CN111181944A - Communication system, information distribution method, device, medium, and apparatus - Google Patents

Communication system, information distribution method, device, medium, and apparatus Download PDF

Info

Publication number
CN111181944A
CN111181944A CN201911348618.6A CN201911348618A CN111181944A CN 111181944 A CN111181944 A CN 111181944A CN 201911348618 A CN201911348618 A CN 201911348618A CN 111181944 A CN111181944 A CN 111181944A
Authority
CN
China
Prior art keywords
information
host
issued
connection
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911348618.6A
Other languages
Chinese (zh)
Other versions
CN111181944B (en
Inventor
谢辉
李强
张跃洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cloudminds Shanghai Robotics Co Ltd
Original Assignee
Cloudminds Chengdu Technologies Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cloudminds Chengdu Technologies Co ltd filed Critical Cloudminds Chengdu Technologies Co ltd
Priority to CN201911348618.6A priority Critical patent/CN111181944B/en
Publication of CN111181944A publication Critical patent/CN111181944A/en
Application granted granted Critical
Publication of CN111181944B publication Critical patent/CN111181944B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present disclosure relates to a communication system, and a method, an apparatus, a medium, and a device for issuing information, wherein the system includes: the system comprises a connection receiving host, a connection initiating host and an information publishing server, wherein the connection receiving host, the connection initiating host and the information publishing server are all located in the same block chain network, and the information publishing server is used for sending host information to a specified connection initiating host by a method of publishing the host information of the connection receiving host in the block chain network; the connection initiating host reads the host information of the connection receiving host issued by the information issuing server through the block chain network. In this way, the host information of the connection accepting host in the communication system can be issued in the blockchain network by the method of adding the information issuing server, so that the function of issuing the host information of the connection accepting host to the specified connection initiating host can be realized by setting the information issuing server.

Description

Communication system, information distribution method, device, medium, and apparatus
Technical Field
The present disclosure relates to the field of block chains, and in particular, to a communication system, and an information distribution method, apparatus, medium, and device.
Background
SDP (software defined perimeter) is a dynamically configurable network security isolation framework that provides application and service owners with a configurable logical boundary of security, isolates networks and services to be protected from unsecured network environments to protect against various network attacks, and replaces traditional physical isolation facilities or devices.
In the SDP system based on the block chain, the connection Accepting Host (AH) and the connection Initiating Host (IH) may be used as a block chain node in the block chain network, or may be in communication connection with any block chain node, so as to obtain corresponding information from the block chain network through the block chain node and implement corresponding functions. The AH (connection accepting host) is arranged in front of the server needing data access protection and is in communication connection with the server or in physical connection with the server; the IH (connection initiating host) accesses the required data from the server through the AH by initiating a connection request to the AH. The list of services that the IH can access and the IH's public key, the AH's communication address information (e.g., IP address, port number, etc.) and the AH public key are stored in the blockchain network.
At present, in an SDP system based on a block chain, generally, a private chain or a license chain is used to control the read permission of the information stored in the block chain network, and only a node bound with a licensed or authenticated account can be added to the block chain network, so as to form the private chain or the license chain.
Disclosure of Invention
The purpose of the present disclosure is to provide a communication system, and an information distribution method, apparatus, medium, and device, which can distribute host information of a connection accepting host in the communication system in a block chain network by adding an information distribution server, so that a function of restricting read permission of stored information related to the connection accepting host in the block chain network can be realized by setting the information distribution server, and further a function of distributing host information of the connection accepting host to a designated connection initiating host through the block chain network can be realized.
In order to achieve the above object, according to a first aspect of embodiments of the present disclosure, there is provided a communication system including: a connection accepting host, a connection initiating host and an information publishing server, said connection accepting host, said connection initiating host and said information publishing server all being located in the same blockchain network, wherein,
the information issuing server is used for sending the host information to a specified connection initiating host by a method of issuing the host information of the connection accepting host in the blockchain network, wherein the host information comprises a communication address and public key information of the connection accepting host;
the connection initiating host computer reads the host computer information of the connection receiving host computer issued by the information issuing server through the block chain network, and establishes communication connection with the connection receiving host computer according to the host computer information of the connection receiving host computer so as to acquire data required by the connection initiating host computer from a server providing data access.
According to a second aspect of the embodiments of the present disclosure, there is also provided an information distribution method applied to the information distribution server, the method including:
receiving host information to be issued input by a user;
reading public key information of one or more connection initiating hosts in a block chain network where the information issuing server is located, wherein the public key information of the connection initiating hosts corresponds to the connection initiating hosts one to one;
encrypting the host information to be issued according to the public key information of each connection initiating host;
and respectively packaging each encrypted host information to be issued into a block chain transaction and then issuing the host information to be issued into the block chain network.
Optionally, the encrypting the information of the host to be issued according to the public key information of each connection initiating host respectively includes:
encrypting the host information to be issued by using a first preset symmetric key and a first preset symmetric encryption algorithm to obtain a first ciphertext;
encrypting the first preset symmetric key respectively according to the public key information of each connection initiating host to obtain second ciphertexts, wherein the second ciphertexts correspond to the connection initiating hosts one by one;
and determining the first ciphertext and any one of the second ciphertexts as the encrypted to-be-issued host information, wherein each encrypted to-be-issued host information corresponds to the connection initiating host one to one.
Optionally, the method further comprises:
signing each block chain transaction by using a private key of the information issuing server;
and respectively distributing the block chain transaction after each signature in the block chain network.
According to a third aspect of the embodiments of the present disclosure, there is also provided an information distribution method applied to the information distribution server, the method including:
receiving host information to be issued input by a user;
encrypting the host information to be issued according to a second preset symmetric key;
packaging the encrypted host information to be issued into a block chain transaction and then issuing the host information to be issued into a block chain network where the information issuing server is located;
reading public key information of one or more connection initiating hosts in the block chain network, wherein the public key information of the connection initiating hosts corresponds to the connection initiating hosts one by one;
encrypting the second preset symmetric key according to the public key information of each connection initiating host respectively;
and packaging each encrypted second preset symmetric key into a block chain transaction respectively and then issuing the second preset symmetric key into the block chain network.
Optionally, the encrypting the host information to be issued according to the second preset symmetric key includes:
encrypting the host information to be issued by using the second preset symmetric key and a second preset symmetric encryption algorithm to obtain a third ciphertext;
encrypting the second preset symmetric key by using the public key of the information issuing server to obtain a fourth ciphertext;
and determining the third ciphertext and the fourth ciphertext as the encrypted to-be-issued host information.
Optionally, the method further comprises:
signing each block chain transaction by using a private key of the information issuing server;
and respectively distributing the block chain transaction after each signature in the block chain network.
According to a fourth aspect of the embodiments of the present disclosure, there is also provided an information distribution apparatus applied to the information distribution server, the apparatus including:
the first receiving module is used for receiving host information to be issued input by a user;
the first acquisition module is used for reading public key information of one or more connection initiating hosts in a block chain network where the information publishing server is located, and the public key information of the connection initiating hosts corresponds to the connection initiating hosts one by one;
the first encryption module is used for respectively encrypting the host information to be issued according to the public key information of each connection initiating host;
and the first distribution module is used for respectively packaging each encrypted host information to be distributed into a block chain transaction and then distributing the host information to be distributed into the block chain network.
According to a fifth aspect of the embodiments of the present disclosure, there is also provided an information distribution apparatus applied to the information distribution server, the apparatus including:
the second receiving module is used for receiving host information to be issued input by a user;
the second encryption module is used for encrypting the host information to be issued according to a second preset symmetric key;
the second issuing module is used for packaging the encrypted host information to be issued into a block chain transaction and then issuing the encrypted host information to be issued into the block chain network where the information issuing server is located;
a second obtaining module, configured to read public key information of one or more connection initiating hosts in the blockchain network, where the public key information of the connection initiating host corresponds to the connection initiating host one to one;
the third encryption module is used for encrypting the preset symmetric key according to the public key information of each connection initiating host;
and the third issuing module is used for respectively packaging each encrypted preset symmetric key into one block chain transaction and then issuing the encrypted preset symmetric key into the block chain network.
According to a sixth aspect of embodiments of the present disclosure, there is also provided a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the method described in the second aspect.
According to a seventh aspect of the embodiments of the present disclosure, there is also provided an electronic apparatus, including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method in the second aspect.
According to an eighth aspect of embodiments of the present disclosure, there is also provided a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, performs the steps of the method of the third aspect.
According to a seventh aspect of the embodiments of the present disclosure, there is also provided an electronic apparatus, including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method of the third aspect.
Through the technical scheme, the host information of the connection receiving host in the communication system can be released in the block chain network through the newly added information release server, so that the function of limiting the reading permission of the storage information related to the connection receiving host in the block chain network can be realized through setting the information release server, and the function of releasing the host information of the connection receiving host to the specified connection initiating host through the block chain network is further realized.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
fig. 1 is a schematic diagram illustrating a structure of a communication system according to an exemplary embodiment of the present disclosure.
Fig. 2 is a flowchart illustrating an information distribution method according to an exemplary embodiment of the present disclosure.
Fig. 3 is a flowchart illustrating a method for encrypting host information to be published in an information publishing method according to yet another exemplary embodiment of the present disclosure.
Fig. 4 is a flowchart illustrating an information distribution method according to an exemplary embodiment of the present disclosure.
Fig. 5 is a flowchart illustrating a method for encrypting host information to be published in an information publishing method according to yet another exemplary embodiment of the present disclosure.
Fig. 6 is a block diagram illustrating a structure of an information distribution apparatus according to an exemplary embodiment of the present disclosure.
Fig. 7 is a block diagram illustrating a structure of an information distribution apparatus according to an exemplary embodiment of the present disclosure.
FIG. 8 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
Before explaining the communication system, the information distribution method, the information distribution apparatus, the computer-readable storage medium, and the electronic device provided by the present disclosure, a block chain according to each embodiment of the present disclosure will be described. The block chain is a decentralized distributed database system which is jointly maintained by all nodes in a block chain network and consists of a series of data blocks generated based on a cryptography method, wherein each data block is one block in the block chain. The blocks are linked together in order according to the chronological order of the generation times, forming a chain of data, which is referred to visually as a chain of blocks. Some concepts of blockchain networks are presented below.
Block chain node: nodes in the blockchain network may be referred to as blockchain nodes, wherein the blockchain network is based on a P2P (Peer-to-Peer) network, and each P2P network node participating in transaction and storing, verifying and forwarding the blockchain is a node in the blockchain network.
The user identity: the user identity in the block chain is represented by a public key, and a private key corresponding to the public key is mastered by the user and is not issued to the network. In some embodiments, the public key is hash-coded to become an "address", which is an account address, representing the user, and can be issued at will. The user identity and the block chain link point do not have a one-to-one correspondence, and the user can use the private key of the user on any block chain node.
Block chain data writing: blockchain nodes implement writing data to blockchains by issuing "transactions" to the blockchain network. The transaction comprises the signature of the user on the transaction by using the private key of the user so as to prove the identity of the user. Transactions are recorded into the generated new block by a miner (a block chain node executing a PoW consensus competition mechanism), then are issued to a block chain network, and are verified by other block chain nodes and accepted, and then transaction data are written into the block chain.
Fig. 1 is a schematic diagram illustrating a structure of a communication system 100 according to an exemplary embodiment of the present disclosure. As shown in fig. 1, the system 100 includes: the system comprises a connection receiving host 101, a connection initiating host 102 and an information publishing server 103, wherein the connection receiving host 101, the connection initiating host 102 and the information publishing server 103 are all located in the same block chain network.
Wherein the information issuing server 103 is configured to send the host information to the specified connection initiating host 102 by issuing the host information of the connection accepting host 101 in the blockchain network, the host information including the communication address and the public key information of the connection accepting host. The connection initiating host 102 reads the host information of the connection accepting host 101 issued by the information issuing server 103 through the blockchain network, and establishes communication connection with the connection accepting host 101 according to the host information of the connection accepting host 101, so as to acquire data required by the connection initiating host 102 from the server 200 providing data access.
The information distribution server 103 is configured to have a corresponding right to distribute the host information to the blockchain network, for example, when the control of storing the host information and storing the right information in the communication system is realized by using a method of an intelligent contract in the blockchain network, the information distribution server 103 has a right to call an interface for distributing the information of the connection recipient host 101 in the intelligent contract.
The information distribution server 103, the connection accepting host 101, and the connection initiating host 102 may both be a blockchain node in the blockchain network, or may not be a blockchain node, and are in communication connection with a blockchain connection point in the blockchain network, so as to obtain corresponding information from the blockchain connection point and implement corresponding functions.
Through the technical scheme, the host information of the connection receiving host in the communication system can be released in the block chain network through the newly added information release server, so that the function of limiting the reading permission of the storage information related to the connection receiving host in the block chain network can be realized through setting the information release server, and the function of releasing the host information of the connection receiving host to the specified connection initiating host through the block chain network is further realized.
Fig. 2 is a flowchart illustrating an information distribution method according to an exemplary embodiment of the present disclosure, which is applied to the information distribution server 103 shown in fig. 1. As shown in fig. 2, the method includes steps 201 to 204.
In step 201, host information to be published input by a user is received. The host information to be issued is host information set by the user for the connection acceptance host in the communication system, and the user can input the host information to be issued into the information issuing server in any mode. The information of the host to be issued may include the communication address of the connection accepting host and public key information thereof, and the public key information may be the public key of the connection accepting host or an encoding of the public key of the connection accepting host.
In step 202, public key information of one or more connection initiating hosts in a block chain network where the information distribution server is located is read, and the public key information of the connection initiating hosts corresponds to the connection initiating hosts one to one. After receiving the information of the host to be issued, which needs to be issued, the public key information of the connection initiating host in the communication system needs to be acquired through the blockchain network where the communication system is located. The public key information of the connection initiating host is stored in the blockchain network, and the specific method for distributing the public key information of the connection initiating host in the blockchain network is not limited in the disclosure as long as the information distribution server can read the public key information in the blockchain network.
The public key information of the connection initiating host may be a public key of the connection initiating host, or may be a code of the public key of the connection initiating host, and the public key of the connection initiating host can be obtained after the public key information is read, regardless of whether the public key information is directly the public key of the connection initiating host or the code of the public key of the connection initiating host.
In step 203, the information of the host to be issued is encrypted according to the public key information of each connection initiating host.
In step 204, each encrypted host information to be issued is encapsulated into a blockchain transaction and then issued in the blockchain network.
According to the public key information of the connection initiating host read from the blockchain network, the information of the host to be issued is encrypted respectively and then packaged into blockchain transaction to be issued in the blockchain network, so that the issue of the host information of the connection accepting host is realized, each connection initiating host in the communication system can decrypt the information of the host to be issued encrypted by using the own public key through the own private key of the connection initiating host, the host information of the connection accepting host required by the connection initiating host is obtained, the communication connection with the connection accepting host is further established through the host information, and the connection accepting host accesses the data in the authority from a server providing data access.
The number of the connection receiving hosts and the number of the connection initiating hosts in the communication system can be one or more, under the condition that the permission of the connection initiating host for acquiring the host information of the connection receiving host is not limited, when any connection receiving host has host information to be issued which needs to be updated, as the public keys of all the connection initiating hosts are different, the host information to be issued needs to be encrypted one by one according to the public key of each connection initiating host, and then the encrypted host information to be issued is issued one by one in the block chain network, so that all the connection initiating hosts in the communication system can successfully read the host information to be issued. When the host information of the connection receiving host needs to be issued to the designated connection initiating host, the host information to be issued of the connection receiving host can be encrypted and issued in the block chain network only according to the public key of the designated connection initiating host, so that only the designated connection initiating host can decrypt the host information to be issued through the private key of the designated connection initiating host to obtain the host information to be issued, and the function of designated issuing of the host information to be issued is realized.
In addition, in step 103, the method for encrypting the information of the host to be issued according to the public key information of each connection initiating host may be to directly encrypt the information to be issued by using the public key of the connection initiating host, but since the asymmetric encryption algorithm has low encryption efficiency and consumes a long time and is slow in the case of more data to be encrypted, the method for encrypting the information of the host to be issued according to the public key information of the connection initiating host in step 103 may also be as shown in fig. 3.
Fig. 3 is a flowchart illustrating a method for encrypting host information to be published in an information publishing method according to yet another exemplary embodiment of the present disclosure. As shown in fig. 3, the method includes steps 301 to 303.
In step 301, a first ciphertext is obtained by encrypting the host information to be issued using a first preset symmetric key and a first preset symmetric encryption algorithm. The first preset symmetric key may be randomly generated by the information distribution server according to the first preset symmetric encryption algorithm, or may be set in the information distribution server in advance by a user.
And under the condition that the first preset symmetric key and the first preset symmetric encryption algorithm exist, encrypting the host information to be issued by using the first preset symmetric key and the first preset symmetric encryption algorithm to obtain the first ciphertext, wherein the first ciphertext can be decrypted only under the condition that the first preset symmetric key is known.
In step 302, the first preset symmetric key is encrypted according to the public key information of each connection initiating host to obtain second ciphertexts, and the second ciphertexts are in one-to-one correspondence with the connection initiating host. When the public key information is the public key of the connection initiating host, the public key is directly used for encrypting the first preset symmetric key, and when the public key information is the code of the public key of the connection initiating host, the public key of the connection initiating host is obtained according to the code of the public key, and then the public key of the connection initiating host is used for encrypting the first preset symmetric key to obtain the second ciphertext. At this time, only the connection initiating host corresponding to the public key used for encryption can decrypt the second ciphertext by using the private key of the connection initiating host to obtain the first preset symmetric key.
In step 303, the first ciphertext and any one of the second ciphertexts are determined as the encrypted to-be-issued host information, and each encrypted to-be-issued host information corresponds to the connection initiating host one to one. That is, the method of using the digital envelope encrypts the host information to be issued according to the public key of the connection initiating host. After the decrypted information of the host to be issued is issued to the block chain network, the connection initiating host reads the encrypted information of the host to be issued, the second ciphertext in the encrypted information of the host to be issued is decrypted according to the private key of the connection initiating host, so that the first preset symmetric key is obtained, the first ciphertext can be decrypted according to the first preset symmetric key, and the information of the host to be issued is obtained.
Because the encryption and decryption rate of the symmetric encryption algorithm is high, certain encryption efficiency can be ensured when the first preset symmetric key is used for symmetrically encrypting the host information to be issued, the data volume of which is possibly large, and certain decryption efficiency can also be ensured when the connection initiating host decrypts the first ciphertext by using the first preset symmetric key.
In one possible embodiment, the method further comprises: signing each block chain transaction by using a private key of the information issuing server; and respectively distributing the block chain transaction after each signature in the block chain network. That is, before the blockchain transaction including the encrypted host information to be issued is issued to the blockchain network, the information is signed according to the private key of the information issuing server to prove the identity of the information issuing server.
Fig. 4 is a flowchart illustrating an information distribution method according to an exemplary embodiment of the present disclosure, applied to the information distribution server shown in fig. 1. As shown in fig. 4, the method includes steps 401 to 406.
In step 401, host information to be published input by a user is received.
In step 402, the host information to be issued is encrypted according to a second preset symmetric key.
In step 403, the encrypted host information to be issued is packaged into a blockchain transaction and then issued in the blockchain network where the information issuing server is located.
In step 404, public key information of one or more connection initiating hosts in the block chain network is read, and the public key information of the connection initiating hosts corresponds to the connection initiating hosts one to one.
In step 405, the second preset symmetric key is encrypted according to the public key information of each connection initiating host.
In step 406, each encrypted second predetermined symmetric key is respectively encapsulated into a blockchain transaction and then distributed in the blockchain network.
This step 401 is the same as step 201 shown in fig. 2. The method for acquiring the second preset symmetric key in step 402 may be the same as or different from the method for acquiring the first preset symmetric key in step 301 shown in fig. 3, which is not limited in this disclosure, as long as the information distribution server can acquire the first preset symmetric key or the second preset symmetric key.
After receiving the host information to be issued, which needs to be issued, encrypting the host information to be issued according to the second preset symmetric key and a corresponding second preset symmetric encryption algorithm, packaging the encrypted host information to be issued into a block chain transaction for issuing into the block chain network, then encrypting the second preset symmetric key according to public key information of each connection initiating host, and packaging the encrypted second preset symmetric key into the block chain transaction for issuing into the block chain network. That is, the encrypted host information to be issued and the key for decrypting the encrypted host information to be issued are separately issued in the blockchain network, so that the connection initiating host in the blockchain network can decrypt the information of the host with the issue only when the second preset symmetric key capable of being decrypted by using the private key of the connection initiating host is read.
Moreover, the information publishing server does not need to publish the information of the host to be published one by one for each connection initiating host in the blockchain network, and only needs to publish the information once after being encrypted by using the unified second preset symmetric key.
In addition, if the host information to be issued needs to be issued only to the designated connection initiating host, the second preset symmetric key may be encrypted only according to the public key information of the designated connection initiating host and then issued in the blockchain network, so that the function of issuing the host information to be issued to the designated connection initiating host can be realized.
The first preset symmetric key and the second preset symmetric key should be always stored in the information distribution server for the information distribution server to perform the corresponding encryption operation, no matter how they are generated. Therefore, in order to avoid that the second preset symmetric key cannot be obtained any more by the information distribution server due to the problem that the data storing the second preset symmetric key in the information distribution server is damaged or lost and the like in the process of distributing the host information of the connection receiving host according to the information distribution method shown in fig. 4, the method for encrypting the host information to be distributed according to the second preset symmetric key in step 402 in fig. 4 may also be as shown in fig. 5.
Fig. 5 is a flowchart illustrating a method for encrypting host information to be published in an information publishing method according to yet another exemplary embodiment of the present disclosure. As shown in fig. 5, the method includes steps 501 to 503.
In step 501, the second preset symmetric key and the second preset symmetric encryption algorithm are used to encrypt the host information to be issued, so as to obtain a third ciphertext. The second preset symmetric encryption algorithm is the encryption algorithm corresponding to the second preset symmetric key.
In step 502, the public key of the information distribution server is used to encrypt the second preset symmetric key to obtain a fourth ciphertext.
In step 503, the third ciphertext and the fourth ciphertext are determined to be the encrypted host information to be issued.
Namely, the method of using the digital envelope encrypts the host information to be issued according to the public key of the information issuing server and the second preset symmetric key. Since the fourth ciphertext encrypted by using the public key of the information distribution server can only be decrypted by the private key of the information distribution server, after any connection initiating host acquires the encrypted information of the host to be distributed, the fourth ciphertext cannot be decrypted, that is, the second preset symmetric key cannot be obtained, and only when the second preset symmetric key encrypted by the public key of the connection initiating host is acquired in the block chain network, the second preset symmetric key can be obtained by decrypting through the private key of the information distribution server, so that the information of the host to be distributed is obtained by decryption.
When the data storing the second preset symmetric key in the information issuing server is damaged or lost, the information issuing server can also decrypt the fourth ciphertext by using the private key of the information issuing server to obtain the second preset symmetric key by reading the encrypted host information to be issued from the blockchain network. The situation that the host information of the connection receiving host cannot be issued due to the fact that data stored in the information issuing server and stored with the second preset symmetric key are damaged or lost and the like is avoided.
In one possible embodiment, the method further comprises: signing each block chain transaction by using a private key of the information issuing server; and respectively distributing the block chain transaction after each signature in the block chain network. That is, before the blockchain transaction including the encrypted to-be-issued host information and/or the blockchain transaction including the encrypted second preset symmetric key is issued to the blockchain network, the information is signed according to the private key of the information issuing server to prove the identity of the information issuing server.
Fig. 6 is a block diagram illustrating a structure of an information distribution apparatus 10 according to an exemplary embodiment of the present disclosure. The apparatus 10 is applied to the information distribution server 103 shown in fig. 1, and the apparatus 10 includes: the first receiving module 11 is configured to receive host information to be issued, which is input by a user; a first obtaining module 12, configured to read public key information of a connection initiating host in a block chain network where the information publishing server is located, where the number of the connection initiating hosts is one or more, and the public key information of the connection initiating host corresponds to the connection initiating host one to one; the first encryption module 13 is configured to encrypt the host information to be issued according to the public key information of each connection initiating host; the first distribution module 14 is configured to encapsulate each encrypted to-be-distributed host information into one blockchain transaction, and then distribute the encrypted to-be-distributed host information in the blockchain network.
In a possible implementation, the first encryption module 13 comprises: the first encryption submodule is used for encrypting the host information to be issued by using a first preset symmetric key and a first preset symmetric encryption algorithm to obtain a first ciphertext; the second encryption sub-module is used for respectively encrypting the first preset symmetric key according to the public key information of each connection initiating host to obtain second ciphertexts, and the second ciphertexts correspond to the connection initiating hosts one by one; and the third encryption sub-module is used for determining the first ciphertext and any one of the second ciphertexts as the encrypted to-be-issued host information, and each encrypted to-be-issued host information corresponds to the connection initiating host one to one.
In a possible embodiment, the device 10 further comprises: the first signature module is used for respectively signing each block chain transaction by using a private key of the information issuing server; the first issuing module 14 is further configured to issue each signed blockchain transaction in the blockchain network respectively.
Fig. 7 is a block diagram illustrating a structure of an information distribution apparatus 20 according to an exemplary embodiment of the present disclosure. The apparatus 20 is applied to the information distribution server 103 shown in fig. 1, and the apparatus 20 includes: the second receiving module 21 is configured to receive host information to be issued, which is input by a user; the second encryption module 22 is configured to encrypt the host information to be issued according to a second preset symmetric key; the second issuing module 23 is configured to encapsulate the encrypted host information to be issued into a blockchain transaction and then issue the host information to be issued in a blockchain network where the information issuing server is located; a second obtaining module 24, configured to read public key information of one or more connection initiating hosts in the blockchain network, where the public key information of the connection initiating host corresponds to the connection initiating host one to one; a third encryption module 25, configured to encrypt the preset symmetric key according to public key information of each connection initiating host; a third issuing module 26, configured to encapsulate each encrypted preset symmetric key into one blockchain transaction, and then issue the encrypted preset symmetric key in the blockchain network.
In a possible implementation, the second encryption module 22 comprises: the fourth encryption submodule is used for encrypting the host information to be issued by using the second preset symmetric key and a second preset symmetric encryption algorithm to obtain a third ciphertext; the fifth encryption sub-module is used for encrypting the second preset symmetric key by using the public key of the information issuing server to obtain a fourth ciphertext; and the sixth encryption sub-module is used for determining the third ciphertext and the fourth ciphertext as the encrypted to-be-issued host information.
In a possible embodiment, the device 20 further comprises: the second signature module is used for respectively signing each block chain transaction by using a private key of the information issuing server; the second issue module 23 and/or the third issue module 26 are further configured to: and respectively distributing the block chain transaction after each signature in the block chain network.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 8 is a block diagram illustrating an electronic device 800 in accordance with an example embodiment. As shown in fig. 8, the electronic device 800 may include: a processor 801, a memory 802. The electronic device 800 may also include one or more of a multimedia component 803, an input/output (I/O) interface 804, and a communications component 805.
The processor 801 is configured to control the overall operation of the electronic device 800, so as to complete all or part of the steps in the information distribution method. The memory 802 is used to store various types of data to support operation at the electronic device 800, such as instructions for any application or method operating on the electronic device 800 and application-related data, such as contact data, transmitted and received messages, pictures, audio, video, and so forth. The Memory 802 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia components 803 may include screen and audio components. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 802 or transmitted through the communication component 805. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 804 provides an interface between the processor 801 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 805 is used for wired or wireless communication between the electronic device 800 and other devices. Wireless communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, 4G, NB-IOT, eMTC, or other 5G, etc., or a combination of one or more of them, which is not limited herein. The corresponding communication component 805 may therefore include: Wi-Fi module, Bluetooth module, NFC module, etc.
In an exemplary embodiment, the electronic Device 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the above-described information distribution method.
In another exemplary embodiment, there is also provided a computer-readable storage medium including program instructions which, when executed by a processor, implement the steps of the information distribution method described above. For example, the computer readable storage medium may be the memory 802 described above that includes program instructions that are executable by the processor 801 of the electronic device 800 to perform the information distribution method described above.
In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned information distribution method when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, various possible combinations will not be separately described in this disclosure.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.

Claims (13)

1. A communication system, the system comprising: a connection accepting host, a connection initiating host and an information publishing server, said connection accepting host, said connection initiating host and said information publishing server all being located in the same blockchain network, wherein,
the information issuing server is used for sending the host information to a specified connection initiating host by a method of issuing the host information of the connection accepting host in the blockchain network, wherein the host information comprises a communication address and public key information of the connection accepting host;
the connection initiating host computer reads the host computer information of the connection receiving host computer issued by the information issuing server through the block chain network, and establishes communication connection with the connection receiving host computer according to the host computer information of the connection receiving host computer so as to acquire data required by the connection initiating host computer from a server providing data access.
2. An information distribution method applied to the information distribution server of claim 1, the method comprising:
receiving host information to be issued input by a user;
reading public key information of one or more connection initiating hosts in a block chain network where the information issuing server is located, wherein the public key information of the connection initiating hosts corresponds to the connection initiating hosts one to one;
encrypting the host information to be issued according to the public key information of each connection initiating host;
and respectively packaging each encrypted host information to be issued into a block chain transaction and then issuing the host information to be issued into the block chain network.
3. The method according to claim 2, wherein the encrypting the host information to be issued according to the public key information of each connection initiating host comprises:
encrypting the host information to be issued by using a first preset symmetric key and a first preset symmetric encryption algorithm to obtain a first ciphertext;
encrypting the first preset symmetric key respectively according to the public key information of each connection initiating host to obtain second ciphertexts, wherein the second ciphertexts correspond to the connection initiating hosts one by one;
and determining the first ciphertext and any one of the second ciphertexts as the encrypted to-be-issued host information, wherein each encrypted to-be-issued host information corresponds to the connection initiating host one to one.
4. A method according to claim 2 or 3, characterized in that the method further comprises:
signing each block chain transaction by using a private key of the information issuing server;
and respectively distributing the block chain transaction after each signature in the block chain network.
5. An information distribution method applied to the information distribution server of claim 1, the method comprising:
receiving host information to be issued input by a user;
encrypting the host information to be issued according to a second preset symmetric key;
packaging the encrypted host information to be issued into a block chain transaction and then issuing the host information to be issued into a block chain network where the information issuing server is located;
reading public key information of one or more connection initiating hosts in the block chain network, wherein the public key information of the connection initiating hosts corresponds to the connection initiating hosts one by one;
encrypting the preset symmetric key according to the public key information of each connection initiating host respectively;
and respectively packaging each encrypted preset symmetric key into a block chain transaction and then issuing the block chain transaction in the block chain network.
6. The method according to claim 5, wherein the encrypting the host information to be issued according to the second preset symmetric key comprises:
encrypting the host information to be issued by using the second preset symmetric key and a second preset symmetric encryption algorithm to obtain a third ciphertext;
encrypting the second preset symmetric key by using the public key of the information issuing server to obtain a fourth ciphertext;
and determining the third ciphertext and the fourth ciphertext as the encrypted to-be-issued host information.
7. The method of claim 5 or 6, further comprising:
signing each block chain transaction by using a private key of the information issuing server;
and respectively distributing the block chain transaction after each signature in the block chain network.
8. An information distribution apparatus applied to the information distribution server of claim 1, the apparatus comprising:
the first receiving module is used for receiving host information to be issued input by a user;
the first acquisition module is used for reading public key information of one or more connection initiating hosts in a block chain network where the information publishing server is located, and the public key information of the connection initiating hosts corresponds to the connection initiating hosts one by one;
the first encryption module is used for respectively encrypting the host information to be issued according to the public key information of each connection initiating host;
and the first distribution module is used for respectively packaging each encrypted host information to be distributed into a block chain transaction and then distributing the host information to be distributed into the block chain network.
9. An information distribution apparatus applied to the information distribution server of claim 1, the apparatus comprising:
the second receiving module is used for receiving host information to be issued input by a user;
the second encryption module is used for encrypting the host information to be issued according to a second preset symmetric key;
the second issuing module is used for packaging the encrypted host information to be issued into a block chain transaction and then issuing the encrypted host information to be issued into the block chain network where the information issuing server is located;
a second obtaining module, configured to read public key information of one or more connection initiating hosts in the blockchain network, where the public key information of the connection initiating host corresponds to the connection initiating host one to one;
the third encryption module is used for encrypting the preset symmetric key according to the public key information of each connection initiating host;
and the third issuing module is used for respectively packaging each encrypted preset symmetric key into one block chain transaction and then issuing the encrypted preset symmetric key into the block chain network.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 2 to 4.
11. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 2 to 4.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 5 to 7.
13. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 5 to 7.
CN201911348618.6A 2019-12-24 2019-12-24 Communication system, information distribution method, device, medium, and apparatus Active CN111181944B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911348618.6A CN111181944B (en) 2019-12-24 2019-12-24 Communication system, information distribution method, device, medium, and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911348618.6A CN111181944B (en) 2019-12-24 2019-12-24 Communication system, information distribution method, device, medium, and apparatus

Publications (2)

Publication Number Publication Date
CN111181944A true CN111181944A (en) 2020-05-19
CN111181944B CN111181944B (en) 2022-03-11

Family

ID=70623187

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911348618.6A Active CN111181944B (en) 2019-12-24 2019-12-24 Communication system, information distribution method, device, medium, and apparatus

Country Status (1)

Country Link
CN (1) CN111181944B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114666341A (en) * 2022-03-15 2022-06-24 数界(深圳)科技有限公司 Decentralized SDP controller implementation method and computer storage medium
WO2022143935A1 (en) * 2021-01-04 2022-07-07 中国移动通信有限公司研究院 Blockchain-based method and system for sdp access control
WO2022143898A1 (en) * 2021-01-04 2022-07-07 中国移动通信有限公司研究院 Blockchain-based sdp access control method and apparatus

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system
CN107980216A (en) * 2017-05-26 2018-05-01 深圳前海达闼云端智能科技有限公司 Communication means, device, system, electronic equipment and computer-readable recording medium
CN108702287A (en) * 2018-04-16 2018-10-23 深圳前海达闼云端智能科技有限公司 Information publication based on block chain and acquisition methods, device and block chain node

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system
CN107980216A (en) * 2017-05-26 2018-05-01 深圳前海达闼云端智能科技有限公司 Communication means, device, system, electronic equipment and computer-readable recording medium
US20190207762A1 (en) * 2017-05-26 2019-07-04 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Communication method, apparatus and system, electronic device, and computer readable storage medium
CN108702287A (en) * 2018-04-16 2018-10-23 深圳前海达闼云端智能科技有限公司 Information publication based on block chain and acquisition methods, device and block chain node

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022143935A1 (en) * 2021-01-04 2022-07-07 中国移动通信有限公司研究院 Blockchain-based method and system for sdp access control
WO2022143898A1 (en) * 2021-01-04 2022-07-07 中国移动通信有限公司研究院 Blockchain-based sdp access control method and apparatus
CN114765551A (en) * 2021-01-04 2022-07-19 中国移动通信有限公司研究院 SDP access control method and device based on block chain
CN114765551B (en) * 2021-01-04 2023-10-27 中国移动通信有限公司研究院 SDP access control method and device based on blockchain
CN114666341A (en) * 2022-03-15 2022-06-24 数界(深圳)科技有限公司 Decentralized SDP controller implementation method and computer storage medium

Also Published As

Publication number Publication date
CN111181944B (en) 2022-03-11

Similar Documents

Publication Publication Date Title
CN108235772B (en) Data processing method and device based on block chain, storage medium and electronic equipment
CN108377189B (en) Block chain user communication encryption method and device, terminal equipment and storage medium
US11271730B2 (en) Systems and methods for deployment, management and use of dynamic cipher key systems
US9774573B2 (en) Secure transfer and use of secret material in a shared environment
CN110050437B (en) Apparatus and method for distributed certificate registration
US10880100B2 (en) Apparatus and method for certificate enrollment
CN111797415A (en) Block chain based data sharing method, electronic device and storage medium
EP2095288B1 (en) Method for the secure storing of program state data in an electronic device
US20140195804A1 (en) Techniques for secure data exchange
CN111181944B (en) Communication system, information distribution method, device, medium, and apparatus
JP2006505041A (en) Secure integration and use of device-specific security data
CN114157415A (en) Data processing method, computing node, system, computer device and storage medium
CN111342966B (en) Data storage method, data recovery method, device and equipment
CN113438205B (en) Block chain data access control method, node and system
CN112822177A (en) Data transmission method, device, equipment and storage medium
CN110383755B (en) Network device and trusted third party device
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
EP2892206B1 (en) System and method for push framework security
CN117118628A (en) Lightweight identity authentication method and device for electric power Internet of things and electronic equipment
WO2020177109A1 (en) Lot-drawing processing method, trusted chip, node, storage medium and electronic device
CN113852469B (en) Method, device, equipment and readable storage medium for transmitting data between block chain nodes
CN113381854B (en) Data transmission method, device, equipment and storage medium
KR20220081068A (en) Application security device and method using encryption/decryption key
CN117353899A (en) Hybrid encryption method, device and storage medium
CN117200982A (en) Key generation method, storage medium, electronic device, and vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20210705

Address after: 201111 2nd floor, building 2, no.1508, Kunyang Road, Minhang District, Shanghai

Applicant after: Dalu Robot Co.,Ltd.

Address before: No.3, 7th floor, unit 1, building 5, No.399, Fucheng Avenue West, Chengdu, Sichuan 610094

Applicant before: CLOUDMINDS (CHENGDU) TECHNOLOGIES Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 201111 Building 8, No. 207, Zhongqing Road, Minhang District, Shanghai

Patentee after: Dayu robot Co.,Ltd.

Address before: 201111 2nd floor, building 2, no.1508, Kunyang Road, Minhang District, Shanghai

Patentee before: Dalu Robot Co.,Ltd.

CP03 Change of name, title or address