CN114513370B - Universal identification data conversion method and device, storage medium and electronic equipment - Google Patents
Universal identification data conversion method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN114513370B CN114513370B CN202210407217.9A CN202210407217A CN114513370B CN 114513370 B CN114513370 B CN 114513370B CN 202210407217 A CN202210407217 A CN 202210407217A CN 114513370 B CN114513370 B CN 114513370B
- Authority
- CN
- China
- Prior art keywords
- data
- private key
- client
- public key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the disclosure discloses a universal identification data conversion method and device, a storage medium and an electronic device, wherein the method comprises the following steps: receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first timestamp corresponding to the private key request; based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data; sending a second private key and a second timestamp to the client according to a second private key request received from the client; determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp; and in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data.
Description
Technical Field
The disclosure relates to a universal identification data conversion method and device, a storage medium and an electronic device.
Background
Currently, a user sends an identifier analysis request to an identifier analysis node (e.g., a server) through an identifier analysis client, and after receiving the identifier analysis request, the identifier analysis node directly feeds back an analysis result to the client, and does not perform access control on the identifier analysis client, which may cause risks such as data leakage due to too large access control authority.
Disclosure of Invention
The present disclosure is proposed to solve the above technical problems. The embodiment of the disclosure provides a universal identification data conversion method and device, a storage medium and an electronic device.
According to an aspect of the embodiments of the present disclosure, a method for converting universal identification data is provided, which is applied to a third-party server, and includes:
receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first time stamp corresponding to the private key request;
based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data;
sending a second private key and a second timestamp to the client according to a second private key request received from the client;
determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp;
and in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data.
Optionally, the encrypting and anti-counterfeit packaging the identification data in the original data end pair based on the first public key corresponding to the first private key to obtain packaged data includes:
determining the corresponding first public key based on the first private key;
sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data; wherein the encryption attribute comprises a correspondence between the first public key and the first private key;
and packaging the encrypted data, the encryption attribute and the anti-counterfeiting code information corresponding to the encrypted data to obtain the packaged data.
Optionally, the sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data includes:
sending the first public key to the original data terminal;
encrypting the identification data at the original data end through the first public key to obtain encrypted data;
and coding the corresponding relation between the first public key and the first private key based on a preset coding rule to obtain the encryption attribute.
Optionally, the sending, to the client, the second private key and the second timestamp according to the second private key request received from the client includes:
receiving a second private key request sent by the client;
determining a second private key corresponding to the second private key request according to the second private key request and pre-stored encryption attributes; wherein the encryption attribute comprises a corresponding relation between a private key and a public key;
and determining the second time stamp according to the determined time point corresponding to the second private key.
Optionally, the determining whether the client has a data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp includes:
determining a relationship between the time difference and a key validity period based on the time difference between the second timestamp and the first timestamp, and determining whether the second private key is valid;
and responding to the validity of the second private key, and determining whether the client has the data analysis permission according to whether the encryption attributes of the second private key and the first public key are matched.
Optionally, before sending the second private key and the second timestamp to the client according to the second private key request received from the client, the method further includes:
sending the packaged data to the encryption database for storage;
and receiving an analysis request sent by the client through an identification analysis end, acquiring an identification service address based on the analysis request, and acquiring the packaging data from the encryption database based on the identification service address.
Optionally, the decrypting the encapsulated data by the second private key to obtain the identification data includes:
processing the encapsulated data based on the data analysis authority to obtain encrypted data, and encryption attributes and anti-counterfeiting tracing information corresponding to the encrypted data;
determining a data range corresponding to the second private key based on the encryption attribute; wherein the encryption attribute further comprises determining a data range accessible by different private keys corresponding to a public key;
and decrypting the encrypted data based on the private key to obtain the identification data corresponding to the data range.
According to another aspect of the embodiments of the present disclosure, there is provided a universal identification data conversion apparatus, applied to a third-party server, including:
the private key request module is used for receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first timestamp corresponding to the private key request;
the data encapsulation module is used for carrying out encryption and anti-counterfeiting encapsulation processing on the identification data in the original data end pair based on a first public key corresponding to the first private key to obtain encapsulated data;
the private key sending module is used for sending a second private key and a second timestamp to the client according to a second private key request received from the client;
the authority determining module is used for determining whether the client has data analysis authority or not based on the second private key, the second timestamp, the first public key and the first timestamp;
and the data conversion module is used for responding to the fact that the client side has the data analysis permission, and decrypting the encapsulated data through the second private key to obtain the identification data.
Optionally, the data encapsulation module includes:
a public key determining unit, configured to determine the corresponding first public key based on the first private key;
the data encryption unit is used for sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data; wherein the encryption attribute comprises a correspondence between the first public key and the first private key;
and the data packaging unit is used for packaging the encrypted data, the encryption attribute and the anti-counterfeiting code information corresponding to the encrypted data to obtain the packaged data.
Optionally, the data encryption unit is specifically configured to send the first public key to the original data end; encrypting the identification data at the original data end through the first public key to obtain encrypted data; and coding the corresponding relation between the first public key and the first private key based on a preset coding rule to obtain the encryption attribute.
Optionally, the private key sending module is specifically configured to receive a second private key request sent by the client; determining a second private key corresponding to the second private key request according to the second private key request and pre-stored encryption attributes; wherein the encryption attribute comprises a corresponding relation between a private key and a public key; and determining the second time stamp according to the determined time point corresponding to the second private key.
Optionally, the permission determining module is specifically configured to determine, based on a time difference between the second timestamp and the first timestamp, a relationship between the time difference and a validity period of a secret key, and determine whether the second private key is valid; and responding to the validity of the second private key, and determining whether the client has the data analysis permission according to whether the encryption attributes of the second private key and the first public key are matched.
Optionally, the apparatus further comprises:
the storage module is used for sending the packaging data to the encryption database for storage;
and the request analysis module is used for receiving an analysis request sent by the client through an identification analysis end, acquiring an identification service address based on the analysis request and acquiring the packaging data from the encrypted database based on the identification service address.
Optionally, the data conversion module is specifically configured to process the encapsulated data based on a data parsing authority to obtain encrypted data, an encryption attribute corresponding to the encrypted data, and anti-counterfeiting tracing information; determining a data range corresponding to the second private key based on the encryption attribute; wherein the encryption attribute further comprises determining a data range accessible by different private keys corresponding to a public key; and decrypting the encrypted data based on the private key to obtain the identification data corresponding to the data range.
According to another aspect of the embodiments of the present disclosure, there is provided a general identification data conversion system including:
a third party server, configured to execute the universal identification data conversion method according to any of the embodiments;
the original data terminal is used for sending a registration request to the third-party server, receiving a first public key issued by the third-party server, encrypting and anti-counterfeiting packaging the identification data through the first public key to obtain packaged data, and sending the packaged data to an encryption database;
the encryption database is used for issuing a first private key to the third-party server according to a private key request sent by the third-party server and receiving the packaging data uploaded by the original data terminal;
the identification analysis end is used for receiving an analysis request sent by a client, acquiring an identification service address based on the analysis request and acquiring the packaging data from the encryption database based on the identification service address;
and the client is used for sending a second private key request to the third-party server, receiving a second private key and a second timestamp returned by the third-party server, sending an analysis request to the identifier analysis terminal, and receiving the packaged data from the encrypted database.
According to another aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium storing a computer program for executing the method for converting identification data in general according to any of the embodiments.
According to another aspect of the embodiments of the present disclosure, there is provided an electronic device including:
a processor;
a memory for storing the processor-executable instructions;
the processor is configured to read the executable instructions from the memory and execute the instructions to implement the general identification data conversion method according to any of the above embodiments.
Based on the method and the device for converting the universal identification data, the storage medium and the electronic device provided by the embodiment of the disclosure, the method and the device receive a registration request sent by an original data end, send a first private key request to an encryption database according to the registration request, and receive a first private key and a first timestamp corresponding to the private key request; based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data; sending a second private key and a second timestamp to a client according to a second private key request received from the client; determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp; in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data; in the embodiment, different attributes are allocated to the data, different keys are allocated to the identifier resolution client according to the attributes, a data owner determines which users can access the data, and fine-grained access control is realized.
The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description of the embodiments of the present disclosure when taken in conjunction with the accompanying drawings. The accompanying drawings are included to provide a further understanding of the embodiments of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the principles of the disclosure and not to limit the disclosure. In the drawings, like reference numbers generally indicate like parts or steps.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
FIG. 1 is a flowchart illustrating a generalized identification data transformation method provided by an exemplary embodiment of the present disclosure;
FIG. 2 is a schematic flow chart of step 104 in the embodiment of FIG. 1 of the present disclosure;
FIG. 3 is a schematic flow chart of step 106 in the embodiment of FIG. 1 of the present disclosure;
fig. 4 is a timing diagram illustrating progressive resolution of an identifier resolution request in a generic identifier data conversion method according to an exemplary embodiment of the present disclosure;
FIG. 5 is a schematic structural diagram of a generic identification data conversion device provided in an exemplary embodiment of the disclosure;
FIG. 6 is a block diagram of a generalized identification data translation system provided by an exemplary embodiment of the present disclosure;
fig. 7 is a block diagram of an electronic device provided in an exemplary embodiment of the present disclosure.
Detailed Description
Hereinafter, example embodiments according to the present disclosure will be described in detail with reference to the accompanying drawings. It is to be understood that the described embodiments are merely a subset of the embodiments of the present disclosure and not all embodiments of the present disclosure, with the understanding that the present disclosure is not limited to the example embodiments described herein.
It should be noted that: the relative arrangement of parts and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
It will be understood by those within the art that the terms "first", "second", etc. in the embodiments of the present disclosure are used only for distinguishing between different steps, devices or modules, etc., and do not denote any particular technical meaning or necessary logical order therebetween.
It is also understood that in embodiments of the present disclosure, "a plurality" may refer to two or more and "at least one" may refer to one, two or more.
It is also to be understood that any reference to any component, data, or structure in the embodiments of the disclosure, may be generally understood as one or more, unless explicitly defined otherwise or stated otherwise.
In addition, the term "and/or" in the present disclosure is only one kind of association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B, may indicate: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the former and latter associated objects are in an "or" relationship. The data referred to in this disclosure may include unstructured data, such as text, images, video, etc., as well as structured data.
It should also be understood that the description of the embodiments in the present disclosure emphasizes the differences between the embodiments, and the same or similar parts may be referred to each other, and are not repeated for brevity.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be discussed further in subsequent figures.
The disclosed embodiments may be applied to electronic devices such as terminal devices, computer systems, servers, etc., which are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with electronic devices, such as terminal devices, computer systems, servers, and the like, include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, network pcs, minicomputer systems, mainframe computer systems, distributed cloud computing environments that include any of the above, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc. that perform particular tasks or implement particular abstract data types. The computer system/server may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
The industrial internet identification and resolution system is a basic system of the industrial internet, is an important component of the industrial internet, is also an important facility for constructing man-machine-object comprehensive interconnection, and has the function similar to a Domain Name System (DNS) which can inquire website addresses and mailbox addresses in the internet. The industrial internet identification analysis system mainly comprises an identification distribution management system and an identification analysis system, wherein the identification is an 'identity card' of a machine and an article, has uniqueness, and is managed in a hierarchical mode of step-by-step distribution. The identification analysis system utilizes the identification to position and inquire information of the machine and the article, which is the premise and the basis for realizing the accurate butt joint of the global supply chain system and the enterprise production system, the full life cycle management of the product and the intelligent service. By building a set of perfect identification system, powerful support can be provided for industrial system interconnection and industrial data transmission and exchange, interconnection and intercommunication of industrial elements such as design, research, development, production, sales and service of industrial products are really realized, and the cooperation efficiency is improved.
In China, in order to realize the overall goal of unified management and interconnection, a national top-level node is established, is externally used as a unified export participating in the development of a global industrial internet identification analysis system, is communicated with various industrial internet identification analysis systems, and realizes the butt joint with an international root node. The construction of the domestic industrial internet identification analysis system and the ecological cultivation development are guided from the dimensions such as technical standard specifications, infrastructure construction and the like, and the integral framework of the domestic industrial internet identification analysis system is created.
Exemplary method
Fig. 1 is a flowchart illustrating a generic identification data conversion method according to an exemplary embodiment of the present disclosure. The embodiment can be applied to electronic devices such as a third party server, and as shown in fig. 1, includes the following steps:
Optionally, the original data end is a data owner in this embodiment, for example, a data generation end in the identity resolution system, for example, an enterprise node for identity resolution, or the like; the original data end generates identification data and sends a registration request to a third-party server end in order to ensure data security; the third-party server requests a private key from the encrypted database according to the registration request, generates a corresponding public key according to the private key and returns the public key to the original data end; the encryption database and the data generation end both belong to modules in an identification analysis system; the corresponding relation between the data and the client with the data acquisition authority is stored in the encryption database; in addition, in this embodiment, when the first private key is obtained, the time at which the first private key is obtained is recorded as a first timestamp, so that the permission time of the first private key is controlled subsequently.
And 104, based on the first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data.
In the embodiment, the third-party server generates the corresponding public key based on the private key, and at the moment, the corresponding relation between the public key and the private key is used as the attribute information of the data encrypted by the public key; issuing the public key to an original data end, and encrypting and anti-counterfeiting packaging the identification data by the original data end through the public key to obtain packaged data; in this embodiment, the encapsulated data may be stored in an encrypted database, so that a subsequent identifier resolution client having an authority may request to obtain the encapsulated data.
In this embodiment, when the client requests the identification data, the client may send the identification data acquisition request and the private key request to the identification analysis system and the third-party server simultaneously or sequentially, and the third-party server sends the second private key to the client according to the request and also sends the second timestamp of the sending time, so as to control the effective time limit of the second private key, thereby further improving the security of the identification data.
And step 108, determining whether the client has the data analysis permission or not based on the second private key, the second timestamp, the first public key and the first timestamp.
In this embodiment, whether the client corresponding to the second private key has the data parsing authority is determined by whether the corresponding relationship exists between the second private key and the first public key and the time difference between the second timestamp and the first timestamp, and the client has the data parsing authority only when the corresponding relationship exists and the time difference meets the preset time difference, so that the security of the identification data is further ensured.
And step 110, in response to the fact that the client has the data analysis permission, decrypting the packaged data through a second private key to obtain the identification data.
The method can further include that the client does not have the data parsing authority, and at this time, the client cannot decrypt the encapsulated data and cannot obtain the identification data.
The embodiment of the present disclosure provides a universal identification data conversion method, which receives a registration request sent by an original data end, sends a first private key request to an encrypted database according to the registration request, and receives a first private key and a first timestamp corresponding to the private key request; based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data; sending a second private key and a second timestamp to a client according to a second private key request received from the client; determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp; in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data; in the embodiment, different attributes are allocated to the data, different keys are allocated to the identifier resolution client according to the attributes, a data owner determines which users can access the data, and fine-grained access control is realized.
As shown in fig. 2, based on the embodiment shown in fig. 1, step 104 may include the following steps:
Optionally, the corresponding relationship between each pair of key pairs (private key and public key) may be encoded by a plurality of encoding rules, a corresponding first public key may be determined for the first private key according to the corresponding relationship determined by any one of the encoding rules, different version numbers are given to different key pairs, and the corresponding relationship between the public key and the private key is stored in the third party server.
The encryption attribute comprises a corresponding relation between the first public key and the first private key.
In this embodiment, while obtaining the encrypted data, the encryption attribute corresponding to the encrypted data is also recorded to determine the private key corresponding to the encrypted data encrypted with the public key.
And 1043, packaging the encrypted data, the encryption attribute and the anti-counterfeiting code information corresponding to the encrypted data to obtain packaged data.
In this embodiment, before the encrypted data is encapsulated, anti-counterfeiting encoding information is further added to the encrypted data, and optionally, corresponding anti-counterfeiting encoding information, for example, encoding methods such as MD5 codes and the like, may be determined for the encrypted data based on any anti-counterfeiting encoding method in the prior art; by packaging the anti-counterfeiting coding information into the packaging data, the traceable technical effect of the encrypted data can be realized, and the problem that the encrypted data is tampered in the transmission process is solved; the security of the encrypted data is improved.
Optionally, on the basis of the foregoing embodiment, step 1042 may further include:
sending the first public key to an original data end;
encrypting the identification data at the original data end through a first public key to obtain encrypted data;
and coding the corresponding relation between the first public key and the first private key based on a preset coding rule to obtain the encryption attribute.
In this embodiment, the original data end encrypts the identification data based on the first public key, and at this time, because the original data end only has the first public key, if only the encrypted data after encryption is sent to the encryption database, a problem that decryption cannot be performed subsequently occurs, therefore, in this embodiment, the correspondence between the first public key and the first private key is encoded to obtain an encryption attribute, and the private key corresponding to the encrypted data can be determined by the encryption attribute, so that the problem that decryption cannot be performed is overcome, where the encoding method may be any method that can encode the correspondence in the prior art, and this embodiment does not limit a specific encoding method.
As shown in fig. 3, based on the embodiment shown in fig. 1, step 106 may include the following steps:
In this embodiment, the client sends an identifier data acquisition and analysis request to the identifier analysis system, and at this time, the acquired identifier data is encapsulated data, and the identifier data included in the encapsulated data cannot be checked.
The encryption attribute comprises a corresponding relation between the private key and the public key.
Optionally, the third party server requests a corresponding encryption attribute prestored in the client according to the second private key (after the encryption attribute is generated in the encryption database, the encryption attribute is issued to the client with the authority to be stored), and the corresponding second private key can be acquired from the third party server based on the encryption attribute.
In this embodiment, when the second private key is issued to the client, the issuing time point is further recorded as the second timestamp, so that it is clear that the time difference from the time when the private key is generated in the encrypted database to the time when the private key is requested is generated, and if the time difference exceeds a time difference threshold set in the encrypted database (which may be set according to a specific application scenario), it may be determined that the private key is invalid according to a rule set in the encrypted database, and if the private key for acquiring decrypted data needs to be requested again, the security of the identification data is further improved through the time limit setting of the private key.
Optionally, on the basis of the foregoing embodiment, step 108 may further include:
determining a relationship between the time difference and the validity period of the secret key based on the time difference between the second time stamp and the first time stamp, and determining whether the second private key is valid;
and responding to the validity of the second private key, and determining whether the client has the data analysis permission according to whether the encryption attributes of the second private key and the first public key are matched.
In this embodiment, the determination of the time difference is performed first, and only when the time difference is smaller than the validity period of the secret key, the second private key is valid, and when the second private key is valid, it is determined whether the second private key matches the first public key according to the encryption attribute, for example, whether the second private key is the first private key, and if the second private key is the first private key, there is a correspondence with the first public key, and at this time, the client has a data parsing authority.
In some optional embodiments, before step 106, the method may further include:
sending the encapsulated data to an encryption database for storage;
and receiving an analysis request sent by the client through the identification analysis end, acquiring an identification service address based on the analysis request, and acquiring the packaging data from the encryption database based on the identification service address.
In this embodiment, the identifier resolution end belongs to an external receiving request port in the identifier resolution system, the client submits a resolution request to the identifier resolution end, and the identifier resolution system returns the identifier service address to the client after performing step-by-step resolution, where step-by-step resolution is a process of transmitting a resolution request in a multi-stage node in the industrial internet, and optionally, a sequence diagram of the step-by-step resolution process is shown in fig. 4, and includes the following processes: (1) the client sends an identification analysis request to the recursion node; (2) the recursive node checks the local cache, and when no cache result exists, the recursive node sends the analysis request to the top-level node of the country; (3) the state top level node returns a second level node analysis address to the recursion node; (4) the recursion node sends an analysis request to the secondary node; (5) the second-level node returns the enterprise node resolution address to the recursion node; (6) the recursion node sends an analysis request to the enterprise node; (7) the enterprise node returns an identification resolution service address to the recursion node; (8) the recursion node returns the identification service address to the identification analysis client; (9) the identification analysis client sends a query request to the enterprise information system; (10) and the enterprise information system returns the identification object information to the identification analysis client.
In some optional embodiments, on the basis of any of the above embodiments, step 110 may include:
processing the packaged data based on the data analysis authority to obtain encrypted data, and encryption attributes and anti-counterfeiting tracing information corresponding to the encrypted data;
determining a data range corresponding to the second private key based on the encryption attribute;
wherein, the encryption attribute also comprises determining a data range which can be accessed by different private keys corresponding to a public key;
and decrypting the encrypted data based on the private key to obtain the identification data corresponding to the data range.
Optionally, when the client has the authority, the encapsulated data is first decapsulated to obtain the encrypted data, the encrypted attribute, and the anti-counterfeiting tracing information included therein, and the encrypted attribute in this embodiment may also be refined attribute information, for example, the first half of data may be accessed with attribute condition 1, the second half of data may be accessed with attribute condition 2, and some fine-grained rules, and the like, may set different attribute conditions for different data ranges through the fine-grained rules, and divide the identification data into multiple portions with different attributes, thereby implementing personalized management of data, and improving security and flexibility of data.
In this embodiment, an access control system based on CP-ABE is constructed, and an access policy is deployed in encrypted data, so that the encrypted data in the data set library has different attributes, and different keys are allocated to the identifier resolution client according to the attributes, and the encrypted data can be decrypted only when the attribute set of the identifier resolution client meets the access policy, so that a data owner can determine which users can access the data, thereby implementing fine-grained access control. The risk of data leakage caused by overlarge access authority of the analysis client is effectively avoided, and the overall safety protection capability of an identification analysis system is improved.
Any of the general identification data conversion methods provided by the embodiments of the present disclosure may be performed by any suitable device having data processing capabilities, including but not limited to: terminal equipment, a server and the like. Alternatively, any of the general identification data conversion methods provided by the embodiments of the present disclosure may be executed by a processor, for example, the processor may execute any of the general identification data conversion methods mentioned by the embodiments of the present disclosure by calling a corresponding instruction stored in a memory. And will not be described in detail below.
Exemplary devices
Fig. 5 is a schematic structural diagram of a generic identification data conversion device according to an exemplary embodiment of the present disclosure. As shown in fig. 5, the apparatus provided in this embodiment is applied to a third party server, and includes:
the private key request module 51 is configured to receive a registration request sent by an original data end, send a first private key request to the encrypted database according to the registration request, and receive a first private key and a first timestamp corresponding to the private key request.
And the data encapsulation module 52 is configured to perform encryption and anti-counterfeit encapsulation processing on the identification data in the original data end pair based on the first public key corresponding to the first private key, so as to obtain encapsulated data.
The private key sending module 53 is configured to send the second private key and the second timestamp to the client according to the second private key request received from the client.
And the permission determining module 54 is configured to determine whether the client has the data parsing permission based on the second private key, the second timestamp, the first public key, and the first timestamp.
And the data conversion module 55 is configured to decrypt the encapsulated data through the second private key to obtain the identification data in response to that the client has the data parsing authority.
The embodiment of the present disclosure provides a universal identification data conversion apparatus, which receives a registration request sent by an original data end, sends a first private key request to an encrypted database according to the registration request, and receives a first private key and a first timestamp corresponding to the private key request; based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on the identification data in the original data end pair to obtain packaged data; sending a second private key and a second timestamp to the client according to a second private key request received from the client; determining whether the client has data parsing authority based on the second private key, the second timestamp, the first public key and the first timestamp; in response to the client side having the data analysis permission, decrypting the encapsulated data through the second private key to obtain the identification data; in the embodiment, different attributes are allocated to the data, different keys are allocated to the identifier resolution client according to the attributes, a data owner determines which users can access the data, and fine-grained access control is realized.
In some alternative embodiments, the data encapsulation module 52 includes:
the public key determining unit is used for determining a corresponding first public key based on the first private key;
the data encryption unit is used for sending the first public key to an original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data; the encryption attribute comprises a corresponding relation between a first public key and a first private key;
and the data packaging unit is used for packaging the encrypted data, the encryption attribute and the anti-counterfeiting code information corresponding to the encrypted data to obtain packaged data.
Optionally, the data encryption unit is specifically configured to send the first public key to the original data end; encrypting the identification data at the original data end through a first public key to obtain encrypted data; and coding the corresponding relation between the first public key and the first private key based on a preset coding rule to obtain the encryption attribute.
Optionally, the private key sending module 53 is specifically configured to receive a second private key request sent by the client; determining a second private key corresponding to the second private key request according to the second private key request and the pre-stored encryption attribute; the encryption attribute comprises a corresponding relation between a private key and a public key; and determining a second time stamp according to the time point corresponding to the second private key.
Optionally, the permission determining module 54 is specifically configured to determine, based on a time difference between the second timestamp and the first timestamp, a relationship between the time difference and the validity period of the secret key, and determine whether the second private key is valid; and responding to the validity of the second private key, and determining whether the client has the data analysis permission or not according to whether the encryption attributes of the second private key and the first public key are matched or not.
In some optional embodiments, the apparatus provided in this embodiment further includes:
the storage module is used for sending the encapsulated data to the encryption database for storage;
and the request analysis module is used for receiving an analysis request sent by the client through the identification analysis end, acquiring an identification service address based on the analysis request and acquiring the packaging data from the encryption database based on the identification service address.
In some optional embodiments, the data conversion module 55 is specifically configured to process the encapsulated data based on the data parsing authority to obtain the encrypted data, the encryption attribute corresponding to the encrypted data, and the anti-counterfeiting tracing information; determining a data range corresponding to the second private key based on the encryption attribute; wherein, the encryption attribute also comprises determining a data range which can be accessed by different private keys corresponding to a public key; and decrypting the encrypted data based on the private key to obtain the identification data corresponding to the data range.
Fig. 6 is a schematic structural diagram of a generic identification data conversion system according to an exemplary embodiment of the present disclosure. As shown in fig. 6, the system provided in this embodiment includes:
the third-party server 61 is configured to execute the general identification data conversion method provided in any of the above embodiments.
And the original data end 62 is configured to send a registration request to the third party server, receive the first public key issued by the third party server, perform encryption and anti-counterfeit packaging processing on the identification data through the first public key to obtain packaged data, and send the packaged data to the encryption database.
And the encryption database 63 is used for issuing a first private key to the third-party server according to the private key request sent by the third-party server, and receiving the encapsulated data uploaded by the original data terminal.
And the identification analysis terminal 64 is used for receiving an analysis request sent by the client, obtaining an identification service address based on the analysis request, and obtaining the encapsulation data from the encrypted database based on the identification service address.
The client 65 is configured to send a second private key request to the third-party server, receive a second private key and a second timestamp returned by the third-party server, send an analysis request to the identifier analysis end, and receive the encapsulated data from the encrypted database.
The original data end 62, the encrypted database 63 and the identifier parsing client 64 form an identifier parsing system, and the client 65 is a user terminal initiating an identifier parsing request and may be any terminal device, such as a mobile phone, a computer, and the like; the identification analysis system is responsible for inquiring the system device of the network position or the related information of the target object according to the identification code, and uniquely positions and inquires information of the machine and the article;
the third-party server 61 is responsible for generating, issuing and managing keys, and is trusted by default;
the method takes the expansion of industrial internet identification application as a starting point, gives full play to the value of the identification in the field of industrial internet, aims at the risks that the access right of an identification analysis client is too large, data is easily shared and used indiscriminately and the like, and arranges an access strategy in encrypted data by constructing an access control system based on CP-ABE (content provider-based access authorization) so that the encrypted data in a data set library has different attributes, and meanwhile, different keys are distributed to the identification analysis client according to the attributes, and the encrypted data can be decrypted only when the attribute set of the identification analysis client meets the access strategy, so that a data owner can decide which users can access the data, and fine-grained access control is realized. Therefore, the risk of data leakage caused by overlarge access permission of the analysis client is avoided, the integral safety protection capability of the identification analysis system is improved, and the assisted identification system is healthily, stably and safely developed.
Exemplary electronic device
Next, an electronic apparatus according to an embodiment of the present disclosure is described with reference to fig. 7. The electronic device may be either or both of the first device 100 and the second device 200, or a stand-alone device separate therefrom, which stand-alone device may communicate with the first device and the second device to receive the acquired input signals therefrom.
Fig. 7 illustrates a block diagram of an electronic device in accordance with an embodiment of the disclosure.
As shown in fig. 7, the electronic device 70 includes one or more processors 71 and a memory 72.
The processor 71 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device 70 to perform desired functions.
In one example, the electronic device 70 may further include: an input device 73 and an output device 74, which are interconnected by a bus system and/or other form of connection mechanism (not shown).
For example, when the electronic device is the first device 100 or the second device 200, the input device 73 may be a microphone or a microphone array as described above for capturing an input signal of a sound source. When the electronic device is a stand-alone device, the input means 73 may be a communication network connector for receiving the acquired input signals from the first device 100 and the second device 200.
The input device 73 may also include, for example, a keyboard, a mouse, and the like.
The output device 74 may output various information including the determined distance information, direction information, and the like to the outside. The output devices 74 may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, among others.
Of course, for simplicity, only some of the components of the electronic device 70 relevant to the present disclosure are shown in fig. 7, omitting components such as buses, input/output interfaces, and the like. In addition, the electronic device 70 may include any other suitable components, depending on the particular application.
Exemplary computer program product and computer-readable storage Medium
In addition to the above-described methods and apparatus, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps in the generalized identification data transformation method according to various embodiments of the present disclosure described in the above-mentioned "exemplary methods" section of this specification.
The computer program product may write program code for carrying out operations for embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform the steps in the general identification data conversion method according to various embodiments of the present disclosure described in the "exemplary methods" section above in this specification.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The foregoing describes the general principles of the present disclosure in conjunction with specific embodiments, however, it is noted that the advantages, effects, etc. mentioned in the present disclosure are merely examples and are not limiting, and they should not be considered essential to the various embodiments of the present disclosure. Furthermore, the foregoing disclosure of specific details is for the purpose of illustration and description and is not intended to be limiting, since the disclosure is not intended to be limited to the specific details so described.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts in the embodiments are referred to each other. For the system embodiment, since it basically corresponds to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
The block diagrams of devices, apparatuses, systems referred to in this disclosure are only given as illustrative examples and are not intended to require or imply that the connections, arrangements, configurations, etc. must be made in the manner shown in the block diagrams. These devices, apparatuses, devices, systems may be connected, arranged, configured in any manner, as will be appreciated by those skilled in the art. Words such as "including," "comprising," "having," and the like are open-ended words that mean "including, but not limited to," and are used interchangeably therewith. The words "or" and "as used herein mean, and are used interchangeably with, the word" and/or, "unless the context clearly dictates otherwise. The word "such as" is used herein to mean, and is used interchangeably with, the phrase "such as but not limited to".
The method and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the apparatus, devices, and methods of the present disclosure, various components or steps may be broken down and/or re-combined. These decompositions and/or recombinations are to be considered equivalents of the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, the description is not intended to limit embodiments of the disclosure to the form disclosed herein. While a number of example aspects and embodiments have been discussed above, those of skill in the art will recognize certain variations, modifications, alterations, additions and sub-combinations thereof.
Claims (10)
1. A universal identification data conversion method is applied to a third-party server side, and comprises the following steps:
receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first timestamp corresponding to the private key request;
based on a first public key corresponding to the first private key, performing encryption and anti-counterfeiting packaging processing on identification data in the original data end through the original data end to obtain packaged data;
sending a second private key and a second timestamp to a client according to a second private key request received from the client;
determining whether the client has data parsing permission based on the second private key, the second timestamp, the first public key and the first timestamp; the method comprises the following steps: determining a relationship between the time difference and a key validity period based on the time difference between the second timestamp and the first timestamp, and determining whether the second private key is valid; responding to the validity of the second private key, and determining whether the client has data analysis permission according to whether the encryption attributes of the second private key and the first public key are matched; the encryption attribute comprises a corresponding relation between a private key and a public key; the encryption attribute also comprises that different private keys corresponding to a public key have different accessible data ranges for the data encrypted by the public key;
and in response to the fact that the client side has the data analysis permission, the packaged data are decrypted at the client side through the second private key, and the identification data are obtained.
2. The method of claim 1, wherein the encrypting and anti-counterfeit packaging processing is performed on the identification data in the original data end through the original data end based on a first public key corresponding to the first private key to obtain packaged data, and the method comprises:
determining the corresponding first public key based on the first private key;
sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data; wherein the encryption attribute comprises a correspondence between the first public key and the first private key;
and packaging the encrypted data, the encryption attribute and the anti-counterfeiting code information corresponding to the encrypted data to obtain the packaged data.
3. The method according to claim 2, wherein the sending the first public key to the original data end, and encrypting the identification data at the original data end through the first public key to obtain encrypted data and an encryption attribute corresponding to the encrypted data comprises:
sending the first public key to the original data end;
encrypting the identification data at the original data end through the first public key to obtain encrypted data;
and coding the corresponding relation between the first public key and the first private key based on a preset coding rule to obtain the encryption attribute.
4. The method of any of claims 1-3, wherein sending the second private key and the second timestamp to the client based on a second private key request received from the client comprises:
receiving a second private key request sent by the client;
determining a second private key corresponding to the second private key request according to the second private key request and pre-stored encryption attributes;
and determining the second time stamp according to the time point corresponding to the second private key.
5. The method according to any one of claims 1-3, wherein before sending the second private key and the second timestamp to the client according to the second private key request received from the client, further comprising:
sending the packaged data to the encryption database for storage;
and receiving an analysis request sent by the client through an identification analysis end, acquiring an identification service address based on the analysis request, and acquiring the packaging data from the encryption database based on the identification service address.
6. The method according to any one of claims 1-3, wherein said decrypting the encapsulated data with the second private key to obtain the identification data comprises:
processing the encapsulated data based on the data analysis authority to obtain encrypted data, and encryption attributes and anti-counterfeiting tracing information corresponding to the encrypted data;
determining a data range corresponding to the second private key based on the encryption attribute;
and decrypting the encrypted data based on the private key to obtain the identification data corresponding to the data range.
7. A universal identification data conversion device is applied to a third-party server side, and comprises:
the private key request module is used for receiving a registration request sent by an original data end, sending a first private key request to an encryption database according to the registration request, and receiving a first private key and a first time stamp corresponding to the private key request;
the data encapsulation module is used for carrying out encryption and anti-counterfeiting encapsulation processing on the identification data in the original data terminal based on a first public key corresponding to the first private key to obtain encapsulated data;
the private key sending module is used for sending a second private key and a second timestamp to the client according to a second private key request received from the client;
the authority determining module is used for determining whether the client has data analysis authority or not based on the second private key, the second timestamp, the first public key and the first timestamp; the second private key generation module is specifically configured to determine, based on a time difference between the second timestamp and the first timestamp, a relationship between the time difference and a key validity period, and determine whether the second private key is valid; responding to the validity of the second private key, and determining whether the client has a data analysis permission or not according to whether the encryption attributes of the second private key and the first public key are matched or not; wherein the encryption attribute comprises a corresponding relation between a private key and a public key; the encryption attribute also comprises that different private keys corresponding to one public key have different accessible data ranges for the data encrypted by the public key;
and the data conversion module is used for responding to the fact that the client side has the data analysis permission, and decrypting the encapsulated data through the second private key to obtain the identification data.
8. A universal identification data conversion system, comprising:
a third party server for executing the universal identification data conversion method of any one of claims 1-6;
the original data terminal is used for sending a registration request to the third-party server, receiving a first public key issued by the third-party server, encrypting and anti-counterfeiting packaging the identification data through the first public key to obtain packaged data, and sending the packaged data to an encryption database;
the encryption database is used for issuing a first private key to the third-party server according to a private key request sent by the third-party server and receiving the packaging data uploaded by the original data terminal;
the identification analysis end is used for receiving an analysis request sent by a client, acquiring an identification service address based on the analysis request and acquiring the packaging data from the encryption database based on the identification service address;
and the client is used for sending a second private key request to the third-party server, receiving a second private key and a second timestamp returned by the third-party server, sending an analysis request to the identifier analysis terminal, and receiving the encapsulation data fed back by the identifier analysis terminal.
9. A computer-readable storage medium, characterized in that the storage medium stores a computer program for executing the method for converting general identification data according to any one of claims 1 to 6.
10. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory for storing the processor-executable instructions;
the processor is used for reading the executable instruction from the memory and executing the instruction to realize the universal identification data conversion method of any one of the above claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210407217.9A CN114513370B (en) | 2022-04-19 | 2022-04-19 | Universal identification data conversion method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210407217.9A CN114513370B (en) | 2022-04-19 | 2022-04-19 | Universal identification data conversion method and device, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114513370A CN114513370A (en) | 2022-05-17 |
| CN114513370B true CN114513370B (en) | 2022-07-15 |
Family
ID=81554817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210407217.9A Active CN114513370B (en) | 2022-04-19 | 2022-04-19 | Universal identification data conversion method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114513370B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116366252B (en) * | 2023-03-17 | 2024-01-30 | 北京信源电子信息技术有限公司 | DOA-based data protection method for handle identification analysis technology |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105072180A (en) * | 2015-08-06 | 2015-11-18 | 武汉科技大学 | Cloud storage data security sharing method with permission time control |
| CN107864157A (en) * | 2017-12-19 | 2018-03-30 | 苗放 | Protecting data encryption and ownership mandate decryption application process and system based on ownership |
| CN110493347A (en) * | 2019-08-26 | 2019-11-22 | 重庆邮电大学 | Data access control method and system in large-scale cloud storage based on block chain |
| CN111163036A (en) * | 2018-11-07 | 2020-05-15 | 中移(苏州)软件技术有限公司 | Data sharing method, device, client, storage medium and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7174021B2 (en) * | 2002-06-28 | 2007-02-06 | Microsoft Corporation | Systems and methods for providing secure server key operations |
-
2022
- 2022-04-19 CN CN202210407217.9A patent/CN114513370B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105072180A (en) * | 2015-08-06 | 2015-11-18 | 武汉科技大学 | Cloud storage data security sharing method with permission time control |
| CN107864157A (en) * | 2017-12-19 | 2018-03-30 | 苗放 | Protecting data encryption and ownership mandate decryption application process and system based on ownership |
| CN111163036A (en) * | 2018-11-07 | 2020-05-15 | 中移(苏州)软件技术有限公司 | Data sharing method, device, client, storage medium and system |
| CN110493347A (en) * | 2019-08-26 | 2019-11-22 | 重庆邮电大学 | Data access control method and system in large-scale cloud storage based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| RSA加密在DNS安全中的应用;龚坚 等;《贵州大学学报(自然科学版)》;20050228;第22卷(第01期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114513370A (en) | 2022-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11991160B2 (en) | Systems and methods for providing secure services | |
| CN108665372B (en) | Information processing, inquiring and storing method and device based on block chain | |
| CN109918942B (en) | Decentralized identifier management system based on ether house block chain | |
| CN102082771B (en) | Service management middleware based on ESB (enterprise service bus) technology | |
| US11196561B2 (en) | Authorized data sharing using smart contracts | |
| CN110263579B (en) | Data processing method, system and related equipment | |
| CN114448732B (en) | Protection method, device, medium and equipment for identifying private data network transmission | |
| US20220261798A1 (en) | Computer-Implemented System and Method for Facilitating Transactions Associated with a Blockchain Using a Network Identifier for Participating Entities | |
| CN113612770A (en) | Cross-domain secure interaction method, system, terminal and storage medium | |
| CN114513370B (en) | Universal identification data conversion method and device, storage medium and electronic equipment | |
| CN111598695A (en) | Block chain data access method and device | |
| CN111031074B (en) | Authentication method, server and client | |
| US20220270085A1 (en) | Destination addressing associated with a distributed ledger | |
| WO2020212784A1 (en) | Destination addressing associated with a distributed ledger | |
| Ahmed et al. | Toward fine‐grained access control and privacy protection for video sharing in media convergence environment | |
| CN113542242B (en) | Equipment management method and equipment management device | |
| CN115982247B (en) | Block chain-based account information query method and device, equipment and medium | |
| CN115550061B (en) | Block chain-based data transmission method and device, electronic equipment and storage medium | |
| CN115514578B (en) | Block chain based data authorization method and device, electronic equipment and storage medium | |
| CN114826719A (en) | Trusted terminal authentication method, system, device and storage medium based on block chain | |
| US20220263818A1 (en) | Using a service worker to present a third-party cryptographic credential | |
| WO2023141876A1 (en) | Data transmission method, apparatus and system, electronic device, and readable medium | |
| Lee et al. | Resource centric security to protect customer energy information in the smart grid | |
| CN111817860B (en) | Communication authentication method, device, equipment and storage medium | |
| Su et al. | An Action‐Based Fine‐Grained Access Control Mechanism for Structured Documents and Its Application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |