CN114513370A - Universal identification data conversion method and device, storage medium and electronic equipment - Google Patents

Universal identification data conversion method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN114513370A
CN114513370A CN202210407217.9A CN202210407217A CN114513370A CN 114513370 A CN114513370 A CN 114513370A CN 202210407217 A CN202210407217 A CN 202210407217A CN 114513370 A CN114513370 A CN 114513370A
Authority
CN
China
Prior art keywords
data
private key
client
identification
timestamp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210407217.9A
Other languages
Chinese (zh)
Other versions
CN114513370B (en
Inventor
马宝罗
刘阳
池程
邵小景
朱斯语
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Information and Communications Technology CAICT
Original Assignee
China Academy of Information and Communications Technology CAICT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Information and Communications Technology CAICT filed Critical China Academy of Information and Communications Technology CAICT
Priority to CN202210407217.9A priority Critical patent/CN114513370B/en
Publication of CN114513370A publication Critical patent/CN114513370A/en
Application granted granted Critical
Publication of CN114513370B publication Critical patent/CN114513370B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the disclosure discloses a universal identification data conversion method and device, a storage medium and an electronic device, wherein the method comprises the following steps: receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first timestamp corresponding to the private key request; based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data; sending a second private key and a second timestamp to the client according to a second private key request received from the client; determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp; and in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data.

Description

Universal identification data conversion method and device, storage medium and electronic equipment
Technical Field
The disclosure relates to a universal identification data conversion method and device, a storage medium and an electronic device.
Background
Currently, a user sends an identifier analysis request to an identifier analysis node (e.g., a server) through an identifier analysis client, and after receiving the identifier analysis request, the identifier analysis node directly feeds back an analysis result to the client, and does not perform access control on the identifier analysis client, which may cause risks such as data leakage due to too large access control authority.
Disclosure of Invention
The present disclosure is proposed to solve the above technical problems. The embodiment of the disclosure provides a universal identification data conversion method and device, a storage medium and an electronic device.
According to an aspect of the embodiments of the present disclosure, a method for converting universal identification data is provided, which is applied to a third-party server, and includes:
receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first timestamp corresponding to the private key request;
based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data;
sending a second private key and a second timestamp to the client according to a second private key request received from the client;
determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp;
and in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data.
Optionally, the encrypting and anti-counterfeit packaging the identification data in the original data end pair based on the first public key corresponding to the first private key to obtain packaged data includes:
determining the corresponding first public key based on the first private key;
sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data; wherein the encryption attribute comprises a correspondence between the first public key and the first private key;
and packaging the encrypted data, the encryption attribute and the anti-counterfeiting code information corresponding to the encrypted data to obtain the packaged data.
Optionally, the sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data includes:
sending the first public key to the original data terminal;
encrypting the identification data at the original data end through the first public key to obtain encrypted data;
and coding the corresponding relation between the first public key and the first private key based on a preset coding rule to obtain the encryption attribute.
Optionally, the sending, to the client, the second private key and the second timestamp according to the second private key request received from the client includes:
receiving a second private key request sent by the client;
determining a second private key corresponding to the second private key request according to the second private key request and pre-stored encryption attributes; wherein the encryption attribute comprises a corresponding relation between a private key and a public key;
and determining the second time stamp according to the determined time point corresponding to the second private key.
Optionally, the determining whether the client has the data parsing authority based on the second private key, the second timestamp, the first public key, and the first timestamp includes:
determining a relationship between the time difference and a key validity period based on the time difference between the second timestamp and the first timestamp, and determining whether the second private key is valid;
and responding to the validity of the second private key, and determining whether the client has the data analysis permission according to whether the encryption attributes of the second private key and the first public key are matched.
Optionally, before sending the second private key and the second timestamp to the client according to the second private key request received from the client, the method further includes:
sending the packaged data to the encryption database for storage;
and receiving an analysis request sent by the client through an identification analysis end, acquiring an identification service address based on the analysis request, and acquiring the packaging data from the encryption database based on the identification service address.
Optionally, the decrypting the encapsulated data by the second private key to obtain the identification data includes:
processing the encapsulated data based on the data analysis authority to obtain encrypted data, and encryption attributes and anti-counterfeiting tracing information corresponding to the encrypted data;
determining a data range corresponding to the second private key based on the encryption attribute; wherein, the encryption attribute also comprises determining a data range which can be accessed by different private keys corresponding to a public key;
and decrypting the encrypted data based on the private key to obtain the identification data corresponding to the data range.
According to another aspect of the embodiments of the present disclosure, there is provided a universal identification data conversion apparatus, applied to a third-party server, including:
the private key request module is used for receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first timestamp corresponding to the private key request;
the data encapsulation module is used for carrying out encryption and anti-counterfeiting encapsulation processing on the identification data in the original data end pair based on a first public key corresponding to the first private key to obtain encapsulated data;
the private key sending module is used for sending a second private key and a second timestamp to the client according to a second private key request received from the client;
the authority determining module is used for determining whether the client has data analysis authority or not based on the second private key, the second timestamp, the first public key and the first timestamp;
and the data conversion module is used for responding to the fact that the client side has the data analysis permission, and decrypting the encapsulated data through the second private key to obtain the identification data.
Optionally, the data encapsulation module includes:
a public key determining unit, configured to determine the corresponding first public key based on the first private key;
the data encryption unit is used for sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data; wherein the encryption attribute comprises a correspondence between the first public key and the first private key;
and the data packaging unit is used for packaging the encrypted data, the encryption attribute and the anti-counterfeiting coding information corresponding to the encrypted data to obtain the packaged data.
Optionally, the data encryption unit is specifically configured to send the first public key to the original data end; encrypting the identification data at the original data end through the first public key to obtain encrypted data; and coding the corresponding relation between the first public key and the first private key based on a preset coding rule to obtain the encryption attribute.
Optionally, the private key sending module is specifically configured to receive a second private key request sent by the client; determining a second private key corresponding to the second private key request according to the second private key request and a pre-stored encryption attribute; wherein the encryption attribute comprises a corresponding relation between a private key and a public key; and determining the second time stamp according to the determined time point corresponding to the second private key.
Optionally, the authority determining module is specifically configured to determine, based on a time difference between the second timestamp and the first timestamp, a relationship between the time difference and a key validity period, and determine whether the second private key is valid; and responding to the validity of the second private key, and determining whether the client has the data analysis permission according to whether the encryption attributes of the second private key and the first public key are matched.
Optionally, the apparatus further comprises:
the storage module is used for sending the packaging data to the encryption database for storage;
and the request analysis module is used for receiving an analysis request sent by the client through an identification analysis end, acquiring an identification service address based on the analysis request and acquiring the packaging data from the encrypted database based on the identification service address.
Optionally, the data conversion module is specifically configured to process the encapsulated data based on a data parsing authority to obtain encrypted data, an encryption attribute corresponding to the encrypted data, and anti-counterfeiting tracing information; determining a data range corresponding to the second private key based on the encryption attribute; wherein, the encryption attribute also comprises determining a data range which can be accessed by different private keys corresponding to a public key; and decrypting the encrypted data based on the private key to obtain the identification data corresponding to the data range.
According to another aspect of the embodiments of the present disclosure, there is provided a general identification data conversion system including:
a third party server, configured to execute the universal identification data conversion method according to any of the embodiments;
the original data end is used for sending a registration request to the third-party server end, receiving a first public key issued by the third-party server end, encrypting and anti-counterfeiting packaging identification data through the first public key to obtain packaged data, and sending the packaged data to an encryption database;
the encryption database is used for issuing a first private key to the third-party server according to a private key request sent by the third-party server and receiving the packaging data uploaded by the original data terminal;
the identification analysis end is used for receiving an analysis request sent by a client, obtaining an identification service address based on the analysis request and obtaining the packaging data from the encryption database based on the identification service address;
and the client is used for sending a second private key request to the third-party server, receiving a second private key and a second timestamp returned by the third-party server, sending an analysis request to the identifier analysis terminal, and receiving the packaged data from the encrypted database.
According to another aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium storing a computer program for executing the method for converting identification data in general according to any of the embodiments.
According to another aspect of the embodiments of the present disclosure, there is provided an electronic device including:
a processor;
a memory for storing the processor-executable instructions;
the processor is configured to read the executable instructions from the memory and execute the instructions to implement the general identification data conversion method according to any of the above embodiments.
Based on the method and the device for converting the universal identification data, the storage medium and the electronic device provided by the embodiment of the disclosure, the method and the device receive a registration request sent by an original data end, send a first private key request to an encryption database according to the registration request, and receive a first private key and a first timestamp corresponding to the private key request; based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data; sending a second private key and a second timestamp to the client according to a second private key request received from the client; determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp; in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data; in the embodiment, different attributes are allocated to the data, different keys are allocated to the identifier resolution client according to the attributes, a data owner determines which users can access the data, and fine-grained access control is realized.
The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in more detail embodiments of the present disclosure with reference to the attached drawings. The accompanying drawings are included to provide a further understanding of the embodiments of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the principles of the disclosure and not to limit the disclosure. In the drawings, like reference numbers generally represent like parts or steps.
The present disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flowchart illustrating a generic identification data transformation method provided by an exemplary embodiment of the present disclosure;
FIG. 2 is a schematic flow chart of step 104 in the embodiment of FIG. 1 of the present disclosure;
FIG. 3 is a schematic flow chart of step 106 in the embodiment of FIG. 1 of the present disclosure;
fig. 4 is a timing diagram illustrating progressive resolution of an identifier resolution request in a generic identifier data conversion method according to an exemplary embodiment of the present disclosure;
FIG. 5 is a schematic structural diagram of a generic identification data conversion apparatus provided in an exemplary embodiment of the present disclosure;
FIG. 6 is a block diagram of a generalized identification data translation system provided by an exemplary embodiment of the present disclosure;
fig. 7 is a block diagram of an electronic device provided in an exemplary embodiment of the present disclosure.
Detailed Description
Hereinafter, example embodiments according to the present disclosure will be described in detail with reference to the accompanying drawings. It is to be understood that the described embodiments are merely a subset of the embodiments of the present disclosure and not all embodiments of the present disclosure, with the understanding that the present disclosure is not limited to the example embodiments described herein.
It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
It will be understood by those of skill in the art that the terms "first," "second," and the like in the embodiments of the present disclosure are used merely to distinguish one element from another, and are not intended to imply any particular technical meaning, nor is the necessary logical order between them.
It is also understood that in embodiments of the present disclosure, "a plurality" may refer to two or more and "at least one" may refer to one, two or more.
It is also to be understood that any reference to any component, data, or structure in the embodiments of the disclosure, may be generally understood as one or more, unless explicitly defined otherwise or stated otherwise.
In addition, the term "and/or" in the present disclosure is only one kind of association relationship describing an associated object, and means that three kinds of relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the former and latter associated objects are in an "or" relationship. The data referred to in this disclosure may include unstructured data, such as text, images, video, etc., as well as structured data.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and the same or similar parts may be referred to each other, so that the descriptions thereof are omitted for brevity.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
The disclosed embodiments may be applied to electronic devices such as terminal devices, computer systems, servers, etc., which are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with electronic devices, such as terminal devices, computer systems, servers, and the like, include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set top boxes, programmable consumer electronics, network pcs, minicomputer systems, mainframe computer systems, distributed cloud computing environments that include any of the above systems, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc. that perform particular tasks or implement particular abstract data types. The computer system/server may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
The industrial internet identification resolution system is a basic system of the industrial internet, is an important component of the industrial internet, is also an important facility for constructing human-machine-object comprehensive interconnection, and has the function similar to a Domain Name System (DNS) which can inquire website addresses and mailbox addresses in the internet. The industrial internet identification analysis system mainly comprises an identification distribution management system and an identification analysis system, wherein the identification is an 'identity card' of a machine and an article, has uniqueness, and is managed in a hierarchical mode of step-by-step distribution. The identification analysis system utilizes the identification to position and inquire information of the machine and the article, which is the premise and the basis for realizing the accurate butt joint of the global supply chain system and the enterprise production system, the full life cycle management of the product and the intelligent service. By building a set of perfect identification system, powerful support can be provided for industrial system interconnection and industrial data transmission and exchange, interconnection and intercommunication of industrial elements such as design, research, development, production, sales and service of industrial products are really realized, and the cooperation efficiency is improved.
In China, in order to realize the overall goal of unified management and interconnection, a national top-level node is established, is externally used as a unified export participating in the development of a global industrial internet identification analysis system, is communicated with various industrial internet identification analysis systems, and realizes the butt joint with an international root node. And the construction of the domestic industrial Internet identification and analysis system and the ecological cultivation and development are guided from dimensions such as technical standard specifications, infrastructure construction and the like by internally serving as hubs and bridges for comprehensively planning secondary nodes of various industries, so that the integral framework of the domestic industrial Internet identification and analysis system is built.
Exemplary method
Fig. 1 is a flowchart illustrating a generic identification data conversion method according to an exemplary embodiment of the present disclosure. The embodiment can be applied to electronic devices such as a third party server, and as shown in fig. 1, includes the following steps:
step 102, receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first timestamp corresponding to the private key request.
Optionally, the original data end is a data owner in this embodiment, for example, a data generation end in the identity resolution system, for example, an enterprise node for identity resolution, and the like; the original data terminal generates identification data and sends a registration request to a third-party server terminal in order to ensure data security; the third-party server requests a private key from the encrypted database according to the registration request, generates a corresponding public key according to the private key and returns the public key to the original data end; the encryption database and the data generation end both belong to modules in an identification analysis system; the corresponding relation between the data and the client with the data acquisition authority is stored in the encryption database; in addition, in this embodiment, when the first private key is obtained, the time at which the first private key is obtained is recorded as a first timestamp, so that the permission time of the first private key is controlled subsequently.
And 104, based on the first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data.
In the embodiment, the third-party server generates the corresponding public key based on the private key, and at the moment, the corresponding relation between the public key and the private key is used as the attribute information of the data encrypted by the public key; issuing the public key to an original data end, and encrypting and anti-counterfeiting packaging the identification data by the original data end through the public key to obtain packaged data; in this embodiment, the encapsulated data may be stored in an encrypted database, so that a subsequent identifier resolution client having an authority may request to obtain the encapsulated data.
Step 106, sending the second private key and the second timestamp to the client according to the second private key request received from the client.
In this embodiment, when the client requests the identification data, the client may send the identification data acquisition request and the private key request to the identification analysis system and the third-party server simultaneously or sequentially, and the third-party server sends the second private key to the client according to the request and also sends the second timestamp of the sending time, so as to control the effective time limit of the second private key, thereby further improving the security of the identification data.
And step 108, determining whether the client has the data analysis permission or not based on the second private key, the second timestamp, the first public key and the first timestamp.
In this embodiment, whether the client corresponding to the second private key has the data parsing authority is determined by whether the corresponding relationship exists between the second private key and the first public key and the time difference between the second timestamp and the first timestamp, and the client has the data parsing authority only when the corresponding relationship exists and the time difference meets the preset time difference, so that the security of the identification data is further ensured.
And step 110, in response to the fact that the client has the data analysis permission, decrypting the encapsulated data through a second private key to obtain the identification data.
The method can further include that the client does not have the data analysis permission, and at this time, the client cannot decrypt the encapsulated data and cannot obtain the identification data.
The method for converting the universal identification data provided by the embodiment of the present disclosure receives a registration request sent by an original data end, sends a first private key request to an encryption database according to the registration request, and receives a first private key and a first timestamp corresponding to the private key request; based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data; sending a second private key and a second timestamp to the client according to a second private key request received from the client; determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp; in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data; in the embodiment, different attributes are allocated to the data, different keys are allocated to the identifier resolution client according to the attributes, and a data owner determines which users can access the data, so that fine-grained access control is realized.
As shown in fig. 2, based on the embodiment shown in fig. 1, step 104 may include the following steps:
step 1041, determining a corresponding first public key based on the first private key.
Optionally, the corresponding relationship between each pair of key pairs (private key and public key) may be encoded by a plurality of encoding rules, a corresponding first public key may be determined for the first private key according to the corresponding relationship determined by any one of the encoding rules, different version numbers are given to different key pairs, and the corresponding relationship between the public key and the private key is stored in the third party server.
Step 1042, sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain the encrypted data and the encryption attribute corresponding to the encrypted data.
The encryption attribute comprises a corresponding relation between the first public key and the first private key.
In this embodiment, while the encrypted data is obtained, the encryption attribute corresponding to the encrypted data is also recorded to determine the private key corresponding to the encrypted data encrypted by the public key.
And 1043, packaging the encrypted data, the encryption attribute and the anti-counterfeiting code information corresponding to the encrypted data to obtain packaged data.
In this embodiment, before the encrypted data is encapsulated, anti-counterfeiting encoding information is further added to the encrypted data, and optionally, corresponding anti-counterfeiting encoding information, for example, encoding methods such as MD5 codes and the like, may be determined for the encrypted data based on any anti-counterfeiting encoding method in the prior art; by packaging the anti-counterfeiting coding information into the packaging data, the traceable technical effect of the encrypted data can be realized, and the problem that the encrypted data is tampered in the transmission process is solved; the security of the encrypted data is improved.
Optionally, on the basis of the foregoing embodiment, step 1042 may further include:
sending the first public key to an original data end;
encrypting the identification data at the original data end through a first public key to obtain encrypted data;
and coding the corresponding relation between the first public key and the first private key based on a preset coding rule to obtain the encryption attribute.
In this embodiment, the original data end encrypts the identification data based on the first public key, and at this time, because the original data end only has the first public key, if only the encrypted data after encryption is sent to the encryption database, a problem that decryption cannot be performed subsequently occurs, therefore, in this embodiment, the correspondence between the first public key and the first private key is encoded to obtain an encryption attribute, and the private key corresponding to the encrypted data can be determined by the encryption attribute, so that the problem that decryption cannot be performed is overcome, where the encoding method may be any method that can encode the correspondence in the prior art, and this embodiment does not limit a specific encoding method.
As shown in fig. 3, based on the embodiment shown in fig. 1, step 106 may include the following steps:
step 1061, receiving a second private key request sent by the client.
In this embodiment, the client sends an identifier data acquisition analysis request to the identifier analysis system, and at this time, the acquired identifier data is encapsulated data, and the identifier data included in the encapsulated data cannot be checked.
Step 1062, determining a second private key corresponding to the second private key request according to the second private key request and the pre-stored encryption attribute.
The encryption attribute comprises a corresponding relation between the private key and the public key.
Optionally, the third party server requests a corresponding encryption attribute prestored in the client according to the second private key (after the encryption attribute is generated in the encryption database, the encryption attribute is issued to the client with the authority to be stored), and the corresponding second private key can be acquired from the third party server based on the encryption attribute.
Step 1063, determining a second timestamp according to the time point corresponding to the second private key.
In this embodiment, when the second private key is issued to the client, the issuing time point is further recorded as the second timestamp, so that it is clear that the time difference from the time when the private key is generated in the encrypted database to the time when the private key is requested is generated, and if the time difference exceeds a time difference threshold set in the encrypted database (which may be set according to a specific application scenario), the failure of the private key may be determined according to a rule set in the encrypted database, and if the private key for decrypting data needs to be obtained again, the security of the identification data is further improved through the time limit setting of the private key.
Optionally, on the basis of the foregoing embodiment, step 108 may further include:
determining the relation between the time difference value and the validity period of the secret key based on the time difference value between the second time stamp and the first time stamp, and determining whether the second private key is valid;
and responding to the validity of the second private key, and determining whether the client has the data analysis permission according to whether the encryption attributes of the second private key and the first public key are matched.
In this embodiment, the time difference is first determined, and only when the time difference is smaller than the validity period of the secret key, the second private key is valid, and when the second private key is valid, whether the second private key is matched with the first public key is determined according to the encryption attribute, for example, whether the second private key is the first private key, and if the second private key is the first private key, there is a correspondence relationship with the first public key, and at this time, the client has a data parsing right.
In some optional embodiments, before step 106, the method may further include:
sending the encapsulated data to an encryption database for storage;
and receiving an analysis request sent by the client through the identification analysis end, acquiring an identification service address based on the analysis request, and acquiring the packaging data from the encryption database based on the identification service address.
In this embodiment, the identifier resolution end belongs to an external receiving request port in the identifier resolution system, the client submits a resolution request to the identifier resolution end, and the identifier resolution system returns the identifier service address to the client after performing step-by-step resolution, where the step-by-step resolution is a process of transmitting the resolution request in a multi-level node in the industrial internet, and optionally, a process sequence diagram of the step-by-step resolution is shown in fig. 4, and includes the following processes: (1) the client sends an identification analysis request to the recursion node; (2) the recursive node checks the local cache, and when no cache result exists, the recursive node sends the analysis request to the top-level node of the country; (3) the state top level node returns a second level node analysis address to the recursion node; (4) the recursion node sends an analysis request to the secondary node; (5) the second-level node returns the enterprise node resolution address to the recursion node; (6) the recursion node sends an analysis request to the enterprise node; (7) the enterprise node returns an identification resolution service address to the recursion node; (8) the recursion node returns the identification service address to the identification analysis client; (9) the identification analysis client sends a query request to the enterprise information system; (10) and the enterprise information system returns the identification object information to the identification analysis client.
In some optional embodiments, on the basis of any of the above embodiments, step 110 may include:
processing the packaged data based on the data analysis authority to obtain encrypted data, and encryption attributes and anti-counterfeiting tracing information corresponding to the encrypted data;
determining a data range corresponding to the second private key based on the encryption attribute;
wherein, the encryption attribute also comprises determining a data range which can be accessed by different private keys corresponding to a public key;
and decrypting the encrypted data based on the private key to obtain the identification data corresponding to the data range.
Optionally, when the client has the authority, the encapsulated data is first decapsulated to obtain the encrypted data, the encrypted attribute, and the anti-counterfeiting tracing information included therein, and the encrypted attribute in this embodiment may also be refined attribute information, for example, having attribute condition 1 to access the first half of data, having attribute condition 2 to access some fine-grained rules such as the second half of data, and the like, different attribute conditions are set for different data ranges through the fine-grained rules, and the identification data is divided into a plurality of portions with different attributes, so that personalized management of data is realized, and security and flexibility of data are improved.
In this embodiment, an access control system based on CP-ABE is constructed, and an access policy is deployed in encrypted data, so that the encrypted data in a data set library has different attributes, and different keys are assigned to an identifier resolution client according to the attributes, and the encrypted data can be decrypted only when the attribute set of the identifier resolution client meets the access policy, so that a data owner can determine which users can access the data, and fine-grained access control is implemented. The risk of data leakage caused by overlarge access authority of the analysis client is effectively avoided, and the overall safety protection capability of the identification analysis system is improved.
Any of the general identification data conversion methods provided by the embodiments of the present disclosure may be performed by any suitable device having data processing capabilities, including but not limited to: terminal equipment, a server and the like. Alternatively, any of the general identification data conversion methods provided by the embodiments of the present disclosure may be executed by a processor, for example, the processor may execute any of the general identification data conversion methods mentioned by the embodiments of the present disclosure by calling a corresponding instruction stored in a memory. And will not be described in detail below.
Exemplary devices
Fig. 5 is a schematic structural diagram of a generic identification data conversion device according to an exemplary embodiment of the present disclosure. As shown in fig. 5, the apparatus provided in this embodiment is applied to a third-party server, and includes:
the private key request module 51 is configured to receive a registration request sent by an original data end, send a first private key request to the encrypted database according to the registration request, and receive a first private key and a first timestamp corresponding to the private key request.
And the data encapsulation module 52 is configured to perform encryption and anti-counterfeit encapsulation processing on the identification data in the original data end pair based on the first public key corresponding to the first private key, so as to obtain encapsulated data.
And a private key sending module 53, configured to send the second private key and the second timestamp to the client according to the second private key request received from the client.
And the permission determining module 54 is configured to determine whether the client has the data parsing permission based on the second private key, the second timestamp, the first public key, and the first timestamp.
And the data conversion module 55 is configured to decrypt the encapsulated data through the second private key to obtain the identification data in response to that the client has the data parsing authority.
The general identification data conversion device provided by the above embodiment of the present disclosure receives a registration request sent by an original data end, sends a first private key request to an encrypted database according to the registration request, and receives a first private key and a first timestamp corresponding to the private key request; based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data; sending a second private key and a second timestamp to the client according to a second private key request received from the client; determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp; in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data; in the embodiment, different attributes are allocated to the data, different keys are allocated to the identifier resolution client according to the attributes, a data owner determines which users can access the data, and fine-grained access control is realized.
In some alternative embodiments, the data encapsulation module 52 includes:
the public key determining unit is used for determining a corresponding first public key based on the first private key;
the data encryption unit is used for sending the first public key to an original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data; the encryption attribute comprises a corresponding relation between a first public key and a first private key;
and the data packaging unit is used for packaging the encrypted data, the encryption attribute and the anti-counterfeiting coding information corresponding to the encrypted data to obtain packaged data.
Optionally, the data encryption unit is specifically configured to send the first public key to the original data end; encrypting the identification data at the original data end through a first public key to obtain encrypted data; and coding the corresponding relation between the first public key and the first private key based on a preset coding rule to obtain the encryption attribute.
Optionally, the private key sending module 53 is specifically configured to receive a second private key request sent by the client; determining a second private key corresponding to the second private key request according to the second private key request and the pre-stored encryption attribute; the encryption attribute comprises a corresponding relation between a private key and a public key; and determining a second time stamp according to the time point corresponding to the second private key.
Optionally, the permission determining module 54 is specifically configured to determine, based on a time difference between the second time stamp and the first time stamp, a relationship between the time difference and a validity period of the secret key, and determine whether the second private key is valid; and responding to the validity of the second private key, and determining whether the client has the data analysis permission according to whether the encryption attributes of the second private key and the first public key are matched.
In some optional embodiments, the apparatus provided in this embodiment further includes:
the storage module is used for sending the encapsulated data to the encryption database for storage;
and the request analysis module is used for receiving an analysis request sent by the client through the identification analysis end, acquiring an identification service address based on the analysis request and acquiring the packaging data from the encryption database based on the identification service address.
In some optional embodiments, the data conversion module 55 is specifically configured to process the encapsulated data based on the data parsing authority to obtain the encrypted data, the encryption attribute corresponding to the encrypted data, and the anti-counterfeiting tracing information; determining a data range corresponding to the second private key based on the encryption attribute; wherein, the encryption attribute also comprises determining a data range which can be accessed by different private keys corresponding to a public key; and decrypting the encrypted data based on the private key to obtain the identification data corresponding to the data range.
Fig. 6 is a schematic structural diagram of a generic identification data conversion system according to an exemplary embodiment of the present disclosure. As shown in fig. 6, the system provided by the present embodiment includes:
the third-party server 61 is configured to execute the general identification data conversion method provided in any of the above embodiments.
And the original data end 62 is configured to send a registration request to the third-party server, receive the first public key issued by the third-party server, encrypt and anti-counterfeit package the identification data through the first public key to obtain package data, and send the package data to the encryption database.
And the encryption database 63 is used for issuing a first private key to the third-party server according to the private key request sent by the third-party server, and receiving the encapsulated data uploaded by the original data terminal.
And the identification analysis terminal 64 is used for receiving an analysis request sent by the client, obtaining an identification service address based on the analysis request, and obtaining the encapsulation data from the encrypted database based on the identification service address.
The client 65 is configured to send a second private key request to the third-party server, receive a second private key and a second timestamp returned by the third-party server, send an analysis request to the identifier analysis end, and receive the encapsulated data from the encrypted database.
The original data end 62, the encrypted database 63 and the identifier parsing client 64 form an identifier parsing system, and the client 65 is a user terminal initiating an identifier parsing request and may be any terminal device, such as a mobile phone, a computer, and the like; the identification analysis system is responsible for inquiring the system device of the network position or the related information of the target object according to the identification code, and uniquely positions and inquires information of the machine and the article;
the third-party server 61 is responsible for generating, issuing and managing keys, and is trusted by default;
the method and the system take the expansion of the application of the industrial internet identification as a starting point, give full play to the value of the identification in the field of the industrial internet, aim at the risks that the access authority of the identification analysis client is too large, data is easily shared and used indiscriminately and the like, and deploy the access strategy in the encrypted data by constructing the access control system based on the CP-ABE, so that the encrypted data in the data set library has different attributes, and meanwhile, different keys are distributed to the identification analysis client according to the attributes, and the encrypted data can be decrypted only when the attribute set of the identification analysis client meets the access strategy, so that a data owner can decide which users can access the data, and fine-grained access control is realized. Therefore, the risk of data leakage caused by overlarge access permission of the analysis client is avoided, the whole safety protection capability of the identification analysis system is improved, and the identification system is assisted to develop healthily, stably and safely.
Exemplary electronic device
Next, an electronic apparatus according to an embodiment of the present disclosure is described with reference to fig. 7. The electronic device may be either or both of the first device 100 and the second device 200, or a stand-alone device separate from them that may communicate with the first device and the second device to receive the collected input signals therefrom.
FIG. 7 illustrates a block diagram of an electronic device in accordance with an embodiment of the disclosure.
As shown in fig. 7, the electronic device 70 includes one or more processors 71 and a memory 72.
The processor 71 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device 70 to perform desired functions.
Memory 72 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, Random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, Read Only Memory (ROM), hard disk, flash memory, etc. One or more computer program instructions may be stored on the computer-readable storage medium and executed by processor 71 to implement the general identification data transformation methods of the various embodiments of the present disclosure described above and/or other desired functions. Various contents such as an input signal, a signal component, a noise component, etc. may also be stored in the computer-readable storage medium.
In one example, the electronic device 70 may further include: an input device 73 and an output device 74, which are interconnected by a bus system and/or other form of connection mechanism (not shown).
For example, when the electronic device is the first device 100 or the second device 200, the input device 73 may be a microphone or a microphone array as described above for capturing an input signal of a sound source. When the electronic device is a stand-alone device, the input means 73 may be a communication network connector for receiving the acquired input signals from the first device 100 and the second device 200.
The input device 73 may also include, for example, a keyboard, a mouse, and the like.
The output device 74 may output various information including the determined distance information, direction information, and the like to the outside. The output devices 74 may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, among others.
Of course, for simplicity, only some of the components of the electronic device 70 relevant to the present disclosure are shown in fig. 7, omitting components such as buses, input/output interfaces, and the like. In addition, the electronic device 70 may include any other suitable components, depending on the particular application.
Exemplary computer program product and computer-readable storage Medium
In addition to the above-described methods and apparatus, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps in the general identification data conversion method according to various embodiments of the present disclosure described in the "exemplary methods" section of this specification above.
The computer program product may write program code for carrying out operations for embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform the steps in the general identification data conversion method according to various embodiments of the present disclosure described in the "exemplary methods" section above in this specification.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The foregoing describes the general principles of the present disclosure in conjunction with specific embodiments, however, it is noted that the advantages, effects, etc. mentioned in the present disclosure are merely examples and are not limiting, and they should not be considered essential to the various embodiments of the present disclosure. Furthermore, the foregoing disclosure of specific details is for the purpose of illustration and description and is not intended to be limiting, since the disclosure is not intended to be limited to the specific details so described.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts in the embodiments are referred to each other. For the system embodiment, since it basically corresponds to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The block diagrams of devices, apparatuses, systems referred to in this disclosure are only given as illustrative examples and are not intended to require or imply that the connections, arrangements, configurations, etc. must be made in the manner shown in the block diagrams. These devices, apparatuses, devices, systems may be connected, arranged, configured in any manner, as will be appreciated by those skilled in the art. Words such as "including," "comprising," "having," and the like are open-ended words that mean "including, but not limited to," and are used interchangeably therewith. The words "or" and "as used herein mean, and are used interchangeably with, the word" and/or, "unless the context clearly dictates otherwise. The word "such as" is used herein to mean, and is used interchangeably with, the phrase "such as but not limited to".
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the devices, apparatuses, and methods of the present disclosure, each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be considered equivalents of the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit embodiments of the disclosure to the form disclosed herein. While a number of example aspects and embodiments have been discussed above, those of skill in the art will recognize certain variations, modifications, alterations, additions and sub-combinations thereof.

Claims (11)

1. A universal identification data conversion method is applied to a third-party server and comprises the following steps:
receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first timestamp corresponding to the private key request;
based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data;
sending a second private key and a second timestamp to the client according to a second private key request received from the client;
determining whether the client has data parsing permission based on the second private key, the second timestamp, the first public key and the first timestamp;
and in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data.
2. The method according to claim 1, wherein the encrypting and anti-counterfeit packaging the identification data in the original data end pair based on the first public key corresponding to the first private key to obtain packaged data comprises:
determining the corresponding first public key based on the first private key;
sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data; wherein the encryption attribute comprises a correspondence between the first public key and the first private key;
and packaging the encrypted data, the encryption attribute and the anti-counterfeiting code information corresponding to the encrypted data to obtain the packaged data.
3. The method according to claim 2, wherein the sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data comprises:
sending the first public key to the original data terminal;
encrypting the identification data at the original data end through the first public key to obtain encrypted data;
and coding the corresponding relation between the first public key and the first private key based on a preset coding rule to obtain the encryption attribute.
4. The method according to any one of claims 1-3, wherein sending the second private key and the second timestamp to the client based on a second private key request received from the client comprises:
receiving a second private key request sent by the client;
determining a second private key corresponding to the second private key request according to the second private key request and pre-stored encryption attributes; wherein the encryption attribute comprises a corresponding relation between a private key and a public key;
and determining the second time stamp according to the determined time point corresponding to the second private key.
5. The method of any of claims 1-3, wherein determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key, and the first timestamp comprises:
determining a relationship between the time difference and a key validity period based on the time difference between the second timestamp and the first timestamp, and determining whether the second private key is valid;
and responding to the validity of the second private key, and determining whether the client has the data analysis permission according to whether the encryption attributes of the second private key and the first public key are matched.
6. The method according to any one of claims 1-3, wherein before sending the second private key and the second timestamp to the client according to the second private key request received from the client, further comprising:
sending the packaged data to the encryption database for storage;
and receiving an analysis request sent by the client through an identification analysis end, acquiring an identification service address based on the analysis request, and acquiring the packaging data from the encryption database based on the identification service address.
7. The method according to any one of claims 1-3, wherein said decrypting the encapsulated data with the second private key to obtain the identification data comprises:
processing the encapsulated data based on the data analysis authority to obtain encrypted data, and encryption attributes and anti-counterfeiting tracing information corresponding to the encrypted data;
determining a data range corresponding to the second private key based on the encryption attribute; wherein, the encryption attribute also comprises determining a data range which can be accessed by different private keys corresponding to a public key;
and decrypting the encrypted data based on the private key to obtain the identification data corresponding to the data range.
8. A universal identification data conversion device is applied to a third-party server and comprises:
the private key request module is used for receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first timestamp corresponding to the private key request;
the data encapsulation module is used for carrying out encryption and anti-counterfeiting encapsulation processing on the identification data in the original data end pair based on a first public key corresponding to the first private key to obtain encapsulated data;
the private key sending module is used for sending a second private key and a second timestamp to the client according to a second private key request received from the client;
the authority determining module is used for determining whether the client has data analysis authority or not based on the second private key, the second timestamp, the first public key and the first timestamp;
and the data conversion module is used for responding to the fact that the client side has the data analysis permission, and decrypting the encapsulated data through the second private key to obtain the identification data.
9. A universal identification data conversion system, comprising:
a third party server for executing the universal identification data conversion method of any one of the above claims 1-7;
the original data end is used for sending a registration request to the third-party server end, receiving a first public key issued by the third-party server end, encrypting and anti-counterfeiting packaging identification data through the first public key to obtain packaged data, and sending the packaged data to an encryption database;
the encryption database is used for issuing a first private key to the third-party server according to a private key request sent by the third-party server and receiving the packaging data uploaded by the original data terminal;
the identification analysis end is used for receiving an analysis request sent by a client, obtaining an identification service address based on the analysis request and obtaining the packaging data from the encryption database based on the identification service address;
and the client is used for sending a second private key request to the third-party server, receiving a second private key and a second timestamp returned by the third-party server, sending an analysis request to the identifier analysis terminal, and receiving the packaged data from the encrypted database.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program for executing the general identification data conversion method of any one of claims 1 to 7.
11. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory for storing the processor-executable instructions;
the processor is used for reading the executable instructions from the memory and executing the instructions to realize the general identification data conversion method of any one of the claims 1 to 7.
CN202210407217.9A 2022-04-19 2022-04-19 Universal identification data conversion method and device, storage medium and electronic equipment Active CN114513370B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210407217.9A CN114513370B (en) 2022-04-19 2022-04-19 Universal identification data conversion method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210407217.9A CN114513370B (en) 2022-04-19 2022-04-19 Universal identification data conversion method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN114513370A true CN114513370A (en) 2022-05-17
CN114513370B CN114513370B (en) 2022-07-15

Family

ID=81554817

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210407217.9A Active CN114513370B (en) 2022-04-19 2022-04-19 Universal identification data conversion method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN114513370B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116366252A (en) * 2023-03-17 2023-06-30 北京信源电子信息技术有限公司 DOA-based data protection method for handle identification analysis technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060280309A1 (en) * 2002-06-28 2006-12-14 Microsoft Corporation Systems and methods for providing secure server key operations
CN105072180A (en) * 2015-08-06 2015-11-18 武汉科技大学 Cloud storage data security sharing method with permission time control
CN107864157A (en) * 2017-12-19 2018-03-30 苗放 Protecting data encryption and ownership mandate decryption application process and system based on ownership
CN110493347A (en) * 2019-08-26 2019-11-22 重庆邮电大学 Data access control method and system in large-scale cloud storage based on block chain
CN111163036A (en) * 2018-11-07 2020-05-15 中移(苏州)软件技术有限公司 Data sharing method, device, client, storage medium and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060280309A1 (en) * 2002-06-28 2006-12-14 Microsoft Corporation Systems and methods for providing secure server key operations
CN105072180A (en) * 2015-08-06 2015-11-18 武汉科技大学 Cloud storage data security sharing method with permission time control
CN107864157A (en) * 2017-12-19 2018-03-30 苗放 Protecting data encryption and ownership mandate decryption application process and system based on ownership
CN111163036A (en) * 2018-11-07 2020-05-15 中移(苏州)软件技术有限公司 Data sharing method, device, client, storage medium and system
CN110493347A (en) * 2019-08-26 2019-11-22 重庆邮电大学 Data access control method and system in large-scale cloud storage based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
龚坚 等: "RSA加密在DNS安全中的应用", 《贵州大学学报(自然科学版)》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116366252A (en) * 2023-03-17 2023-06-30 北京信源电子信息技术有限公司 DOA-based data protection method for handle identification analysis technology
CN116366252B (en) * 2023-03-17 2024-01-30 北京信源电子信息技术有限公司 DOA-based data protection method for handle identification analysis technology

Also Published As

Publication number Publication date
CN114513370B (en) 2022-07-15

Similar Documents

Publication Publication Date Title
Pal et al. On the integration of blockchain to the internet of things for enabling access right delegation
CN108665372B (en) Information processing, inquiring and storing method and device based on block chain
US11991160B2 (en) Systems and methods for providing secure services
CN109918942B (en) Decentralized identifier management system based on ether house block chain
CN102082771B (en) Service management middleware based on ESB (enterprise service bus) technology
JP2019153181A (en) Management program
US20220261798A1 (en) Computer-Implemented System and Method for Facilitating Transactions Associated with a Blockchain Using a Network Identifier for Participating Entities
CN112099964A (en) Interface calling method and device, storage medium and electronic device
US20220198444A1 (en) Computer-implemented system and method for implementing alias-based addressing for a distributed ledger
CN111598695A (en) Block chain data access method and device
CN114448732B (en) Protection method, device, medium and equipment for identifying private data network transmission
US9344407B1 (en) Centrally managed use case-specific entity identifiers
EP3817320B1 (en) Blockchain-based system for issuing and validating certificates
CN114513370B (en) Universal identification data conversion method and device, storage medium and electronic equipment
US20220270085A1 (en) Destination addressing associated with a distributed ledger
WO2020212784A1 (en) Destination addressing associated with a distributed ledger
US9251375B1 (en) Use case-specific entity identifiers
CN117118640A (en) Data processing method, device, computer equipment and readable storage medium
Tan et al. Blockchain-Based Data Security and Sharing for Resource-Constrained Devices in Manufacturing IoT
US20200043016A1 (en) Network node for processing measurement data
CN114826719B (en) Trusted terminal authentication method, system, equipment and storage medium based on blockchain
CN117650944A (en) Industrial Internet identification analysis method, system, electronic equipment and storage medium
Lee et al. Resource centric security to protect customer energy information in the smart grid
CN115514578A (en) Block chain based data authorization method and device, electronic equipment and storage medium
CN115982247A (en) Block chain based account information query method and device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant