CN112199697A - Information processing method, device, equipment and medium based on shared root key - Google Patents

Information processing method, device, equipment and medium based on shared root key Download PDF

Info

Publication number
CN112199697A
CN112199697A CN202011068461.4A CN202011068461A CN112199697A CN 112199697 A CN112199697 A CN 112199697A CN 202011068461 A CN202011068461 A CN 202011068461A CN 112199697 A CN112199697 A CN 112199697A
Authority
CN
China
Prior art keywords
information
sub
piece
organization
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011068461.4A
Other languages
Chinese (zh)
Inventor
贾牧
谢丹力
陆陈一帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Smart Technology Co Ltd
OneConnect Financial Technology Co Ltd Shanghai
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN202011068461.4A priority Critical patent/CN112199697A/en
Publication of CN112199697A publication Critical patent/CN112199697A/en
Priority to PCT/CN2021/109261 priority patent/WO2022068360A1/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Exchange, e.g. stocks, commodities, derivatives or currency exchange

Abstract

The embodiment of the application discloses an information processing method, device, equipment and medium based on a shared root key, which mainly relate to a block chain technology and a hospital management technology, wherein the method comprises the following steps: acquiring a target function for describing information and mechanism information of a mechanism to which the target information to be processed belongs, and generating a root key corresponding to the target information according to the mechanism information; generating a key corresponding to each piece of sub information in the target information according to the root key; acquiring a first random number corresponding to each piece of sub information, and adjusting each piece of sub information according to the first random number; acquiring coordinate information corresponding to each piece of sub-information according to the target function and each piece of adjusted sub-information; encrypting the coordinate information of each piece of sub-information by adopting a key corresponding to each piece of sub-information to obtain a ciphertext of the coordinate information corresponding to each piece of sub-information; and determining the ciphertext as the ciphertext of the target information, and storing the ciphertext of the target information into the block chain network. By adopting the embodiment of the application, the safety of the information can be improved.

Description

Information processing method, device, equipment and medium based on shared root key
Technical Field
The present application relates to the field of block chaining technologies, and in particular, to a method, an apparatus, a device, and a medium for processing information based on a shared root key.
Background
With the development of networks, a mode of information interaction through a network is favored by a large number of users, the number of generated information is increased due to the increase of the number of users using the network, and a large amount of information needs to be stored, for example, information for patient prescription circulation, patient management and the like in hospital management needs to be stored, so that subsequent tracing is facilitated. The traditional information storage mode is generally terminal local storage, the information storage mode has a large risk, an illegal terminal easily acquires locally stored information, information leakage is caused, an illegal user can tamper the locally stored information, information safety is low, and when the local storage fails, the information cannot be found back, so that loss is caused. Therefore, how to ensure the security of information in the information storage process and prevent information leakage is an urgent problem to be solved.
Disclosure of Invention
The embodiment of the application provides an information processing method, an information processing device, information processing equipment and an information processing medium based on a shared root key, which can encrypt information, improve the safety of the information and prevent the information from being leaked.
An aspect of the present application provides an information processing method based on a shared root key, including:
acquiring an objective function used for describing information and organization information corresponding to an organization to which the target information to be processed belongs, and generating a root key corresponding to the target information according to the organization information, wherein the organization information comprises at least one of the confidentiality level of the organization, the debt information of the organization and the profit information of the organization;
generating a key corresponding to each piece of sub information in the target information according to the root key, wherein the target information comprises at least two pieces of sub information;
acquiring a first random number corresponding to each piece of sub information, and adjusting each piece of sub information according to the first random number to obtain each piece of adjusted sub information;
acquiring coordinate information corresponding to each piece of sub information in the at least two pieces of sub information according to the target function and each piece of adjusted sub information;
encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by adopting the key corresponding to each piece of sub-information to obtain a ciphertext of the coordinate information corresponding to each piece of sub-information;
and determining the ciphertext of the coordinate information corresponding to each piece of sub information as the ciphertext of the target information, and storing the ciphertext of the target information into the block chain network.
Optionally, the organization information includes a security level of the organization, and the generating a root key corresponding to the target information according to the organization information includes: generating a second random number according to the security level of the organization; acquiring the byte length of the second random number, and filling the second random number according to the byte length to obtain a filled second random number; and carrying out hash operation on the second random number after the filling processing to obtain a root key corresponding to the target information.
Optionally, the institution information includes debt information of the institution and profit information of the institution; the generating a root key corresponding to the target information according to the organization information includes: determining the fund level of the organization according to the debt information of the organization and the profit information of the organization; generating a third random number based on the institution's funding level; and carrying out hash operation on the third random number to obtain a root key corresponding to the target information.
Optionally, the generating a key corresponding to each piece of sub information in the target information according to the root key includes: acquiring the generation time of each piece of sub information; determining first sub information and second sub information according to the generation time of each piece of sub information, wherein the first sub information is the sub information with the earliest generation time in the target information, and the generation time of the second sub information is later than that of the first sub information; performing hash operation on the root key to obtain a key of the first sub-information; and carrying out Hash operation on the key of the first sub-information to obtain the key of the second sub-information.
Optionally, the adjusting each piece of sub information according to the first random number to obtain each piece of adjusted sub information includes: subtracting the first random number from each piece of sub information to obtain each piece of sub information after subtraction; and if the subtracted sub information is smaller than the information threshold, determining the subtracted sub information as the adjusted sub information.
Optionally, the method further includes: if each piece of sub information after subtraction is larger than or equal to the information threshold, adjusting the first random number; subtracting the adjusted first random number from each piece of sub information to obtain each piece of candidate sub information; and if each piece of candidate sub information is smaller than the information threshold, determining each piece of candidate sub information as each piece of adjusted sub information.
Optionally, the encrypting the coordinate information of the corresponding sub information in the at least two pieces of sub information to obtain the ciphertext of the coordinate information corresponding to each piece of sub information includes: acquiring a private key of a terminal to which the target information belongs and a secret key corresponding to each piece of sub information; acquiring candidate coordinates corresponding to the target information, wherein the candidate coordinates are obtained according to base point coordinates of a curve of the target function and the private key; encrypting the candidate coordinate according to the key corresponding to each piece of sub information to obtain a ciphertext of the candidate coordinate; and fusing the coordinate information corresponding to each piece of sub information with the corresponding candidate coordinate ciphertext to obtain the coordinate information ciphertext corresponding to each piece of sub information.
An aspect of the present application provides an information processing apparatus based on a shared root key, including:
the root key generation module is used for acquiring an objective function used for describing information and organization information corresponding to an organization to which the target information to be processed belongs, and generating a root key corresponding to the target information according to the organization information, wherein the organization information comprises at least one of the confidentiality level of the organization, the debt information of the organization and the profit information of the organization;
the sub-key generation module is used for generating a key corresponding to each piece of sub-information in the target information according to the root key, wherein the target information comprises at least two pieces of sub-information;
the information adjusting module is used for acquiring a first random number corresponding to each piece of sub information, and adjusting each piece of sub information according to the first random number to obtain each piece of adjusted sub information;
a coordinate obtaining module, configured to obtain, according to the target function and each piece of adjusted sub information, coordinate information corresponding to each piece of sub information in the at least two pieces of sub information;
the information encryption module is used for encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by adopting the key corresponding to each piece of sub-information to obtain a ciphertext of the coordinate information corresponding to each piece of sub-information;
and the information storage module is used for determining the ciphertext of the coordinate information corresponding to each piece of sub information as the ciphertext of the target information and storing the ciphertext of the target information into the block chain network.
Optionally, the organization information includes a security level of the organization, and the root key generation module is specifically configured to generate a second random number according to the security level of the organization; acquiring the byte length of the second random number, and filling the second random number according to the byte length to obtain a filled second random number; and carrying out hash operation on the second random number after the filling processing to obtain a root key corresponding to the target information.
Optionally, the institution information includes debt information of the institution and profit information of the institution; the root key generation module is specifically configured to: determining the fund level of the organization according to the debt information of the organization and the profit information of the organization; generating a third random number based on the institution's funding level; and carrying out hash operation on the third random number to obtain a root key corresponding to the target information.
Optionally, the subkey generating module is specifically configured to: acquiring the generation time of each piece of sub information; determining first sub information and second sub information according to the generation time of each piece of sub information, wherein the first sub information is the sub information with the earliest generation time in the target information, and the generation time of the second sub information is later than that of the first sub information; performing hash operation on the root key to obtain a key of the first sub-information; and carrying out Hash operation on the key of the first sub-information to obtain the key of the second sub-information.
Optionally, the information adjusting module is specifically configured to: subtracting the first random number from each piece of sub information to obtain each piece of sub information after subtraction; and if the subtracted sub information is smaller than the information threshold, determining the subtracted sub information as the adjusted sub information.
Optionally, the apparatus further comprises: a random number adjusting module, configured to adjust the first random number if each piece of sub information after subtraction is greater than or equal to the information threshold; subtracting the adjusted first random number from each piece of sub information to obtain each piece of candidate sub information; and if each piece of candidate sub information is smaller than the information threshold, determining each piece of candidate sub information as each piece of adjusted sub information.
Optionally, the information encryption module is specifically configured to: acquiring a private key of a terminal to which the target information belongs and a secret key corresponding to each piece of sub information; acquiring candidate coordinates corresponding to the target information, wherein the candidate coordinates are obtained according to base point coordinates of a curve of the target function and the private key; encrypting the candidate coordinate according to the key corresponding to each piece of sub information to obtain a ciphertext of the candidate coordinate; and fusing the coordinate information corresponding to each piece of sub information with the corresponding candidate coordinate ciphertext to obtain the coordinate information ciphertext corresponding to each piece of sub information.
One aspect of the present application provides a computer device, comprising: a processor, a memory, a network interface;
the processor is connected to a memory and a network interface, wherein the network interface is used for providing a data communication function, the memory is used for storing a computer program, and the processor is used for calling the computer program to execute the method in the aspect in the embodiment of the present application.
An aspect of the embodiments of the present application provides a computer-readable storage medium, in which a computer program is stored, where the computer program includes program instructions, and when the program instructions are executed by a processor, the processor is caused to execute the shared root key-based information processing method according to the first aspect.
In the embodiment of the application, since the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the privacy level of the institution, the debt information of the institution, the profit information of the institution, and the like, the institution is relatively confidential information, and it is difficult for an illegal terminal to acquire the institution information, that is, it is difficult for the illegal terminal to acquire the root key corresponding to the target information. Therefore, after the key corresponding to each piece of sub information in the target information is generated according to the root key and each piece of sub information is encrypted by adopting the key corresponding to each piece of sub information, since an illegal terminal is difficult to acquire the root key, decryption of the ciphertext cannot be realized, the difficulty of ciphertext decryption can be improved, and the safety of information is improved. By adjusting each piece of sub information in at least two pieces of sub information, the coordinate information corresponding to each piece of adjusted sub information can be generated according to each piece of adjusted sub information, and the success rate of obtaining the coordinate information corresponding to each piece of adjusted sub information is improved. By encrypting each piece of sub information in the target information, the illegal terminal is prevented from cracking the ciphertext, so that the safety of each piece of sub information is improved, and the safety of the target information is improved. The ciphertext information of the target information is stored in the block chain network, and the safety of the information can be improved based on the characteristic that the block chain cannot be tampered and is not easy to lose; in addition, the ciphertext of the target information is stored in the block chain network, so that the resource occupation of the local storage space of the terminal can be reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flowchart of an information processing method based on a shared root key according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for adjusting each piece of sub information according to an embodiment of the present application;
fig. 3 is a schematic flowchart of an information processing method based on a shared root key according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a shared root key-based information processing apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The block chain related to the application is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission (P2P transmission), consensus mechanism, encryption algorithm and the like, is essentially a decentralized database, and is a series of data blocks which are generated in a correlation mode by using a cryptography method, wherein each data block contains information of a batch of network transactions and is used for verifying the validity (anti-counterfeiting) of the information and generating the next block. The blockchain can comprise a blockchain bottom platform, a platform product service layer and an application service layer; the blockchain can be composed of a plurality of serial transaction records (also called blocks) which are connected in series by cryptography and protect the contents, and the distributed accounts connected in series by the blockchain can effectively record the transactions by multiple parties and can permanently check the transactions (can not be tampered). The consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights and interests among different nodes in the block chain network; that is, the consensus mechanism is a mathematical algorithm commonly recognized by network nodes in the blockchain.
The technical scheme of the application is suitable for hospital management, namely the target information can refer to information of prescription circulation, patient management and the like of a patient, the ciphertext corresponding to the information of the prescription circulation, the patient management and the like of the patient is obtained by encrypting the information of the prescription circulation, the patient management and the like of the patient, the encrypted data is stored in the block chain network, management of the information of the prescription circulation, the patient management and the like of the patient is facilitated, and the safety of the information of hospital management is improved.
Referring to fig. 1, fig. 1 is a schematic flow chart of an information processing method based on a shared root key according to an embodiment of the present disclosure, where the method is applied to a node in a block chain Network, where the node may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a Content Delivery Network (CDN), and a big data and artificial intelligence platform. Alternatively, the node may refer to a computer device, including a mobile phone, a tablet computer, a notebook computer, a palm computer, a smart audio, a Mobile Internet Device (MID), a Point Of Sale (POS) machine, a wearable device (e.g., a smart watch, a smart bracelet, etc.), and the like. As shown in fig. 1, the method includes:
s101, acquiring an objective function used for describing information and mechanism information corresponding to a mechanism to which the target information to be processed belongs, and generating a root key corresponding to the target information according to the mechanism information.
Here, the objective function may be a function corresponding to an elliptic curve, or may be a function corresponding to another curve. The target information may refer to transaction data, business data, internal data of an organization, and the like. The institution information corresponding to the institution to which the target information belongs includes at least one of a privacy level of the institution, debt information of the institution, and profit information of the institution. In order to increase the difficulty of decrypting the ciphertext of the target information and avoid the ciphertext of the target information from being cracked by an illegal user, the root key corresponding to the target information can be generated according to the organization information, namely the root key corresponding to the target information can be generated according to at least one of the confidentiality grade of the organization, the debt information of the organization and the profit information of the organization.
Optionally, the organization information corresponding to the organization to which the target information belongs includes a security level of the organization, and the method for generating the root key corresponding to the target information according to the organization information may be: generating a second random number according to the security level of the organization to which the target information belongs; acquiring the byte length of the second random number, and filling the second random number according to the byte length to obtain a filled second random number; and carrying out Hash operation on the second random number after the filling processing to obtain a root key corresponding to the target information.
Here, the security level of an organization may be classified according to the nature of the organization, for example, the nature of the organization may include a defense organization, an educational organization, a small retail organization, and the like. The security level of the defense institution is greater than that of the education institution, and the security level of the education institution is greater than that of the small retail institution. The byte length in the second random number refers to the number of bytes corresponding to the second random number, for example, if the second random number is a number between 0 and 255, the corresponding byte length is 1, or if the second random number is a number greater than 255, the byte length is greater than 1, and so on.
Specifically, for example, the security level of the organization to which the target information belongs may be acquired, a rand function in the C language is called, a second random number k is returned according to the security level of the organization to which the target information belongs, and then the byte length in the second random number k is acquired; the second random number is padded according to the byte length to obtain the padded second random number, that is, 8 bits (i.e., bits) corresponding to 1 byte are padded, for example, binary padding may be 0 or 1. That is, the second random number after the padding process is different from the second random number before the padding process in numerical value, the second random number before the padding process is k, the second random number after the padding process is p, and p is different from k in numerical value. The second random number p after the padding process is subjected to hash operation, i.e., hash (p) ═ p1, and p1 is used as a root key corresponding to the target information.
Because the second random number is subjected to filling processing to obtain the filled second random number, and one second random number has multiple filling modes, including filling one or more bits of 8 bits, the filled second random number is not equal to the second random number before filling, even if an illegal terminal acquires the privacy level of the organization to which the target information belongs, and generates the second random number according to the privacy level, because the filling modes of the second random number are multiple, the illegal terminal is difficult to acquire the correct filled random number, so that the acquisition of the root key corresponding to the target information cannot be realized, and the information security can be improved.
Optionally, the institution information corresponding to the institution to which the target information belongs includes debt information of the institution and profit information of the institution, and the method for generating the root key corresponding to the target information according to the institution information may be: determining the fund level of the organization according to the debt information of the organization and the profit information of the organization; generating a third random number according to the fund level of the organization; and carrying out Hash operation on the third random number to obtain a root key corresponding to the target information.
Here, the debt information of an organization may refer to the debt relationship between the company of the organization and a specific person or a specific organization, including company loan, accounts payable, unpaid procurement items, and the like. Profitability information for an organization may refer to revenue captured by the organization, and so on. Determining the fund level of the organization according to the debt information of the organization and the profit information of the organization may refer to determining the fund level of the organization according to the difference between the profit information of the organization and the debt information of the organization. The higher the capital rating of an organization, the better the benefit of the organization; the lower the capital rating of an organization, the less profitable the organization is. For example, when the difference between the profitability information of the organization and the liability information of the organization is greater than a first quantity threshold, the fund level of the organization is a first fund level; when the difference between the profit information of the organization and the debt information of the organization is larger than a second quantity threshold and smaller than a first quantity threshold, the fund level of the organization is a second fund level; and when the difference between the profit information of the organization and the debt information of the organization is less than a second quantity threshold, the fund level of the organization is a third fund level, wherein the first quantity threshold is greater than the second quantity threshold, and the first fund level is greater than the second fund level and is greater than the third fund level.
Specifically, the fund level of the organization may be determined by acquiring debt information of the organization and profit information of the organization, for example, the third random number m may be generated according to the fund level of the organization; the hash operation, i.e., hash (m) ═ m1, is performed on the third random number m, and m1 is used as the root key corresponding to the target information. The third random number is generated according to the fund level of the organization, the fund level of the organization is determined according to the debt information of the organization and the profit information of the organization, and the debt information of the organization, the profit information of the organization and the like belong to information with high confidentiality of the organization, so that an illegal terminal cannot easily acquire the third random number, cannot acquire the fund level of the organization and cannot generate the third random number, and cannot acquire the root key corresponding to the target information, so that the safety of the information can be improved.
Optionally, the information associated with the mechanism may also be acquired from the blockchain network, the number of pieces of information whose privacy level is greater than the level threshold is acquired from the associated information, and the number of pieces of information is subjected to hash operation to obtain the root key corresponding to the target information. Here, the information associated with the organization is all information stored by the organization in the block chain network, and the privacy level of the information being greater than the level threshold value indicates that the privacy level of the information is higher, such as absolute privacy; a privacy level of the information being less than the level threshold indicates that the information is less private, e.g., secret, and that the privacy level of the absolute is greater than the privacy level of the secret. For example, information related to the organization is acquired from the blockchain network, the number of pieces of information with the privacy level of the information being greater than the level threshold in the related information is q, the number q of pieces of information is hashed (q) to q1, and q1 is used as a root key corresponding to the target information. Since the confidential information is information with a high mechanism confidentiality degree, an illegal terminal is difficult to acquire the information and cannot acquire the root key corresponding to the target information, and the information security can be improved.
And S102, generating a key corresponding to each piece of sub information in the target information according to the root key.
Here, the target information includes at least two pieces of sub information. Specifically, the method for generating the key corresponding to each piece of sub information in the target information according to the root key includes: acquiring the generation time of each piece of sub information; determining first sub information and second sub information according to the generation time of each piece of sub information, wherein the generation time of the second sub information is later than that of the first sub information; carrying out Hash operation on the root key to obtain a key of the first sub information; and carrying out Hash operation on the key of the first sub-information to obtain the key of the second sub-information.
For example, the root key corresponding to the target information is n, the target information includes 2 pieces of sub information, namely sub information a1 and sub information a2, and the generation time corresponding to the 2 pieces of sub information is t1 and t2, and t1> t2, so that the first sub information is sub information a1, the second sub information is sub information a2, the root key corresponding to the target information is hashed to obtain the key of the first sub information, namely hash (n) ═ n1, and then n1 is the key of the first sub information; if the key of the first sub information is hashed to obtain the key of the second sub information, that is, if hash (n1) is n2, n2 is the key of the second sub information.
If the number of the second sub information is greater than 1, if the number of the second sub information is 3, the second sub information is sub information a2, sub information a3 and sub information a4, the generation time of the 3 pieces of second sub information is t2, t3 and t4, respectively, t2> t3> t4, and the key of the first sub information is n1, performing hash operation on the key of the first sub information to obtain the key of the second sub information a2, that is, hash (n1) ═ n2, and then n2 is the key of the sub information a 2; performing hash operation on the key of the second sub-information a2 to obtain the key of the second sub-information a3, that is, if the hash (n2) is n3, then n3 is the key of the sub-information a 3; if the key of the second sub information a3 is hashed to obtain the key of the second sub information a4, i.e., if the hash (n3) is n4, n4 is the key of the sub information a 4. Therefore, the key corresponding to each piece of sub information can be calculated. The key corresponding to the sub-information is obtained by performing the hash operation on the root key, so that the difficulty of the key corresponding to the sub-information can be improved, the encryption difficulty can be improved when each piece of sub-information is encrypted by using the key corresponding to the sub-information subsequently, the probability that a ciphertext is cracked by an illegal terminal is reduced, and the information safety is improved.
In a possible implementation manner, the method for generating a key corresponding to each piece of sub information in target information according to a root key includes: acquiring the information length of each piece of sub information; determining first sub information and second sub information according to the information length of each piece of sub information, wherein the first sub information is the sub information with the largest information length in the target information, and the information length of the second sub information is smaller than that of the first sub information; carrying out Hash operation on the root key to obtain a key of the first sub information; and carrying out Hash operation on the key of the first sub-information to obtain the key of the second sub-information.
For example, the root key corresponding to the target information is k, the target information includes 2 pieces of sub information, namely sub information b1 and sub information b2, and the generation time corresponding to the 2 pieces of sub information is s1 and s2, and s1 is greater than s2, so that the first sub information is sub information b1, and the second sub information is sub information b2, the root key corresponding to the target information is hashed to obtain the key of the first sub information, namely hash (k) ═ k1, and k1 is the key of the first sub information; if the key of the first sub information is hashed to obtain the key of the second sub information, that is, if hash (k1) is k2, k2 is the key of the second sub information. If the number of the second sub information is greater than 1, sorting the second sub information according to the information length of each second sub information from large to small to obtain sorted second sub information, for example, the sorted second sub information includes sub information b2, b3 and b4, the information length of b2 that is greater than b3 is greater than b4, and the key of the first sub information is k1, performing hash operation on the key of the first sub information to obtain the key of the second sub information b2 as k 2; carrying out hash operation on the key of the second sub-information b2 to obtain a key k3 of the second sub-information b 3; and performing hash operation on the key of the second sub-information b3 to obtain the key k4 of the second sub-information b 4. Therefore, the key corresponding to each piece of sub information can be obtained through calculation according to the information length of each piece of sub information and the root key, and due to the fact that the length of each piece of sub information is different, the keys corresponding to the sub information obtained through calculation according to the length of each piece of sub information and the root key are different, the difficulty of encrypting each piece of sub information through the key corresponding to the sub information in the follow-up process can be improved, the probability of breaking a ciphertext by an illegal terminal is reduced, and the safety of the information is improved.
S103, acquiring a first random number corresponding to each piece of sub information, and adjusting each piece of sub information according to the first random number to obtain each piece of adjusted sub information.
Here, when the value corresponding to each piece of sub information is greater than the first threshold, it is not possible to map each piece of sub information onto the curve of the objective function, and the coordinate point corresponding to each piece of sub information cannot be calculated from the curve of the objective function. Therefore, each piece of sub information can be adjusted by using the first random number, so that the value corresponding to each piece of adjusted sub information is smaller than or equal to the first threshold value, thereby mapping each piece of sub information onto the curve of the objective function, and calculating the coordinate point corresponding to each piece of sub information according to the curve of the objective function. By adjusting each piece of sub information by using the first random number, the probability of obtaining the coordinate point corresponding to each piece of sub information can be improved, and therefore the probability of successful encryption is improved. The first threshold may be determined according to a curve parameter corresponding to the objective function, and if the curve parameter is a curve length c, the first threshold is 2256-w, wherein w is a minimum value.
In a specific implementation, a random number generation algorithm may be used to generate a random number, for example, a central limit theorem and a Box Muller (coordinate transformation), a monte carlo algorithm, a numerical probability algorithm, a las vegas algorithm, or another algorithm, and determine the generated random number as the first random number corresponding to each piece of sub information. Alternatively, a rand function in C language may be called to generate a random number.
In a possible case, if each piece of sub information is not data of a numerical type, each piece of sub information may be encoded to obtain encoded data of the numerical type, and the encoded data corresponding to each piece of sub information is adjusted according to the first random number corresponding to each piece of sub information to obtain each piece of adjusted sub information.
In another possible case, if each piece of sub information is data of a numerical type, each piece of sub information is adjusted according to the first random number corresponding to each piece of sub information, and each piece of adjusted sub information is obtained. It can be known that each piece of sub information after adjustment includes the piece of sub information and the first random number corresponding to the piece of sub information.
Optionally, the method for adjusting each piece of sub information according to the first random number may be as shown in fig. 2, where fig. 2 is a schematic flow chart of a method for adjusting each piece of sub information provided in an embodiment of the present application, and as shown in fig. 2, the method includes the following steps:
and S11, subtracting the first random number from each piece of sub information to obtain each piece of sub information after subtraction.
And S12, if each piece of sub information after subtraction is smaller than the information threshold, determining each piece of sub information after subtraction as each piece of sub information after adjustment.
In steps S11 to S12, if each piece of sub information after subtraction is smaller than the information threshold, it is considered that the piece of sub information is mapped to the first coordinate of the target point on the curve corresponding to the target function, and the second coordinate of the target point on the curve corresponding to the target function is obtained by calculation according to the first coordinate and the target function, that is, the coordinate information corresponding to each piece of sub information can be obtained. If each piece of sub information after subtraction is greater than or equal to the information threshold, it is considered that the piece of sub information is mapped to a first coordinate of a target point on a curve corresponding to the target function, and a second coordinate of the target point on the curve corresponding to the target function cannot be obtained through calculation according to the first coordinate and the target function, that is, coordinate information corresponding to each piece of sub information cannot be obtained. The first random numbers corresponding to each piece of sub information may be equal or different. The information threshold may be, for example, 2256And may be less than 2256
Each piece of sub information after subtraction can be obtained by subtracting the first random number from each piece of sub information, and therefore each piece of sub information after subtraction is determined as each piece of sub information after adjustment according to the size relation between each piece of sub information after subtraction and the information threshold. The subtracting of the first random number from each piece of sub information may refer to subtracting the first random number from a value corresponding to each piece of sub information, and it is known that a value corresponding to each piece of sub information obtained after the subtracting is smaller than a value corresponding to the sub information before the subtracting.
And S13, if each piece of sub information after subtraction is larger than or equal to the information threshold, adjusting the first random number.
And S14, subtracting the adjusted first random number from each piece of sub information to obtain each piece of candidate sub information.
Here, when each piece of sub information after subtraction is greater than or equal to the information threshold, the piece of sub information is mapped to a first coordinate of a target point on a curve corresponding to the target function, and a second coordinate of the target point on the curve corresponding to the target function cannot be calculated according to the first coordinate and the target function, that is, coordinate information corresponding to each piece of sub information cannot be obtained. Therefore, it is necessary to adjust the first random number corresponding to each piece of sub information, and subtract the first random number from each piece of adjusted sub information to obtain each piece of candidate sub information.
And S15, if each piece of candidate sub information is smaller than the information threshold, determining each piece of candidate sub information as each piece of adjusted sub information.
It can be known that, if each piece of candidate sub information is smaller than the information threshold, the piece of candidate sub information is mapped to a first coordinate of a target point on a curve corresponding to the target function, and a second coordinate of the target point on the curve corresponding to the target function can be obtained through calculation according to the first coordinate and the target function, that is, coordinate information corresponding to each piece of candidate sub information can be obtained. If each piece of candidate sub information is greater than or equal to the information threshold, it is considered that the piece of sub information is mapped to a first coordinate of a target point on a curve corresponding to the target function, and a second coordinate of the target point on the curve corresponding to the target function cannot be obtained through calculation according to the first coordinate and the target function, that is, coordinate information corresponding to each piece of sub information cannot be obtained. That is, if each piece of candidate sub information is greater than or equal to the information threshold, the first random number continues to be adjusted until each piece of candidate sub information is subtracted from the adjusted first random number, and each piece of candidate sub information after subtraction is smaller than the information threshold, each piece of candidate sub information after subtraction is determined as each piece of adjusted sub information. By subtracting the first random number corresponding to each piece of sub information from the first random number corresponding to each piece of sub information and continuously adjusting the first random number corresponding to each piece of sub information, each piece of adjusted sub information can be obtained, and the success rate of subsequently encrypting each piece of sub information is improved.
And S104, acquiring coordinate information corresponding to each piece of sub information in at least two pieces of sub information according to the target function and each piece of adjusted sub information.
Here, for example, each piece of sub information of the adjusted non-numerical type may be encoded to obtain encoded data corresponding to each piece of sub information of the adjusted numerical type, and the encoded data corresponding to each piece of sub information of the adjusted numerical type may be mapped onto a curve corresponding to the objective function to obtain a corresponding coordinate point, so as to obtain coordinate information corresponding to each piece of sub information according to the coordinate point.
In a possible implementation manner, a curve corresponding to a target function may be obtained, and each piece of adjusted sub information is mapped to a first coordinate of a target point on the curve corresponding to the target function; determining a second coordinate of a target point on a curve corresponding to the target function according to the first coordinate and the target function; and determining the first coordinate and the second coordinate as coordinate information corresponding to each piece of sub information, so as to obtain the coordinate information corresponding to each piece of sub information in at least two pieces of sub information.
For example, to describe obtaining coordinate information corresponding to any piece of sub information c in at least two pieces of sub information, a second coordinate of a target point on a curve corresponding to an objective function may be determined according to a first coordinate and the objective function, and the first coordinate and the second coordinate are determined as coordinate information corresponding to the sub information c. For example, the curve corresponding to the objective function can be shown in equation (1-1):
y2=x3+ax+b (1-1)
wherein a and b are both known real numbers, x and y are both parameters, and by determining the value of any one of x or y, the value of the other parameter can be calculated by formula (1-1), for example, by determining the value of x and calculating the value of y by formula (1-1).
For example, a is 1, b is-1, a first coordinate (for example, the abscissa of the target point) of the target point mapped on the curve corresponding to the target function by the sub information c is 1, and a, b and the first coordinate are substituted into the formula (1-1) as x to obtain y as 1, that is, the second coordinate of the target point on the curve corresponding to the target function is 1, and the coordinate information corresponding to the sub information c is (1, 1).
And S105, encrypting the coordinate information corresponding to each piece of sub information in at least two pieces of sub information by using the key corresponding to each piece of sub information to obtain the ciphertext of the coordinate information corresponding to each piece of sub information.
Here, the computer device may encrypt the coordinate information corresponding to each piece of sub information in the at least two pieces of sub information by using the key corresponding to each piece of sub information, to obtain a ciphertext of the coordinate information corresponding to each piece of sub information. In specific implementation, the computer device may obtain a private key of a terminal to which the target information belongs, and encrypt coordinate information corresponding to each piece of sub information in at least two pieces of sub information according to the private key of the terminal and a key corresponding to each piece of sub information to obtain a ciphertext of the coordinate information corresponding to each piece of sub information. It is understood that the ciphertext of the coordinate information corresponding to the sub information is the ciphertext obtained by encrypting the sub information, and when the ciphertext is not decrypted, the content of the sub information corresponding to the ciphertext cannot be known even if the ciphertext is obtained. The security of the target information can be improved by encrypting each piece of sub information corresponding to the target information by using a private key of a terminal to which the target information belongs and a key corresponding to each piece of sub information.
And S106, determining the ciphertext of the coordinate information corresponding to each piece of sub information as the ciphertext of the target information, and storing the ciphertext of the target information into the block chain network.
Here, in the above step, for each piece of sub information in the at least two pieces of sub information, a ciphertext of the coordinate information corresponding to each piece of sub information is obtained, so that the ciphertext of the coordinate information corresponding to each piece of sub information is determined as the ciphertext of the target information, that is, the ciphertext of the target information includes the ciphertext of the coordinate information corresponding to each piece of sub information in the at least two pieces of sub information, so that the target information can be encrypted to obtain the ciphertext of the target information, and the ciphertext of the target information can be stored in the block chain network. By sending the target information to the block chain network for encryption and storage, the resource occupation of the local storage space of the terminal can be reduced, the target information can be prevented from being stored locally in the terminal and being tampered by illegal users, and the safety of the target information is improved.
In the embodiment of the application, since the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the privacy level of the institution, the debt information of the institution, the profit information of the institution, and the like, the institution is relatively confidential information, and it is difficult for an illegal terminal to acquire the institution information, that is, it is difficult for the illegal terminal to acquire the root key corresponding to the target information. Therefore, after the key corresponding to each piece of sub information in the target information is generated according to the root key and each piece of sub information is encrypted by adopting the key corresponding to each piece of sub information, since an illegal terminal is difficult to acquire the root key, decryption of the ciphertext cannot be realized, the difficulty of ciphertext decryption can be improved, and the safety of information is improved. By adjusting each piece of sub information in at least two pieces of sub information, the coordinate information corresponding to each piece of adjusted sub information can be generated according to each piece of adjusted sub information, and the success rate of obtaining the coordinate information corresponding to each piece of adjusted sub information is improved. By encrypting each piece of sub information in the target information, the illegal terminal is prevented from cracking the ciphertext, so that the safety of each piece of sub information is improved, and the safety of the target information is improved. The ciphertext information of the target information is stored in the block chain network, and the safety of the information can be improved based on the characteristic that the block chain cannot be tampered and is not easy to lose; in addition, the ciphertext of the target information is stored in the block chain network, so that the resource occupation of the local storage space of the terminal can be reduced.
Referring to fig. 3, fig. 3 is a schematic flowchart of an information processing method based on a shared root key according to an embodiment of the present application, where the method is applied to a node in a blockchain network. As shown in fig. 3, the method includes:
s201, acquiring an objective function used for describing information and mechanism information corresponding to a mechanism to which the target information to be processed belongs, and generating a root key corresponding to the target information according to the mechanism information.
And S202, generating a key corresponding to each piece of sub information in the target information according to the root key.
S203, acquiring a first random number corresponding to each piece of sub information, and adjusting each piece of sub information according to the first random number to obtain each piece of adjusted sub information.
And S204, acquiring coordinate information corresponding to each piece of sub information in at least two pieces of sub information according to the target function and each piece of adjusted sub information.
Here, for specific contents of steps S201 to S204, reference may be made to contents of steps S101 to S104 in the embodiment corresponding to fig. 1, and details are not described here again.
S205, obtaining a private key of the terminal to which the target information belongs and a secret key corresponding to each piece of sub information.
Here, the terminal to which the target information belongs is a terminal that uploads the target information to the blockchain network for encryption, storage, and other processing, and the private key of the terminal to which the target information belongs is a private key generated by the terminal.
In a specific implementation, for example, the identifier of the terminal to which the target information belongs may be obtained, a SECP256K1 algorithm is used to generate a fourth random number, and the fourth random number is filled to obtain a private key of the terminal, where the private key of the terminal may refer to a number including 256 bits. Here, the identifier of the terminal may refer to a factory number of the terminal, or other identifiers for uniquely indicating the terminal.
And S206, acquiring candidate coordinates corresponding to the target information.
The candidate coordinates are obtained according to the base point coordinates of the curve of the objective function and the private key of the terminal. Specifically, the coordinates of a base point of a curve of the objective function may be obtained; and obtaining the product of the base point coordinate and the private key of the terminal to obtain the candidate coordinate.
Here, by acquiring the curve of the objective function, and the curve parameters of the objective function, the base point coordinates of the curve of the objective function can be acquired. For example, if the base point is G, the corresponding base point coordinate is (x1, y1), and the private key of the terminal is h, the candidate coordinate can be calculated according to the formula (1-2):
H=h*G (1-2)
the candidate coordinate is H, the base point is G, and the private key of the terminal is H.
And S207, encrypting the candidate coordinates according to the key corresponding to each piece of sub information to obtain a ciphertext of the candidate coordinates.
And S208, fusing the coordinate information corresponding to each piece of sub information with the corresponding candidate coordinate ciphertext to obtain the coordinate information ciphertext corresponding to each piece of sub information.
For example, the number of pieces of sub information corresponding to the target information is n, the piece of sub information i is any piece of sub information in the n pieces of sub information, the candidate coordinates can be encrypted in a formula (1-3) manner to obtain a ciphertext of the candidate coordinates, and the coordinate information corresponding to the piece of sub information i and the ciphertext of the candidate coordinates are subjected to sum fusion to obtain the ciphertext of the coordinate information corresponding to the piece of sub information i.
Ci=Mi+ki*H (1-3)
The candidate coordinates are H, Ci is a ciphertext of the coordinate information corresponding to the sub-information i, Mi is the coordinate information corresponding to the sub-information i, and ki is a key corresponding to the sub-information i. And ki x H represents that the candidate coordinates are encrypted according to the key corresponding to the sub information i to obtain the ciphertext of the candidate coordinates. It can be known that, for other pieces of sub information in the n pieces of sub information, the coordinate information ciphertext corresponding to the other pieces of sub information can be obtained by encrypting and fusing the other pieces of sub information according to the formula (1-3). For each piece of sub information, the ciphertext of the coordinate information corresponding to the piece of sub information can be obtained by encrypting and fusing the pieces of sub information according to the formula (1-3), that is, the number of the ciphertext of the coordinate information corresponding to one piece of sub information is n, that is, for n pieces of sub information, the number of the ciphertext of the coordinate information corresponding to the piece of sub information finally obtained is n.
In a specific implementation, the coordinate information corresponding to each piece of sub information may be encrypted by using an encryption algorithm to obtain a ciphertext of the coordinate information corresponding to each piece of sub information, where the encryption algorithm may include, for example, an Elgamal algorithm (an asymmetric encryption algorithm), a Rabin algorithm (an asymmetric encryption algorithm), a Diffie-Hellman algorithm (an asymmetric encryption algorithm), and an ECC algorithm (an elliptic curve encryption algorithm). The computer equipment encrypts the coordinate information corresponding to each piece of sub-information in at least two pieces of sub-information according to a private key of the terminal and a secret key corresponding to each piece of sub-information to obtain a ciphertext of the coordinate information corresponding to each piece of sub-information, so that each piece of sub-information can be encrypted to obtain a corresponding ciphertext, and after the terminal obtains the ciphertext corresponding to each piece of sub-information, the terminal needs to decrypt to obtain the sub-information corresponding to each ciphertext.
S209, determining the ciphertext of the coordinate information corresponding to each piece of sub information as the ciphertext of the target information, and storing the ciphertext of the target information into the block chain network.
Here, the specific content of step S209 may refer to the content of step S106 in the embodiment corresponding to fig. 1, and is not described herein again.
In the embodiment of the application, according to a private key of the terminal and a key corresponding to each piece of sub information, the coordinate information corresponding to each piece of sub information in at least two pieces of sub information is encrypted to obtain a ciphertext of the coordinate information corresponding to each piece of sub information, so that each piece of sub information can be encrypted to obtain a corresponding ciphertext, and after the terminal obtains the ciphertext corresponding to each piece of sub information, the terminal needs to decrypt to obtain the sub information corresponding to each ciphertext. By encrypting each piece of sub information, even if an illegal terminal acquires a ciphertext corresponding to the sub information, the content of the sub information cannot be acquired because decryption cannot be realized, so that the safety of each piece of sub information can be ensured, and the safety of target information is ensured.
The method of the embodiments of the present application is described above, and the apparatus of the embodiments of the present application is described below.
Referring to fig. 4, fig. 4 is a schematic diagram illustrating a structure of an information processing apparatus based on a shared root key according to an embodiment of the present application, where the information processing apparatus based on a shared root key may be a computer program (including program code) running in a computer device, for example, the information processing apparatus based on a shared root key is an application software; the apparatus may be used to perform the corresponding steps in the methods provided by the embodiments of the present application. The apparatus 40 comprises:
a root key generation module 401, configured to obtain an objective function used for describing information and organization information corresponding to an organization to which the target information to be processed belongs, and generate a root key corresponding to the target information according to the organization information, where the organization information includes at least one of a privacy level of the organization, debt information of the organization, and profit information of the organization;
a sub-key generating module 402, configured to generate a key corresponding to each piece of sub-information in the target information according to the root key, where the target information includes at least two pieces of sub-information;
an information adjusting module 403, configured to obtain a first random number corresponding to each piece of sub information, and adjust each piece of sub information according to the first random number to obtain each piece of adjusted sub information;
a coordinate obtaining module 404, configured to obtain, according to the objective function and each piece of adjusted sub information, coordinate information corresponding to each piece of sub information in the at least two pieces of sub information;
an information encryption module 405, configured to encrypt, by using a key corresponding to each piece of sub information, coordinate information of the corresponding piece of sub information in the at least two pieces of sub information, to obtain a ciphertext of the coordinate information corresponding to each piece of sub information;
the information storage module 406 is configured to determine a ciphertext of the coordinate information corresponding to each piece of sub information as a ciphertext of the target information, and store the ciphertext of the target information in the block chain network.
Optionally, the organization information includes a security level of the organization, and the root key generation module 401 is specifically configured to:
generating a second random number according to the security level of the organization;
acquiring the byte length of the second random number, and filling the second random number according to the byte length to obtain a filled second random number;
and carrying out hash operation on the second random number after the filling processing to obtain a root key corresponding to the target information.
Optionally, the institution information includes debt information of the institution and profit information of the institution; the root key generation module 401 is specifically configured to:
determining the fund level of the organization according to the debt information of the organization and the profit information of the organization;
generating a third random number based on the institution's funding level;
and carrying out hash operation on the third random number to obtain a root key corresponding to the target information.
Optionally, the subkey generating module 402 is specifically configured to:
acquiring the generation time of each piece of sub information;
determining first sub information and second sub information according to the generation time of each piece of sub information, wherein the first sub information is the sub information with the earliest generation time in the target information, and the generation time of the second sub information is later than that of the first sub information;
performing hash operation on the root key to obtain a key of the first sub-information;
and carrying out Hash operation on the key of the first sub-information to obtain the key of the second sub-information.
Optionally, the information adjusting module 403 is specifically configured to:
subtracting the first random number from each piece of sub information to obtain each piece of sub information after subtraction;
and if the subtracted sub information is smaller than the information threshold, determining the subtracted sub information as the adjusted sub information.
Optionally, the apparatus 40 further comprises: a random number adjustment module 407, configured to:
if each piece of sub information after subtraction is larger than or equal to the information threshold, adjusting the first random number;
subtracting the adjusted first random number from each piece of sub information to obtain each piece of candidate sub information;
and if each piece of candidate sub information is smaller than the information threshold, determining each piece of candidate sub information as each piece of adjusted sub information.
Optionally, the information encrypting module 405 is specifically configured to:
acquiring a private key of a terminal to which the target information belongs and a secret key corresponding to each piece of sub information;
acquiring candidate coordinates corresponding to the target information, wherein the candidate coordinates are obtained according to base point coordinates of a curve of the target function and the private key;
encrypting the candidate coordinate according to the key corresponding to each piece of sub information to obtain a ciphertext of the candidate coordinate; and fusing the coordinate information corresponding to each piece of sub information with the corresponding candidate coordinate ciphertext to obtain the coordinate information ciphertext corresponding to each piece of sub information.
It should be noted that, for the content that is not mentioned in the embodiment corresponding to fig. 4, reference may be made to the description of the method embodiment, and details are not described here again.
According to an embodiment of the present application, the steps involved in the shared root key-based information processing method shown in fig. 1 may be performed by respective modules in the shared root key-based information processing apparatus shown in fig. 4. For example, step S101 shown in fig. 1 may be performed by the root key generation module 401 in fig. 4, and step S102 shown in fig. 1 may be performed by the child key generation module 402 in fig. 4; step S103 shown in fig. 1 may be performed by the information adjusting module 403 in fig. 4; step S104 shown in fig. 1 may be performed by the coordinate acquisition module 404 in fig. 4; step S105 shown in fig. 1 may be performed by the information encryption module 405 in fig. 4; step S106 shown in fig. 1 may be performed by the information storage module 406 in fig. 4. According to an embodiment of the present application, each module in the information processing based on the shared root key shown in fig. 4 may be respectively or entirely combined into one or several units to form the unit, or some unit(s) may be further split into multiple sub-units with smaller functions, which may implement the same operation without affecting implementation of technical effects of the embodiment of the present application. The modules are divided based on logic functions, and in practical application, the functions of one module can be realized by a plurality of units, or the functions of a plurality of modules can be realized by one unit. In other embodiments of the present application, the information processing apparatus based on the shared root key may also include other units, and in practical applications, these functions may also be implemented by assistance of other units, and may be implemented by cooperation of a plurality of units.
According to another embodiment of the present application, the information processing apparatus based on the shared root key as shown in fig. 4 may be constructed by running a computer program (including program codes) capable of executing the steps involved in the respective methods as shown in fig. 1, fig. 2, and fig. 3 on a general-purpose computer device such as a computer including a processing element such as a Central Processing Unit (CPU), a random access storage medium (RAM), a read-only storage medium (ROM), and a storage element, and implementing the information processing method based on the shared root key of the embodiment of the present application. The computer program may be recorded on a computer-readable recording medium, for example, and loaded into and executed by the computing apparatus via the computer-readable recording medium.
In the embodiment of the application, since the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the privacy level of the institution, the debt information of the institution, the profit information of the institution, and the like, the institution is relatively confidential information, and it is difficult for an illegal terminal to acquire the institution information, that is, it is difficult for the illegal terminal to acquire the root key corresponding to the target information. Therefore, after the key corresponding to each piece of sub information in the target information is generated according to the root key and each piece of sub information is encrypted by adopting the key corresponding to each piece of sub information, since an illegal terminal is difficult to acquire the root key, decryption of the ciphertext cannot be realized, the difficulty of ciphertext decryption can be improved, and the safety of information is improved. By adjusting each piece of sub information in at least two pieces of sub information, the coordinate information corresponding to each piece of adjusted sub information can be generated according to each piece of adjusted sub information, and the success rate of obtaining the coordinate information corresponding to each piece of adjusted sub information is improved. By encrypting each piece of sub information in the target information, the illegal terminal is prevented from cracking the ciphertext, so that the safety of each piece of sub information is improved, and the safety of the target information is improved. The ciphertext information of the target information is stored in the block chain network, and the safety of the information can be improved based on the characteristic that the block chain cannot be tampered and is not easy to lose; in addition, the ciphertext of the target information is stored in the block chain network, so that the resource occupation of the local storage space of the terminal can be reduced.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure. As shown in fig. 5, the computer device 50 may include: the processor 501, the network interface 504 and the memory 505, and the computer device 50 may further include: a user interface 503, and at least one communication bus 502. Wherein a communication bus 502 is used to enable connective communication between these components. The user interface 503 may include a Display screen (Display) and a Keyboard (Keyboard), and the optional user interface 503 may also include a standard wired interface and a standard wireless interface. The network interface 504 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 505 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory. The memory 505 may alternatively be at least one memory device located remotely from the processor 501. As shown in fig. 5, the memory 505, which is a kind of computer-readable storage medium, may include therein an operating system, a network communication module, a user interface module, and a device control application program.
In the computer device 50 shown in fig. 5, the network interface 504 may provide network communication functions; while the user interface 503 is primarily an interface for providing input to a user; and processor 501 may be used to invoke a device control application stored in memory 505 to implement:
acquiring an objective function used for describing information and organization information corresponding to an organization to which the target information to be processed belongs, and generating a root key corresponding to the target information according to the organization information, wherein the organization information comprises at least one of the confidentiality level of the organization, the debt information of the organization and the profit information of the organization;
generating a key corresponding to each piece of sub information in the target information according to the root key, wherein the target information comprises at least two pieces of sub information;
acquiring a first random number corresponding to each piece of sub information, and adjusting each piece of sub information according to the first random number to obtain each piece of adjusted sub information;
acquiring coordinate information corresponding to each piece of sub information in the at least two pieces of sub information according to the target function and each piece of adjusted sub information;
encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by adopting the key corresponding to each piece of sub-information to obtain a ciphertext of the coordinate information corresponding to each piece of sub-information;
and determining the ciphertext of the coordinate information corresponding to each piece of sub information as the ciphertext of the target information, and storing the ciphertext of the target information into the block chain network.
It should be understood that the computer device 50 described in this embodiment of the present application may perform the description of the information processing method based on the shared root key in the embodiment corresponding to fig. 1 and fig. 2 and fig. 3, and may also perform the description of the information processing apparatus based on the shared root key in the embodiment corresponding to fig. 4, which is not described herein again. In addition, the beneficial effects of the same method are not described in detail.
In the embodiment of the application, since the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the privacy level of the institution, the debt information of the institution, the profit information of the institution, and the like, the institution is relatively confidential information, and it is difficult for an illegal terminal to acquire the institution information, that is, it is difficult for the illegal terminal to acquire the root key corresponding to the target information. Therefore, after the key corresponding to each piece of sub information in the target information is generated according to the root key and each piece of sub information is encrypted by adopting the key corresponding to each piece of sub information, since an illegal terminal is difficult to acquire the root key, decryption of the ciphertext cannot be realized, the difficulty of ciphertext decryption can be improved, and the safety of information is improved. By adjusting each piece of sub information in at least two pieces of sub information, the coordinate information corresponding to each piece of adjusted sub information can be generated according to each piece of adjusted sub information, and the success rate of obtaining the coordinate information corresponding to each piece of adjusted sub information is improved. By encrypting each piece of sub information in the target information, the illegal terminal is prevented from cracking the ciphertext, so that the safety of each piece of sub information is improved, and the safety of the target information is improved. The ciphertext information of the target information is stored in the block chain network, and the safety of the information can be improved based on the characteristic that the block chain cannot be tampered and is not easy to lose; in addition, the ciphertext of the target information is stored in the block chain network, so that the resource occupation of the local storage space of the terminal can be reduced.
Embodiments of the present application also provide a computer-readable storage medium storing a computer program, the computer program comprising program instructions, which, when executed by a computer, cause the computer to perform the method according to the foregoing embodiments, and the computer may be a part of the above-mentioned computer device. Such as processor 501 described above. By way of example, the program instructions may be executed on one computer device, or on multiple computer devices located at one site, or distributed across multiple sites and interconnected by a communication network, which may comprise a blockchain network.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present application and is not to be construed as limiting the scope of the present application, so that the present application is not limited thereto, and all equivalent variations and modifications can be made to the present application.

Claims (10)

1. An information processing method based on a shared root key is characterized by comprising the following steps:
acquiring an objective function used for describing information and organization information corresponding to an organization to which the target information to be processed belongs, and generating a root key corresponding to the target information according to the organization information, wherein the organization information comprises at least one of the confidentiality level of the organization, the debt information of the organization and the profit information of the organization;
generating a key corresponding to each piece of sub information in the target information according to the root key, wherein the target information comprises at least two pieces of sub information;
acquiring a first random number corresponding to each piece of sub information, and adjusting each piece of sub information according to the first random number to obtain each piece of adjusted sub information;
acquiring coordinate information corresponding to each piece of sub information in the at least two pieces of sub information according to the target function and each piece of adjusted sub information;
encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by adopting the key corresponding to each piece of sub-information to obtain a ciphertext of the coordinate information corresponding to each piece of sub-information;
and determining the ciphertext of the coordinate information corresponding to each piece of sub information as the ciphertext of the target information, and storing the ciphertext of the target information into a block chain network.
2. The method of claim 1, wherein the organization information includes a security level of the organization, and wherein generating a root key corresponding to the target information according to the organization information comprises:
generating a second random number according to the security level of the organization;
acquiring the byte length of the second random number, and filling the second random number according to the byte length to obtain a filled second random number;
and carrying out hash operation on the second random number after the filling processing to obtain a root key corresponding to the target information.
3. The method of claim 1, wherein the organization information comprises debt information of the organization and profit information of the organization; the generating a root key corresponding to the target information according to the organization information includes:
determining the fund level of the organization according to the debt information of the organization and the profit information of the organization;
generating a third random number according to the fund level of the organization;
and carrying out Hash operation on the third random number to obtain a root key corresponding to the target information.
4. The method according to claim 2 or 3, wherein the generating a key corresponding to each piece of sub information in the target information according to the root key comprises:
acquiring the generation time of each piece of sub information;
determining first sub information and second sub information according to the generation time of each piece of sub information, wherein the generation time of the second sub information is later than that of the first sub information;
performing hash operation on the root key to obtain a key of the first sub information;
and carrying out Hash operation on the key of the first sub-information to obtain the key of the second sub-information.
5. The method of claim 1, wherein the adjusting each piece of sub information according to the first random number to obtain each piece of adjusted sub information comprises:
subtracting the first random number from each piece of sub information to obtain each piece of subtracted sub information;
and if the subtracted sub information is smaller than an information threshold, determining the subtracted sub information as the adjusted sub information.
6. The method of claim 5, further comprising:
if each piece of sub information after subtraction is larger than or equal to the information threshold, adjusting the first random number;
subtracting the adjusted first random number from each piece of sub information to obtain each piece of candidate sub information;
and if each piece of candidate sub information is smaller than the information threshold, determining each piece of candidate sub information as each piece of adjusted sub information.
7. The method according to claim 1, wherein the encrypting the coordinate information of the corresponding sub information of the at least two pieces of sub information to obtain the ciphertext of the coordinate information corresponding to each piece of sub information comprises:
acquiring a private key of a terminal to which the target information belongs and a secret key corresponding to each piece of sub information;
obtaining candidate coordinates corresponding to the target information, wherein the candidate coordinates are obtained according to base point coordinates of a curve of the target function and the private key;
encrypting the candidate coordinates according to the key corresponding to each piece of sub information to obtain a ciphertext of the candidate coordinates;
and fusing the coordinate information corresponding to each piece of sub information with the corresponding candidate coordinate ciphertext to obtain the coordinate information ciphertext corresponding to each piece of sub information.
8. An information processing apparatus based on a shared root key, comprising:
the root key generation module is used for acquiring an objective function used for describing information and organization information corresponding to an organization to which the target information to be processed belongs, and generating a root key corresponding to the target information according to the organization information, wherein the organization information comprises at least one of the confidentiality level of the organization, the debt information of the organization and the profit information of the organization;
the sub-key generation module is used for generating a key corresponding to each piece of sub-information in the target information according to the root key, wherein the target information comprises at least two pieces of sub-information;
the information adjusting module is used for acquiring a first random number corresponding to each piece of sub information, and adjusting each piece of sub information according to the first random number to obtain each piece of adjusted sub information;
a coordinate obtaining module, configured to obtain, according to the target function and each piece of adjusted sub information, coordinate information corresponding to each piece of sub information in the at least two pieces of sub information;
the information encryption module is used for encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by adopting the key corresponding to each piece of sub-information to obtain a ciphertext of the coordinate information corresponding to each piece of sub-information;
and the information storage module is used for determining the ciphertext of the coordinate information corresponding to each piece of sub information as the ciphertext of the target information and storing the ciphertext of the target information into the block chain network.
9. A computer device, comprising: a processor, a memory, and a network interface;
the processor is connected to the memory and the network interface, wherein the network interface is configured to provide data communication functions, the memory is configured to store program code, and the processor is configured to call the program code to perform the method according to any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to carry out the method according to any one of claims 1-7.
CN202011068461.4A 2020-09-29 2020-09-29 Information processing method, device, equipment and medium based on shared root key Pending CN112199697A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202011068461.4A CN112199697A (en) 2020-09-29 2020-09-29 Information processing method, device, equipment and medium based on shared root key
PCT/CN2021/109261 WO2022068360A1 (en) 2020-09-29 2021-07-29 Shared root key-based information processing method and apparatus, and device and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011068461.4A CN112199697A (en) 2020-09-29 2020-09-29 Information processing method, device, equipment and medium based on shared root key

Publications (1)

Publication Number Publication Date
CN112199697A true CN112199697A (en) 2021-01-08

Family

ID=74012994

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011068461.4A Pending CN112199697A (en) 2020-09-29 2020-09-29 Information processing method, device, equipment and medium based on shared root key

Country Status (2)

Country Link
CN (1) CN112199697A (en)
WO (1) WO2022068360A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022068360A1 (en) * 2020-09-29 2022-04-07 深圳壹账通智能科技有限公司 Shared root key-based information processing method and apparatus, and device and medium
WO2022068237A1 (en) * 2020-09-29 2022-04-07 平安科技(深圳)有限公司 Information processing method and apparatus for generating key on the basis of attribute of information, and device
WO2022068235A1 (en) * 2020-09-29 2022-04-07 平安科技(深圳)有限公司 Information processing method and apparatus for generating random number on the basis of attribute of information, and device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103096309B (en) * 2011-11-01 2016-08-10 华为技术有限公司 Generate method and the relevant device of group key
CN102710668A (en) * 2012-06-29 2012-10-03 上海海事大学 Data privacy guarantee method suitable for cloud storage
CN110378128A (en) * 2019-06-17 2019-10-25 深圳壹账通智能科技有限公司 Data ciphering method, device and terminal device
CN110839026B (en) * 2019-11-12 2022-04-01 深圳市迅雷网络技术有限公司 Data processing method based on block chain and related equipment
CN111339545A (en) * 2020-03-20 2020-06-26 苏州链原信息科技有限公司 Method for generating data tag, electronic device and computer storage medium
CN112199697A (en) * 2020-09-29 2021-01-08 深圳壹账通智能科技有限公司 Information processing method, device, equipment and medium based on shared root key

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022068360A1 (en) * 2020-09-29 2022-04-07 深圳壹账通智能科技有限公司 Shared root key-based information processing method and apparatus, and device and medium
WO2022068237A1 (en) * 2020-09-29 2022-04-07 平安科技(深圳)有限公司 Information processing method and apparatus for generating key on the basis of attribute of information, and device
WO2022068235A1 (en) * 2020-09-29 2022-04-07 平安科技(深圳)有限公司 Information processing method and apparatus for generating random number on the basis of attribute of information, and device

Also Published As

Publication number Publication date
WO2022068360A1 (en) 2022-04-07

Similar Documents

Publication Publication Date Title
US11153072B2 (en) Processing blockchain data based on smart contract operations executed in a trusted execution environment
KR102151907B1 (en) Blockchain data processing and storage in a trusted execution environment
CN109729041B (en) Method and device for issuing and acquiring encrypted content
CN112199697A (en) Information processing method, device, equipment and medium based on shared root key
CN112202554B (en) Information processing method, device and equipment for generating key based on attribute of information
CN112184444A (en) Method, apparatus, device and medium for processing information based on information characteristics
CN112202779B (en) Block chain based information encryption method, device, equipment and medium
JP6709243B2 (en) Information processing equipment
WO2022068355A1 (en) Encryption method and apparatus based on feature of information, device, and storage medium
WO2022068358A1 (en) Encryption method and apparatus for generating keys on basis of attributes of information, and device
WO2022068235A1 (en) Information processing method and apparatus for generating random number on the basis of attribute of information, and device
WO2022068234A1 (en) Encryption method and apparatus based on shared root key, device and medium
WO2022068362A1 (en) Block chain-based information processing method and apparatus, device, and medium
CN109005196A (en) Data transmission method, data decryption method, device and electronic equipment
US20190260715A1 (en) Computer system, connection apparatus, and processing method using transaction
WO2022068361A1 (en) Encryption method and apparatus based on amendment amount, and device, and medium
Homoliak et al. An air-gapped 2-factor authentication for smart-contract wallets
CN107689867A (en) A kind of cryptographic key protection method and system under open environment
CN112131591A (en) Encryption method, device, equipment and medium for compressing ciphertext of information
CN112968904B (en) Block chain data protection method and system
TWI683231B (en) Distributed storage system of confidential data and method thereof
CN112202453A (en) Information processing method, device, equipment and medium for compressing ciphertext
GB2607289A (en) Data management and encryption in a distributed computing system
WO2022046330A1 (en) Data management and encryption in a distributed computing system
CN112765642A (en) Data processing method, data processing apparatus, electronic device, and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant after: ONECONNECT FINANCIAL TECHNOLOGY Co.,Ltd. (SHANGHAI)

Address before: Room 201, Building A, No. 1 Qianwan Road, Qianhaisheng Cooperation Zone, Shenzhen City, Guangdong Province, 518000

Applicant before: ONECONNECT FINANCIAL TECHNOLOGY Co.,Ltd. (SHANGHAI)

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination