key identifier. In this case, there are security problems such as the identification server power being too concentrated, the initiative being badly done, being invaded maliciously, and the like.
Disclosure of Invention
The embodiment of the application provides an information processing method, information processing equipment and a storage medium.
The technical scheme of the embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides an information processing method, which is applied to a server, and the method includes:
receiving a registration request sent by first equipment; the registration request carries the identity of the first device;
determining a target identifier corresponding to the first equipment according to the identity identifier;
and sending the identity identifier, the identifier of the server and the target identifier to a block chain so as to enable the block chain to store a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier.
In a second aspect, an embodiment of the present application provides an information processing method, which is applied to a first device, and the method includes:
sending a registration request to a server; the registration request carries the identity of the first device; the identity is used for the server to determine a target identity corresponding to the first device;
and storing a first corresponding relation formed by the identity identification, the identification of the server and the target identification in a block chain.
In a third aspect, an embodiment of the present application further provides an information processing apparatus, including a processor and a memory for storing a computer program capable of running on the processor; when the computer program is executed, the processor is configured to execute any one of the information processing methods applied to the server or any one of the information processing methods applied to the first device in the above-mentioned scheme.
In a fourth aspect, the present application further provides a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the information processing method applied to any one of the servers or the information processing method applied to any one of the first devices in the above-mentioned schemes.
In the embodiment of the application, a registration request sent by first equipment is received; the registration request carries the identity of the first device; determining a target identifier corresponding to the first equipment according to the identity identifier; sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier; therefore, the target identification stored in the block chain is not easy to be tampered, the safety problems of malicious invasion and the like are solved, only the target identification is stored in the block chain, and the private key and the public key are generated according to the target identification when needed, so that the problems that the public key is stored in the identification server and the authority of the identification server is concentrated in the prior art are solved.
Drawings
In the drawings, which are not necessarily drawn to scale, like reference numerals may describe similar components in different views. Like reference numerals having different letter suffixes may represent different examples of similar components. The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed herein.
Fig. 1A is a schematic structural diagram of an information processing system according to an embodiment of the present application;
fig. 1B is a schematic flow chart illustrating an implementation of an information processing method according to an embodiment of the present application;
fig. 2 is a schematic flow chart illustrating an implementation of an information processing method according to an embodiment of the present application;
fig. 3 is a schematic flow chart of an implementation of the information processing method according to the embodiment of the present application;
fig. 4 is a schematic flow chart of an implementation of the information processing method according to the embodiment of the present application;
fig. 5 is a schematic flow chart of an implementation of the information processing method according to the embodiment of the present application;
fig. 6 is a schematic flow chart six of an implementation of the information processing method according to the embodiment of the present application;
FIG. 7 is a schematic diagram of identity registration provided by an embodiment of the present application;
FIG. 8 is a schematic diagram of an identify query provided by an embodiment of the present application;
fig. 9 is a schematic diagram of identity revocation provided by an embodiment of the present application;
fig. 10 is a block structure according to an embodiment of the present disclosure;
fig. 11 is a first schematic structural diagram illustrating a composition of an information processing apparatus according to an embodiment of the present disclosure;
fig. 12 is a schematic diagram illustrating a second structure of an information processing apparatus according to an embodiment of the present application;
fig. 13 is a schematic diagram of a hardware structure of an information processing apparatus according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, specific technical solutions of the present application will be described in further detail below with reference to the accompanying drawings in the embodiments of the present application. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application.
In describing the embodiments of the present application in detail, the cross-sectional views illustrating the structure of the device are not enlarged partially in a general scale for convenience of illustration, and the schematic drawings are only examples, which should not limit the scope of the present application. In addition, the three-dimensional dimensions of length, width and depth should be included in the actual fabrication.
The embodiment of the application provides an information processing method, which is applied to electronic equipment in an information processing system for implementing the information processing method, wherein each functional module in the electronic equipment can be cooperatively realized by hardware resources of the electronic equipment (such as terminal equipment and a server), such as computing resources of a processor and the like, detection resources of a sensor and the like, and communication resources.
As shown in fig. 1A, the information processing system includes: a first device 21 and a server 22.
The electronic device may be any electronic device with information processing capability, and in one embodiment, the electronic device may be an intelligent terminal, for example, a mobile terminal with wireless communication capability such as a notebook, an AR device, or the like. In another embodiment, the electronic device may also be a computing-capable terminal device that is not mobile, such as a desktop computer, a server, etc.
Of course, the embodiments of the present application are not limited to being provided as methods and hardware, and may be provided as a storage medium (storing instructions for executing the information processing method provided by the embodiments of the present application) in various ways.
Fig. 1B is a schematic view of an implementation flow of an information processing method in an embodiment of the present application, where the information processing method is applied to a server, and as shown in fig. 1B, the method includes the following steps:
step 101: receiving a registration request sent by first equipment;
here, the server receives a registration request sent by the first device; the first device can be an electronic device such as a mobile phone and a computer.
The registration request received by the server carries the identity of the first device, and the identity may include: and the mobile phone number, the identity card number and other identifications representing the identity of the user corresponding to the first equipment.
Step 102: determining a target identifier corresponding to the first equipment according to the identity identifier;
here, after receiving the registration request sent by the first device, the server determines the target identifier corresponding to the first device according to the identity identifier carried in the registration request.
Here, the registration request may also carry partial information of the public key of the first device, where the partial information of the public key of the first device may be generated by the first device according to the identity of the first device. Part of the information of the public key may be part of the information in the public key, such as: the public key is 12398764, and part of the information of the public key may be 8764.
It should be noted that, when determining the target identifier corresponding to the first device, the target identifier corresponding to the first device may also be determined according to the identity identifier carried in the registration request and partial information of the public key of the first device.
Here, the information processing system may include one server or a server cluster composed of a plurality of servers, and if the information processing system includes one server, the server determines a target identifier corresponding to the first device according to the identity identifier carried in the registration request and partial information of the public key of the first device; if the information processing system comprises a server cluster formed by a plurality of servers, any server in the server cluster transmits the registration request to each server in the server cluster after receiving the registration request, and each server determines a target identifier corresponding to the first device according to the identity identifier carried in the received registration request and partial information of the public key of the first device.
Step 103: and sending the identity identifier, the identifier of the server and the target identifier to a block chain so as to enable the block chain to store a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier.
Here, after the server determines the target identifier corresponding to the first device, the server sends the received identity identifier of the first device, the server identifier, and the determined target identifier to the blockchain, and the blockchain stores a first correspondence relationship formed by the identity identifier of the first device, the identifier of the server, and the determined target identifier.
If the server is a server, the blockchain stores a first corresponding relation formed by the identity of the first equipment, the identity of the server and the determined target identity; such as: the identity of the first device is IDAThe identification of the server is KGC1Target identification is PA1Then the blockchain stores a piece of data, which is IDA、KGC1、PA1And forming a corresponding relation.
If the server is more than one server, the blockchain stores a first corresponding relation formed by the identity identifications of the plurality of first devices, the identification of the server and the determined target identification; such as: the identity of the first device is IDAThe server is respectively marked with KGC1、KGC2、KGC3The target mark is respectively PA1、PA2、PA3Then the blockchain stores three pieces of data, ID respectivelyA、KGC1、PA1Corresponding relation, ID of the compositionA、KGC2、PA2Formed correspondence and IDA、KGC3、PA3And forming a corresponding relation.
It should be noted that, assuming that the maximum number of data pieces that each block in the block chain can hold is K, a preset time interval L is provided, when the number of data pieces received by the block chain in L is less than K, a new block is generated from the received data every L time, and when a message received in L is greater than K, a new block is generated by the block chain, and the process is repeated.
When the block chain stores a first corresponding relation formed by the identity of the first device, the identifier of the server and the target identifier, if the first corresponding relation is within a preset time interval L and the number of received data is less than K, the first corresponding relation is stored in the current block, and if the first corresponding relation is outside the preset time interval L or the number of the received data is greater than K, the first corresponding relation is stored in a newly generated block.
The information processing method provided by the embodiment of the application is applied to a server, and the method comprises the following steps: receiving a registration request sent by first equipment; the registration request carries the identity of the first device; determining a target identifier corresponding to the first equipment according to the identity identifier; sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier; therefore, the target identification stored in the block chain is not easy to be tampered, the safety problems of malicious invasion and the like are solved, only the target identification is stored in the block chain, and the private key and the public key are generated according to the target identification when needed, so that the problems that the public key is stored in the identification server and the authority of the identification server is concentrated in the prior art are solved.
The embodiment of the application provides an information processing method, which is applied to the following steps: the information processing system of the first device and the server, as shown in fig. 2, the method includes the steps of:
step 201: the first equipment sends a registration request to a server;
here, the first device sends a registration request to the server, and the first device may be an electronic device such as a mobile phone or a computer.
The identity of the first device is carried in a registration request sent by the first device to the server, and the identity may include: and the mobile phone number, the identity card number and other identifications representing the identity of the user corresponding to the first equipment. The identity identification is used for the server to determine a target identification corresponding to the first equipment; and storing a first corresponding relation formed by the identity of the first equipment, the identifier of the server and the target identifier in the block chain.
Step 202: the server receives a registration request sent by first equipment;
and the registration request carries the identity of the first equipment.
Step 203: the server determines a target identifier corresponding to the first equipment according to the identity identifier;
step 204: and the server sends the identity identifier, the identifier of the server and the target identifier to a block chain so as to enable the block chain to store a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier.
In step 202 to step 204, refer to step 101 to step 103 in the above embodiments, respectively.
According to the information processing method provided by the embodiment of the application, the target identifier corresponding to the first device can be determined according to the information carried in the registration request sent by the first device, and the corresponding relation formed by the identity identifier, the identifier of the server and the target identifier is stored in the block chain; therefore, the target identification stored in the block chain is not easy to be tampered, and the safety problems of malicious intrusion and the like are solved.
The embodiment of the application provides an information processing method, which is applied to the following steps: the information processing system of the first device and the server, as shown in fig. 3, the method includes the steps of:
step 301: the first equipment sends a registration request to a server;
the registration request carries the identity of the first device; the identity is used for the server to determine a target identity corresponding to the first device; and storing a first corresponding relation formed by the identity identification, the identification of the server and the target identification in a block chain.
Step 302: the server receives a registration request sent by first equipment;
and the registration request carries the identity of the first equipment.
Step 303: the server determines a target identifier corresponding to the first equipment according to the identity identifier;
step 304: the server sends the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier;
in step 301 to step 304, refer to step 201 to step 204 in the above embodiments.
Step 305: the server determines partial information of a private key of the first device according to the identity and partial information of the public key of the first device carried in the registration request;
here, the first device sends a registration request to the server, where the registration request carries the identity of the first device and partial information of the public key of the first device, and after receiving the registration request, the server determines partial information of the private key of the first device according to the identity of the first device and the partial information of the public key of the first device.
Step 306: the server sends the target identification and partial information of the private key to the first device so that the first device can determine the private key;
here, the server transmits the determined target identification of the first device and the partial information of the private key of the first device to the first device, so that the first device determines the private key of the first device according to the target identification of the first device and the partial information of the private key of the first device.
Step 307: the first device receives the target identification and partial information of a private key of the first device, which are sent by the server;
here, the first device receives the target identifier of the first device and partial information of the private key of the first device, which are sent by the server;
and the server determines the partial information of the private key of the first device according to the identity of the first device and the partial information of the public key of the first device carried in the registration request.
Step 308: and the first equipment determines the private key according to the target identification and partial information of the private key.
Here, after receiving the target identifier of the first device and the partial information of the private key of the first device, which are sent by the server, the first device determines the private key of the first device according to the target identifier of the first device and the partial information of the private key of the first device.
According to the information processing method provided by the embodiment of the application, the private key of the first device can be determined according to the target identifier of the first device and partial information of the private key of the first device; in this way, the signature can be obtained using the private key.
An information processing method provided in an embodiment of the present application is applied to a server, and as shown in fig. 4, the method includes the following steps:
step 401: receiving a registration request sent by first equipment;
and the registration request carries the identity of the first equipment.
Step 402: determining a target identifier corresponding to the first equipment according to the identity identifier;
step 403: sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier;
wherein, steps 401 to 403 refer to steps 101 to 103 in the above embodiment.
Step 404: receiving a first target identification query request sent by second equipment;
here, the server receives a first target identifier query request sent by the second device, where the first target identifier query request carries an identity of the first device. Wherein the second device is a different electronic device than the first device.
In practical application, the first device may send a message to the second device, where the message carries an identity of the first device, the second device obtains the identity of the first device after receiving the message sent by the first device, sends the identity of the first device carrying a first target identifier query request to the server, and the server receives the first target identifier query request sent by the second device.
Step 405: sending the identity identifier to the block chain, and receiving a target identifier which is sent by the block chain and corresponds to the identity identifier and is determined based on the first corresponding relation;
here, after receiving a first target identifier query request sent by a second device, a server obtains an identity of a first device in the first target identifier query request, and sends the identity of the first device to a block chain, after receiving the identity of the first device, the block chain determines a target identifier corresponding to the identity of the first device in a first corresponding relationship formed by the identity of the first device, an identifier of the server, and the target identifier, sends the determined target identifier to the server, and the server receives the target identifier sent by the block chain.
Such as: the identity of the first device is IDAThe first correspondence is IDA、KGC1、PA1The formed corresponding relation indicates that the target identifier corresponding to the identity identifier of the first device is PA1The server receives the target identification PA sent by the block chain1。
Step 406: and sending the received target identifier to the second device, so that the second device determines the public key of the first device according to the target identifier.
Here, after the server receives the target identifier sent by the blockchain, the server sends the received target identifier to the second device, so that the second device can determine the public key of the first device according to the target identifier corresponding to the first device, and thus verify the signature by using the public key.
In the information processing method provided by the embodiment of the application, the second device obtains the target identifier corresponding to the first device according to the first target identifier query request carrying the identity identifier of the first device, and determines the public key of the first device according to the target identifier; in this way, the signature can be verified based on the public key.
An information processing method provided in an embodiment of the present application is applied to a first device, and as shown in fig. 5, the method includes the following steps:
step 501: sending a registration request to a server;
the registration request carries the identity of the first device; the identity is used for the server to determine a target identity corresponding to the first device; and storing a first corresponding relation formed by the identity identification, the identification of the server and the target identification in a block chain.
Wherein, step 501 refers to step 201 in the above embodiment.
Step 502: receiving an identification query request sent by third equipment;
here, the first device receives an identifier query request sent by a third device, where the identifier query request carries an identity identifier of the third device, where the third device is an electronic device different from the first device, and the first device and the second device may be different devices or the same device.
In practical application, the third device signs the message msg by using a private key to obtain signature information sig, carries the identity identifier of the third device, the message msg and the signature information sig in an identifier query request and sends the identifier query request to the first device, and the first device receives the identifier query request sent by the third device.
Step 503: sending a second target identifier query request carrying the identity identifier of the third device to the server according to the identifier query request, so that the server searches for the target identifier corresponding to the third device according to the identity identifier of the third device;
here, the first device receives an identifier query request sent by the third device, obtains an identity of the third device, carries the identity of the third device in the second target identifier query request, and sends the second target identifier query request to the server, so that the server searches for a target identifier corresponding to the third device according to the identity of the third device.
Step 504: and receiving a target identifier corresponding to the third device sent by the server, so as to determine a public key of the third device according to the target identifier corresponding to the third device.
After the server searches for the target identifier corresponding to the third device according to the identity identifier of the third device, the target identifier corresponding to the third device is sent to the first device, the first device receives the target identifier corresponding to the third device sent by the server, and determines the public key of the third device according to the target identifier corresponding to the third device, so that the first device verifies the signature information sig of the third device by using the public key of the third device.
According to the information processing method provided by the embodiment of the application, the first device determines the public key of the third device according to the target identifier corresponding to the third device; in this way, the signature of the third device can be verified from the public key.
An information processing method provided in an embodiment of the present application is applied to a server, and as shown in fig. 6, the method includes the following steps:
step 601: receiving a registration request sent by first equipment;
and the registration request carries the identity of the first equipment.
Step 602: determining a target identifier corresponding to the first equipment according to the identity identifier;
step 603: sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier;
wherein, steps 601 to 603 refer to steps 101 to 103 in the above embodiment.
Step 604: receiving an identification revocation request sent by the first device;
here, the server receives an identifier revocation request sent by the first device, where the identifier revocation request carries an identity of the first device.
Step 605: updating the state of the identity identifier into a revocation state according to the identifier revocation request;
here, after receiving the identifier revocation request sent by the first device, the server updates the state of the identifier corresponding to the identifier of the first device to a revoked state according to the identifier of the first device carried in the identifier revocation request.
Such as: the identity of the first device carried in the identity revocation request is IDAServer IDAThe status of the corresponding identity is updated to 1, where 1 characterizes the identity ID of the first deviceAThe state of the corresponding identity is a revocation state.
Here, if the server is a server, the server updates a state of an id corresponding to the id of the first device. Such as: the identity of the first device is IDAThe identification of the server is KGC1If the status of the ID is 0, the server KGC1ID (identity)AThe state of the corresponding identity is updated to 1,wherein, the state of 0 representing the identity is the registration state.
And if the server is the server cluster, the server updates the states of the plurality of the identification marks corresponding to the identification mark of the first equipment. Such as: the identity of the first device is IDAThe identification of the server is KGC1The status of the identity label is 0; the identity of the first device is IDAThe identification of the server is KGC2The status of the identity label is 0; the identity of the first device is IDAThe identification of the server is KGC3If the status of the ID is 0, the server KGC1、KGC2、KGC3Respectively will IDAThe state of the corresponding id is updated to 1.
Step 606: and sending the identity and the updated state of the identity to the block chain so as to synchronize the state of the identity by the block chain.
Here, after the server completes updating the status of the id, the server sends the id and the updated status of the id to the blockchain, so that the blockchain synchronizes the status of the id.
It should be noted that the block chain stores a corresponding relationship formed by the status of the identity and the status of the identity, and when the status of the identity is updated, the server sends the identity and the updated status of the identity to the block chain, so that the block chain synchronizes the status of the identity.
The information processing method provided by the embodiment of the application can update the state of the identity according to the identity revocation request, so that the block chain synchronizes the state of the identity.
In the embodiments of the present application, the information processing method provided in the embodiments of the present application is described in a specific scenario.
The certificateless identity management system based on the block chain can be divided into the user equipment and the trusted center KGC according to roles, and can be divided into functions of identification registration, identification inquiry, identification cancellation and the like according to functions.
The flow of identity registration includes the following steps, as shown in fig. 7:
step 701: the user equipment A sends the identity ID and the partial public key XA to one of the trusted center KGC clusters to apply for registration; wherein, the KGC cluster includes: KGC1, KGC2, … KGCi, KGCN.
Step 702: the information of application registration of the user equipment A is transmitted among the KGCs, and each KGC participates in calculation to generate a corresponding auxiliary identifier Pai;
step 703: KGC finally reaches the agreement, each KGC node has a sub-identifier set { Pai }, and the sub-identifiers are written into the block chain;
step 704: the KGC sends the secondary identification and a part of private keys obtained by calculation according to the identity identification ID and the part of public keys XA to the user equipment A;
step 705: the user device a calculates and saves the final private key dA.
The process of identifying queries includes the following steps, as shown in FIG. 8:
step 801: the identification query operation is carried out in a signature verification process, and the user equipment A signs the message msg by using a private key dA to obtain sig;
the ID is a main identification of the user equipment A, and the user equipment A sends { ID, sig, msg } to the user equipment B;
step 802: user equipment B receives the message and the signature and sends an ID to KGC to apply for the secondary identification;
step 803: KGC receives ID to check its validity, and returns the auxiliary mark meeting the condition to user equipment B;
step 804: user device B executes a recover public key algorithm and verifies the signature using the public key.
The process of identity revocation includes the following steps, as shown in fig. 9:
step 901: user equipment A submits an identifier revocation application to the KGC cluster;
step 902: the revocation message is propagated in the KGC cluster, and each KGC completes the state modification of the user equipment A;
step 903: the data structure of the block chain is provided with an identification column in a revocation state, and when the identification column is set to be 1, the identification column indicates that the identification is revoked;
step 904: if the KGC finally agrees, the execution result is returned to the user equipment a.
The structure of the block chain is shown in fig. 10, and a block of the block chain includes a block header 1001, block data 1002, and version data 1003;
the block header 1001 includes a block number, a digest of a previous block, and a digest of a current block;
the block data 1002 is a main body storing identification information, where each message includes an identity ID, a KGC name corresponding to the identity ID, a secondary identity Pai generated by the KGC, and attribute information attributes, such as: time, organization name, location, etc., signature sig of KGC, revocation status revocation;
the first block data is initial block data, and the initial block data comprises system parameters (E, G, n) and master public keys P1 and P2 … PN of each KGC establishing stage;
here, the generation logic of the blocks of the block chain is: presetting the maximum number of messages which can be accommodated in each block as K, presetting a time interval L, generating a new block every L time when the message received in L is less than K, immediately generating the new block when the message received in L is more than K, and repeating the steps.
According to the information processing method provided by the embodiment of the application, identity identification is maintained by using a non-falsifiable chain storage structure in a distributed mode among the credible centers, and functions of identification registration, identification inquiry, identification cancellation and the like based on the block chain are provided. The security problems of over centralized power, malicious initiative, malicious invasion and the like caused by using the identification server are solved while the performance and the expandability are improved.
The embodiment of the application also provides an information processing device, which is applied to the server, and each module included in the information processing device can be realized by a processor of the information processing equipment; of course, the implementation can also be realized through a specific logic circuit; in implementation, the processor may be a Central Processing Unit (CPU), a Microprocessor (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like.
As shown in fig. 11, the information processing apparatus 110 includes:
a first receiving module 1101, configured to receive a registration request sent by a first device; the registration request carries the identity of the first device;
a first determining module 1102, configured to determine, according to the identity, a target identifier corresponding to the first device;
a storage module 1103, configured to send the identity, the identifier of the server, and the target identifier to a block chain, so that the block chain stores a first corresponding relationship formed by the identity, the identifier of the server, and the target identifier.
In some embodiments, the information processing apparatus 110 further includes:
a second determining module, configured to determine, according to the identity and partial information of the public key of the first device carried in the registration request, partial information of a private key of the first device;
and the first sending module is used for sending the target identification and part of the information of the private key to the first equipment so as to enable the first equipment to determine the private key.
In some embodiments, the information processing apparatus 110 further includes:
a second receiving module, configured to receive a first target identifier query request sent by a second device, where the first target identifier query request carries the identity identifier;
a third receiving module, configured to send the identity to the block chain, and receive a target identity corresponding to the identity determined based on the first corresponding relationship and sent by the block chain;
and the second sending module is used for sending the received target identifier to the second equipment so that the second equipment determines the public key of the first equipment according to the target identifier.
In some embodiments, the information processing apparatus 110 further includes:
a fourth receiving module, configured to receive an identifier revocation request sent by the first device; the identity is carried by the identity revocation request;
and the updating module is used for updating the state of the identity identifier into a revocation state according to the identifier revocation request.
In some embodiments, the apparatus 110 further comprises: and the synchronization module is used for sending the identity and the updated state of the identity to the block chain so as to enable the block chain to synchronize the state of the identity.
The embodiment of the application also provides an information processing device, which is applied to the first equipment, and each module included in the information processing device can be realized by a processor of the information processing equipment; of course, the implementation can also be realized through a specific logic circuit; in implementation, the processor may be a Central Processing Unit (CPU), a Microprocessor (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like.
As shown in fig. 12, the information processing apparatus 120 includes:
a first sending module 1201, configured to send a registration request to a server; the registration request carries the identity of the first device; the identity is used for the server to determine a target identity corresponding to the first device;
wherein, a first corresponding relation formed by the identity identification, the identification of the server and the target identification is stored in a block chain;
in some embodiments, the information processing apparatus 120 further includes:
the first receiving module is used for receiving the target identifier sent by the server and partial information of a private key of the first device; the server determines partial information of the private key according to the identity and partial information of the public key of the first device carried in the registration request;
and the determining module is used for determining the private key according to the target identification and partial information of the private key.
In some embodiments, the information processing apparatus 120 further includes:
the second receiving module is used for receiving the identifier query request sent by the third equipment; the identity query request carries an identity of the third device;
a second sending module, configured to send a second target identifier query request carrying an identifier of the third device to the server according to the identifier query request, so that the server searches for a target identifier corresponding to the third device according to the identifier of the third device;
a third receiving module, configured to receive the target identifier corresponding to the third device sent by the server, so as to determine the public key of the third device according to the target identifier corresponding to the third device.
It should be noted that: in the information processing apparatus provided in the above embodiment, only the division of each program module is exemplified in the information processing, and in practical applications, the processing may be distributed to different program modules as needed, that is, the internal structure of the apparatus may be divided into different program modules to complete all or part of the processing described above. In addition, the information processing apparatus and the information processing method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments and are not described herein again.
The information processing apparatus 130 shown in fig. 13 includes: at least one processor 1310, memory 1340, at least one network interface 1320, a user interface 1330. Various components within the information processing device 130 are coupled together by a bus system 1350. It is understood that bus system 1350 is used to enable connected communications between these components. Bus system 1350 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are designated in fig. 13 as the bus system 1350.
User interface 1330 may include a display, keyboard, mouse, trackball, click wheel, keys, buttons, touch pad, touch screen, or the like.
Memory 1340 may be either volatile memory or nonvolatile memory, and may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read Only Memory (ROM). The volatile Memory may be a Random Access Memory (RAM). The memory 1340 described in connection with embodiments of the present invention is intended to comprise any suitable type of memory.
The memory 1340 in an embodiment of the present invention can store data to support the operation of the information processing apparatus 130. Examples of such data include: any computer program for operating on the information processing apparatus 130, such as an operating system and an application program. The operating system includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The application program may include various application programs.
The processor 1310 is configured to execute the computer program to implement the steps in the information processing method applied to the server or the steps in the information processing method applied to the first device provided in the above embodiments.
As an example of the method provided by the embodiment of the present invention implemented by a combination of hardware and software, the method provided by the embodiment of the present invention can be directly embodied as a combination of software modules executed by the processor 1310, for example, an information processing apparatus provided by the embodiment of the present invention, the software modules of the information processing apparatus can be stored in the memory 1340, the processor 1310 reads executable instructions included in the software modules in the memory 1340, and the information processing method provided by the embodiment of the present invention is completed in combination with necessary hardware (for example, including the processor 1310 and other components connected to the bus 1350).
By way of example, the Processor 1310 may be an integrated circuit chip having Signal processing capabilities, such as a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like, wherein the general purpose Processor may be a microprocessor or any conventional Processor or the like.
Here, it should be noted that: the above description of the embodiment of the information processing apparatus is similar to the above description of the method, and has the same beneficial effects as the embodiment of the method, and therefore, the description is omitted. For technical details that are not disclosed in the embodiments of the information processing apparatus of the present application, those skilled in the art should refer to the description of the embodiments of the method of the present application for understanding, and for the sake of brevity, will not be described again here.
In an exemplary embodiment, the present application further provides a storage medium, which may be a computer-readable storage medium, for example, including a memory storing a computer program, which can be processed by a processor to implement the steps of the foregoing method. The computer readable storage medium may be Memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface Memory, optical disk, or CD-ROM.
Embodiments of the present application also provide a computer-readable storage medium on which a computer program is stored, the computer program implementing the steps in the information processing method applied to the server or the steps in the information processing method applied to the first device provided in the above embodiments when being processed by the processor.
Here, it should be noted that: the above description of the computer medium embodiment is similar to the above description of the method, and has the same beneficial effects as the method embodiment, and therefore, the description thereof is omitted. For technical details not disclosed in the embodiments of the storage medium of the present application, those skilled in the art should refer to the description of the embodiments of the method of the present application for understanding, and for the sake of brevity, will not be described again here.
The method disclosed by the embodiment of the present application can be applied to the processor or implemented by the processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be implemented by integrated logic circuits of hardware or instructions in the form of software in the processor. The processor described above may be a general purpose processor, a DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in a memory and the processor reads the information in the memory and performs the steps of the method described above in conjunction with its hardware.
It will be appreciated that the memory(s) of embodiments of the present application can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a flash Memory (flash Memory), a magnetic surface Memory, an optical disk, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM, Double Data Synchronous Random Access Memory), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM, Enhanced Synchronous Dynamic Random Access Memory), Synchronous link Dynamic Random Access Memory (SLDRAM, Synchronous Dynamic Random Access Memory), Direct Memory bus (DRmb Access Memory, Random Access Memory). The memories described in the embodiments of the present application are intended to comprise, without being limited to, these and any other suitable types of memory.
It should be understood by those skilled in the art that other configurations and functions of the information processing method in the embodiments of the present application are known to those skilled in the art, and are not described in detail in order to reduce redundancy.
In the description herein, reference to the description of the terms "one embodiment," "some embodiments," "an example," "a specific example" or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present application have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the application, the scope of which is defined by the claims and their equivalents.
Claims (10)
1. An information processing method applied to a server, the method comprising:
receiving a registration request sent by first equipment; the registration request carries the identity of the first device;
determining a target identifier corresponding to the first equipment according to the identity identifier;
and sending the identity identifier, the identifier of the server and the target identifier to a block chain so as to enable the block chain to store a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier.
2. The method of claim 1, further comprising:
determining partial information of a private key of the first device according to the identity and partial information of the public key of the first device carried in the registration request;
and sending the target identification and partial information of the private key to the first equipment so as to enable the first equipment to determine the private key.
3. The method of claim 1, further comprising:
receiving a first target identifier query request sent by second equipment, wherein the first target identifier query request carries the identity identifier;
sending the identity identifier to the block chain, and receiving a target identifier which is sent by the block chain and corresponds to the identity identifier and is determined based on the first corresponding relation;
and sending the received target identifier to the second device, so that the second device determines the public key of the first device according to the target identifier.
4. The method of claim 1, further comprising:
receiving an identification revocation request sent by the first device; the identity is carried by the identity revocation request;
and updating the state of the identity identifier into a revocation state according to the identifier revocation request.
5. The method of claim 4, further comprising:
and sending the identity and the updated state of the identity to the block chain so as to synchronize the state of the identity by the block chain.
6. An information processing method applied to a first device, the method comprising:
sending a registration request to a server; the registration request carries the identity of the first device; the identity is used for the server to determine a target identity corresponding to the first device;
and storing a first corresponding relation formed by the identity identification, the identification of the server and the target identification in a block chain.
7. The method of claim 6, further comprising:
receiving the target identification and partial information of a private key of the first device, which are sent by the server; the server determines partial information of the private key according to the identity and partial information of the public key of the first device carried in the registration request;
and determining the private key according to the target identification and partial information of the private key.
8. The method of claim 6, further comprising:
receiving an identification query request sent by third equipment; the identity query request carries an identity of the third device;
sending a second target identifier query request carrying the identity identifier of the third device to the server according to the identifier query request, so that the server searches for the target identifier corresponding to the third device according to the identity identifier of the third device;
and receiving a target identifier corresponding to the third device sent by the server, so as to determine a public key of the third device according to the target identifier corresponding to the third device.
9. An information processing apparatus comprising a processor and a memory for storing a computer program capable of running on the processor; wherein the processor is configured to execute the steps of the information processing method according to any one of claims 1 to 5 or 6 to 8 when the computer program is executed.
10. A storage medium on which a computer program is stored, the computer program realizing the steps in the information processing method according to any one of claims 1 to 5 or 6 to 8 when executed by a processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910935927.7A CN110719163B (en) | 2019-09-29 | 2019-09-29 | Information processing method, device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910935927.7A CN110719163B (en) | 2019-09-29 | 2019-09-29 | Information processing method, device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110719163A true CN110719163A (en) | 2020-01-21 |
CN110719163B CN110719163B (en) | 2022-09-23 |
Family
ID=69211105
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910935927.7A Active CN110719163B (en) | 2019-09-29 | 2019-09-29 | Information processing method, device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110719163B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112532646A (en) * | 2020-12-09 | 2021-03-19 | 杭州趣链科技有限公司 | Data sharing method, system, device, equipment and storage medium |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105634734A (en) * | 2016-02-26 | 2016-06-01 | 安徽师范大学 | Generalized signcryption method for information |
CN105701372A (en) * | 2015-12-18 | 2016-06-22 | 布比(北京)网络技术有限公司 | Block chain identity construction and verification method |
CN105790941A (en) * | 2016-04-22 | 2016-07-20 | 长沙市迪曼森信息科技有限公司 | Identity-based combined key generation and authentication method with field partition |
CN107295002A (en) * | 2017-07-12 | 2017-10-24 | 联动优势科技有限公司 | The method and server of a kind of high in the clouds data storage |
CN107395349A (en) * | 2017-08-16 | 2017-11-24 | 深圳国微技术有限公司 | A kind of block chain network cryptographic key distribution method based on self-certified public key system |
US20180225640A1 (en) * | 2017-02-06 | 2018-08-09 | Northern Trust Corporation | Systems and methods for issuing and tracking digital tokens within distributed network nodes |
WO2019137030A1 (en) * | 2018-01-11 | 2019-07-18 | 华为技术有限公司 | Safety certification method, related device and system |
CN110138560A (en) * | 2019-06-04 | 2019-08-16 | 北京理工大学 | A kind of dual-proxy cross-domain authentication method based on id password and alliance's chain |
CN110266482A (en) * | 2019-06-21 | 2019-09-20 | 郑州轻工业学院 | A kind of asymmetric group key agreement method based on block chain |
-
2019
- 2019-09-29 CN CN201910935927.7A patent/CN110719163B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105701372A (en) * | 2015-12-18 | 2016-06-22 | 布比(北京)网络技术有限公司 | Block chain identity construction and verification method |
CN105634734A (en) * | 2016-02-26 | 2016-06-01 | 安徽师范大学 | Generalized signcryption method for information |
CN105790941A (en) * | 2016-04-22 | 2016-07-20 | 长沙市迪曼森信息科技有限公司 | Identity-based combined key generation and authentication method with field partition |
US20180225640A1 (en) * | 2017-02-06 | 2018-08-09 | Northern Trust Corporation | Systems and methods for issuing and tracking digital tokens within distributed network nodes |
CN107295002A (en) * | 2017-07-12 | 2017-10-24 | 联动优势科技有限公司 | The method and server of a kind of high in the clouds data storage |
CN107395349A (en) * | 2017-08-16 | 2017-11-24 | 深圳国微技术有限公司 | A kind of block chain network cryptographic key distribution method based on self-certified public key system |
WO2019137030A1 (en) * | 2018-01-11 | 2019-07-18 | 华为技术有限公司 | Safety certification method, related device and system |
CN110138560A (en) * | 2019-06-04 | 2019-08-16 | 北京理工大学 | A kind of dual-proxy cross-domain authentication method based on id password and alliance's chain |
CN110266482A (en) * | 2019-06-21 | 2019-09-20 | 郑州轻工业学院 | A kind of asymmetric group key agreement method based on block chain |
Non-Patent Citations (1)
Title |
---|
OTHMANE NAIT HAMOUD等: "A New Certificateless System Construction for Multiple Key Generator Centers to Secure Device-to-Device Communications", 《ICETE 2019》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112532646A (en) * | 2020-12-09 | 2021-03-19 | 杭州趣链科技有限公司 | Data sharing method, system, device, equipment and storage medium |
CN112532646B (en) * | 2020-12-09 | 2022-08-16 | 杭州趣链科技有限公司 | Data sharing method, system, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110719163B (en) | 2022-09-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111434085B (en) | Domain name management scheme for cross-chain interaction in blockchain systems | |
CN110268677B (en) | Cross-chain interaction using domain name scheme in blockchain system | |
US11349674B2 (en) | Digital certificate management method and apparatus, computer device, and storage medium | |
CN110727712B (en) | Data processing method and device based on block chain network, electronic equipment and storage medium | |
US20210158347A1 (en) | Blockchain-based node management methods and apparatuses | |
KR102112459B1 (en) | Domain name system for cross-chain interactions in blockchain systems | |
CN110264200B (en) | Block chain data processing method and device | |
US20190042620A1 (en) | Optimizing queries and other retrieve operations in a blockchain | |
US8681995B2 (en) | Supporting DNS security in a multi-master environment | |
CN107483191B (en) | SM2 algorithm key segmentation signature system and method | |
KR102663060B1 (en) | Method and apparatus for implementing identity-based key management using smart contracts | |
EP3981126B1 (en) | Resolving decentralized identifiers using multiple resolvers | |
CN111385103B (en) | Authority processing method, system and device and electronic equipment | |
CN106991148B (en) | Database verification system and method supporting full-update operation | |
CN113612770A (en) | Cross-domain secure interaction method, system, terminal and storage medium | |
CN113094334B (en) | Digital service method, device, equipment and storage medium based on distributed storage | |
CN110544042A (en) | Book management method and device based on block chain network | |
EP3598333A1 (en) | Electronic device update management | |
CN109088914B (en) | Block generation method, block chain ecosystem and computer readable storage medium | |
WO2024063903A1 (en) | Verifiable attribute maps | |
CN108881261B (en) | Service authentication method and system based on block chain technology in container environment | |
CN110719163B (en) | Information processing method, device and storage medium | |
WO2021007863A1 (en) | Integrity auditing for multi-copy storage | |
CN112385178A (en) | Lightweight certificate status checking system for large number of certificates | |
Wang et al. | A lightweight data integrity verification with data dynamics for mobile edge computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |