CN113918982B - Data processing method and system based on identification information - Google Patents

Data processing method and system based on identification information Download PDF

Info

Publication number
CN113918982B
CN113918982B CN202111528138.5A CN202111528138A CN113918982B CN 113918982 B CN113918982 B CN 113918982B CN 202111528138 A CN202111528138 A CN 202111528138A CN 113918982 B CN113918982 B CN 113918982B
Authority
CN
China
Prior art keywords
key
data
cloud server
identification information
key value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111528138.5A
Other languages
Chinese (zh)
Other versions
CN113918982A (en
Inventor
蒋炜
柏德胜
玄佳兴
李达
赵丽花
史伟
杨晓林
承昊新
李国民
陈帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Blockchain Technology Beijing Co ltd
State Grid Digital Technology Holdings Co ltd
State Grid Corp of China SGCC
Changzhou Power Supply Co of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
State Grid Blockchain Technology Beijing Co ltd
State Grid Corp of China SGCC
Changzhou Power Supply Co of State Grid Jiangsu Electric Power Co Ltd
State Grid E Commerce Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Blockchain Technology Beijing Co ltd, State Grid Corp of China SGCC, Changzhou Power Supply Co of State Grid Jiangsu Electric Power Co Ltd, State Grid E Commerce Co Ltd filed Critical State Grid Blockchain Technology Beijing Co ltd
Priority to CN202111528138.5A priority Critical patent/CN113918982B/en
Publication of CN113918982A publication Critical patent/CN113918982A/en
Application granted granted Critical
Publication of CN113918982B publication Critical patent/CN113918982B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The embodiment of the invention provides a data processing method and system based on identification information. The method comprises the following steps: obtaining a first key based on the storage position of the identification information of the data terminal; receiving first encrypted data sent by a data terminal; the first encrypted data is data obtained by encrypting target data by the data terminal based on a first key; decrypting the first encrypted data based on the first key to obtain target data; obtaining a second key based on the storage position of the identification information of the cloud server; encrypting the target data based on the second key to obtain second encrypted data; and sending the second encrypted data to the cloud server so that the cloud server decrypts the second encrypted data based on the second key to obtain the target data. The invention can solve the problem that the data information is leaked or tampered.

Description

Data processing method and system based on identification information
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data processing method and system based on identification information.
Background
Cloud servers have become one of the most common techniques for saving data. When the data terminal transmits data to the cloud server, data information is easily attacked due to low performance of the data terminal, and data leakage or tampering may be caused. Therefore, it is necessary to ensure that the data transmitted from the data terminal to the cloud server is not leaked or tampered.
Disclosure of Invention
The embodiment of the invention aims to provide a data processing method and system based on identification information, which can solve the problem that data information is leaked or tampered. The specific technical scheme is as follows:
the invention provides a data processing method based on identification information, which comprises the following steps:
obtaining a first key based on the storage position of the identification information of the data terminal;
receiving first encrypted data sent by the data terminal; the first encrypted data is obtained by encrypting target data by the data terminal based on the first key;
decrypting the first encrypted data based on the first key to obtain the target data;
obtaining a second key based on the storage position of the identification information of the cloud server;
encrypting the target data based on the second key to obtain second encrypted data;
and sending the second encrypted data to the cloud server so that the cloud server decrypts the second encrypted data based on the second key to obtain the target data.
Optionally, the obtaining the first key based on the storage location of the identification information of the data terminal specifically includes:
obtaining a first blockchain key value based on the storage location of the identification information of the data terminal and the storage location of the identification information of the cloud server; respectively sending the first blockchain key value to the data terminal and the cloud server; receiving a first data terminal key value sent by the data terminal, and receiving a first cloud server key value sent by the cloud server; generating the first key based on the first blockchain key value, the first data terminal key value, and the first cloud server key value;
wherein the first key is the same as the second key.
Alternatively,
the obtaining the first key based on the storage location of the identification information of the data terminal specifically includes:
obtaining a second blockchain key value based on a storage location of the identification information of the data terminal; receiving a second data terminal key value sent by the data terminal; generating the first key based on the second blockchain key value and the second data terminal key value;
the obtaining of the second key based on the storage location of the identification information of the cloud server specifically includes:
obtaining a third block key value based on a storage location of the identification information of the cloud server; receiving a second cloud server key value sent by the cloud server; generating the second key based on the third zone chain key value and the second cloud server key value;
wherein the first key and the second key are different.
Optionally, the method further comprises:
responding to the authority verification instruction sent by the cloud server; the authority verification instruction is sent by the cloud server after receiving a use instruction of the user end for the target data;
performing authority verification on the user side based on the attribute information of the user side, and sending an authority verification result to the cloud server; the cloud server judges whether to send third encrypted data to the user side or not based on the permission verification result; the third encrypted data is obtained by encrypting the target data by the cloud server.
Optionally, the method for encrypting the target data by the cloud server includes:
the cloud server acquires first data and second data; the first data and the second data are both prime numbers;
the cloud server takes the product of the first data and the second data as a first encryption parameter;
the cloud server determining a second encryption parameter; wherein the second encryption parameter is greater than 1 and the second encryption parameter is less than the Euler function value of the first encryption parameter, and the greatest common divisor of the second encryption parameter and the Euler function value is 1;
and the cloud server encrypts the target data based on the first encryption parameter and the second encryption parameter to obtain third encrypted data.
Optionally, the method further comprises:
the cloud server takes a multiplication inverse element of the second encryption parameter under a mod function value of the Euler function value as a third encryption parameter;
the cloud server encrypts the first encryption parameter and the third encryption parameter based on a public key of the user side to obtain encrypted parameters;
and the cloud server sends the encrypted parameters to the user side, so that the user side decrypts the encrypted parameters based on a private key of the user side, and decrypts the third encrypted data by using the decrypted parameters to obtain the target data.
Optionally, the method further comprises:
if the target data is fourth encrypted data, the cloud server decrypts the fourth encrypted data based on a public key of the data terminal to obtain decrypted target data, and the cloud server performs encryption operation on the decrypted target data based on the first encryption parameter and the second encryption parameter; the fourth encrypted data is obtained by encrypting the decrypted target data by the data terminal based on the private key of the data terminal.
The invention also provides a data processing system based on the identification information, which comprises:
a first key obtaining module configured to obtain a first key based on a storage location of identification information of the data terminal;
the data receiving module is configured to receive first encrypted data sent by the data terminal; the first encrypted data is obtained by encrypting target data by the data terminal based on the first key;
a decryption module configured to decrypt the first encrypted data based on the first key to obtain the target data;
a second key obtaining module configured to obtain a second key based on a storage location of the identification information of the cloud server;
the encryption module is configured to encrypt the target data based on the second key to obtain second encrypted data;
the data sending module is configured to send the second encrypted data to the cloud server, so that the cloud server decrypts the second encrypted data based on the second key to obtain the target data.
The present invention also provides a computer-readable storage medium having a program stored thereon, which when executed by a processor implements the above-described data processing method based on identification information.
The present invention also provides an electronic device comprising:
at least one processor, and at least one memory, bus connected with the processor;
the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory so as to execute the data processing method based on the identification information.
According to the data processing method and system based on the identification information, a first secret key is obtained based on the storage position of the identification information of the data terminal; receiving first encrypted data sent by a data terminal; decrypting the first encrypted data based on the first key to obtain target data; obtaining a second key based on the storage position of the identification information of the cloud server; encrypting the target data based on the second key to obtain second encrypted data; and sending the second encrypted data to the cloud server so that the cloud server decrypts the second encrypted data based on the second key to obtain the target data. The invention can realize data tamper resistance and credible sharing, and improves the safety and reliability of data information.
Of course, it is not necessary for any product or method of practicing the invention to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a data processing method based on identification information according to an embodiment of the present invention;
FIG. 2 is a block diagram of a data processing system based on identification information according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a data processing method based on identification information, as shown in fig. 1, the method comprises the following steps:
step 101: the first key is obtained based on a storage location of the identification information of the data terminal.
In this embodiment, the data terminal may be hardware or software. When the data terminal is hardware, the data terminal can be a data acquisition device, a data storage device, a mobile terminal device and the like. When the data terminal is software, the data terminal can be installed in the above listed devices. Optionally, in step 101, the first key may be obtained from a storage location in the blockchain based on the identification information of the data terminal, the first key may also be obtained from a blockchain node or a blockchain platform, and the first key sent by the blockchain node or the blockchain platform may also be received by the communication device. The present invention does not set any limit to the apparatus of the data processing method.
As an alternative embodiment, the identification information of the data terminal may be stored on the blockchain. Alternatively, the identification information of the data terminal may be ID (identification) information of the data terminal. Of course, the identification information of the data terminal may also be information determined based on the attribute of the data terminal. The attribute of the data terminal may be a type of the data terminal, data storage location information, a shelf life of the data, and the like. The blockchain may employ a B-tree structure to create a leaf node for the data terminal, where the leaf node may store the identification information of the data terminal and the public key of the data terminal. The storage location of the identification information of the data terminal may be a location of a leaf node of the data terminal in the B-tree. Of course, the blockchain may also delete the identification information of the data terminal from the B-tree.
As an optional implementation manner, the method for obtaining the first key based on the storage location of the identification information of the data terminal may be to find and determine the first key corresponding to the storage location based on the correspondence between the storage location and the key.
As another alternative, the method for obtaining the first key based on the storage location of the identification information of the data terminal may be to obtain the first key by using a key sharing method. When the first key is obtained by using the key sharing method, the first key may be shared in the data terminal and the block chain, or the first key may be shared in the data terminal, the block chain, and the cloud server.
In some optional implementation manners of this embodiment, when the first key is shared among the data terminal, the blockchain, and the cloud server, the method for obtaining the first key based on the storage location of the identification information of the data terminal may be: obtaining a first blockchain key value based on the storage position of the identification information of the data terminal and the storage position of the identification information of the cloud server; respectively sending the first blockchain key value to a data terminal and a cloud server; receiving a first data terminal key value sent by a data terminal, and receiving a first cloud server key value sent by a cloud server; a first key is generated based on the first blockchain key value, the first data terminal key value, and the first cloud server key value. Optionally, the first blockchain key value may be generated by determining a path from a leaf node corresponding to the data terminal to a root node position, determining a path from a leaf node corresponding to the cloud server to a root node position, and obtaining the first blockchain key value by using a bilinear mapping mechanism based on the two paths. And the root node is the root node on the block chain where the leaf node is located. Alternatively, the first data terminal key value may be generated by inputting the identification information of the data terminal into the first predetermined polynomial at a storage location in the block chain. Optionally, the first cloud server key value may be generated by inputting the identification information of the cloud server into the second preset polynomial at a storage location in the block chain. Alternatively, the method of generating the first key based on the first blockchain key value, the first data terminal key value, and the first cloud server key value may be to sum the first blockchain key value, the first data terminal key value, and the first cloud server key value to obtain the first key.
In some optional implementation manners of this embodiment, when the first key is shared between the data terminal and the block chain, the method for obtaining the first key based on the storage location of the identification information of the data terminal may be: obtaining a second blockchain key value based on a storage location of the identification information of the data terminal; receiving a second data terminal key value sent by the data terminal; the first key is generated based on the second blockchain key value and the second data terminal key value. Alternatively, the second blockchain key value may be generated by determining a path from a leaf node corresponding to the data terminal to a root node position, and obtaining the second blockchain key value by using a bilinear mapping mechanism based on the path. And the root node is the root node on the block chain where the leaf node is located. Alternatively, the second data terminal key value may be generated by inputting the identification information of the data terminal into the first predetermined polynomial at a storage location in the block chain. Alternatively, the first key generation method may be a summation of the second blockchain key value and the second data terminal key value.
Alternatively, the data terminal may be a power terminal, wherein the power terminal may be a power device such as an electric meter. The encryption performance of power terminals such as an electric meter is poor, and the power terminals are easy to attack, so that the problems of data leakage or data tampering are caused. According to the method and the device, the first key is obtained based on the storage position of the identification information of the power terminal in the block chain, the power data can be encrypted based on the first key, the identification information of the power terminal can be corresponding to the first key, and the safety and traceability of the power data are improved.
Step 102: and receiving first encrypted data sent by the data terminal. The first encrypted data is obtained by encrypting the target data based on the first key by the data terminal.
In this embodiment, the first key may be a symmetric key, and the first key at the data terminal is the same as the first key in the blockchain. The first key in the data terminal may be pre-stored, or may be obtained by the key sharing method in step 101. If the first key is obtained by using the key sharing method, the data terminal can obtain the storage position of the identification information of the data terminal in the block chain, obtain a first data terminal key value based on the storage position and the first preset polynomial, and sum the first data terminal key value and the first block chain key value to obtain the first key. Of course, the data terminal may also sum the first data terminal key value with the first blockchain key value and the first cloud server key value to obtain the first key.
Alternatively, the target data may be encrypted data or unencrypted data. The data terminal can encrypt the encrypted data for the second time by using the first key, and can also directly encrypt the unencrypted data by using the first key. Alternatively, the method of encrypting the target data may be a symmetric encryption algorithm.
Step 103: and decrypting the first encrypted data based on the first key to obtain the target data.
In this embodiment, the first key may be a symmetric key, and the target data obtained by decrypting the first encrypted data based on the first key may be the data itself of the data terminal, or may be the data encrypted by the data terminal. Optionally, after the target data is obtained, the target data may be stored.
Step 104: and obtaining a second key based on the storage position of the identification information of the cloud server.
As an optional implementation manner, when sharing the second key among the data terminal, the block chain, and the cloud server, the method for obtaining the second key based on the storage location of the identification information of the cloud server is the same as the method for obtaining the first key based on the storage location of the identification information of the data terminal in step 101, and at this time, the first key is the same as the second key, which is not described herein again.
As another optional embodiment, when the second key is shared between the cloud server and the blockchain, the method for obtaining the second key based on the storage location of the identification information of the cloud server may be: obtaining a third block link key value based on a storage location of the identification information of the cloud server; receiving a second cloud server key value sent by the cloud server; generating a second key based on the third zone link key value and the second cloud server key value. The first key is then different from the second key. Optionally, the third block chain key value may be obtained by determining a path from a leaf node corresponding to the cloud server to a root node position, and using a bilinear mapping mechanism based on the path. And the root node is the root node on the block chain where the leaf node is located. Optionally, the second cloud server key value may be generated by inputting the identification information of the cloud server into a second preset polynomial at a storage location in the block chain. Alternatively, the second key generation method may be a sum of the third block link key value and the second cloud server key value.
According to the method and the device, the second key is obtained based on the storage position of the identification information of the cloud server in the block chain, the target data can be encrypted based on the second key, the identification information of the cloud server can correspond to the second key, and the safety and traceability of the target data are improved.
Step 105: and encrypting the target data based on the second key to obtain second encrypted data.
Alternatively, the target data may be encrypted data or unencrypted data. The encrypted data may be encrypted twice with the second key, or the unencrypted data may be directly encrypted with the second key. Alternatively, the method of encrypting the target data may be a symmetric encryption algorithm.
Step 106: and sending the second encrypted data to the cloud server so that the cloud server decrypts the second encrypted data based on the second key to obtain the target data.
In this embodiment, the second key may be a symmetric key, and the second key at the cloud server is the same as the second key in the blockchain. The second key at the cloud server may be pre-stored, or may be obtained by the key sharing method in step 104. If the second key is obtained by using the key sharing method, the cloud server can obtain the storage position of the identification information of the cloud server in the block chain, obtain a second cloud server key value based on the storage position and a second preset polynomial, and sum the third block chain key value and the second cloud server key value to obtain the second key. Of course, the cloud server may also sum the first blockchain key value, the first data terminal key value, and the first cloud server key value to obtain the second key.
Optionally, the target data obtained by decrypting the second encrypted data based on the second key may be the data itself of the data terminal, or may be the data encrypted by the data terminal. Optionally, after obtaining the target data, the cloud server may store the target data.
Optionally, if the target data is fourth encrypted data, the cloud server decrypts the fourth encrypted data based on the public key of the data terminal to obtain decrypted target data, and the cloud server performs encryption operation on the decrypted target data based on the first encryption parameter and the second encryption parameter; the fourth encrypted data is obtained by encrypting the decrypted target data by the data terminal based on the private key of the data terminal. Data security can be improved by initially encrypting data at the data terminal.
As an optional implementation manner, the data processing method based on the identification information provided by the present invention further includes: responding to the authority verification instruction sent by the cloud server; the authority verification instruction is sent by the cloud server after receiving a use instruction of the user end for the target data; the method comprises the steps that authority verification is conducted on a user side based on attribute information of the user side, and an authority verification result is sent to a cloud server; the cloud server judges whether to send the third encrypted data to the user side or not based on the permission verification result; the third encrypted data is obtained by encrypting the target data by the cloud server.
In this embodiment, the permission verification instruction may be whether the user side has a permission verification instruction for obtaining the target data. The method comprises the steps that a user side sends a use instruction of target data to a cloud server, and after the cloud server receives the use instruction, the target data can not be sent to the user side immediately, but authority of the user side is verified firstly. The block chain may store attribute information of the user side, where the attribute information of the user side may include key features of the user side, such as a basic condition of the user side, a role of the user side, a usage validity period of the user side for the target data, and a type of the target data accessible by the user side. The attribute information of the user side may further include operation permissions of the user side for operating the target data, such as permissions of reading, executing operation, modifying, and the like. The attribute information of the user terminal may further include an external environment where the target data is accessed, such as within an authorized range and outside the authorized range. After the cloud server sends the permission verification instruction to the blockchain, the blockchain can perform permission verification on the user side based on the attribute information of the user side, and send a permission verification result to the cloud server. After receiving the permission verification result, the cloud server can determine whether to send the third encrypted data to the client, which operation permission the client has on the target data, and the like.
Optionally, the method for encrypting the target data by the cloud server includes: the cloud server acquires first data p and second data q; the first data and the second data are both prime numbers; the cloud server takes the product of the first data and the second data as a first encryption parameter, and n = p × q; the cloud server determines a second encryption parameter e; wherein the second encryption parameter is greater than 1 and the second encryption parameter is less than the Euler function value of the first encryption parameter
Figure 305859DEST_PATH_IMAGE001
,
Figure 426262DEST_PATH_IMAGE002
A second encryption parameter e and
Figure 596212DEST_PATH_IMAGE003
relatively, the greatest common divisor of the second encryption parameter and the Euler function value is 1,
Figure 725842DEST_PATH_IMAGE004
(ii) a The cloud server encrypts the target data based on the first encryption parameter and the second encryption parameter to obtain third encrypted data, namely, the target data is encrypted by using the public key (e, n) to obtain the third encrypted data. Optionally, before encrypting the target data, the cloud server may group the target data, and the group length may be smaller than that of the target data
Figure 225700DEST_PATH_IMAGE005
The formula can be used in encryption
Figure 189108DEST_PATH_IMAGE006
And (4) calculating. The invention can ensure the safe storage of the target data through the encryption method.
Optionally, the cloud server takes a multiplicative inverse of the second encryption parameter at the mod function value of the euler function value as a third encryption parameter d,
Figure 987300DEST_PATH_IMAGE007
(ii) a Taking the (d, n) as a private key, and encrypting the first encryption parameter and the third encryption parameter by the cloud server based on a public key of the user side to obtain encrypted parameters; the cloud server sends the encrypted parameters to the user side, so that the user side decrypts the encrypted parameters based on a private key of the user side, and decrypts the third encrypted data by using the decrypted parameters (d, n) to obtain the target data. The formula can be used when the client decrypts the third encrypted data
Figure 576413DEST_PATH_IMAGE008
And (4) calculating.
As an optional embodiment, the cloud server may encrypt the first encryption parameter and the third encryption parameter based on a shared key, and the user side may decrypt the encrypted parameters based on the same shared key as the cloud service.
As an alternative embodiment, the shared key between the cloud server and the user terminal may be shared between the data terminal, the blockchain, the cloud service, and the user terminal. Optionally, the method for generating the shared key in the blockchain is to obtain a fourth blockchain key value based on a storage location of the identification information of the data terminal, a storage location of the identification information of the cloud server, and a storage location of the identification information of the user side; respectively sending the fourth blockchain key value to a data terminal, a cloud server and a user side; receiving a first data terminal key value sent by a data terminal, receiving a first cloud server key value sent by a cloud server, and receiving a first user terminal key value sent by a user terminal; a shared key is generated based on the fourth blockchain key value, the first data terminal key value, the first cloud server key value, and the first user side key value. Optionally, the method for generating the shared key at the user end is to receive a key value sent by the blockchain, receive a key value sent by the cloud server, receive a key value sent by the data terminal, and add the key value of the user end itself, the key value sent by the blockchain, the key value sent by the cloud server, and the key value sent by the data terminal to obtain the shared key. The key value of the user side itself may be obtained by inputting the identification information of the user side into the third predetermined polynomial at the storage location in the block chain.
According to the method, the problem of data leakage and tampering can be solved based on the storage mode of the block chain and the cloud server for the target data, on one hand, the cloud server realizes encrypted storage of data of the data terminal, on the other hand, a key sharing method is provided for the data terminal, the cloud server and the user side through the block chain, direct transmission of keys can be avoided, the problem of key leakage can be avoided in the mode that each party obtains the final key through summing key values transmitted by other parties, the safety of the target data is improved, and the trusted sharing of the target data can be realized by generating the key values based on the storage positions of identification information of each party in the block chain.
For the safety risks that the quantity of the electric power data terminals is large, the data quantity generated by each electric power data terminal is small, the data is easy to leak and tamper and the like in the electric power Internet of things environment, the data processing method based on the identification information can ensure the safe transmission and the safe storage of the electric power data. Meanwhile, the data processing method based on the identification information can avoid the potential safety hazard problem caused by single-point failure of the data terminal.
The present invention also provides a data processing system based on identification information, as shown in fig. 2, the system includes:
a first key obtaining module 201 configured to obtain a first key based on a storage location of the identification information of the data terminal.
The first key obtaining module 201 is specifically configured to: obtaining a first blockchain key value based on the storage location of the identification information of the data terminal and the storage location of the identification information of the cloud server; respectively sending the first blockchain key value to the data terminal and the cloud server; receiving a first data terminal key value sent by the data terminal, and receiving a first cloud server key value sent by the cloud server; generating the first key based on the first blockchain key value, the first data terminal key value, and the first cloud server key value; wherein the first key is the same as the second key.
The first key obtaining module 201 may be further configured to: obtaining a second blockchain key value based on a storage location of the identification information of the data terminal; receiving a second data terminal key value sent by the data terminal; generating the first key based on the second blockchain key value and the second data terminal key value. Wherein the first key and the second key are different.
A data receiving module 202 configured to receive first encrypted data sent by a data terminal; the first encrypted data is obtained by encrypting the target data based on the first key by the data terminal.
And the decryption module 203 is configured to decrypt the first encrypted data based on the first key to obtain the target data.
A second key obtaining module 204 configured to obtain a second key based on the storage location of the identification information of the cloud server.
The second key obtaining module 204 is specifically configured to: obtaining a third block key value based on a storage location of the identification information of the cloud server; receiving a second cloud server key value sent by the cloud server; generating the second key based on the third zone link key value and the second cloud server key value. Wherein the first key and the second key are different.
And the encryption module 205 is configured to encrypt the target data based on the second key to obtain second encrypted data.
The data sending module 206 is configured to send the second encrypted data to the cloud server, so that the cloud server decrypts the second encrypted data based on the second key to obtain the target data.
The data processing system based on the identification information provided by the invention also comprises:
a verification module configured to respond to the authority verification instruction sent by the cloud server; the authority verification instruction is sent by the cloud server after receiving a use instruction of the user end for the target data; performing authority verification on the user side based on the attribute information of the user side, and sending an authority verification result to the cloud server; the cloud server judges whether to send third encrypted data to the user side or not based on the permission verification result; the third encrypted data is obtained by encrypting the target data by the cloud server.
Optionally, the method for encrypting the target data by the cloud server includes: the cloud server acquires first data and second data; the first data and the second data are both prime numbers; the cloud server takes the product of the first data and the second data as a first encryption parameter; the cloud server determining a second encryption parameter; wherein the second encryption parameter is greater than 1 and the second encryption parameter is less than the Euler function value of the first encryption parameter, and the greatest common divisor of the second encryption parameter and the Euler function value is 1; and the cloud server encrypts the target data based on the first encryption parameter and the second encryption parameter to obtain third encrypted data.
Optionally, the cloud server takes a multiplicative inverse of the second encryption parameter at a mod function value of the euler function value as a third encryption parameter; the cloud server encrypts the first encryption parameter and the third encryption parameter based on a public key of the user side to obtain encrypted parameters; and the cloud server sends the encrypted parameters to the user side, so that the user side decrypts the encrypted parameters based on a private key of the user side, and decrypts the third encrypted data by using the decrypted parameters to obtain the target data.
Optionally, if the target data is fourth encrypted data, the cloud server decrypts the fourth encrypted data based on the public key of the data terminal to obtain decrypted target data, and the cloud server performs an encryption operation on the decrypted target data based on the first encryption parameter and the second encryption parameter; the fourth encrypted data is obtained by encrypting the decrypted target data by the data terminal based on the private key of the data terminal.
An embodiment of the present invention provides a computer-readable storage medium, on which a program is stored, which, when executed by a processor, implements the above-described data processing method based on identification information.
An embodiment of the present invention provides an electronic device, as shown in fig. 3, an electronic device 30 includes at least one processor 301, and at least one memory 302 and a bus 303 connected to the processor 301; wherein, the processor 301 and the memory 302 complete the communication with each other through the bus 303; the processor 301 is configured to call program instructions in the memory 302 to execute the above-mentioned data processing method based on the identification information. The electronic device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application also provides a computer program product adapted to perform a program initialized with the steps comprised in the above-mentioned identification information based data processing method, when executed on a data processing device.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, systems and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a device includes one or more processors (CPUs), memory, and a bus. The device may also include input/output interfaces, network interfaces, and the like.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip. The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (8)

1. A data processing method based on identification information is characterized by comprising the following steps:
obtaining a first key based on the storage position of the identification information of the data terminal;
receiving first encrypted data sent by the data terminal; the first encrypted data is obtained by encrypting target data by the data terminal based on the first key;
decrypting the first encrypted data based on the first key to obtain the target data;
obtaining a second key based on the storage position of the identification information of the cloud server;
encrypting the target data based on the second key to obtain second encrypted data;
sending the second encrypted data to the cloud server so that the cloud server decrypts the second encrypted data based on the second key to obtain the target data;
the obtaining the first key based on the storage location of the identification information of the data terminal specifically includes:
obtaining a first blockchain key value based on the storage location of the identification information of the data terminal and the storage location of the identification information of the cloud server; respectively sending the first blockchain key value to the data terminal and the cloud server; receiving a first data terminal key value sent by the data terminal, and receiving a first cloud server key value sent by the cloud server; generating the first key based on the first blockchain key value, the first data terminal key value, and the first cloud server key value;
wherein the first key is the same as the second key;
or;
the obtaining the first key based on the storage location of the identification information of the data terminal specifically includes:
obtaining a second blockchain key value based on a storage location of the identification information of the data terminal; receiving a second data terminal key value sent by the data terminal; generating the first key based on the second blockchain key value and the second data terminal key value;
the obtaining of the second key based on the storage location of the identification information of the cloud server specifically includes:
obtaining a third block key value based on a storage location of the identification information of the cloud server; receiving a second cloud server key value sent by the cloud server; generating the second key based on the third zone chain key value and the second cloud server key value;
wherein the first key and the second key are different.
2. The identification information-based data processing method of claim 1, further comprising:
responding to the authority verification instruction sent by the cloud server; the authority verification instruction is sent by the cloud server after receiving a use instruction of the user end for the target data;
performing authority verification on the user side based on the attribute information of the user side, and sending an authority verification result to the cloud server; the cloud server judges whether to send third encrypted data to the user side or not based on the permission verification result; the third encrypted data is obtained by encrypting the target data by the cloud server.
3. The data processing method based on the identification information as claimed in claim 2, wherein the method for the cloud server to encrypt the target data comprises:
the cloud server acquires first data and second data; the first data and the second data are both prime numbers;
the cloud server takes the product of the first data and the second data as a first encryption parameter;
the cloud server determining a second encryption parameter; wherein the second encryption parameter is greater than 1 and the second encryption parameter is less than the Euler function value of the first encryption parameter, and the greatest common divisor of the second encryption parameter and the Euler function value is 1;
and the cloud server encrypts the target data based on the first encryption parameter and the second encryption parameter to obtain third encrypted data.
4. The identification information-based data processing method of claim 3, further comprising:
the cloud server takes a multiplication inverse element of the second encryption parameter under a mod function value of the Euler function value as a third encryption parameter;
the cloud server encrypts the first encryption parameter and the third encryption parameter based on a public key of the user side to obtain encrypted parameters;
and the cloud server sends the encrypted parameters to the user side, so that the user side decrypts the encrypted parameters based on a private key of the user side, and decrypts the third encrypted data by using the decrypted parameters to obtain the target data.
5. The identification information-based data processing method of claim 3, further comprising:
if the target data is fourth encrypted data, the cloud server decrypts the fourth encrypted data based on a public key of the data terminal to obtain decrypted target data, and the cloud server performs encryption operation on the decrypted target data based on the first encryption parameter and the second encryption parameter; the fourth encrypted data is obtained by encrypting the decrypted target data by the data terminal based on the private key of the data terminal.
6. A data processing system based on identification information, comprising:
a first key obtaining module configured to obtain a first key based on a storage location of identification information of the data terminal;
the data receiving module is configured to receive first encrypted data sent by the data terminal; the first encrypted data is obtained by encrypting target data by the data terminal based on the first key;
a decryption module configured to decrypt the first encrypted data based on the first key to obtain the target data;
a second key obtaining module configured to obtain a second key based on a storage location of the identification information of the cloud server;
the encryption module is configured to encrypt the target data based on the second key to obtain second encrypted data;
the data sending module is configured to send the second encrypted data to the cloud server, so that the cloud server decrypts the second encrypted data based on the second key to obtain the target data;
the first key obtaining module is specifically configured to:
obtaining a first blockchain key value based on the storage location of the identification information of the data terminal and the storage location of the identification information of the cloud server; respectively sending the first blockchain key value to the data terminal and the cloud server; receiving a first data terminal key value sent by the data terminal, and receiving a first cloud server key value sent by the cloud server; generating the first key based on the first blockchain key value, the first data terminal key value, and the first cloud server key value;
wherein the first key is the same as the second key;
the first key obtaining module is further specifically configured to:
obtaining a second blockchain key value based on a storage location of the identification information of the data terminal; receiving a second data terminal key value sent by the data terminal; generating the first key based on the second blockchain key value and the second data terminal key value;
the second key obtaining module is specifically configured to:
obtaining a third block key value based on a storage location of the identification information of the cloud server; receiving a second cloud server key value sent by the cloud server; generating the second key based on the third zone chain key value and the second cloud server key value;
wherein the first key and the second key are different.
7. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a program which, when executed by a processor, implements the identification information-based data processing method of any one of claims 1 to 5.
8. An electronic device, comprising:
at least one processor, and at least one memory, bus connected with the processor;
the processor and the memory complete mutual communication through the bus; the processor is configured to call program instructions in the memory to perform the identification information based data processing method of any one of claims 1 to 5.
CN202111528138.5A 2021-12-15 2021-12-15 Data processing method and system based on identification information Active CN113918982B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111528138.5A CN113918982B (en) 2021-12-15 2021-12-15 Data processing method and system based on identification information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111528138.5A CN113918982B (en) 2021-12-15 2021-12-15 Data processing method and system based on identification information

Publications (2)

Publication Number Publication Date
CN113918982A CN113918982A (en) 2022-01-11
CN113918982B true CN113918982B (en) 2022-03-01

Family

ID=79249101

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111528138.5A Active CN113918982B (en) 2021-12-15 2021-12-15 Data processing method and system based on identification information

Country Status (1)

Country Link
CN (1) CN113918982B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174235B (en) * 2022-07-08 2023-06-02 慧之安信息技术股份有限公司 Encryption method for revocable attribute of Internet of things based on blockchain
CN116702169B (en) * 2023-05-19 2024-02-06 国网物资有限公司 Data encryption migration method, electronic device and computer readable medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10824744B2 (en) * 2018-02-08 2020-11-03 Cisco Technology, Inc. Secure client-server communication
CN113572715B (en) * 2020-04-29 2023-01-31 青岛海尔洗涤电器有限公司 Data transmission method and system based on block chain
CN111355580B (en) * 2020-05-25 2020-09-11 腾讯科技(深圳)有限公司 Data interaction method and device based on Internet of things
CN112347498B (en) * 2020-12-01 2022-10-28 南阳理工学院 Encryption method, encryption device, electronic equipment and readable storage medium
CN113515759A (en) * 2021-05-26 2021-10-19 全球能源互联网研究院有限公司 Block chain-based power terminal data access control method and system
CN113672981B (en) * 2021-08-20 2023-06-23 国网河南省电力公司信息通信公司 Block chain-based data access control system for electric power Internet of things

Also Published As

Publication number Publication date
CN113918982A (en) 2022-01-11

Similar Documents

Publication Publication Date Title
US10069806B2 (en) Secure transfer and use of secret material in a shared environment
CN110855671B (en) Trusted computing method and system
CN1708942B (en) Secure implementation and utilization of device-specific security data
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
CN110401615B (en) Identity authentication method, device, equipment, system and readable storage medium
US10880100B2 (en) Apparatus and method for certificate enrollment
CN106899571B (en) Information interaction method and device
US20160294794A1 (en) Security System For Data Communications Including Key Management And Privacy
CN111079128A (en) Data processing method and device, electronic equipment and storage medium
Pradeep et al. An efficient framework for sharing a file in a secure manner using asymmetric key distribution management in cloud environment
CN113918982B (en) Data processing method and system based on identification information
CN111294203B (en) Information transmission method
CN115333857B (en) Detection method for preventing data from being tampered based on smart city system cloud platform
Obert et al. Recommendations for trust and encryption in DER interoperability standards
CN113609221A (en) Data storage method, data access device and storage medium
CN114553590A (en) Data transmission method and related equipment
Gupta et al. Compendium of data security in cloud storage by applying hybridization of encryption algorithm
CN114679340B (en) File sharing method, system, device and readable storage medium
US11483136B2 (en) Wrapped keys with access control predicates
CN113868713A (en) Data verification method and device, electronic equipment and storage medium
Paul et al. Secure decentralised storage networks
CN116744298A (en) Identity recognition method, identification system and related equipment of card equipment of Internet of things
Li et al. An SDKEY data protection and sharing scheme with attribute-based encryption for smartphone
Chandio et al. Secure Architecture for Electronic Commerce Applications Running over the Cloud
CN112350822A (en) Key distribution method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 5016, 5 / F, building 7, Guangyi street, Xicheng District, Beijing 100053

Patentee after: State Grid blockchain Technology (Beijing) Co.,Ltd.

Patentee after: STATE GRID JIANGSU ELECTRIC POWER Co.,Ltd. CHANGZHOU POWER SUPPLY BRANCH

Patentee after: State Grid Digital Technology Holdings Co.,Ltd.

Patentee after: STATE GRID CORPORATION OF CHINA

Address before: 5016, 5 / F, building 7, Guangyi street, Xicheng District, Beijing 100053

Patentee before: State Grid blockchain Technology (Beijing) Co.,Ltd.

Patentee before: STATE GRID JIANGSU ELECTRIC POWER Co.,Ltd. CHANGZHOU POWER SUPPLY BRANCH

Patentee before: STATE GRID ELECTRONIC COMMERCE Co.,Ltd.

Patentee before: STATE GRID CORPORATION OF CHINA