CN113051623A - Data processing method and device and electronic equipment - Google Patents
Data processing method and device and electronic equipment Download PDFInfo
- Publication number
- CN113051623A CN113051623A CN202110268093.6A CN202110268093A CN113051623A CN 113051623 A CN113051623 A CN 113051623A CN 202110268093 A CN202110268093 A CN 202110268093A CN 113051623 A CN113051623 A CN 113051623A
- Authority
- CN
- China
- Prior art keywords
- data
- private key
- signature
- party
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 24
- 230000000875 corresponding effect Effects 0.000 claims abstract description 97
- 239000012634 fragment Substances 0.000 claims abstract description 50
- 238000000034 method Methods 0.000 claims abstract description 38
- 230000002596 correlated effect Effects 0.000 claims abstract description 27
- 238000012545 processing Methods 0.000 claims abstract description 16
- 238000012795 verification Methods 0.000 claims description 81
- 238000004364 calculation method Methods 0.000 claims description 74
- 238000010586 diagram Methods 0.000 description 18
- 238000004590 computer program Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 7
- 230000009471 action Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a data processing method, a data processing device and electronic equipment, wherein the method comprises the following steps: the ciphertext computing platform determines computing data and respectively generates corresponding private key segments for a plurality of data correlation parties correlated with the computing data; signing based on the private key fragment of each data correlation party, and determining signature information; the private key segment is generated temporarily by the ciphertext computing platform and only exists in the ciphertext computing platform, so that the data correlation party cannot acquire the private key and does not need to store the private key segment; and further, the leakage of the key can be avoided, so that the data is ensured not to be tampered.
Description
Technical Field
The present invention relates to the field of data processing, and in particular, to a data processing method and apparatus, and an electronic device.
Background
The multi-party security calculation means that under the condition that no trusted third party exists, calculation and fusion of data are realized among a plurality of non-mutually trusted databases on the premise that the data are mutually confidential. In the multi-party security calculation process, verification needs to be performed on multiple parties participating in calculation to prevent any party from tampering data.
At present, in the traditional multiparty security calculation process, multiparty signature and verification signature are usually carried out; the calculation is performed after the signature verification is successful. In the multi-party signature process, each party needs to use a local medium or a cloud medium to store a private key held by each party, and further, the risk of private key leakage may exist.
Disclosure of Invention
The embodiment of the invention provides a data processing method for preventing a secret key from being leaked.
Correspondingly, the embodiment of the invention also provides a data processing device and electronic equipment, which are used for ensuring the realization and application of the method.
In order to solve the above problem, an embodiment of the present invention discloses a data processing method, which specifically includes: the ciphertext computing platform determines computing data and respectively generates corresponding private key segments for a plurality of data correlation parties correlated with the computing data; and carrying out signature based on the private key fragment of each data correlation party, and determining signature information.
Optionally, the signing based on the private key fragment of each data correlation party and determining signature information include: acquiring a computing mode, wherein the computing mode comprises a private key generation mode and a signature operation mode; and performing signature based on the signature operation mode, the private key generation mode and the private key fragment of each data correlation party, and determining signature information.
Optionally, the signing based on the signature operation manner, the private key generation manner, and the private key fragment of each data correlation party, and determining signature information includes: acquiring information to be signed, and encrypting the information to be signed based on the private key generation mode and the private key fragments of each data correlation party; and carrying out signature operation on the encrypted information to be signed based on the signature operation mode to obtain the signature information.
Optionally, the generating manner of the private key includes a serial generating manner, and encrypting the information to be signed based on the generating manner of the private key and the private key fragments of each data associated party includes: the private key fragments of all data correlation parties are connected in series to obtain a private key for signature; and encrypting the information to be signed by adopting the private key for signing.
Optionally, the method further comprises: acquiring identity information corresponding to a plurality of data correlation parties correlated with the calculation data; respectively carrying out user identity authentication on each data association party based on the identity information corresponding to each data association party; and if the identity of each data correlation party is successfully verified, executing the step of respectively generating corresponding private key fragments for the plurality of data correlation parties correlated with the calculation data.
Optionally, the method further comprises: acquiring equipment information corresponding to a plurality of data correlation parties correlated with the calculation data; respectively carrying out equipment verification on each data correlation party based on the equipment information corresponding to each data correlation party; and if the verification of the equipment of each data correlation party is successful, executing the step of respectively generating corresponding private key fragments for the plurality of data correlation parties correlated with the calculation data.
Optionally, the ciphertext computing platform determining computing data, including: before the ciphertext computing platform executes each computing task, the ciphertext computing platform determines computing data corresponding to the computing task.
Optionally, the method further comprises: determining a private key based on the private key segment corresponding to each data correlation party, generating a public key corresponding to the private key and distributing the public key to each data correlation party; distributing the signature information to each data correlation party, and performing signature verification on the signature information by each data correlation party based on the public key; receiving signature verification results uploaded by all data correlation parties; and if the signature verification results of all the data correlation parties are successful signature verification results, executing the calculation task.
The embodiment of the invention also discloses a data processing device, which is deployed in the ciphertext computing platform and specifically comprises the following steps: the private key segment generation module is used for determining calculation data and respectively generating corresponding private key segments for a plurality of data correlation parties correlated with the calculation data; and the signature module is used for carrying out signature based on the private key fragment of each data correlation party and determining signature information.
Optionally, the signature module includes: the calculation mode acquisition submodule is used for acquiring a calculation mode, and the calculation mode comprises a private key generation mode and a signature operation mode; and the signature information determining submodule is used for carrying out signature based on the signature operation mode, the private key generation mode and the private key fragments of the data correlation parties and determining signature information.
Optionally, the signature information determining submodule is configured to obtain information to be signed, and encrypt the information to be signed based on the private key generation manner and the private key fragments of each data correlation party; and carrying out signature operation on the encrypted information to be signed based on the signature operation mode to obtain the signature information.
Optionally, the private key generation manner includes a serial generation manner, and the signature information determination submodule is configured to serially connect the private key fragments of each data correlation party to obtain a private key for signature; and encrypting the information to be signed by adopting the private key for signing.
Optionally, the apparatus further comprises: the identity authentication module is used for acquiring identity information corresponding to a plurality of data correlation parties correlated with the calculation data; respectively carrying out user identity authentication on each data association party based on the identity information corresponding to each data association party; the private key segment generating module is configured to execute the step of generating the corresponding private key segments for the plurality of data correlators associated with the calculation data, respectively, if the identity of each data correlater is successfully verified.
Optionally, the apparatus further comprises: the equipment verification module is used for acquiring equipment information corresponding to a plurality of data correlation parties correlated with the calculation data; respectively carrying out equipment verification on each data correlation party based on the equipment information corresponding to each data correlation party; the private key segment generating module is configured to execute the step of generating the corresponding private key segments for the plurality of data correlators associated with the calculation data, respectively, if the verification of the devices of the data correlators is successful.
Optionally, the private key segment generating module is configured to, before the ciphertext computing platform executes each computing task, determine, by the ciphertext computing platform, computing data corresponding to the computing task.
Optionally, the apparatus further comprises: the signature verification module is used for determining a private key based on the private key segment corresponding to each data correlation party, generating a public key corresponding to the private key and distributing the public key to each data correlation party; distributing the signature information to each data correlation party, and performing signature verification on the signature information by each data correlation party based on the public key; receiving signature verification results uploaded by all data correlation parties; and if the signature verification results of all the data correlation parties are successful signature verification results, executing the calculation task.
The embodiment of the invention also discloses a readable medium, and when the instructions in the storage medium are executed by a processor of the electronic equipment, the electronic equipment can execute the data processing method according to one or more of the embodiments of the invention.
The embodiment of the invention also discloses an electronic device, which comprises: one or more processors; and one or more readable media having instructions stored thereon, which when executed by the one or more processors, cause the electronic device to perform a data processing method as described above in one or more of the embodiments of the invention.
Compared with the prior art, the embodiment of the invention has the following advantages:
in the embodiment of the invention, the ciphertext computing platform can determine the computing data and respectively generate corresponding private key segments for a plurality of data correlation parties correlated with the computing data; then, signing is carried out based on the private key fragments of all data correlation parties, and signature information is determined; the private key segment is generated temporarily by the ciphertext computing platform and only exists in the ciphertext computing platform, so that the data correlation party cannot acquire the private key and does not need to store the private key segment; and further, the leakage of the key can be avoided, so that the data is ensured not to be tampered.
Drawings
FIG. 1 is a flow chart of the steps of one data processing method embodiment of the present invention;
FIG. 2 is a flow chart of the steps of an alternative embodiment of a data processing method of the present invention;
FIG. 3 is a flow chart of the steps of another alternative embodiment of a data processing method of the present invention;
FIG. 4 is a flow chart of the steps of yet another alternative embodiment of a data processing method of the present invention;
FIG. 5A is a diagram illustrating a logic module corresponding to a computing task according to an embodiment of the invention;
FIG. 5B is a diagram of another computing task corresponding logic module, in accordance with an embodiment of the present invention;
FIG. 5C is a diagram illustrating a logic module corresponding to a computing task according to another embodiment of the invention;
FIG. 5D is a diagram illustrating a logic module corresponding to a computing task according to yet another embodiment of the present invention;
FIG. 5E is a diagram illustrating a logic module corresponding to another computing task according to an embodiment of the invention;
FIG. 6 is a block diagram of an embodiment of a data processing apparatus according to the present invention;
FIG. 7 is a block diagram of an alternate embodiment of a data processing apparatus of the present invention;
fig. 8 schematically shows a block diagram of an electronic device for performing the method according to the invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
The data processing method provided by the embodiment of the invention can be executed by a ciphertext computing platform; the cryptograph computing platform can provide multi-party secure computing services. The multi-party security computation can be abstractly understood as: the two parties respectively have respective private data, and under the condition that the respective private data are not leaked, the result about the public function can be calculated; when the whole calculation is finished, only the calculation result is known to both sides, and both sides do not know the corresponding data and the intermediate data in the calculation process. Wherein the common function may implement a variety of computational functions such as addition, subtraction, multiplication, division, and the like; and at least one of the private data of the two parties is the ciphertext, so that the calculation between the ciphertext and the ciphertext can be carried out, and the calculation between the ciphertext and the plaintext can also be carried out.
In the embodiment of the invention, when a result demand side needs to use local data of a plurality of data providers to carry out calculation and obtains a data result required by the result demand side, a request can be sent to a ciphertext calculation platform; the ciphertext computing platform may then obtain the data from the request to the plurality of data providers. If the plurality of data providers allow the result demanders to use the data, the local data can be encrypted, and then the encrypted data is uploaded to the ciphertext computing platform; and the ciphertext computing platform can perform ciphertext computing based on the data uploaded by a plurality of data providers.
In order to ensure the authenticity of the data, the ciphertext computing platform can sign the data provider and the result demander and sign and verify the signed results of the data provider and the result demander before performing ciphertext computing; and after the signature verification is successful, carrying out ciphertext calculation. In the prior art, the private keys of a data provider and a result demander for signature are stored in a local medium or a server-side medium, so that the risk of private key leakage exists; therefore, the embodiment of the invention can generate corresponding private key segments for the data provider and the result demander by the ciphertext computing platform and carry out signature based on the private key segments. The private key segment is generated temporarily by the ciphertext computing platform, so that the data provider and the result demander cannot acquire the private key and do not need to store the private key segment; and further, the leakage of the key can be avoided, and the data of each party is guaranteed not to be tampered.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a data processing method according to the present invention is shown, which may specifically include the following steps:
step 102, the ciphertext computing platform determines the computing data and generates corresponding private key segments for a plurality of data correlation parties associated with the computing data respectively.
And 104, performing signature based on the private key fragments of the data correlation parties, and determining signature information.
In the embodiment of the invention, the ciphertext computing platform can determine the computing data required by ciphertext computing before the ciphertext computing; a plurality of data associators associated with the computed data is then determined. The data associator may include a data provider and a result demander.
In order to avoid the problem of key leakage caused by storing a private key in a local medium or a server medium by a data correlation party, in the embodiment of the invention, a ciphertext computing platform can respectively generate corresponding private key segments for each data correlation party; that is, the private key of each data associator is temporarily generated by the ciphertext computing platform and only exists in the ciphertext computing platform. Then the ciphertext computing platform can generate a private key by adopting the private key segment of each data correlation party; then, signing by adopting the private key to obtain corresponding signature information; and subsequently, signature verification is carried out based on the signature information, and ciphertext calculation is carried out after the signature verification is successful.
The private key fragment may be a character string, which is not limited in this embodiment of the present invention. The cryptograph computing platform adopts what way to generate the corresponding private key segment for each data correlation party, which is not limited in the embodiment of the present invention.
In summary, in the embodiments of the present invention, the ciphertext computing platform may determine the computing data, and generate corresponding private key segments for a plurality of data associators associated with the computing data, respectively; then, signing is carried out based on the private key fragments of all data correlation parties, and signature information is determined; the private key segment is generated temporarily by the ciphertext computing platform and only exists in the ciphertext computing platform, so that the data correlation party cannot acquire the private key and does not need to store the private key segment; and further, the leakage of the key can be avoided, so that the data is ensured not to be tampered.
How to perform signature and signature verification is explained below.
Referring to fig. 2, a flow chart of steps of an alternative embodiment of a data processing method of the present invention is shown.
In the embodiment of the invention, each time the ciphertext computing platform carries out computation, a corresponding computing task can be generated; signatures and signature verifications are then performed prior to performing the computing task.
The calculation data corresponding to the calculation task can be determined, and then the data association party associated with the calculation data is determined. Wherein, the data associator can comprise at least two parties, namely at least one data provider and at least one result demander.
And 204, respectively generating corresponding private key fragments for a plurality of data correlation parties correlated with the calculation data.
In the embodiment of the present invention, after the step 204 is executed, on one hand, the steps 206 to 208 may be executed; step 210 may alternatively be performed.
The step 104 may include the following steps 206 to 208:
and step 206, acquiring a calculation mode, wherein the calculation mode comprises a private key generation mode and a signature operation mode.
In the embodiment of the invention, each data association party can negotiate in advance, and the ciphertext computing platform computes the corresponding private key generation mode every time; the cryptograph computing platform generates different private keys based on the private key segments of the data correlation parties each time, and the effect of one-time pad is achieved. And then after the private key segment and the private key are revealed for many times, the party obtaining the revealed private key segment and private key cannot deduce the generation mode of the private key according to the obtained private key segment and private key for many times, so that the next private key cannot be forged. Each data correlation party can negotiate in advance that the ciphertext computing platform calculates the corresponding signature operation mode once, so that the corresponding signature operation modes calculated by the ciphertext computing platform every time are different; furthermore, after the signature information is leaked for multiple times, the party acquiring the leaked signature information cannot deduce the way of generating the signature by the ciphertext computing platform according to the signature information acquired for multiple times, so that the signature information corresponding to the next computation cannot be forged.
And then the ciphertext computing platform can acquire a computing mode after determining a data correlation party correlated with the computing data, wherein the computing mode comprises a key generation mode and a signature operation mode.
And step 208, signing based on the signature operation mode, the private key generation mode and the private key fragments of the data correlation parties, and determining signature information.
Step 208 may include substeps S2082 to substep S2084:
step S2082, obtaining the information to be signed, and encrypting the information to be signed based on the private key generation mode and the private key fragments of each data correlation party.
And S2084, performing signature operation on the encrypted information to be signed based on the signature operation mode to obtain signature information.
In the embodiment of the invention, aiming at each calculation of the ciphertext calculation platform, each data correlation party can negotiate information to be signed; that is, each computation task may correspond to a piece of information to be signed. Different computation tasks may correspond to different information to be signed, and may also correspond to the same information to be signed, which is not limited in this embodiment of the present invention. The information to be signed may include multiple types, such as a user name, a date, a task number, a character string, and the like, which is not limited in this embodiment of the present invention.
The ciphertext computing platform can obtain the information to be signed after negotiation of each data provider, then determines a private key for signature according to the private key generation mode and the private key segment corresponding to each data associator, and signs the information to be signed based on the private key of the user signature to obtain corresponding signature information. And the ciphertext computing platform can realize signature without depending on any data correlation party, so that the signature efficiency is improved, the dependence of the ciphertext computing platform on other platforms is reduced, and the application scene of the ciphertext computing platform is expanded.
The information to be signed can be encrypted based on the private key of each data correlation party; and then carrying out signature operation on the encrypted information to be signed based on the signature operation mode to obtain the signature information.
The substep S2082 may include the following substeps S22 to substep S24:
substep S22: and connecting the private key fragments of the data correlation parties in series to obtain a private key for signature.
Substep S24: and encrypting the information to be signed by adopting the private key for signing.
In the embodiment of the invention, the private key fragments corresponding to the data correlation parties are calculated based on the private key generation mode, and the private key for signature is determined.
In one example, the private key generation manner may include a serial generation manner. The private key fragments of the data correlation parties are connected in series based on a preset series connection sequence in a private key generation mode, and a private key for signature can be obtained; and then encrypting the information to be signed by adopting the private key.
The preset serial order may refer to a serial order of the private key segments of each data association party, and may be set as required.
Step 210, determining a private key based on the private key segment corresponding to each data correlation party, generating a public key corresponding to the private key, and distributing the public key to each data correlation party.
In the embodiment of the present invention, after step 204 is executed, the private key segments corresponding to the data association parties may be further connected in series to generate a private key; then generating a public key matched with the private key, and distributing the public key to each data correlation party; for subsequent signature verification by the respective data associator. The private key can be determined according to the private key generation mode and the private key fragments corresponding to the data correlation parties; this is similar to that described above and will not be described further herein.
And step 212, distributing the signature information to each data correlation party, and performing signature verification on the signature information by each data correlation party based on the public key.
And step 214, receiving the signature verification result uploaded by each data correlation party.
And step 216, if the signature verification results of all the data correlation parties are successful signature verification results, executing the calculation task.
In the embodiment of the invention, after the ciphertext computing platform calculates the signature information, the signature information can be distributed to each data provider; and then carrying out signature verification on the signature information by each data correlation party based on the public key. Each data provider can decrypt the signature information by adopting a public key distributed by a ciphertext computing platform to obtain decrypted signature information; and then generating a signature verification result by judging whether the decrypted signature information is consistent with the information to be signed negotiated by each data provider and uploading the signature verification result to a ciphertext computing platform. The signature verification result comprises: a signature verification success result or a signature verification failure result. If the data provider determines that the decrypted signature information is consistent with the information to be signed negotiated by each data provider, the successful signature verification result can be uploaded to the ciphertext computing platform. If the data provider determines that the decrypted signature information is inconsistent with the information to be signed negotiated by each data provider, the signature verification failure result can be uploaded to the ciphertext computing platform. And after the ciphertext computing platform receives the signature verification results uploaded by all the data association parties, if the signature verification results of all the data association parties are successful signature verification results, the computing task is executed. The ciphertext computing platform comprises a ciphertext computing engine, and the ciphertext computing engine comprises a plurality of computing nodes. In the process of executing a computing task, a ciphertext computing platform may generate a multi-party computing instruction corresponding to the computing task based on a multi-party secure computing protocol, and send the multi-party computing instruction and computing data to a computing engine in the ciphertext computing platform; then the calculation engine acquires a multi-party calculation instruction and calculation data; according to the multi-party computing instruction, at least part of computing nodes in the ciphertext computing engine respectively perform local computing on the respectively acquired computing data, and/or interact intermediate data generated by the local computing to obtain computing results respectively held by the computing nodes. And the ciphertext computing platform determines the processing result corresponding to the computing task according to the computing result respectively held by each computing node.
In summary, in the embodiments of the present invention, before the ciphertext computing platform executes each computing task, the ciphertext computing platform determines computing data corresponding to the computing task; respectively generating corresponding private key fragments for a plurality of data correlation parties correlated with the calculation data, determining a private key based on the private key fragment corresponding to each data correlation party, generating a public key corresponding to the private key and distributing the public key to each data correlation party; then, signing is carried out based on the private key fragment of each data correlation party, signature information is determined and is distributed to each data correlation party, and each data correlation party carries out signature verification on the signature information based on the public key; after each data provider performs signature verification on the signature information based on the received public key, the signature verification result can be uploaded to the ciphertext computing platform; the ciphertext computing platform can receive the signature verification result uploaded by each data association party; if the signature verification results of all data correlation parties are signature verification success results, executing the calculation task; and furthermore, signature and signature verification are carried out before each calculation, and the authenticity of the data calculated each time is guaranteed.
In an optional embodiment of the invention, to further verify the authenticity of the calculation data; the ciphertext computing platform can also perform identity verification on each data association party. The following may be used:
referring to FIG. 3, a flowchart illustrating steps of an alternative embodiment of a data processing method of the present invention is shown.
And 304, acquiring identity information corresponding to a plurality of data correlation parties correlated with the calculation data.
In the embodiment of the invention, after the ciphertext computing platform determines the computing data and a plurality of data correlation parties correlated with the computing data, the identity information of each data correlation party can be acquired. Wherein the identity information may include information capable of uniquely characterizing the identity of the data correlation party, such as biometric information, such as fingerprint information, voiceprint information, facial feature information, iris feature information, etc., of the data correlation party; authentication information such as an authentication code may also be included; account passwords, etc.; the embodiments of the present invention are not limited in this regard.
And step 306, respectively carrying out user identity authentication on each data association party based on the identity information corresponding to each data association party.
In the embodiment of the invention, when the data correlation party accesses the password computing platform, the corresponding preset identity information, such as biological characteristic information, account passwords, mobile phone numbers and the like, can be uploaded. And then after the ciphertext computing platform obtains the identity information corresponding to each data association party, aiming at each data association party: if the acquired identity information of the data association party is the biological characteristic information or the account password, the identity information can be compared with the preset identity information corresponding to the data association party. If the identity information of the data correlation party is matched with the preset identity information corresponding to the data correlation party, the identity verification of the data correlation party is determined to be successful; otherwise, the authentication failure of the data correlation party is determined. If the obtained identity information of the data correlation party is the verification code of the data correlation party, the verification code can be compared with the verification code issued by the ciphertext computing platform through the mobile phone number of the data correlation party. If the identity information of the data correlation party is matched with the preset identity information of the data correlation party, determining that the identity verification of the data correlation party is successful; otherwise, the authentication failure of the data correlation party is determined.
Step 308 may be performed when the authentication of all data-associating parties is successful. When the identity authentication of at least one data association party is unsuccessful, the identity authentication can be carried out again, the calculation can also be stopped, and error information and the like are returned to each data association party; the embodiments of the present invention are not limited in this regard.
And 308, if the identity of each data correlation party is successfully verified, respectively generating corresponding private key fragments for the plurality of data correlation parties correlated with the calculation data.
And step 310, performing signature based on the private key fragments of the data correlation parties, and determining signature information.
In summary, in the embodiment of the present invention, after the ciphertext computing platform determines the computing data, the identity information corresponding to a plurality of data associated parties associated with the computing data may be obtained, and then, based on the identity information corresponding to each data associated party, the user identity authentication is performed on each data associated party respectively; if the identity of each data correlation party is successfully verified, generating corresponding private key fragments for a plurality of data correlation parties correlated with the calculated data respectively, and performing signature based on the private key fragments of each data correlation party to determine signature information; and furthermore, the identity of each data correlation party is verified before signature, so that the authenticity of the calculated data can be further verified.
In an optional embodiment of the invention, to further verify the authenticity of the calculation data; the ciphertext computing platform can also perform equipment verification on each data association party. The following may be used:
referring to fig. 4, a flowchart illustrating the steps of yet another alternative embodiment of a data processing method of the present invention is shown.
In the embodiment of the invention, after the ciphertext computing platform determines the computing data and a plurality of data association parties associated with the computing data, the device information of each data association party can be acquired. The device information may include information that can uniquely characterize a device of the data association party, such as a device identification code of the device, which is not limited in this embodiment of the present invention.
And 406, respectively verifying the user equipment of each data correlation party based on the equipment information corresponding to each data correlation party.
In the embodiment of the invention, when the data correlation party accesses the password computing platform, the corresponding preset device information can be uploaded. And then after the ciphertext computing platform obtains the device information corresponding to each data association party, the device information can be compared with the preset device information of the data association party aiming at each data association party. If the equipment information of the data correlation party is matched with the preset equipment information of the data correlation party, determining that the equipment verification of the data correlation party is successful; otherwise, determining that the equipment verification of the data correlation party fails.
Step 408 may be performed when device authentication of all data associates is successful. When the equipment verification of at least one data association party is unsuccessful, the equipment verification can be carried out again, the calculation can also be stopped, and error information and the like are returned to each data association party; the embodiments of the present invention are not limited in this regard.
And step 408, if the verification of the devices of the data correlation parties is successful, generating corresponding private key fragments for the plurality of data correlation parties correlated with the calculation data respectively.
And step 410, performing signature based on the private key fragments of the data correlation parties, and determining signature information.
In summary, in the embodiments of the present invention, after the ciphertext computing platform determines the computing data, it may obtain device information corresponding to a plurality of data association parties associated with the computing data, and then perform user device verification on each data association party based on the device information corresponding to each data association party; if the verification of the equipment of each data correlation party is successful, respectively generating corresponding private key fragments for a plurality of data correlation parties correlated with the calculated data, and performing signature based on the private key fragments of each data correlation party to determine signature information; and then, equipment verification is carried out on each data correlation party before signature, so that the authenticity of the calculation data can be further verified.
Of course, in the embodiment of the present invention, the steps 302 to 310 may be combined with the steps 402 to 410 to perform identity authentication and device authentication; and after the identity authentication and the equipment authentication are both successful, performing signature and signature authentication. The embodiment of the present invention does not limit the order of authentication and device authentication.
In an alternative embodiment of the present invention, referring to fig. 5A, each computation task may be divided into two logic modules: the verification module can be used for verification, including signature and signature verification, namely, the steps 204 to 214, or the steps 302 to 310, or the steps 402 to 410 can be executed; the calculation module may perform the calculation task, i.e., perform step 216, when the verification module outputs a result that the verification is successful.
In one embodiment of the invention, a logic module corresponding to one computing task can be nested in a logic module corresponding to another computing task; multiple levels of nesting can be supported. Referring to FIG. 5B, a logic module corresponding to one computing task may be nested within a verification module corresponding to another computing task.
In one embodiment of the present invention, the verification module may include a signature verification module and a calculation module, and the signature verification module may include: the identity authentication module and the calculation module; a device authentication module and a calculation module may also be included. Reference may be made to fig. 5C, 5D and 5E.
The data processing method provided by the embodiment of the invention can be used in any scene needing signature verification, such as a scene that data depended on by a ciphertext computing platform for model training is distributed at a plurality of data providers, and a scene that data depended on by the ciphertext computing platform for data prediction is distributed at a plurality of data providers; the scenario of transferring accounts by using a ciphertext computing platform is also shown; another example is the scenario of digital currency transactions using a cryptogram computing platform; etc., which are not limited in this respect by embodiments of the present invention.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
The embodiment of the invention also discloses a data processing device which is deployed in the ciphertext computing platform, and the device comprises:
referring to fig. 6, a block diagram of a data processing apparatus according to an embodiment of the present invention is shown, which may specifically include the following modules:
a private key segment generating module 602, configured to determine calculation data, and generate corresponding private key segments for a plurality of data correlation parties associated with the calculation data respectively;
and the signature module 604 is configured to perform signature based on the private key fragment of each data associator, and determine signature information.
Referring to fig. 7, a block diagram of an alternative embodiment of a data processing apparatus of the present invention is shown.
In an optional embodiment of the present invention, the signature module 604 includes:
a calculation mode obtaining submodule 6042 configured to obtain a calculation mode, where the calculation mode includes a private key generation mode and a signature operation mode;
and a signature information determination submodule 6044 configured to perform signature based on the signature operation method, the private key generation method, and the private key segment of each data correlation party, and determine signature information.
In an optional embodiment of the present invention, the signature information determining submodule 6044 is configured to obtain information to be signed, and encrypt the information to be signed based on the private key generation manner and the private key fragments of each data associated party; and carrying out signature operation on the encrypted information to be signed based on the signature operation mode to obtain the signature information.
In an optional embodiment of the present invention, the private key generation manner comprises a serial generation manner,
the signature information determining submodule 6044 is configured to concatenate the private key fragments of the data association parties to obtain a private key for signature; and encrypting the information to be signed by adopting the private key for signing.
In an optional embodiment of the present invention, the apparatus further comprises:
an identity information verification module 606, configured to obtain identity information corresponding to a plurality of data correlation parties correlated to the calculation data; respectively carrying out user identity authentication on each data association party based on the identity information corresponding to each data association party;
the private key segment generating module 602 is configured to execute the step of generating corresponding private key segments for the plurality of data correlation parties associated with the calculation data, if the identity of each data correlation party is successfully verified.
In an optional embodiment of the present invention, the apparatus further comprises:
a device verification module 608, configured to obtain device information corresponding to a plurality of data associators associated with the computing data; respectively carrying out equipment verification on each data correlation party based on the equipment information corresponding to each data correlation party;
the private key segment generating module 602 is configured to execute the step of generating corresponding private key segments for the plurality of data correlation parties associated with the calculation data, if the verification of the device of each data correlation party is successful.
In an optional embodiment of the present invention, the private key segment generating module 602 is configured to, before the ciphertext computing platform executes each computing task, determine, by the ciphertext computing platform, computing data corresponding to the computing task.
In an optional embodiment of the present invention, the apparatus further comprises:
the signature verification module 610 is configured to determine a private key based on a private key segment corresponding to each data related party, generate a public key corresponding to the private key, and distribute the public key to each data related party; distributing the signature information to each data correlation party, and performing signature verification on the signature information by each data correlation party based on the public key; receiving signature verification results uploaded by all data correlation parties; and if the signature verification results of all the data correlation parties are successful signature verification results, executing the calculation task.
In summary, in the embodiments of the present invention, the ciphertext computing platform may determine the computing data, and generate corresponding private key segments for a plurality of data associators associated with the computing data, respectively; then, signing is carried out based on the private key fragments of all data correlation parties, and signature information is determined; the private key segment is generated temporarily by the ciphertext computing platform and only exists in the ciphertext computing platform, so that the data correlation party cannot acquire the private key and does not need to store the private key segment; and further, the leakage of the key can be avoided, so that the data is ensured not to be tampered.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
Embodiments of the present invention also provide a readable medium, and when the instructions in the storage medium are executed by a processor of an electronic device, the electronic device is enabled to execute the data processing method according to one or more embodiments of the present invention.
An embodiment of the present invention further provides an electronic device, including: one or more processors; and one or more readable media having instructions stored thereon, which when executed by the one or more processors, cause the electronic device to perform a data processing method as described above in one or more of the embodiments of the invention.
An example of an embodiment of the present invention provides an electronic device, for example, a server, and fig. 8 illustrates a server, such as a management server, a storage server, an application server, a cloud control service, a server cluster, and the like, in which the present invention may be implemented. The server conventionally includes a processor 810 and a computer program product or computer-readable medium in the form of a memory 820. The memory 820 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. The memory 820 has a storage space 830 for program code 831 for performing any of the method steps described above. For example, the storage space 830 for the program code may include respective program codes 831 for implementing various steps in the above method, respectively. The program code can be read from or written to one or more computer program products. These computer program products comprise a program code carrier such as a hard disk, a Compact Disc (CD), a memory card or a floppy disk. Such computer program products are typically portable or fixed storage units. The storage unit may have a storage section, a storage space, and the like arranged similarly to the memory 820 in the server of fig. 8. The program code may be compressed, for example, in a suitable form. Typically, the storage unit comprises computer readable code, i.e. code that can be read by a processor, such as 810, for example, which when executed by a server causes the server to perform the steps of the method described above.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The data processing method, the data processing apparatus and the electronic device provided by the present invention are described in detail above, and specific examples are applied herein to illustrate the principles and embodiments of the present invention, and the descriptions of the above embodiments are only used to help understand the method and the core ideas of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A data processing method, comprising:
the ciphertext computing platform determines computing data and respectively generates corresponding private key segments for a plurality of data correlation parties correlated with the computing data;
and carrying out signature based on the private key fragment of each data correlation party, and determining signature information.
2. The method of claim 1, wherein the signing based on the private key fragment of each data associator and determining the signature information comprises:
acquiring a computing mode, wherein the computing mode comprises a private key generation mode and a signature operation mode;
and performing signature based on the signature operation mode, the private key generation mode and the private key fragment of each data correlation party, and determining signature information.
3. The method according to claim 2, wherein the determining signature information by performing the signature based on the signature operation method, the private key generation method, and the private key fragment of each data correlation party comprises:
acquiring information to be signed, and encrypting the information to be signed based on the private key generation mode and the private key fragments of each data correlation party;
and carrying out signature operation on the encrypted information to be signed based on the signature operation mode to obtain the signature information.
4. The method according to claim 3, wherein the private key generation manner includes a serial generation manner, and the encrypting the information to be signed based on the private key generation manner and the private key fragments of the data correlation parties includes:
the private key fragments of all data correlation parties are connected in series to obtain a private key for signature;
and encrypting the information to be signed by adopting the private key for signing.
5. The method of claim 1, further comprising:
acquiring identity information corresponding to a plurality of data correlation parties correlated with the calculation data;
respectively carrying out user identity authentication on each data association party based on the identity information corresponding to each data association party;
and if the identity of each data correlation party is successfully verified, executing the step of respectively generating corresponding private key fragments for the plurality of data correlation parties correlated with the calculation data.
6. The method of claim 1, further comprising:
acquiring equipment information corresponding to a plurality of data correlation parties correlated with the calculation data;
respectively carrying out equipment verification on each data correlation party based on the equipment information corresponding to each data correlation party;
and if the verification of the equipment of each data correlation party is successful, executing the step of respectively generating corresponding private key fragments for the plurality of data correlation parties correlated with the calculation data.
7. The method of claim 1, wherein the ciphertext computing platform determines computing data, comprising:
before the ciphertext computing platform executes each computing task, the ciphertext computing platform determines computing data corresponding to the computing task.
8. A data processing apparatus deployed in a cryptogram computing platform, the apparatus comprising:
the private key segment generation module is used for determining calculation data and respectively generating corresponding private key segments for a plurality of data correlation parties correlated with the calculation data;
and the signature module is used for carrying out signature based on the private key fragment of each data correlation party and determining signature information.
9. A readable medium, characterized in that the instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the data processing method according to any of the method claims 1-7.
10. An electronic device, comprising:
one or more processors; and
one or more readable media having instructions stored thereon that, when executed by the one or more processors, cause the electronic device to perform the data processing method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110268093.6A CN113051623B (en) | 2021-03-11 | 2021-03-11 | Data processing method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110268093.6A CN113051623B (en) | 2021-03-11 | 2021-03-11 | Data processing method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113051623A true CN113051623A (en) | 2021-06-29 |
| CN113051623B CN113051623B (en) | 2024-07-09 |
Family
ID=76511727
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110268093.6A Active CN113051623B (en) | 2021-03-11 | 2021-03-11 | Data processing method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113051623B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114791834A (en) * | 2022-02-25 | 2022-07-26 | 数字广东网络建设有限公司 | Application program starting method and device, electronic equipment and storage medium |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070101131A1 (en) * | 2005-11-01 | 2007-05-03 | Microsoft Corporation | Trusted store tamper detection |
| US20160218875A1 (en) * | 2015-01-27 | 2016-07-28 | Eric Le Saint | Methods for secure credential provisioning |
| CN106656952A (en) * | 2016-09-21 | 2017-05-10 | 北京神州绿盟信息安全科技股份有限公司 | Authentication method, device and system for registration equipment |
| WO2018072261A1 (en) * | 2016-10-20 | 2018-04-26 | 宇龙计算机通信科技(深圳)有限公司 | Information encryption method and device, information decryption method and device, and terminal |
| US20190349200A1 (en) * | 2018-05-10 | 2019-11-14 | Alibaba Group Holding Limited | Blockchain data processing methods, apparatuses, processing devices, and systems |
| CN110505185A (en) * | 2018-05-18 | 2019-11-26 | 神州付(北京)软件技术有限公司 | Auth method, equipment and system |
| CN110650010A (en) * | 2019-09-24 | 2020-01-03 | 支付宝(杭州)信息技术有限公司 | Method, device and equipment for generating and using private key in asymmetric key |
| CN111321947A (en) * | 2018-12-14 | 2020-06-23 | 云丁网络技术(北京)有限公司 | Control method and device based on one-time password |
| WO2020172887A1 (en) * | 2019-02-28 | 2020-09-03 | 云图有限公司 | Data processing method, apparatus, smart card, terminal device, and server |
| WO2020223918A1 (en) * | 2019-05-08 | 2020-11-12 | 云图有限公司 | Temporary identity authentication method, apparatus and system |
| US10903991B1 (en) * | 2019-08-01 | 2021-01-26 | Coinbase, Inc. | Systems and methods for generating signatures |
| CN112398648A (en) * | 2020-11-05 | 2021-02-23 | 华控清交信息科技(北京)有限公司 | Key management method and device for key management |
-
2021
- 2021-03-11 CN CN202110268093.6A patent/CN113051623B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070101131A1 (en) * | 2005-11-01 | 2007-05-03 | Microsoft Corporation | Trusted store tamper detection |
| US20160218875A1 (en) * | 2015-01-27 | 2016-07-28 | Eric Le Saint | Methods for secure credential provisioning |
| CN106656952A (en) * | 2016-09-21 | 2017-05-10 | 北京神州绿盟信息安全科技股份有限公司 | Authentication method, device and system for registration equipment |
| WO2018072261A1 (en) * | 2016-10-20 | 2018-04-26 | 宇龙计算机通信科技(深圳)有限公司 | Information encryption method and device, information decryption method and device, and terminal |
| US20190349200A1 (en) * | 2018-05-10 | 2019-11-14 | Alibaba Group Holding Limited | Blockchain data processing methods, apparatuses, processing devices, and systems |
| CN110505185A (en) * | 2018-05-18 | 2019-11-26 | 神州付(北京)软件技术有限公司 | Auth method, equipment and system |
| CN111321947A (en) * | 2018-12-14 | 2020-06-23 | 云丁网络技术(北京)有限公司 | Control method and device based on one-time password |
| WO2020172887A1 (en) * | 2019-02-28 | 2020-09-03 | 云图有限公司 | Data processing method, apparatus, smart card, terminal device, and server |
| WO2020223918A1 (en) * | 2019-05-08 | 2020-11-12 | 云图有限公司 | Temporary identity authentication method, apparatus and system |
| US10903991B1 (en) * | 2019-08-01 | 2021-01-26 | Coinbase, Inc. | Systems and methods for generating signatures |
| CN110650010A (en) * | 2019-09-24 | 2020-01-03 | 支付宝(杭州)信息技术有限公司 | Method, device and equipment for generating and using private key in asymmetric key |
| CN112398648A (en) * | 2020-11-05 | 2021-02-23 | 华控清交信息科技(北京)有限公司 | Key management method and device for key management |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114791834A (en) * | 2022-02-25 | 2022-07-26 | 数字广东网络建设有限公司 | Application program starting method and device, electronic equipment and storage medium |
| CN114791834B (en) * | 2022-02-25 | 2024-04-26 | 数字广东网络建设有限公司 | Application program starting method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113051623B (en) | 2024-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110473105B (en) | Block chain transaction settlement method, system and related equipment | |
| US20220058655A1 (en) | Authentication system | |
| CN108564353B (en) | Payment system and method based on block chain | |
| EP3343831B1 (en) | Identity authentication method and apparatus | |
| US20190305953A1 (en) | Methods for secure cryptogram generation | |
| CN110098932B (en) | Electronic document signing method based on safe electronic notarization technology | |
| CN110086608A (en) | User authen method, device, computer equipment and computer readable storage medium | |
| EP3171315A1 (en) | Payment verification system, method and apparatus, computer program and recording medium | |
| CN109936455B (en) | Digital signature method, device and system | |
| CN105868970B (en) | authentication method and electronic equipment | |
| CN108833431B (en) | Password resetting method, device, equipment and storage medium | |
| EP4232923A1 (en) | Verification of biometric templates for privacy preserving authentication | |
| CN103718500A (en) | Credential validation | |
| KR102227578B1 (en) | Method for serving certificate based on zero knowledge proof by using blockchain network, and server and terminal for using them | |
| CN104660412A (en) | Password-less security authentication method and system for mobile equipment | |
| CN113743939A (en) | Identity authentication method, device and system based on block chain | |
| CN113411188B (en) | Electronic contract signing method, electronic contract signing device, storage medium and computer equipment | |
| EP3206329B1 (en) | Security check method, device, terminal and server | |
| CN111815321A (en) | Transaction proposal processing method, device, system, storage medium and electronic device | |
| KR102274132B1 (en) | User authentication server that performs verification of electronic signature data generated based on biometric authentication in association with a plurality of verification servers and operating method thereof | |
| CN112231769A (en) | Block chain-based numerical verification method and device, computer equipment and medium | |
| CN113051623B (en) | Data processing method and device and electronic equipment | |
| CN111245594B (en) | Homomorphic operation-based collaborative signature method and system | |
| CN112184245A (en) | Cross-block-chain transaction identity confirmation method and device | |
| CN110535649B (en) | Data circulation method and system, service platform and first terminal device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |