CN115114634A - Key processing method and device, electronic equipment and readable storage medium - Google Patents

Key processing method and device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN115114634A
CN115114634A CN202110309427.XA CN202110309427A CN115114634A CN 115114634 A CN115114634 A CN 115114634A CN 202110309427 A CN202110309427 A CN 202110309427A CN 115114634 A CN115114634 A CN 115114634A
Authority
CN
China
Prior art keywords
digital information
wallet module
information list
key
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110309427.XA
Other languages
Chinese (zh)
Inventor
杨洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Shanghai ICT Co Ltd
CM Intelligent Mobility Network Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Shanghai ICT Co Ltd
CM Intelligent Mobility Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Shanghai ICT Co Ltd, CM Intelligent Mobility Network Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110309427.XA priority Critical patent/CN115114634A/en
Publication of CN115114634A publication Critical patent/CN115114634A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of block chains, and provides a key processing method, a device, an electronic device and a readable storage medium, wherein the key processing method is executed by a block chain system and comprises the following steps: the hot wallet module sends a key updating request to the cloud protection node under the condition of receiving the key updating request of the first user; the cloud protection node sends pre-stored first information of the first user to the hot wallet module. The hot wallet module acquires first information from the cloud protection node; the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module; the cold wallet module determines whether to update a key according to the first digital information list and the second digital information list. The problem that the existing secret key cannot be updated in time can be solved.

Description

Key processing method and device, electronic equipment and readable storage medium
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to a key processing method and apparatus, an electronic device, and a readable storage medium.
Background
The blockchain technology is a shared distributed database technology, and in the blockchain, a secret key is data which uniquely proves the identity of a user, so the safety of the secret key in the blockchain is very important. The key security implementation is mainly managed by two typical wallets, namely a hot wallet, which generally refers to a smart application developed by a company providing a blockchain digital asset secure storage solution to hold keys and capable of networking, and a cold wallet, which generally refers to an offline wallet developed by a company providing a blockchain digital asset secure storage solution. At present, a key generating mode of a non-networked cold wallet is single, and a key storage mode and key updating cannot meet the requirement of digital currency development. Therefore, the existing block chain key is fixed, and the flexibility is lower.
Disclosure of Invention
The invention provides a key processing method, a device, equipment and a readable storage medium, which aim to solve the problem that the existing key cannot be updated in time.
In order to solve the technical problem, the invention is realized as follows:
in a first aspect, the present invention provides a key processing method, which is performed by a blockchain system, where the blockchain system includes an electronic device and a cloud protection node, and the electronic device includes a cold wallet module and a hot wallet module, and the method includes:
the hot wallet module sends a key updating request to a cloud protection node under the condition of receiving the key updating request of a first user;
the cloud protection node receives a key updating request of a first user sent by a hot wallet module of the electronic equipment;
the cloud protection node sends pre-stored first information of the first user to the hot wallet module, and the first information comprises a first digital information list.
The hot wallet module acquires first information from a cloud protection node, wherein the first information comprises a first digital information list of the first user, which is pre-stored by the cloud protection node;
the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module;
the cold wallet module determines whether to update a key according to the first digital information list and the second digital information list.
In a second aspect, the present invention provides a key processing method, performed by an electronic device including a cold wallet module and a hot wallet module, comprising:
the method comprises the steps that a hot wallet module obtains a pre-stored first digital information list of a first user from a cloud protection node under the condition that a key updating request of the first user is received;
the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module;
the cold wallet module determines whether to update a key according to the first digital information list and the second digital information list.
In a third aspect, the present invention provides a key processing method, which is executed by a cloud protection node, and includes:
receiving a key updating request of a first user sent by a hot wallet module of electronic equipment;
sending pre-stored first information of the first user to the hot wallet module;
wherein the first information comprises a first list of digital information.
In a fourth aspect, the present invention provides a key processing apparatus, applied to a blockchain system, where the blockchain system includes an electronic device and a cloud protection node, the electronic device includes a cold wallet module and a hot wallet module, and the key processing apparatus includes: a first processor and a first transceiver, wherein:
the first processor to:
the hot wallet module sends a key updating request to a cloud protection node under the condition of receiving the key updating request of a first user;
the first transceiver to:
the cloud protection node receives a key updating request of a first user sent by a hot wallet module of the electronic equipment;
the cloud protection node sends pre-stored first information of the first user to the hot wallet module, and the first information comprises a first digital information list.
The first processor is further configured to:
the hot wallet module acquires first information from a cloud protection node, wherein the first information comprises a first digital information list of the first user, which is pre-stored by the cloud protection node;
the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module;
the cold wallet module determines whether to update a key according to the first digital information list and the second digital information list.
In a fifth aspect, the present invention provides a key processing apparatus applied to an electronic device including a cold wallet module and a hot wallet module, including:
a second processor to:
the method comprises the steps that a hot wallet module obtains a pre-stored first digital information list of a first user from a cloud protection node under the condition that a key updating request of the first user is received;
the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module;
and the cold wallet module determines whether to update the key according to the first digital information list and the second digital information list.
In a sixth aspect, the present invention provides a key processing apparatus, applied to a cloud protection node, including:
a second transceiver to:
receiving a key updating request of a first user sent by a hot wallet module of the electronic equipment;
sending pre-stored first information of the first user to the hot wallet module;
wherein the first information comprises a first list of digital information.
In a seventh aspect, the present invention provides an electronic device, including a memory, a processor, and a program or instructions stored on the memory and executable on the processor, where the program or instructions, when executed by the processor, implement the steps of the key processing method according to the first aspect, or implement the key processing method according to the second aspect, or implement the key processing method according to the third aspect.
In an eighth aspect, the present invention provides a readable storage medium on which a program or instructions are stored, which when executed by a processor implement the steps of the key processing method according to the first aspect, or implement the key processing method according to the second aspect, or implement the key processing method according to the third aspect.
In the invention, a hot wallet module sends a key updating request to a cloud protection node under the condition of receiving the key updating request of a first user; the method comprises the steps that a cloud protection node receives a key updating request of a first user sent by a hot wallet module of the electronic equipment; the cloud protection node sends pre-stored first information of a first user to the hot wallet module, and the first information comprises a first digital information list. The hot wallet module acquires first information from the cloud protection node, wherein the first information comprises a first digital information list of a first user, which is pre-stored by the cloud protection node; the cold wallet module generates a second digital information list and acquires a first digital information list from the hot wallet module; and the cold wallet module determines whether to update the key cloud protection node according to the first digital information list and the second digital information list. Therefore, the key of the invention can be updated based on the key updating request of the user, thereby improving the flexibility of key determination.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
FIG. 1 is a diagram of a system architecture in a blockchain provided by an embodiment of the present invention;
fig. 2 is a block diagram of a cold wallet module according to an embodiment of the present invention;
fig. 3 is a block diagram of a hot wallet module according to an embodiment of the present invention;
fig. 4 is a flowchart of a key processing method according to an embodiment of the present invention;
fig. 5 is a flow chart of a cold wallet module generating a key provided by an embodiment of the present invention;
fig. 6 is a diagram illustrating a cold wallet module generating a first merck tree hash value corresponding to a first list of digital information according to an embodiment of the present invention;
fig. 7 is a flowchart of another key processing method provided in an embodiment of the present invention;
fig. 8 is a flowchart of another key processing method provided in an embodiment of the present invention;
fig. 9 is a block diagram of a key processing apparatus according to an embodiment of the present invention;
fig. 10 is a block diagram of another key processing apparatus provided in an embodiment of the present invention;
fig. 11 is a block diagram of another key processing apparatus provided in an embodiment of the present invention;
fig. 12 is a schematic block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In blockchains, a key is data that uniquely proves the identity of a user. The user can confirm the transaction in the blockchain through the key, so the security of the key is very important. If the information of the user is changed in the using process, the key message corresponding to the user needs to be updated in time so as to prevent the situation that the key cannot be normally used due to the change of the information of the user. When a user loses a part of the originally used biometric information for authentication for some reason, for example, fingerprint information or face information changes, the key of the biometric information used for authentication at the last time cannot be generated any more, and therefore the key authenticated by the user needs to be updated to achieve the transfer of personal assets. However, at present, the key generation mode in the block chain is single, and the key storage mode and the key updating cannot meet the requirement of digital currency development. Based on this, the embodiment of the present application provides a key processing method.
It should be understood that the key processing method provided in the embodiments of the present application may be applied to, but is not limited to, a block chain.
For convenience of understanding, some contents related to the embodiments of the present application are described below:
in the block chain, the connection relationship among the hot wallet module, the cold wallet module, the third party authentication platform and the cloud protection node is shown in fig. 1.
In this embodiment, as shown in fig. 2, the cold wallet device mainly includes six modules, including a first main control module, a first security encryption module connected to the first main control module, a first display module, a first sensing module, a biological information acquisition module, and a data processing module. The first main control module is used for constructing transactions and signing during account transfer, and connecting main functions and information transmission of each module; the first display module is used for displaying the scanned image in the intelligent identification mode and user operation; the first induction module comprises an NFC module and an intelligent identification module and is mainly used for being connected with the hot wallet module to request and acquire information; the biological information acquisition module is used for acquiring static biological characteristics and dynamic biological characteristics by a user and then transmitting the information to the data processing module through the first main control module; the data processing module mainly processes the biological information into a temporary biological information byte data list (for example, a first digital information list); the first safety encryption module comprises a biological information safety encryption and decryption module and a key encryption and decryption module, wherein the biological information safety encryption module mainly processes a temporary biological information byte data list into a Merck tree root and encrypts the Merck tree root, and the key encryption and decryption module mainly processes encryption of a digital currency key and common encryption of the Merck tree root and the key.
In addition, as shown in fig. 3, the hot wallet module mainly includes six modules, including a second main control module, a communication module connected to the second main control module, a second display module, a second scanning induction module, an operation module, and a storage module. The second master control module is used for constructing transactions and signing during transfer, and is connected with and controls the communication of the internal modules of each hot wallet module; the communication module accesses the hot wallet module to the network to perform data interaction with the cloud data protection system, wherein the included communication interface is used for being in butt joint with a third party authentication center interface to perform data request and interaction; the second display module is used for displaying the scanned image in the intelligent identification mode and user operation; the second scanning induction module is used for acquiring transaction data in the form of a digital label in the cold wallet module in an intelligent identification mode; the operation module is used for acquiring the operation of the user; the storage module is used for storing the public key generated by the cold wallet module.
Referring to fig. 4, fig. 4 is a key processing method executed by a blockchain system according to an embodiment of the present invention, where the blockchain system includes an electronic device and a cloud protection node, the electronic device includes a cold wallet module and a hot wallet module, and the method includes:
step 401, the hot wallet module sends a key update request to the cloud protection node when receiving the key update request of the first user;
in the embodiment of the present application, the hot wallet module may be an intelligent application that is used to store the secret key and is capable of being networked, for example, a computer client, a mobile phone client, a website service, a dedicated device, a web wallet, and the like that are connected to a network. The cold wallet module may be an off-line wallet, for example, a computer client, a mobile phone client, a web service, a dedicated device, etc. that is not connected to a network. By way of example only, and not limitation, the hot or cold wallet module may alternatively be another type of device in other possible embodiments.
In this embodiment of the application, one implementation manner of the hot wallet module receiving the key update request may be that the hot wallet module displays a prompt message indicating whether the key update is required, and the first user inputs the key update request according to the prompt message. It is also understood that the first user actively enters the key update request through the hot wallet module. This is by way of example only and not by way of limitation.
In addition, in this embodiment of the application, the first digital information list of the first user, which is pre-stored by the cloud protection node, may be a first digital information list generated by the cold wallet module in a history manner, and it should be noted that the hot wallet module sends the first digital information list acquired from the cold wallet module to the cloud protection node, and the cloud protection node stores the first digital information list.
Note that, when the account of the user is having a contract executed, the electronic device does not update the key. Specifically, the hot wallet module verifies the execution condition of the contract of the account of the first user when receiving the key update request of the first user, and acquires a pre-stored first digital information list of the first user from the cloud protection node when waiting for the key update request to be sent to the cloud protection node after all the contracts are executed. In this way, it is possible to prevent a situation where the contract currently being executed cannot normally carry out a transaction because the key is changed.
Step 402, the cloud protection node receives a key updating request of a first user sent by a hot wallet module of the electronic device;
step 403, the cloud protection node sends pre-stored first information of the first user to the hot wallet module, wherein the first information includes a first digital information list.
Step 404, the hot wallet module acquires first information from the cloud protection node, wherein the first information comprises a first digital information list of a first user, which is pre-stored by the cloud protection node;
step 405, the cold wallet module generates a second digital information list and obtains a first digital information list from the hot wallet module;
since the cold wallet module is an offline wallet and the hot wallet module is a networked wallet, the cold wallet module needs to obtain the first digital information list from the hot wallet module.
In an embodiment of the present application, the first digital information list may refer to a digital information list historically generated by the cold wallet module, and the second digital information list may refer to a digital information list generated by the cold wallet module at the current time.
At step 406, the cold wallet module determines whether to update the key according to the first digital information list and the second digital information list.
Specifically, when the user corresponding to the second digital information list is the first user, it indicates that the same user is modifying the personal information, where the first digital information list is the personal information of the user before modification, and the second digital information list is the personal information used for verifying whether the current user is the first user in the modification process.
In the key processing method, the hot wallet module sends the key update request to the cloud protection node when receiving the key update request of the first user; the method comprises the steps that a cloud protection node receives a key updating request of a first user sent by a hot wallet module of the electronic equipment; the cloud protection node sends pre-stored first information of a first user to the hot wallet module, and the first information comprises a first digital information list. The hot wallet module acquires first information from the cloud protection node, wherein the first information comprises a first digital information list of a first user, which is pre-stored by the cloud protection node; the cold wallet module generates a second digital information list and acquires a first digital information list from the hot wallet module; and the cold wallet module determines whether to update the key cloud protection node according to the first digital information list and the second digital information list. Therefore, the key of the embodiment of the invention can be updated based on the key updating request of the user, thereby improving the flexibility of key determination.
In some possible embodiments, the cold wallet module determining whether to update the key based on the first list of digital information and the second list of digital information includes:
the cold wallet module determines whether a user corresponding to the second digital information list is a first user according to the first digital information list and the second digital information list;
under the condition that the user corresponding to the second digital information list is the first user, the cold wallet module generates a third digital information list corresponding to the first user, wherein the generation time of the third digital information list is later than that of the second digital information list;
the cold wallet module compares the second digital information list with the third digital information list to obtain a comparison result;
under the condition that the comparison result meets a first condition, the cold wallet module determines to update the key;
wherein the first condition comprises: the second and third digital information lists comprise the same j elements, j being a positive integer.
In this embodiment, the second digital information list may be personal information of the user generated by the cold wallet module during the key update process. The third digital information is personal information that the first user needs to update, and the cold wallet module may verify whether the user who is currently modifying the key is the first user according to the second digital information list.
Specifically, if the first digital information list is represented as X including various kinds of biometric information of the first user, for example, fingerprint information, face biometric information, motion biometric information, etc., the first digital information list X may be represented as X ═ X 1 ,x 2 ,x 3 ,…,x i }. Wherein x is i The ith biological information in the first digital information list is represented, and the value of i is 1, 2 ….
The hot wallet module acquires the first digital information list X from the cloud protection node and sends the first digital information list X to the cold wallet module.
The cold wallet module obtains the biometric information of the user who is currently modifying the key and generates a corresponding second digital information list. And then verifying whether the user corresponding to the second digital information list is the first user. When the verification is the first user, the modification operation is considered to be performed by the same user, and the subsequent entry of the personal information which needs to be updated by the user can be further executed after the verification is passed. For example, the generated second digital information list is X ', and the second digital information list X' satisfies X '═ { X' 1 ,x′ 2 ,x′ 3 ,…,x′ j J is greater than or equal to (i/2), the number of elements in the second digital information list X' is greater than or equal to half the number of elements in the first digital information list X. Wherein, x' j Represents the jth biological information in the second digital information list, and j has the value of 1, 2 …. In this embodiment, when the elements in the second digital information list X 'include more than half of the elements in the first digital information list X, the user corresponding to the second digital information list X' is regarded as the first user, and the authentication is passed.
Further, the cold wallet module generates a third digital information list X ", wherein the third digital information list satisfies X ″ ═ X ″ 1 ,x″ 2 ,x″ 3 …x″ k In which, x ″') k The k-th biological information in the third digital information list is shown, and the value of k is 1, 2 …. When there are j identical elements in the third list of digital information X' as in the second list of digital information XThe cold wallet module determines an update key. Therefore, personal information can be prevented from being tampered after the identity of the user is successfully verified, and the safety in the key updating process is guaranteed.
In particular, the cold wallet module generates a new key from the third list of digital information X ". Therefore, when the first user loses a part of information in the first digital information list which is originally used for authentication for some reasons, the key can be updated in time according to the third digital information list, and the safety of user information is ensured.
In the above embodiment, the cold wallet module compares the authentication with the first digital information list X through the second digital information list X' in the process of updating the key, so as to determine whether the authentication is the same user modified key. As an alternative embodiment, in other possible embodiments, it is also possible to compare whether the authentication is the same user-modified key directly with the third digital information list X ″. For example, when there are N identical elements in the third digital information list X ″ to the first digital information list X, where N is a positive integer, the cold wallet module verifies that the key is modified for the same user, and determines an updated key. The examples are given here only and are not limiting.
In some possible embodiments, before the hot wallet module sends the key update request to the cloud protection node when receiving the key update request of the first user, the method further includes:
the cold wallet module generates a first digital information list;
the cold wallet module generates a first Merck tree hash value corresponding to the first digital information list, and the first Merck tree hash value is used for verifying whether the first digital information list is tampered;
the hot wallet module sends the first digital information list and the first Merck tree hash value acquired from the cold wallet module to the cloud protection node.
In this embodiment, the steps of the cold wallet module generating the first list of digital information and generating the key based on the first list of digital information are as shown in fig. 5.
The cold wallet module obtains a biometric characteristic of the first user, wherein the biometric characteristic includes, but is not limited to, a fingerprint characteristic, a facial characteristic, or an action characteristic of the first user. The hot wallet module acquires real-name registration information of a user, the hot wallet module acquires the biological characteristics from the cold wallet module, then the hot wallet module encrypts the biological characteristics and the real-name registration information and transmits the encrypted biological characteristics and the real-name registration information to a third-party identity authentication platform through a network transmission secure channel so as to verify whether the biological characteristics acquired by the cold wallet module and the real-name registration information acquired by the hot wallet module are the same user information.
It should be noted that, in this embodiment, the third-party identity authentication platform may be connected to the hot wallet module as a third-party external interface. The third-party identity authentication platform should have the capability of real-name information verification. And after the hot wallet module sends an identity verification request to a third-party identity authentication platform through a secure transmission channel, performing real-name identity verification and verification whether the biological characteristics conform to the real-name identity of the user, and returning a judgment identification code to the hot wallet module according to a verification result. Under the condition that the identification code is judged to indicate that the biological characteristics and the real-name registration information are the same user, the hot wallet module continues to execute the subsequent steps, so that a more comprehensive safety system can be provided.
Further, the hot wallet module sends prompt information that the verification is passed to the cold wallet module, and the cold wallet module first acquires first biological information input by the user after receiving the prompt information, wherein the first biological information includes static biological information and dynamic biological information, and in this embodiment, the static biological information may be fingerprint information, palm print information, face information and iris information of the user; the dynamic biometric information may be behavior information and voice information of the user, including but not limited to blink, pan, nod of facial information, or a specific action of the user, and the like, which is only an example and not a limitation, the first biometric information may also be other types of information, and it is only necessary that the first biometric information includes a biometric characteristic used for verifying the identity information, but it is within the scope of the embodiments of the present application no matter how the first biometric information is changed.
The cold wallet module then converts the acquired first biometric information into corresponding digital biometric information, e.g., converting fingerprint information into digital biometric information x 1 Converting the face information into digital biological information x 2 … … and so on, a first digital information list X corresponding to the first biological information is formed, and X ═ X 1 ,x 2 ,x 3 ,…,x i }。
Further, the cold wallet module performs an exclusive or operation between every two elements in the first digital information list X to obtain a string of bytes Y. The present invention is not limited to this embodiment, and may alternatively perform an and operation between two elements in the first digital information list X in other possible embodiments.
The cold wallet module performs cryptology security verification on the byte Y, and here, the cryptology security verification can adopt the existing verification mode and is not described in detail. Under the condition that the security verification of the byte Y passes, the cold wallet module operates the byte Y by using a Hash Algorithm (SHA 256) to obtain a 256-bit character string, and when the 256-bit character string is smaller than a constant value defined by the order of an elliptic curve used by the bitcoin, the 256-bit character string is taken as a secret key and is regarded as successful in generating the secret key.
Further, the cold wallet module generates a public key corresponding to the key. The step of generating the public key is as follows. The cold wallet module performs elliptic curve transformation on the key to generate a 65-byte array, and converts the 65-byte array into a 16-system character string as a public key.
After the key and the public key are generated, as shown in fig. 6, the cold wallet module performs a merck Tree (merck Tree) hash algorithm operation on the generated first digital information list to form a first merck Tree hash value corresponding to the first digital information list, where in this embodiment, the first merck Tree hash value is used to verify whether the first digital information list is tampered. The cold wallet module stores the secret key and sends the public key, the first digital information list and the first Merck tree hash value to the hot wallet module, wherein information transmission between the hot wallet module and the cold wallet module can be achieved through an intelligent identification mode or an NFC transmission mode. This is by way of example only and not by way of limitation.
The hot wallet module stores the public key and sends a first digital information list and a first Merck tree hash value acquired from the cold wallet module to the cloud protection node.
In this embodiment, the cloud protection node includes a plurality of server nodes, and when the cloud protection node receives the first digital information list and the first tach hash value, generates a second tach hash value corresponding to the first digital information list, and then determines whether the first tach hash value and the second tach hash value are the same, if the first tach hash value and the second tach hash value are the same, it indicates that the first digital information list is not tampered in the transmission process, and if the first tach hash value and the second tach hash value are not the same, it indicates that the first digital information list is tampered in the transmission process. And generating a storage field under the condition that the second Merck tree hash value is identical to the first Merck tree hash value, wherein the storage field comprises the first Merck tree hash value, the first digital information list and the parameters of the server node. The parameter of the server node may be a confusion character carried by the server node, and the confusion character of each server node is different. During storage, the storage field may be stored in one server node, or may be stored in multiple server nodes, and specifically, the storage field is determined according to a storage space of a server node, which is not described herein again.
In some possible embodiments, in the case where the hot wallet module receives a key update request of the first user, the method further includes:
the hot wallet module acquires a first Merck tree hash value from the cloud protection node under the condition that a key updating request of a first user is received;
the cold wallet module generates a third Merck tree hash value corresponding to the first digital information list acquired from the hot wallet module;
the cold wallet module determines whether to update the key according to the first digital information list and the second digital information list, and comprises the following steps:
and under the condition that the third Merck tree hash value is the same as the first Merck tree hash value acquired from the hot wallet module, determining whether to update the key according to the first digital information list and the second digital information list.
It should be noted that, in the process of sending the first digital information list to the thermal wallet module by the cloud protection node, malicious tampering may be suffered, that is, the first digital information list sent by the cloud protection node to the thermal wallet module may be different from the first digital information list received by the thermal wallet module, and therefore, in this embodiment, the cold wallet module generates a third merck hash value corresponding to the first digital information list obtained from the thermal wallet module, compares the third merck hash value with the first merck hash value, and if the third merck hash value is the same as the first merck hash value, it is considered that the first digital information list is not tampered in the process of sending the first digital information list to the thermal wallet module by the cloud protection node. Referring to fig. 7, fig. 7 is a key processing method, executed by an electronic device including a cold wallet module and a hot wallet module, according to an embodiment of the present invention, and as shown in fig. 1, the method includes the following steps:
step 701, the hot wallet module obtains a pre-stored first digital information list of the first user from the cloud protection node under the condition that the key update request of the first user is received.
Step 702, the cold wallet module generates a second digital information list and obtains a first digital information list from the hot wallet module.
And step 703, the cold wallet module determines whether to update the key according to the first digital information list and the second digital information list.
In some possible embodiments, the cold wallet module determining whether to update the key based on the first digital information list and the second digital information list includes:
the cold wallet module generates a third digital information list, and the generation time of the third digital information list is earlier than that of the second digital information list;
the cold wallet module determines whether a user corresponding to the third digital information list is the first user according to the first digital information list and the third digital information list;
under the condition that the user corresponding to the third digital information list is the first user, the cold wallet module compares the second digital information list with the third digital information list to obtain a comparison result;
in the case that the comparison result satisfies a first condition, the cold wallet module determines to update the key;
wherein the first condition comprises:
the second and third digital information lists comprise the same j elements, j being a positive integer.
In some possible embodiments, before the hot wallet module obtains the first pre-stored digital information list of the first user from the cloud protection node when receiving the key update request of the first user, the method further includes:
the cold wallet module generates a first digital information list;
the cold wallet module generates a first Merck tree hash value corresponding to the first digital information list, wherein the first Merck tree hash value is used for verifying whether the first digital information list is tampered;
the hot wallet module sends the first digital information list and the first Merck tree hash value acquired from the cold wallet module to the cloud protection node.
In some possible embodiments, in the case that the hot wallet module receives a key update request from the first user, the key processing method further includes:
the hot wallet module acquires a first Merck tree hash value from a cloud protection node under the condition that a key updating request of a first user is received;
the cold wallet module generates a third Merck tree hash value corresponding to the first digital information list acquired from the hot wallet module;
in the above step, the cold wallet determining whether to update the key according to the first digital information list and the second digital information list includes:
and under the condition that the third Merck tree hash value is the same as the first Merck tree hash value acquired from the hot wallet module, determining whether to update the key according to the first digital information list and the second digital information list.
Optionally, the cold wallet module generates a first list of digital information comprising:
the cold wallet module acquires biological information of a first user, wherein the biological information comprises static biological information and dynamic biological information, and the static biological information and the dynamic biological information are different types of biological information of the first user;
the cold wallet module converts the static biological information into first digital biological information and converts the dynamic biological information into second digital biological information;
the cold wallet module generates the first digital information list according to the first digital biological information and the second digital biological information.
Optionally, the cold wallet module comprises a first sensing sub-module, the hot wallet module comprises a second sensing sub-module, and the cold wallet module and the hot wallet module perform information transmission based on the first sensing sub-module and the second sensing sub-module.
It should be noted that, this embodiment is implemented as an electronic device corresponding to the method embodiment, and therefore, reference may be made to the relevant description in the method embodiment, and the same beneficial effects may be achieved. To avoid repetition of the description, the description is omitted.
Referring to fig. 8, an embodiment of the present application further provides a key processing method, executed by a cloud protection node, including:
step 801, receiving a key updating request of a first user sent by a hot wallet module of an electronic device;
step 802, sending pre-stored first information of a first user to a hot wallet module;
wherein the first information comprises a first list of digital information. In some possible embodiments, before receiving a key update request of the first user sent by a hot wallet module of the electronic device, the key processing method further includes:
receiving a first digital information list and a first Merck tree hash value sent by a hot wallet module, wherein the first Merck tree hash value is used for verifying whether the first digital information list is tampered;
generating a second Merck tree hash value corresponding to the first digital information list;
and under the condition that the second Merck tree hash value is the same as the first Merck tree hash value, generating a storage field according to the first Merck tree hash value, the first digital information list and parameters of a server node of the cloud protection node.
In some possible embodiments, after receiving the key update request of the first user sent by the hot wallet module of the electronic device, and before sending the pre-stored first digital information list of the first user to the hot wallet module, the method further includes:
and acquiring a first digital information list according to the storage field.
In some possible embodiments, the first information further includes a first Merck tree hash value.
It should be noted that, the embodiment is implemented as the cloud protection node corresponding to the method embodiment, so that reference may be made to the relevant description in the method embodiment, and the same beneficial effects may be achieved. To avoid repetition of the description, the description is omitted.
See fig. 9. Fig. 9 is a key processing apparatus 900 according to this embodiment, which is applied to a blockchain system, where the blockchain system includes an electronic device and a cloud protection node, the electronic device includes a cold wallet module and a hot wallet module, and the key processing apparatus includes: a first processor and a first transceiver, wherein:
the first processor 901 is configured to:
the hot wallet module sends a key updating request to a cloud protection node under the condition that the key updating request of a first user is received;
the first transceiver 902 is configured to:
the cloud protection node receives a key updating request of a first user sent by a hot wallet module of the electronic equipment;
the cloud protection node sends pre-stored first information of the first user to the hot wallet module, and the first information comprises a first digital information list.
The first processor 901 is further configured to:
the hot wallet module acquires first information from a cloud protection node, wherein the first information comprises a first digital information list of the first user, which is pre-stored by the cloud protection node;
the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module;
the cold wallet module determines whether to update a key according to the first digital information list and the second digital information list.
The key processing apparatus 900 described above can implement various embodiments of the key processing method shown in fig. 1 to 6, and therefore, reference can be made to the related descriptions in the above method embodiments, and the same advantageous effects can be achieved. To avoid repetition of the description, the description is omitted.
See fig. 10. Fig. 10 is a key processing apparatus 1000 provided in this embodiment, which is applied to an electronic device including a cold wallet module and a hot wallet module, and includes:
a second processor 1001 configured to:
the method comprises the steps that a hot wallet module obtains a pre-stored first digital information list of a first user from a cloud protection node under the condition that a key updating request of the first user is received;
the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module;
the cold wallet module determines whether to update a key according to the first digital information list and the second digital information list.
The key processing apparatus described above can implement the embodiments of the key processing method shown in fig. 7, and therefore, reference can be made to the relevant description in the above method embodiment, and the same advantageous effects can be achieved. To avoid repetition of the description, the description is omitted.
Referring to fig. 11, an embodiment of the present application further provides a key processing apparatus 1100, applied to a cloud protection node, including:
a first transceiver 1101 for:
receiving a key updating request of a first user sent by a hot wallet module of electronic equipment;
sending pre-stored first information of the first user to the hot wallet module;
wherein the first information comprises a first list of digital information.
The key processing apparatus described above can implement various embodiments of the key processing method shown in fig. 8, so that reference can be made to the relevant description in the above method embodiments, and the same beneficial effects can be achieved. To avoid repetition of the description, the description is omitted.
The key processing device in the embodiment of the present application may be a device, or may be a component, an integrated circuit, or a chip in a terminal. The device can be mobile electronic equipment or non-mobile electronic equipment. By way of example, the mobile electronic device may be a mobile phone, a tablet computer, a notebook computer, a palm top computer, a vehicle-mounted electronic device, a wearable device, an ultra-mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), and the like, and the non-mobile electronic device may be a server, a Network Attached Storage (NAS), a Personal Computer (PC), a Television (TV), a teller machine or a self-service machine, and the like, and the embodiments of the present application are not particularly limited.
Optionally, as shown in fig. 12, an electronic device 1200 is further provided in an embodiment of the present application, and includes a processor 1201, a memory 1202, and a program or an instruction stored in the memory 1202 and executable on the processor 1201, where the program or the instruction is executed by the processor 1201 to implement each process of the foregoing method embodiment, and can achieve the same technical effect, and no further description is provided here to avoid repetition.
It should be noted that the electronic device in the embodiment of the present application includes the mobile electronic device and the non-mobile electronic device described above.
An embodiment of the present application further provides a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or the instruction is executed by a processor, the program or the instruction implements each process of the method embodiment in fig. 1 to 6, or implements each process of the method embodiment in fig. 7, or implements each process of the method embodiment in fig. 8, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the particular illustrative embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but is intended to cover various modifications, equivalent arrangements, and equivalents thereof, which may be made by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (21)

1. A key processing method performed by a blockchain system, the blockchain system comprising an electronic device and a cloud protection node, the electronic device comprising a cold wallet module and a hot wallet module, the method comprising:
the hot wallet module sends a key updating request to a cloud protection node under the condition that the key updating request of a first user is received;
the cloud protection node receives a key updating request of a first user sent by a hot wallet module of the electronic equipment;
the cloud protection node sends pre-stored first information of the first user to the hot wallet module, wherein the first information comprises a first digital information list;
the hot wallet module acquires first information from a cloud protection node, wherein the first information comprises a first digital information list of the first user, which is pre-stored by the cloud protection node;
the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module;
the cold wallet module determines whether to update a key according to the first digital information list and the second digital information list.
2. The key processing method of claim 1, wherein the cold wallet module determining whether to update the key based on the first list of digital information and the second list of digital information comprises:
the cold wallet module determines whether a user corresponding to the second digital information list is the first user according to the first digital information list and the second digital information list;
when the user corresponding to the second digital information list is the first user, the cold wallet module generates a third digital information list corresponding to the first user, wherein the generation time of the third digital information list is later than that of the second digital information list;
the cold wallet module compares the second digital information list with the third digital information list to obtain a comparison result;
in the event that the comparison satisfies a first condition, the cold wallet module determines an update key;
wherein the first condition comprises: the second digital information list and the third digital information list comprise the same j elements, wherein j is a positive integer.
3. The key processing method of claim 1, wherein before the hotwallet module sends the key update request to a cloud protection node upon receiving the key update request of the first user, the method further comprises:
the cold wallet module generating the first list of digital information;
the cold wallet module generates a first Merck tree hash value corresponding to the first digital information list, wherein the first Merck tree hash value is used for verifying whether the first digital information list is tampered;
the hot wallet module sends the first digital information list and the first Merck tree hash value acquired from the cold wallet module to the cloud protection node.
4. The key processing method of claim 3, wherein the hot wallet module, upon receiving a key update request of a first user, further comprises:
the hot wallet module acquires the first Merck tree hash value from the cloud protection node under the condition that a key updating request of a first user is received;
the cold wallet module generates a third Merck tree hash value corresponding to the first list of digital information obtained from the hot wallet module;
the cold wallet module determining whether to update a key according to the first digital information list and the second digital information list, including:
and under the condition that the third Merck tree hash value is the same as the first Merck tree hash value acquired from the hot wallet module, determining whether to update the key according to the first digital information list and the second digital information list.
5. The key processing method of claim 1, wherein the cold wallet module generates a first list of digital information comprising:
the cold wallet module acquires biological information of a first user, wherein the biological information comprises static biological information and dynamic biological information, and the static biological information and the dynamic biological information are different types of biological information of the first user;
the cold wallet module converts the static biological information into first digital biological information and converts the dynamic biological information into second digital biological information;
the cold wallet module generates the first digital information list according to the first digital biological information and the second digital biological information.
6. The key processing method of claim 1, wherein the cold wallet module comprises a first sensing sub-module and the hot wallet module comprises a second sensing sub-module, and the cold wallet module and the hot wallet module perform information transmission based on the first sensing sub-module and the second sensing sub-module.
7. A key processing method performed by an electronic device including a cold wallet module and a hot wallet module, comprising:
the method comprises the steps that under the condition that a key updating request of a first user is received by a wallet warming module, first information is obtained from a cloud protection node, wherein the first information comprises a first digital information list of the first user, which is stored in the cloud protection node in advance;
the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module;
the cold wallet module determines whether to update a key according to the first digital information list and the second digital information list.
8. The key processing method of claim 7, wherein the cold wallet module determining whether to update the key based on the first list of digital information and the second list of digital information comprises:
the cold wallet module determines whether a user corresponding to the second digital information list is the first user according to the first digital information list and the second digital information list;
when the user corresponding to the second digital information list is the first user, the cold wallet module generates a third digital information list corresponding to the first user, wherein the generation time of the third digital information list is later than that of the second digital information list;
the cold wallet module compares the second digital information list with the third digital information list to obtain a comparison result;
in the event that the comparison satisfies a first condition, the cold wallet module determines an update key;
wherein the first condition comprises: the second digital information list and the third digital information list comprise the same j elements, wherein j is a positive integer.
9. The key processing method of claim 7, wherein before the hotwallet module obtains a first pre-stored digital information list of a first user from a cloud protection node when receiving a key update request of the first user, the method further comprises:
the cold wallet module generates the first digital information list;
the cold wallet module generates a first Merck tree hash value corresponding to the first digital information list, wherein the first Merck tree hash value is used for verifying whether the first digital information list is tampered;
the hot wallet module sends the first digital information list and the first Merck tree hash value acquired from the cold wallet module to the cloud protection node.
10. The key processing method of claim 9, wherein the hot wallet module, upon receiving a key update request of a first user, further comprises:
the hot wallet module acquires the first Merck tree hash value from a cloud protection node under the condition that a key updating request of a first user is received;
the cold wallet module generates a third Merck tree hash value corresponding to the first list of digital information obtained from the hot wallet module;
the cold wallet module determining whether to update a key according to the first digital information list and the second digital information list, including:
and under the condition that the third Merck tree hash value is the same as the first Merck tree hash value acquired from the hot wallet module, determining whether to update the key according to the first digital information list and the second digital information list.
11. The key processing method of claim 7, wherein the cold wallet module generates a first list of digital information comprising:
the cold wallet module acquires biological information of a first user, wherein the biological information comprises static biological information and dynamic biological information, and the static biological information and the dynamic biological information are different types of biological information of the first user;
the cold wallet module converts the static biological information into first digital biological information and converts the dynamic biological information into second digital biological information;
the cold wallet module generates the first digital information list according to the first digital biological information and the second digital biological information.
12. The key processing method of claim 7, wherein the cold wallet module comprises a first sensing sub-module and the hot wallet module comprises a second sensing sub-module, and the cold wallet module and the hot wallet module perform information transmission based on the first sensing sub-module and the second sensing sub-module.
13. A key processing method is executed by a cloud protection node, and is characterized by comprising the following steps:
receiving a key updating request of a first user sent by a hot wallet module of the electronic equipment;
sending pre-stored first information of the first user to the hot wallet module;
wherein the first information comprises a first list of digital information.
14. The key processing method according to claim 13, wherein before the receiving of the key update request of the first user sent by the hot wallet module of the electronic device, the method further comprises:
receiving the first digital information list and a first Merck tree hash value sent by the hot wallet module, wherein the first Merck tree hash value is used for verifying whether the first digital information list is tampered;
generating a second Merck tree hash value corresponding to the first digital information list;
and under the condition that the second Merck tree hash value is the same as the first Merck tree hash value, generating a storage field according to the first Merck tree hash value, the first digital information list and parameters of a server node of the cloud protection node.
15. The key processing method according to claim 14, wherein after receiving a key update request of a first user sent by a hot wallet module of an electronic device, and before sending a pre-stored first digital information list of the first user to the hot wallet module, the method further comprises:
and acquiring the first digital information list according to the storage field.
16. The key processing method of claim 13, wherein the first information further comprises a first merck tree hash value.
17. A key processing device is applied to a blockchain system, the blockchain system comprises an electronic device and a cloud protection node, the electronic device comprises a cold wallet module and a hot wallet module, and the key processing device comprises: a first processor and a first transceiver, wherein:
the first processor to:
the hot wallet module sends a key updating request to a cloud protection node under the condition that the key updating request of a first user is received;
the first transceiver to:
the cloud protection node receives a key updating request of a first user sent by a hot wallet module of the electronic equipment;
the cloud protection node sends pre-stored first information of the first user to the hot wallet module, wherein the first information comprises a first digital information list;
the first processor is further configured to:
the hot wallet module acquires first information from a cloud protection node, wherein the first information comprises a first digital information list of the first user, which is pre-stored by the cloud protection node;
the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module;
the cold wallet module determines whether to update a key according to the first digital information list and the second digital information list.
18. A key processing apparatus applied to an electronic device including a cold wallet module and a hot wallet module, comprising:
a second processor to:
the method comprises the steps that a hot wallet module obtains a pre-stored first digital information list of a first user from a cloud protection node under the condition that a key updating request of the first user is received;
the cold wallet module generates a second digital information list and acquires the first digital information list from the hot wallet module;
and the cold wallet module determines whether to update the key according to the first digital information list and the second digital information list.
19. The utility model provides a key processing apparatus, is applied to high in the clouds protection node, its characterized in that includes:
a second transceiver to:
receiving a key updating request of a first user sent by a hot wallet module of electronic equipment;
sending pre-stored first information of the first user to the hot wallet module;
wherein the first information comprises a first list of digital information.
20. An electronic device comprising a memory, a processor, and a program or instructions stored on the memory and executable on the processor, the program or instructions, when executed by the processor, implementing the steps of the key processing method of any one of claims 1 to 6, or implementing the steps of the key processing method of any one of claims 7 to 12, or implementing the steps of the key processing method of any one of claims 13 to 16.
21. A readable storage medium, on which a program or instructions are stored, which, when executed by a processor, carry out the steps of the key processing method according to any one of claims 1 to 6, or carry out the steps of the key processing method according to any one of claims 7 to 12, or carry out the steps of the key processing method according to any one of claims 13 to 16.
CN202110309427.XA 2021-03-23 2021-03-23 Key processing method and device, electronic equipment and readable storage medium Pending CN115114634A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110309427.XA CN115114634A (en) 2021-03-23 2021-03-23 Key processing method and device, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110309427.XA CN115114634A (en) 2021-03-23 2021-03-23 Key processing method and device, electronic equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN115114634A true CN115114634A (en) 2022-09-27

Family

ID=83324127

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110309427.XA Pending CN115114634A (en) 2021-03-23 2021-03-23 Key processing method and device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN115114634A (en)

Similar Documents

Publication Publication Date Title
ES2818199T3 (en) Security verification method based on a biometric characteristic, a client terminal and a server
CN107925581B (en) Biometric authentication system and authentication server
US20180234410A1 (en) Apparatus and method for implementing composite authenticators
CN110519297B (en) Data processing method and device based on block chain private key
US11811754B2 (en) Authenticating devices via tokens and verification computing devices
CN110601853A (en) Block chain private key generation method and equipment
CN112926092A (en) Privacy-protecting identity information storage and identity authentication method and device
CN110362357A (en) A kind of configuration file management method and device of application program
CN110569658A (en) User information processing method and device based on block chain network, electronic equipment and storage medium
CN111130798B (en) Request authentication method and related equipment
CN111835526B (en) Method and system for generating anonymous credential
KR102274285B1 (en) An OTP security management method by using dynamic shared secret distribution algorithm
CN110224812A (en) A kind of method and equipment that the electronic signature mobile client calculated based on Secure is communicated with Collaboration Server
US20150244695A1 (en) Network authentication method for secure user identity verification
CN109660534B (en) Multi-merchant-based security authentication method and device, electronic equipment and storage medium
US11985125B2 (en) Biometrically-enhanced verifiable credentials
CN110597836A (en) Information query request response method and device based on block chain network
US7853793B2 (en) Trusted signature with key access permissions
CN108574658B (en) Application login method and device
US20240013198A1 (en) Validate digital ownerships in immutable databases via physical devices
CN113205342A (en) User identity authentication method and device based on multi-terminal payment
CN117370952A (en) Multi-node identity verification method and device based on block chain
CN114362965B (en) Resource processing method and device, electronic equipment and storage medium
JP4749017B2 (en) Pseudo biometric authentication system and pseudo biometric authentication method
CN115550002A (en) TEE-based intelligent home remote control method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination