CN110719163B - Information processing method, device and storage medium - Google Patents
Information processing method, device and storage medium Download PDFInfo
- Publication number
- CN110719163B CN110719163B CN201910935927.7A CN201910935927A CN110719163B CN 110719163 B CN110719163 B CN 110719163B CN 201910935927 A CN201910935927 A CN 201910935927A CN 110719163 B CN110719163 B CN 110719163B
- Authority
- CN
- China
- Prior art keywords
- identity
- identifier
- server
- target
- information processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The embodiment of the application discloses an information processing method, which is applied to a server and comprises the following steps: receiving a registration request sent by first equipment; the registration request carries the identity of the first device; determining a target identifier corresponding to the first equipment according to the identity identifier; and sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier. The embodiment of the application also discloses an information processing method, an information processing device and a storage medium which are applied to the first device.
Description
Technical Field
The embodiment of the application relates to the technical field of computers, and relates to but is not limited to an information processing method, information processing equipment and a storage medium.
Background
In the related art, the method for managing the user identifier by using a certificate-free secret key system is to apply a certificate management system of a certificate authority to replace a certificate with the user public key identifier. In this case, there are security problems such as the identification server power being too concentrated, the initiative being badly done, being invaded maliciously, and the like.
Disclosure of Invention
The embodiment of the application provides an information processing method, information processing equipment and a storage medium.
The technical scheme of the embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides an information processing method, which is applied to a server, and the method includes:
receiving a registration request sent by first equipment; the registration request carries the identity of the first device;
determining a target identifier corresponding to the first equipment according to the identity identifier;
and sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier.
In a second aspect, an embodiment of the present application provides an information processing method, which is applied to a first device, and the method includes:
sending a registration request to a server; the registration request carries the identity of the first device; the identity is used for the server to determine a target identity corresponding to the first device;
and storing a first corresponding relation formed by the identity identification, the identification of the server and the target identification in a block chain.
In a third aspect, an embodiment of the present application further provides an information processing apparatus, including a processor and a memory for storing a computer program capable of running on the processor; when the computer program is run, the processor is configured to execute any one of the information processing methods applied to the server or any one of the information processing methods applied to the first device in the above-mentioned scheme.
In a fourth aspect, the present application further provides a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the information processing method applied to any one of the servers or the information processing method applied to any one of the first devices in the above-mentioned schemes.
In the embodiment of the application, a registration request sent by first equipment is received; the registration request carries the identity of the first device; determining a target identifier corresponding to the first equipment according to the identity identifier; sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier; therefore, the target identification stored in the block chain is not easy to be tampered, the safety problems of malicious invasion and the like are solved, only the target identification is stored in the block chain, and the private key and the public key are generated according to the target identification when needed, so that the problems that the public key is stored in the identification server and the authority of the identification server is centralized in the prior art are solved.
Drawings
In the drawings, which are not necessarily drawn to scale, like reference numerals may describe similar components in different views. Like reference numerals having different letter suffixes may represent different examples of similar components. The drawings illustrate generally, by way of example, and not by way of limitation, various embodiments discussed herein.
Fig. 1A is a schematic structural diagram of an information processing system according to an embodiment of the present application;
fig. 1B is a schematic flow chart illustrating an implementation of an information processing method according to an embodiment of the present application;
fig. 2 is a schematic view of an implementation flow of an information processing method according to an embodiment of the present application;
fig. 3 is a schematic flowchart third implementation of an information processing method according to an embodiment of the present application;
fig. 4 is a schematic flowchart of an implementation of an information processing method according to an embodiment of the present application;
fig. 5 is a schematic flowchart of an implementation of an information processing method according to an embodiment of the present application;
fig. 6 is a schematic flow chart six of an implementation of the information processing method according to the embodiment of the present application;
FIG. 7 is a schematic diagram of identity registration provided by an embodiment of the present application;
FIG. 8 is a schematic diagram of an identify query provided by an embodiment of the present application;
fig. 9 is a schematic diagram of identity revocation provided by an embodiment of the present application;
FIG. 10 is a block diagram according to an embodiment of the present disclosure;
fig. 11 is a first schematic diagram illustrating a configuration of an information processing apparatus according to an embodiment of the present disclosure;
fig. 12 is a schematic diagram illustrating a second structure of an information processing apparatus according to an embodiment of the present application;
fig. 13 is a schematic diagram of a hardware structure of an information processing apparatus according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, specific technical solutions of the present application will be described in further detail below with reference to the accompanying drawings in the embodiments of the present application. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application.
In describing embodiments of the present application in detail, the cross-sectional views illustrating the structure of the device are not necessarily drawn to scale, but are shown merely as examples and should not be construed to limit the scope of the present application. In addition, the three-dimensional dimensions of length, width and depth should be included in the actual fabrication.
The embodiment of the application provides an information processing method, which is applied to electronic equipment in an information processing system for implementing the information processing method, wherein each functional module in the electronic equipment can be cooperatively realized by hardware resources of the electronic equipment (such as terminal equipment and a server), such as computing resources of a processor and the like, detection resources of a sensor and the like, and communication resources.
As shown in fig. 1A, the information processing system includes: a first device 21 and a server 22.
The electronic device may be any electronic device with information processing capability, and in one embodiment, the electronic device may be an intelligent terminal, for example, a mobile terminal with wireless communication capability such as a notebook, an AR device, or the like. In another embodiment, the electronic device may also be a computing-capable terminal device that is not mobile, such as a desktop computer, a server, etc.
Of course, the embodiments of the present application are not limited to being provided as methods and hardware, and may be provided as a storage medium (storing instructions for executing the information processing method provided by the embodiments of the present application) in various ways.
Fig. 1B is a schematic view of an implementation flow of an information processing method in this embodiment, where the information processing method is applied to a server, and as shown in fig. 1B, the method includes the following steps:
step 101: receiving a registration request sent by first equipment;
here, the server receives a registration request sent by the first device; the first device may be an electronic device such as a mobile phone and a computer.
The registration request received by the server carries an identity of the first device, where the identity may include: and the mobile phone number, the identity card number and other identifications representing the identity of the user corresponding to the first equipment.
Step 102: determining a target identifier corresponding to the first equipment according to the identity identifier;
here, after receiving the registration request sent by the first device, the server determines the target identifier corresponding to the first device according to the identity identifier carried in the registration request.
Here, the registration request may also carry partial information of the public key of the first device, where the partial information of the public key of the first device may be generated by the first device according to the identity of the first device. Part of the information of the public key may be part of the information in the public key, such as: the public key is 12398764, and part of the information of the public key may be 8764.
It should be noted that, when determining the target identifier corresponding to the first device, the target identifier corresponding to the first device may also be determined according to the identity identifier carried in the registration request and partial information of the public key of the first device.
Here, the information processing system may include one server or a server cluster formed by a plurality of servers, and if the information processing system includes one server, the server determines a target identifier corresponding to the first device according to the identity identifier carried in the registration request and partial information of the public key of the first device; if the information processing system comprises a server cluster formed by a plurality of servers, any server in the server cluster transmits a registration request to each server in the server cluster after receiving the registration request, and each server determines a target identifier corresponding to the first device according to the identity identifier carried in the received registration request and partial information of the public key of the first device.
Step 103: and sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier.
Here, after the server determines the target identifier corresponding to the first device, the server sends the received identity identifier of the first device, the server identifier, and the determined target identifier to the blockchain, and the blockchain stores a first correspondence relationship formed by the identity identifier of the first device, the identifier of the server, and the determined target identifier.
If the server is a server, the block chain stores a first corresponding relation formed by the identity of the first equipment, the identity of the server and the determined target identity; such as: the identity of the first device is ID A The identification of the server is KGC 1 Target identification is PA 1 Then the blockchain stores a piece of data, which is the ID A 、KGC 1 、PA 1 And forming a corresponding relation.
If the server is more than one server, the block chain stores a plurality of first corresponding relations formed by the identity identification of the first equipment, the identification of the server and the determined target identification; such as: the identity of the first device is ID A The server is respectively marked with KGC 1 、KGC 2 、KGC 3 Respectively, the target mark is PA 1 、PA 2 、PA 3 Then the blockchain stores three pieces of data, ID respectively A 、KGC 1 、PA 1 Corresponding relation of composition, ID A 、KGC 2 、PA 2 Formed correspondence and ID A 、KGC 3 、PA 3 And forming a corresponding relation.
It should be noted that, assuming that the maximum number of data pieces that each block in the block chain can hold is K, a preset time interval L is provided, and when the number of data pieces received by the block chain in L is smaller than K, a new block is generated from the received data in every L time, and when a message received in L is larger than K, a new block is generated by the block chain, and the process is repeated.
When the block chain stores a first corresponding relation formed by the identity of the first device, the identifier of the server and the target identifier, if the first corresponding relation is within a preset time interval L and the number of received data is less than K, the first corresponding relation is stored in a current block, and if the first corresponding relation is outside the preset time interval L or the number of the received data is greater than K, the first corresponding relation is stored in a newly generated block.
The information processing method provided by the embodiment of the application is applied to a server, and comprises the following steps: receiving a registration request sent by first equipment; the registration request carries the identity of the first device; determining a target identifier corresponding to the first equipment according to the identity identifier; sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier; therefore, the target identification stored in the block chain is not easy to be tampered, the safety problems of malicious invasion and the like are solved, only the target identification is stored in the block chain, and the private key and the public key are generated according to the target identification when needed, so that the problems that the public key is stored in the identification server and the authority of the identification server is centralized in the prior art are solved.
The embodiment of the application provides an information processing method, which is applied to the following steps: an information processing system of a first device and a server, as shown in fig. 2, the method includes the steps of:
step 201: the first equipment sends a registration request to a server;
here, the first device sends a registration request to the server, and the first device may be an electronic device such as a mobile phone or a computer.
The identity of the first device is carried in a registration request sent by the first device to the server, and the identity may include: and the mobile phone number, the identity card number and other identifications representing the identity of the user corresponding to the first equipment. The identity identification is used for the server to determine a target identification corresponding to the first equipment; and storing a first corresponding relation formed by the identity of the first device, the identifier of the server and the target identifier in the block chain.
Step 202: the server receives a registration request sent by first equipment;
and the registration request carries the identity of the first equipment.
Step 203: the server determines a target identifier corresponding to the first equipment according to the identity identifier;
step 204: and the server sends the identity identifier, the identifier of the server and the target identifier to a block chain so as to enable the block chain to store a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier.
In step 202 to step 204, refer to step 101 to step 103 in the above embodiments, respectively.
According to the information processing method provided by the embodiment of the application, the target identifier corresponding to the first device can be determined according to the information carried in the registration request sent by the first device, and the corresponding relation formed by the identity identifier, the identifier of the server and the target identifier is stored in the block chain; therefore, the target identification stored in the block chain is not easy to be tampered, and the safety problems of malicious intrusion and the like are solved.
The embodiment of the application provides an information processing method, which is applied to the following steps: the information processing system of the first device and the server, as shown in fig. 3, the method includes the steps of:
step 301: the first equipment sends a registration request to a server;
the registration request carries the identity of the first equipment; the identity is used for the server to determine a target identity corresponding to the first device; and storing a first corresponding relation formed by the identity identification, the identification of the server and the target identification in a block chain.
Step 302: the server receives a registration request sent by first equipment;
and the registration request carries the identity of the first equipment.
Step 303: the server determines a target identifier corresponding to the first equipment according to the identity identifier;
step 304: the server sends the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier;
in step 301 to step 304, refer to step 201 to step 204 in the above embodiments.
Step 305: the server determines partial information of a private key of the first device according to the identity and partial information of the public key of the first device carried in the registration request;
here, the first device sends a registration request to the server, where the registration request carries the identity of the first device and partial information of the public key of the first device, and after receiving the registration request, the server determines partial information of the private key of the first device according to the identity of the first device and the partial information of the public key of the first device.
Step 306: the server sends the target identification and partial information of the private key to the first device so that the first device can determine the private key;
here, the server transmits the determined target identification of the first device and the partial information of the private key of the first device to the first device, so that the first device determines the private key of the first device according to the target identification of the first device and the partial information of the private key of the first device.
Step 307: the first device receives the target identification and partial information of a private key of the first device, which are sent by the server;
here, the first device receives the target identifier of the first device and partial information of the private key of the first device, which are sent by the server;
and the server determines the partial information of the private key of the first device according to the identity of the first device and the partial information of the public key of the first device carried in the registration request.
Step 308: and the first equipment determines the private key according to the target identification and partial information of the private key.
Here, after receiving the target identifier of the first device and the partial information of the private key of the first device, which are sent by the server, the first device determines the private key of the first device according to the target identifier of the first device and the partial information of the private key of the first device.
According to the information processing method provided by the embodiment of the application, the private key of the first device can be determined according to the target identifier of the first device and partial information of the private key of the first device; in this way, a signature can be obtained using the private key.
An information processing method provided in an embodiment of the present application is applied to a server, and as shown in fig. 4, the method includes the following steps:
step 401: receiving a registration request sent by first equipment;
and the registration request carries the identity of the first equipment.
Step 402: determining a target identifier corresponding to the first equipment according to the identity identifier;
step 403: sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier;
in step 401 to step 403, refer to step 101 to step 103 in the above embodiment.
Step 404: receiving a first target identification query request sent by second equipment;
here, the server receives a first target identifier query request sent by the second device, where the first target identifier query request carries an identity of the first device. Wherein the second device is an electronic device different from the first device.
In practical application, the first device may send a message to the second device, where the message carries an identity of the first device, the second device obtains the identity of the first device after receiving the message sent by the first device, sends the identity of the first device carrying a first target identifier query request to the server, and the server receives the first target identifier query request sent by the second device.
Step 405: sending the identity identifier to the block chain, and receiving a target identifier which is sent by the block chain and corresponds to the identity identifier and is determined based on the first corresponding relation;
here, after receiving a first target identifier query request sent by a second device, a server obtains an identity of a first device in the first target identifier query request, and sends the identity of the first device to a block chain, after receiving the identity of the first device, the block chain determines a target identifier corresponding to the identity of the first device in a first corresponding relationship formed by the identity of the first device, an identifier of the server, and the target identifier, and sends the determined target identifier to the server, and the server receives the target identifier sent by the block chain.
Such as: the identity of the first device is ID A The first correspondence is ID A 、KGC 1 、PA 1 The formed corresponding relation indicates that the target identifier corresponding to the identity identifier of the first device is PA 1 The server receives the target identification PA sent by the block chain 1 。
Step 406: and sending the received target identifier to the second device, so that the second device determines the public key of the first device according to the target identifier.
Here, after the server receives the target identifier sent by the blockchain, the server sends the received target identifier to the second device, so that the second device can determine the public key of the first device according to the target identifier corresponding to the first device, and thus verify the signature using the public key.
In the information processing method provided by the embodiment of the application, the second device obtains the target identifier corresponding to the first device according to the first target identifier query request carrying the identity identifier of the first device, and determines the public key of the first device according to the target identifier; in this way, the signature can be verified based on the public key.
An information processing method provided in an embodiment of the present application is applied to a first device, and as shown in fig. 5, the method includes the following steps:
step 501: sending a registration request to a server;
the registration request carries the identity of the first device; the identity is used for the server to determine a target identity corresponding to the first equipment; and storing a first corresponding relation formed by the identity identification, the identification of the server and the target identification in a block chain.
Wherein, step 501 refers to step 201 in the above embodiment.
Step 502: receiving an identification query request sent by third equipment;
here, the first device receives an identifier query request sent by a third device, where the identifier query request carries an identity identifier of the third device, where the third device is an electronic device different from the first device, and the first device and the second device may be different devices or the same device.
In practical application, the third device signs the message msg by using a private key to obtain signature information sig, carries the identity identifier of the third device, the message msg and the signature information sig in an identifier query request and sends the identifier query request to the first device, and the first device receives the identifier query request sent by the third device.
Step 503: sending a second target identification query request carrying the identity of the third equipment to the server according to the identification query request, so that the server searches for a target identification corresponding to the third equipment according to the identity of the third equipment;
here, the first device receives an identifier query request sent by the third device, acquires an identifier of the third device, carries the identifier of the third device in the second target identifier query request, and sends the second target identifier query request to the server, so that the server searches for a target identifier corresponding to the third device according to the identifier of the third device.
Step 504: and receiving a target identifier corresponding to the third device, which is sent by the server, so as to determine the public key of the third device according to the target identifier corresponding to the third device.
After the server searches for the target identifier corresponding to the third device according to the identity identifier of the third device, the target identifier corresponding to the third device is sent to the first device, the first device receives the target identifier corresponding to the third device sent by the server, and determines the public key of the third device according to the target identifier corresponding to the third device, so that the first device verifies the signature information sig of the third device by using the public key of the third device.
According to the information processing method provided by the embodiment of the application, the first device determines the public key of the third device according to the target identifier corresponding to the third device; in this way, the signature of the third device can be verified from the public key.
An embodiment of the present application provides an information processing method, which is applied to a server, and as shown in fig. 6, the method includes the following steps:
step 601: receiving a registration request sent by first equipment;
and the registration request carries the identity of the first equipment.
Step 602: determining a target identifier corresponding to the first equipment according to the identity identifier;
step 603: sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier;
wherein, steps 601 to 603 refer to steps 101 to 103 in the above embodiment.
Step 604: receiving an identification revocation request sent by the first device;
here, the server receives an identifier revocation request sent by the first device, where the identifier revocation request carries an identity of the first device.
Step 605: updating the state of the identity identifier into a revocation state according to the identifier revocation request;
here, after receiving the identifier revocation request sent by the first device, the server updates the state of the identifier corresponding to the identifier of the first device to a revoked state according to the identifier of the first device carried in the identifier revocation request.
Such as: the identity of the first device carried in the identity revocation request is ID A Server ID A The status of the corresponding identity is updated to 1, where 1 represents the identity ID of the first device A The state of the corresponding identity is a revocation state.
Here, if the server is a server, the server updates a state of an id corresponding to the id of the first device. Such as: the identity of the first device is ID A The identification of the server is KGC 1 If the status of the ID is 0, the server KGC 1 ID (identity) A And updating the state of the corresponding identity into 1, wherein 0 represents that the state of the identity is a registration state.
And if the server is the server cluster, the server updates the states of the plurality of identity marks corresponding to the identity mark of the first equipment. Such as: the identity of the first device is ID A The identification of the server is KGC 1 The status of the identity label is 0; the identity of the first device is ID A The identification of the server is KGC 2 The status of the identity label is 0; the identity of the first device is ID A The identification of the server is KGC 3 If the status of the ID is 0, the server KGC 1 、KGC 2 、KGC 3 Respectively will ID A The state of the corresponding id is updated to 1.
Step 606: and sending the identity and the updated state of the identity to the block chain so as to enable the block chain to synchronize the state of the identity.
Here, after the server completes updating the status of the id, the server sends the id and the updated status of the id to the blockchain, so that the blockchain synchronizes the status of the id.
It should be noted that, the block chain stores a corresponding relationship formed by the identity and the state of the identity, and after the state of the identity is updated, the server sends the identity and the updated state of the identity to the block chain, so that the block chain synchronizes the state of the identity.
The information processing method provided by the embodiment of the application can update the state of the identity according to the identity revocation request, so that the block chain synchronizes the state of the identity.
In the embodiments of the present application, the information processing method provided in the embodiments of the present application is described in a specific scenario.
The certificateless identity management system based on the block chain can be divided into the user equipment and the trusted center KGC according to roles, and can be divided into functions of identification registration, identification inquiry, identification cancellation and the like according to functions.
The flow of identity registration includes the following steps, as shown in fig. 7:
step 701: the user equipment A sends the identity ID and the partial public key XA to one of the trusted center KGC clusters to apply for registration; wherein, the KGC cluster includes: KGC1, KGC2, … KGCi, KGCN.
Step 702: the information of application registration of the user equipment A is transmitted among the KGCs, and each KGC participates in calculation to generate a corresponding auxiliary identifier Pai;
step 703: KGC finally reaches the agreement, each KGC node has a sub-identifier set { Pai }, and the sub-identifiers are written into the block chain;
step 704: the KGC sends the secondary identification and a part of private keys obtained by calculation according to the identity identification ID and the part of public keys XA to the user equipment A;
step 705: the user device a calculates and saves the final private key dA.
The process of identifying a query includes the following steps, as shown in FIG. 8:
step 801: the identification query operation occurs in a signature verification process, and the user equipment A signs the message msg by using a private key dA to obtain sig;
the ID is a main identification of the user equipment A, and the user equipment A sends { ID, sig, msg } to the user equipment B;
step 802: user equipment B receives the message and the signature and sends an ID to KGC to apply for the secondary identification;
step 803: KGC receives ID to check its validity, and returns the auxiliary mark meeting the condition to user equipment B;
step 804: user device B performs a recover public key algorithm and verifies the signature using the public key.
The process of identity revocation includes the following steps, as shown in fig. 9:
step 901: user equipment A submits an identifier revocation application to the KGC cluster;
step 902: the revocation message is propagated in the KGC cluster, and each KGC completes the state modification of the user equipment A;
step 903: the data structure of the block chain is provided with an identification column in a revocation state, and when the identification column is set to be 1, the identification column indicates that the identification column is revoked;
step 904: if the KGC finally agrees, the execution result is returned to the user equipment a.
The structure of the block chain is shown in fig. 10, and a block of the block chain includes a block header 1001, block data 1002, and version data 1003;
the block header 1001 includes a block number, a digest of a previous block, and a digest of a current block;
the block data 1002 is a main body storing identification information, where each message includes an identity ID, a KGC name corresponding to the identity ID, a secondary identity Pai generated by the KGC, and attribute information attributes, such as: time, organization name, location, etc., signature sig of KGC, revocation status revocation;
the first block data is initial block data, and the initial block data comprises system parameters (E, G, n) and main public keys P1 and P2 … PN of each KGC establishing stage;
here, the generation logic of the blocks of the block chain is: presetting the maximum number of messages which can be accommodated in each block as K, presetting a time interval L, generating a new block every L time when the messages received in L are smaller than K, immediately generating the new block when the messages received in L are larger than K, and re-timing, and so on.
According to the information processing method provided by the embodiment of the application, identity identification is maintained by using a non-falsifiable chain storage structure in a distributed mode among the trusted centers, and functions of identification registration, identification inquiry, identification cancellation and the like based on the block chain are provided. The security problems of over centralized power, malicious initiative, malicious invasion and the like caused by using the identification server are solved while the performance and the expandability are improved.
The embodiment of the application also provides an information processing device, which is applied to the server, and each module included in the information processing device can be realized by a processor of the information processing equipment; of course, the implementation can also be realized through a specific logic circuit; in implementation, the processor may be a Central Processing Unit (CPU), a Microprocessor (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like.
As shown in fig. 11, the information processing apparatus 110 includes:
a first receiving module 1101, configured to receive a registration request sent by a first device; the registration request carries the identity of the first equipment;
a first determining module 1102, configured to determine, according to the identity, a target identifier corresponding to the first device;
a storage module 1103, configured to send the identity, the identifier of the server, and the target identifier to a block chain, so that the block chain stores a first corresponding relationship formed by the identity, the identifier of the server, and the target identifier.
In some embodiments, the information processing apparatus 110 further includes:
a second determining module, configured to determine, according to the identity and partial information of the public key of the first device carried in the registration request, partial information of a private key of the first device;
and the first sending module is used for sending the target identification and part of the information of the private key to the first equipment so as to enable the first equipment to determine the private key.
In some embodiments, the information processing apparatus 110 further includes:
a second receiving module, configured to receive a first target identifier query request sent by a second device, where the first target identifier query request carries the identity identifier;
a third receiving module, configured to send the identity to the block chain, and receive a target identity corresponding to the identity determined based on the first corresponding relationship and sent by the block chain;
and the second sending module is used for sending the received target identifier to the second equipment so that the second equipment determines the public key of the first equipment according to the target identifier.
In some embodiments, the information processing apparatus 110 further includes:
a fourth receiving module, configured to receive an identifier revocation request sent by the first device; the identity is carried by the identity revocation request;
and the updating module is used for updating the state of the identity identifier into a revocation state according to the identifier revocation request.
In some embodiments, the apparatus 110 further comprises: and the synchronization module is used for sending the identity and the updated state of the identity to the block chain so as to enable the block chain to synchronize the state of the identity.
The embodiment of the application also provides an information processing device, which is applied to the first equipment, and each module included in the information processing device can be realized by a processor of the information processing equipment; of course, the implementation can also be realized through a specific logic circuit; in implementation, the processor may be a Central Processing Unit (CPU), a Microprocessor (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like.
As shown in fig. 12, the information processing apparatus 120 includes:
a first sending module 1201, configured to send a registration request to a server; the registration request carries the identity of the first equipment; the identity is used for the server to determine a target identity corresponding to the first device;
a first corresponding relation formed by the identity identification, the identification of the server and the target identification is stored in a block chain;
in some embodiments, the information processing apparatus 120 further includes:
the first receiving module is used for receiving the target identifier sent by the server and partial information of a private key of the first device; the server determines partial information of the private key according to the identity and partial information of the public key of the first device carried in the registration request;
and the determining module is used for determining the private key according to the target identification and partial information of the private key.
In some embodiments, the information processing apparatus 120 further includes:
the second receiving module is used for receiving the identifier query request sent by the third equipment; the identity query request carries an identity of the third device;
a second sending module, configured to send a second target identifier query request carrying an identifier of the third device to the server according to the identifier query request, so that the server searches for a target identifier corresponding to the third device according to the identifier of the third device;
a third receiving module, configured to receive the target identifier corresponding to the third device sent by the server, so as to determine the public key of the third device according to the target identifier corresponding to the third device.
It should be noted that: in the information processing apparatus provided in the above embodiment, only the division of each program module is exemplified in the information processing, and in practical applications, the processing may be distributed to different program modules as needed, that is, the internal structure of the apparatus may be divided into different program modules to complete all or part of the processing described above. In addition, the information processing apparatus and the information processing method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments and are not described herein again.
The information processing apparatus 130 shown in fig. 13 includes: at least one processor 1310, memory 1340, at least one network interface 1320, a user interface 1330. Various components within the information processing device 130 are coupled together by a bus system 1350. It is understood that bus system 1350 is used to enable connected communications between these components. Bus system 1350 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, the various buses are designated in fig. 13 as bus system 1350.
User interface 1330 may include a display, keyboard, mouse, trackball, click wheel, keys, buttons, touch pad, touch screen, or the like.
Memory 1340 may be either volatile memory or nonvolatile memory, and may also include both volatile and nonvolatile memory. The non-volatile Memory may be a Read Only Memory (ROM). The volatile Memory may be a Random Access Memory (RAM). The memory 1340 described in connection with embodiments of the present invention is intended to comprise any suitable type of memory.
The memory 1340 in the embodiment of the present invention can store data to support the operation of the information processing apparatus 130. Examples of such data include: any computer program for operating on the information processing apparatus 130, such as an operating system and an application program. The operating system includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The application program may include various application programs.
The processor 1310 is configured to execute the computer program to implement the steps in the information processing method applied to the server or the steps in the information processing method applied to the first device provided in the above embodiments.
As an example of the method provided by the embodiment of the present invention implemented by a combination of hardware and software, the method provided by the embodiment of the present invention can be directly embodied as a combination of software modules executed by the processor 1310, for example, an information processing apparatus provided by the embodiment of the present invention, the software modules of the information processing apparatus can be stored in the memory 1340, the processor 1310 reads executable instructions included in the software modules in the memory 1340, and the information processing method provided by the embodiment of the present invention is completed in combination with necessary hardware (for example, including the processor 1310 and other components connected to the bus 1350).
By way of example, the Processor 1310 may be an integrated circuit chip having Signal processing capabilities, such as a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like, wherein the general purpose Processor may be a microprocessor or any conventional Processor, or the like.
Here, it should be noted that: the above description of the embodiment of the information processing apparatus is similar to the above description of the method, and has the same beneficial effects as the embodiment of the method, and therefore, the description is omitted. For technical details that are not disclosed in the embodiments of the information processing apparatus of the present application, those skilled in the art should refer to the description of the embodiments of the method of the present application for understanding, and for the sake of brevity, will not be described again here.
In an exemplary embodiment, the present application further provides a storage medium, which may be a computer-readable storage medium, for example, including a memory storing a computer program, which can be processed by a processor to implement the steps of the foregoing method. The computer readable storage medium may be Memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface Memory, optical disk, or CD-ROM.
Embodiments of the present application also provide a computer-readable storage medium on which a computer program is stored, the computer program implementing the steps in the information processing method applied to the server or the steps in the information processing method applied to the first device provided in the above embodiments when being processed by the processor.
Here, it should be noted that: the above description of the computer medium embodiment is similar to the above description of the method, and has the same beneficial effects as the method embodiment, and therefore, the description thereof is omitted. For technical details not disclosed in the embodiments of the storage medium of the present application, those skilled in the art should refer to the description of the embodiments of the method of the present application for understanding, and for the sake of brevity, will not be described again here.
The method disclosed by the embodiment of the present application can be applied to the processor or implemented by the processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be implemented by integrated logic circuits of hardware or instructions in the form of software in the processor. The processor described above may be a general purpose processor, a DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in a memory and the processor reads the information in the memory and performs the steps of the method described above in conjunction with its hardware.
It will be appreciated that the memory (storage) of embodiments of the application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical Disc, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration, and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (ESDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM, Enhanced Synchronous Dynamic Random Access Memory), Synchronous link Dynamic Random Access Memory (SLDRAM, Synchronous Random Access Memory), Direct Memory (DRmb, Random Access Memory). The memories described in the embodiments of the present application are intended to comprise, without being limited to, these and any other suitable types of memory.
It should be understood by those skilled in the art that other configurations and functions of the information processing method in the embodiments of the present application are known to those skilled in the art, and are not described in detail in order to reduce redundancy.
In the description of the present specification, reference to the description of "one embodiment," "some embodiments," "an example," "a specific example" or "some examples" or the like means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present application have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the application, the scope of which is defined by the claims and their equivalents.
Claims (7)
1. An information processing method applied to a server in a certificateless key system comprises the following steps:
receiving a registration request sent by first equipment; the registration request carries the identity of the first device;
determining a target identifier corresponding to the first equipment according to the identity identifier;
sending the identity identifier, the identifier of the server and the target identifier to a block chain so that the block chain stores a first corresponding relation formed by the identity identifier, the identifier of the server and the target identifier;
determining partial information of a private key of the first device according to the identity and partial information of the public key of the first device carried in the registration request;
sending the target identification and partial information of the private key to the first device so that the first device determines the private key;
receiving a first target identifier query request sent by second equipment, wherein the first target identifier query request carries the identity identifier;
sending the identity identifier to the block chain, and receiving a target identifier which is sent by the block chain and corresponds to the identity identifier and is determined based on the first corresponding relation;
and sending the received target identifier to the second device, so that the second device determines the public key of the first device according to the target identifier.
2. The method of claim 1, further comprising:
receiving an identification revocation request sent by the first device; the identity revocation request carries the identity;
and updating the state of the identity identifier into a revocation state according to the identifier revocation request.
3. The method of claim 2, further comprising:
and sending the identity and the updated state of the identity to the block chain so as to enable the block chain to synchronize the state of the identity.
4. An information processing method applied to a first device, the method comprising:
sending a registration request to a server; the registration request carries the identity of the first device; the identity is used for the server to determine a target identity corresponding to the first device;
a first corresponding relation formed by the identity identification, the identification of the server and the target identification is stored in a block chain;
receiving the target identification and partial information of a private key of the first device, which are sent by the server; the server determines partial information of the private key according to the identity and partial information of the public key of the first device carried in the registration request;
and determining the private key according to the target identification and partial information of the private key.
5. The method of claim 4, further comprising:
receiving an identification query request sent by third equipment; the identity query request carries an identity of the third device;
sending a second target identification query request carrying the identity of the third equipment to the server according to the identification query request, so that the server searches for a target identification corresponding to the third equipment according to the identity of the third equipment;
and receiving a target identifier corresponding to the third device sent by the server, so as to determine a public key of the third device according to the target identifier corresponding to the third device.
6. An information processing apparatus comprising a processor and a memory for storing a computer program operable on the processor; wherein the processor is configured to execute the steps of the information processing method according to any one of claims 1 to 5 when the computer program is executed.
7. A computer-readable storage medium on which a computer program is stored which, when executed by a processor, implements the steps in the information processing method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910935927.7A CN110719163B (en) | 2019-09-29 | 2019-09-29 | Information processing method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910935927.7A CN110719163B (en) | 2019-09-29 | 2019-09-29 | Information processing method, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110719163A CN110719163A (en) | 2020-01-21 |
| CN110719163B true CN110719163B (en) | 2022-09-23 |
Family
ID=69211105
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910935927.7A Active CN110719163B (en) | 2019-09-29 | 2019-09-29 | Information processing method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110719163B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112532646B (en) * | 2020-12-09 | 2022-08-16 | 杭州趣链科技有限公司 | Data sharing method, system, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105701372A (en) * | 2015-12-18 | 2016-06-22 | 布比(北京)网络技术有限公司 | Block chain identity construction and verification method |
| CN105790941A (en) * | 2016-04-22 | 2016-07-20 | 长沙市迪曼森信息科技有限公司 | Identity-based combined key generation and authentication method with field partition |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105634734B (en) * | 2016-02-26 | 2018-11-06 | 安徽师范大学 | The Generalized Signcryption method of information |
| US11321681B2 (en) * | 2017-02-06 | 2022-05-03 | Northern Trust Corporation | Systems and methods for issuing and tracking digital tokens within distributed network nodes |
| CN107295002B (en) * | 2017-07-12 | 2020-06-19 | 联动优势科技有限公司 | Cloud data storage method and server |
| CN107395349A (en) * | 2017-08-16 | 2017-11-24 | 深圳国微技术有限公司 | A kind of block chain network cryptographic key distribution method based on self-certified public key system |
| CN110035037B (en) * | 2018-01-11 | 2021-09-17 | 华为技术有限公司 | Security authentication method, related equipment and system |
| CN110138560B (en) * | 2019-06-04 | 2020-09-11 | 北京理工大学 | Double-proxy cross-domain authentication method based on identification password and alliance chain |
| CN110266482B (en) * | 2019-06-21 | 2021-10-12 | 郑州轻工业学院 | Asymmetric group key negotiation method based on block chain |
-
2019
- 2019-09-29 CN CN201910935927.7A patent/CN110719163B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105701372A (en) * | 2015-12-18 | 2016-06-22 | 布比(北京)网络技术有限公司 | Block chain identity construction and verification method |
| CN105790941A (en) * | 2016-04-22 | 2016-07-20 | 长沙市迪曼森信息科技有限公司 | Identity-based combined key generation and authentication method with field partition |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110719163A (en) | 2020-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110268677B (en) | Cross-chain interaction using domain name scheme in blockchain system | |
| US20200259843A1 (en) | Verifiable outsourced ledgers | |
| KR102469024B1 (en) | Digital certificate verification method and apparatus, computer device, and storage medium | |
| WO2018112940A1 (en) | Service execution method and device for blockchain node, and node device | |
| CN111434085A (en) | Domain name management scheme for cross-chain interaction in blockchain systems | |
| CN111144881A (en) | Selective access to asset transfer data | |
| US8681995B2 (en) | Supporting DNS security in a multi-master environment | |
| CN107483191B (en) | SM2 algorithm key segmentation signature system and method | |
| US11057368B2 (en) | Issuing a certificate based on an identification of an application | |
| US11108545B2 (en) | Creating a blockchain account and verifying blockchain transactions | |
| CN111489256A (en) | Cross-chain processing method, equipment and system for multi-chain block chain system | |
| CN111385103B (en) | Authority processing method, system and device and electronic equipment | |
| CN113094334B (en) | Digital service method, device, equipment and storage medium based on distributed storage | |
| WO2020237751A1 (en) | Method and device employing smart contract to realize identity-based key management | |
| US20220368539A1 (en) | Computer implemented method and system for storing certified data on a blockchain | |
| EP3598333A1 (en) | Electronic device update management | |
| WO2022077092A1 (en) | Constructing a multiple-entity root certificate data block chain | |
| CN110544042A (en) | Book management method and device based on block chain network | |
| CN113612770A (en) | Cross-domain secure interaction method, system, terminal and storage medium | |
| CN112396421A (en) | Identity authentication system and method based on block chaining-through card | |
| CN109088914B (en) | Block generation method, block chain ecosystem and computer readable storage medium | |
| CN110719163B (en) | Information processing method, device and storage medium | |
| WO2021007863A1 (en) | Integrity auditing for multi-copy storage | |
| EP4296874A1 (en) | Verification based on privacy protection | |
| CN110807203A (en) | Data processing method, service operation center platform, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |