CN115529184A

CN115529184A - Message verification method and device, electronic equipment and storage medium

Info

Publication number: CN115529184A
Application number: CN202211193789.8A
Authority: CN
Inventors: 陆韦霖; 刘东鑫; 金华敏; 汪来富
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2022-09-28
Filing date: 2022-09-28
Publication date: 2022-12-27

Abstract

The disclosure provides a message verification method, a message verification device, electronic equipment and a storage medium, and relates to the technical field of information security. The message verification method comprises the following steps: acquiring a plaintext response message, wherein the plaintext response message is response strategy or operation information for solving a certain event; calculating a plaintext response message by using a Hash algorithm to obtain a first message abstract; encrypting the first message digest by using a private key to obtain a digital signature; and sending the plaintext response message and the digital signature to the message receiving equipment so that the message receiving equipment can verify whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature. The method and the device send the plaintext response message processed by the Hash algorithm and the private key and the plaintext response message to the message receiving equipment for verification so as to determine whether both communication parties are credible and verify the security of the transmission environment of the plaintext response message.

Description

Message verification method and device, electronic equipment and storage medium

Technical Field

The present disclosure relates to the field of information security technologies, and in particular, to a method and an apparatus for message authentication, an electronic device, and a storage medium.

Background

MDR (Managed Detection and Response), which hosts Detection and Response, has the capability of remote delivery by modern security operation centers, focuses on accurate Detection, investigation analysis and active containment of events, aiming to reduce the time between threat discovery and threat Response by continuing operations.

Such security as a service (SaaS) products allow companies to access external analysts, who have expertise in all XDR (eXtended Detection and Response) functions, continuously and efficiently receive alarm events and determine event priorities, perform hunting for unknown threats, analyze operation gray level rules, etc., and provide 24 × 7 hour threat monitoring Detection and lightweight Response services to customers using various technical combinations. However, after the introduction of the hosted detection and response service, trust issues between third parties and the DR must arise.

Based on this, how to verify the trusted transmission of messages between a third party and a DR (Detection and Response) system becomes a technical problem which needs to be solved urgently.

It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.

Disclosure of Invention

The present disclosure provides a message verification method, apparatus, electronic device and storage medium, which at least to some extent overcome the problem in the related art that the problem of verifying the trusted transmission of messages between a third party and a DR system cannot be solved.

Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.

According to one aspect of the present disclosure, there is provided a message authentication method applied to a message sending device, including: acquiring a plaintext response message, wherein the plaintext response message is response strategy or operation information for solving a certain event; calculating the plaintext response message by using a Hash algorithm to obtain a first message abstract; carrying out private key encryption on the first message digest by using a private key to obtain a digital signature; and sending the plaintext response message and the digital signature to a message receiving device, so that the message receiving device can verify whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

In an embodiment of the present disclosure, calculating the plaintext response message using a hash algorithm to obtain a first message digest includes: and calculating the plaintext response message by using a SHA-1 (Secure Hash Algorithm 1 ) Hash Algorithm to obtain a first message digest with preset digits.

In one embodiment of the present disclosure, the method further comprises: and storing the plaintext response message sent to the message receiving equipment within a preset time period into the same block in the block chain network.

According to another aspect of the present disclosure, there is provided a message authentication method applied to a message receiving apparatus, including: receiving a plaintext response message and a digital signature sent by message sending equipment, wherein the digital signature is obtained by the message sending equipment through carrying out private key encryption on a first message digest by using a private key, and the first message digest is obtained by the message sending equipment through calculating the plaintext response message by using a hash algorithm; and verifying whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

In one embodiment of the present disclosure, verifying whether the plaintext response message is tampered according to the plaintext response message and the digital signature includes: acquiring a Public Key from a Public Key Infrastructure (PKI); carrying out public key decryption on the digital signature by using the public key to obtain a second message digest; calculating the plaintext response message by using a Hash algorithm to obtain a third message abstract; and determining whether the plaintext response message is tampered according to the second message abstract and the third message abstract.

In one embodiment of the present disclosure, determining whether the plaintext response message is tampered according to the second message digest and the third message digest includes: judging whether the second message abstract and the third message abstract are consistent; if yes, determining that the plaintext response message is not tampered; if not, determining that the plaintext response message is tampered.

According to still another aspect of the present disclosure, there is provided a message authentication apparatus applied to a message sending device side, including: the message acquisition module is used for acquiring a plaintext response message, wherein the plaintext response message is a response strategy or operation information for solving a certain event; the hash calculation module is used for calculating the plaintext response message by using a hash algorithm to obtain a first message abstract; the private key encryption module is used for carrying out private key encryption on the first message digest by using a private key to obtain a digital signature; and the message sending module is used for sending the plaintext response message and the digital signature to the message receiving equipment so that the message receiving equipment can verify whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

In an embodiment of the disclosure, the hash calculation module is further configured to calculate the plaintext response message by using a SHA-1 hash algorithm, so as to obtain a first message digest with a preset number of bits.

In an embodiment of the present disclosure, the apparatus further includes a block chain storage module, where the block chain storage module is configured to store the plaintext response message sent to the message receiving device within a preset time period into the same block in a block chain network.

According to still another aspect of the present disclosure, there is provided another message authentication apparatus, applied to a message receiving device side, including: the message receiving module is used for receiving a plaintext response message and a digital signature sent by message sending equipment, wherein the digital signature is obtained by encrypting a first message digest by the message sending equipment by using a private key, and the first message digest is obtained by calculating the plaintext response message by the message sending equipment by using a Hash algorithm; and the message verification module is used for verifying whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

In an embodiment of the disclosure, the message verification module is further configured to obtain a public key from a public key infrastructure PKI; carrying out public key decryption on the digital signature by using the public key to obtain a second message digest; calculating the plaintext response message by using a Hash algorithm to obtain a third message abstract; and determining whether the plaintext response message is tampered according to the second message abstract and the third message abstract.

In an embodiment of the present disclosure, the message verification module is further configured to determine whether the second message digest and the third message digest are consistent; if yes, determining that the plaintext response message is not tampered; if not, determining that the plaintext response message is tampered.

According to still another aspect of the present disclosure, there is provided an electronic device including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the message authentication method described above via execution of the executable instructions.

According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the message authentication method described above.

The embodiment of the disclosure provides a message verification method, a message verification device, an electronic device and a storage medium, wherein the message verification method comprises the following steps: acquiring a plaintext response message, wherein the plaintext response message is response strategy or operation information for solving a certain event; calculating a plaintext response message by using a Hash algorithm to obtain a first message abstract; encrypting the first message digest by using a private key to obtain a digital signature; and sending the plaintext response message and the digital signature to the message receiving equipment so that the message receiving equipment can verify whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature. The method and the device send the plaintext response message processed by the Hash algorithm and the private key and the plaintext response message to the message receiving equipment for verification so as to determine whether both communication parties are credible and verify the security of the transmission environment of the plaintext response message.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.

Fig. 1 shows a schematic diagram of a communication system architecture in an embodiment of the present disclosure;

FIG. 2 is a flow chart illustrating a message authentication method in an embodiment of the present disclosure;

FIG. 3 is a schematic diagram illustrating a message authentication method according to an embodiment of the disclosure;

FIG. 4 is a flow diagram illustrating another message authentication method in an embodiment of the present disclosure;

FIG. 5 is a flow diagram illustrating another message authentication method in an embodiment of the present disclosure;

FIG. 6 is a schematic diagram illustrating another message authentication method in an embodiment of the present disclosure;

FIG. 7 is a schematic diagram of a message authentication device in an embodiment of the disclosure;

FIG. 8 is a schematic diagram of another message authentication device in an embodiment of the present disclosure;

fig. 9 shows a block diagram of an electronic device in an embodiment of the present disclosure.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.

Currently, many DR-class products offer solutions for enterprises with multiple different analysts and consoles than traditional security industry initiative products. With XDR or EDR (Endpoint Detection and Response), enterprises expect to eliminate inefficiencies by aggregating all consoles and putting all content (including intrusion information) in one place. However, many DR products are designed to be very high and low, and are difficult to use by general users, because many DR products are just the detection results and require manual intervention to respond. The reality is that many organizations do not have the manpower or professional knowledge to build EDR or XDR themselves, and how can XDR projects be used truly and effectively if users do not have professional security analysts or teams? Thus, while addressing the problem of talent shortages, businesses are gradually selecting another solution: and (4) MDR.

As mentioned in the background, the prior art, after introducing the hosted detection and response service, has tended to introduce trust issues between third parties and the DR.

Based on this, the present disclosure provides a message verification method, an apparatus, an electronic device, and a storage medium, where a plaintext response message processed by a hash algorithm and a private key is sent to a message receiving device together with the plaintext response message for verification, so as to determine whether both communication parties are trusted, and simultaneously, verify the security of a transmission environment of the plaintext response message.

The method establishes a model of a message authentication system for data such as response strategy content, safety operation cloud expert (third party) responsible persons, roles, serial numbers, operation time, digital signatures and the like, and ensures that transmitted response information is intentionally and unintentionally tampered by authenticating related information such as response strategy content (namely integrity authentication), source and destination authentication (namely identity authentication) of the response information, serial numbers and operation time authentication of the response information and the like.

The block chain is characterized by being transparent and hard to tamper, response messages transmitted each time are automatically linked, and a traceable operation record is formed. The aim of preventing the sender from denying the response operation and preventing the receiver from denying the operation information after receiving the operation information ensures the mutual operation trust of both sides of the MDR entrustment.

To facilitate understanding, the following first explains several terms referred to in the present disclosure:

MDR services, which are an outsourcing service, are used to monitor malicious activity in the network. MDR provides an active threat search to eliminate intrusions, data leaks, and malware before an attacker launches an attack. It combines analysis and human expertise to detect and eliminate threats in the network. The standard ranges for MDR security include:

threat detection: data is continuously monitored and alarms are filtered for analysis.

Threat analysis: potential threats are examined to discover their source, scope and risk level.

And (3) event response: notifying the customer of the problem and eliminating the threat.

In addition, the MDR also makes full use of the deployed terminal, boundary, flow and other protective equipment at the client side, and provides faster and comprehensive threat monitoring, detection and response services for the client through behavior analysis, flow analysis, threat intelligence and combination with multi-level experts.

Fig. 1 shows a schematic diagram of an exemplary system architecture of a message authentication method or a message authentication apparatus that may be applied to embodiments of the present disclosure.

As shown in fig. 1, the system architecture 100 may include

terminal devices

101, 102, 103, a network 104, and a server 105.

The medium of the network 104 for providing communication links between the

terminal devices

101, 102, 103 and the server 105 may be a wired network or a wireless network.

Optionally, the wireless or wired networks described above use standard communication techniques and/or protocols. The Network is typically the Internet, but may be any Network including, but not limited to, a Local Area Network (LAN), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a mobile, wireline or wireless Network, a private Network, or any combination of virtual private networks. In some embodiments, data exchanged over a network is represented using techniques and/or formats including HyperText Mark-up Language (HTML), extensible Mark-up Language (XML), and the like. All or some of the links may also be encrypted using conventional encryption techniques such as Secure Socket Layer (SSL), transport Layer Security (TLS), virtual Private Network (VPN), internet protocol Security (IPsec). In other embodiments, custom and/or dedicated data communication techniques may also be used in place of, or in addition to, the data communication techniques described above.

The

terminal devices

101, 102, 103 may be various electronic devices including, but not limited to, smart phones, tablets, laptop portable computers, desktop computers, wearable devices, augmented reality devices, virtual reality devices, and the like.

Optionally, the clients of the applications installed in the different

terminal devices

101, 102, 103 are the same, or clients of the same type of application based on different operating systems. The specific form of the application client may also be different based on different terminal platforms, for example, the application client may be a mobile phone client, a PC client, or the like.

The server 105 may be a server that provides various services, such as a background management server that supports devices operated by users using the

terminal apparatuses

101, 102, 103. The background management server can analyze and process the received data such as the request and feed back the processing result to the terminal equipment.

Optionally, the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform, and the like. The terminal may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.

Those skilled in the art will appreciate that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative, and that there may be any number of terminal devices, networks, and servers, as desired. The embodiments of the present disclosure are not limited thereto.

The present exemplary embodiment will be described in detail below with reference to the drawings and examples.

First, a message authentication method is provided in the embodiments of the present disclosure, and the method may be executed by the system disclosed in fig. 1, or executed by a message sending device, or executed by any electronic device with computing processing capability.

Fig. 2 shows a flowchart of a message verification method in an embodiment of the present disclosure, and as shown in fig. 2, the message verification method provided in the embodiment of the present disclosure includes the following steps:

s202, plaintext response information is obtained, wherein the plaintext response information is response strategy or operation information for solving a certain event;

it should be noted that, when the plaintext response message is the MDR service-related processing operation information, the plaintext response message may include information such as response policy content, security operation cloud expert information, a role, a serial number, operation time, and a digital signature; the message sending device may be a third party terminal device or system other than the MDR system and the DR system.

In an embodiment of the present disclosure, the message sending device may obtain the plaintext response message from a third-party security operation cloud server of the MDR system, where the security operation cloud server is connected to a plurality of security operation cloud experts or terminal devices of responsible persons, and the security operation experts or responsible persons may upload the plaintext response message to the security operation cloud server, so that the message sending device collects and obtains the plaintext response message from the security operation cloud server. The terminal device of the security operation specialist or the responsible person may monitor the event generated by the DR system in real time and determine the content of the response policy for solving the event according to the event generated by the DR system.

S204, calculating a plaintext response message by using a Hash algorithm to obtain a first message abstract;

it should be noted that the hash algorithm is also referred to as a message digest algorithm, and the hash algorithm may be one of the hash algorithms provided by MD5, SHA-1, SHA-256, SHA-512, a third-party open source library, and the HMac algorithm based on the hash algorithm.

In an embodiment of the present disclosure, calculating a plaintext response message using a hash algorithm to obtain a first message digest includes: and calculating the plaintext response message by using an SHA-1 Hash algorithm to obtain a first message abstract with preset digits.

It should be noted that the predetermined number of bits may be any number, such as 160 fixed bits.

SHA-1 is a secure hash algorithm, and is also a check algorithm, and can be used for checking the integrity of files. SHA-1 can process the original message length not exceeding the power of 64 of 2, and SHA-1 generates a 160-bit (20 byte) message digest. The SHA1 algorithm is simple and compact, and is easy to implement on a computer. Here, the SHA-1 hash algorithm may be used to perform hash calculation on the plaintext response message, so as to obtain a short hash value with a fixed bit number of 160 bits, which may also be referred to as an information digest or an information authentication code, and the hash value is the first message digest. Because the one-way hash function has stronger one-way property in the process of generating the hash value, the method and the device can perform hash calculation on the plaintext response message according to the hash algorithm, and can ensure the safety of the plaintext response message in the transmission process.

S206, encrypting the first message digest by using a private key to obtain a digital signature;

it should be noted that the message sending device may encrypt the first message digest by using a locally stored private key to obtain a digital signature.

S208, the plaintext response message and the digital signature are sent to the message receiving equipment, so that the message receiving equipment can verify whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

It should be noted that the message receiving device may be a DR system or other terminal device for receiving messages, and the DR system may be one of an XDR system or an EDR system.

The message verification method provided by the embodiment of the disclosure comprises the following steps: acquiring a plaintext response message, wherein the plaintext response message is response strategy or operation information for solving a certain event; calculating a plaintext response message by using a Hash algorithm to obtain a first message abstract; carrying out private key encryption on the first message digest by using a private key to obtain a digital signature; and sending the plaintext response message and the digital signature to the message receiving equipment so that the message receiving equipment can verify whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature. The method and the device send the plaintext response message processed by the Hash algorithm and the private key and the plaintext response message to the message receiving equipment for verification so as to determine whether both communication parties are credible and verify the security of the transmission environment of the plaintext response message.

It should be noted that the preset time period can be freely set, and can be set in units of seconds, minutes or hours, such as 10 seconds, 15 minutes or 1 hour, etc.

In an embodiment of the present disclosure, a plurality of plaintext response messages sent by a message sending apparatus to a message receiving apparatus within a preset time period may be obtained, the plurality of plaintext response messages are placed as a set or group in a same target block, and the target block is uplink-added to the rear of the last block in a block chain network and sequentially connected. Here, the plurality of plaintext response messages in different time periods may be stored in the block in a group or set in sequence according to a sequence of the preset time periods, and may be connected in sequence.

Referring to fig. 3, each block includes a block header and a block body, where the block header is used to store header information of the block, and the header information includes a Hash value (prelash) of a previous block, a Hash value (Hash) of the block header, and a TimeStamp (TimeStamp), where the TimeStamp is a time when the block is generated; the block body is used for storing a plurality of plaintext response messages sent by the message sending equipment to the message receiving equipment within a preset time period, the plurality of plaintext response messages are aggregated into a block in each preset time period, and the generated block is subjected to cochain and so on. Each block contains the hash value of the previous block, so that if the information of one block is modified, the information of the next block cannot pass the verification of the next block, and the modified information is not approved, thereby ensuring that the information on the blockchain is not modified.

According to the method and the device, the plaintext response message sent by the message sending device to the message receiving device is stored in the block chain network, and the characteristic that the block chain is transparent in information and difficult to tamper is utilized to form a traceable operation record, so that the authenticity and reliability of the operation are ensured. The operation operations such as inquiry and the like are facilitated, the rejection of the operation by the message sending equipment is prevented, or the rejection of the receipt of the plaintext response message or the plaintext response message after the message receiving equipment receives the plaintext response message is avoided, and the operation credibility of the message sending party and the message receiving party is ensured.

In one embodiment of the present disclosure, process data generated by the plaintext response message in the message processing, message sending and message verification processes may also be obtained; process data generated by the plaintext response message in the processes of message processing, message sending and message verification is stored in the block chain network. In order to record all data of the plaintext response message from the processing phase to the verification phase.

The present disclosure also provides another message verification method, referring to another message verification method flowchart shown in fig. 4, the method may include:

402, receiving a plaintext response message and a digital signature sent by a message sending device, wherein the digital signature is obtained by the message sending device through private key encryption of a first message digest by using a private key, and the first message digest is obtained by the message sending device through calculation of the plaintext response message by using a hash algorithm;

s404, verifying whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

In one embodiment of the present disclosure, verifying whether a plaintext response message is tampered with based on the plaintext response message and the digital signature may be implemented by the steps disclosed in fig. 5, and referring to another message verification method flowchart shown in fig. 5, the steps may include:

s502, acquiring a public key from a Public Key Infrastructure (PKI);

s504, the public key is used for decrypting the digital signature to obtain a second message abstract;

s506, calculating a plaintext response message by using a Hash algorithm to obtain a third message abstract;

and S508, determining whether the plaintext response message is tampered or not according to the second message abstract and the third message abstract.

In one embodiment of the present disclosure, determining whether the plaintext response message is tampered according to the second message digest and the third message digest includes:

judging whether the second message abstract and the third message abstract are consistent;

if so, determining that the plaintext response message is not tampered;

if not, the plaintext response message is determined to have been tampered.

In an embodiment of the present disclosure, referring to another schematic diagram of a message verification method shown in fig. 6, after obtaining a plaintext response message, a message sending device calculates the plaintext response message by using a hash algorithm to obtain a first message digest, encrypts the first message digest by using a locally stored private key to obtain a digital signature, and sends the plaintext response message and the digital signature to a message receiving device.

After receiving the plaintext response message and the digital signature, the message receiving equipment decrypts the digital signature by using the public key to obtain a second message digest, calculates the plaintext response message by using a Hash algorithm to obtain a third message digest, judges whether the second message digest is consistent with the third message digest, determines that the plaintext response message is not tampered if the second message digest is consistent with the third message digest, and determines that the plaintext response message is tampered if the second message digest is not consistent with the third message digest.

Based on the same inventive concept, the embodiment of the present disclosure further provides a message verification apparatus, such as the following embodiments. Because the principle of the embodiment of the apparatus for solving the problem is similar to that of the embodiment of the method, the embodiment of the apparatus can be implemented by referring to the implementation of the embodiment of the method, and repeated details are not described again.

Fig. 7 shows a schematic diagram of a message authentication apparatus in an embodiment of the present disclosure, and as shown in fig. 7, the apparatus includes:

a message obtaining module 710, configured to obtain a plaintext response message, where the plaintext response message is a response policy or operation information for solving a certain event;

a hash calculation module 720, configured to calculate a plaintext response message by using a hash algorithm to obtain a first message digest;

the private key encryption module 730 is configured to perform private key encryption on the first message digest by using a private key to obtain a digital signature;

the message sending module 740 is configured to send the plaintext response message and the digital signature to the message receiving apparatus, so that the message receiving apparatus verifies whether the plaintext response message is tampered with according to the plaintext response message and the digital signature.

In an embodiment of the present disclosure, the hash calculation module 720 is further configured to calculate a plaintext response message by using a SHA-1 hash algorithm, so as to obtain a first message digest with a preset number of bits.

In an embodiment of the present disclosure, the apparatus further includes a block chain storage module, where the block chain storage module is configured to store the plaintext response message sent to the message receiving device within a preset time period into the same block in the block chain network.

Fig. 8 is a schematic diagram of another message authentication apparatus in the embodiment of the present disclosure, and as shown in fig. 8, the apparatus includes:

the message receiving module 810 is configured to receive a plaintext response message and a digital signature sent by the message sending device, where the digital signature is obtained by the message sending device encrypting the first message digest with a private key, and the first message digest is obtained by the message sending device calculating the plaintext response message with a hash algorithm;

and a message verifying module 820, configured to verify whether the plaintext response message is tampered with according to the plaintext response message and the digital signature.

In an embodiment of the disclosure, the message verification module 820 is further configured to obtain a public key from a public key infrastructure PKI; decrypting the digital signature by using the public key to obtain a second message digest; calculating a plaintext response message by using a Hash algorithm to obtain a third message abstract; and determining whether the plaintext response message is tampered or not according to the second message abstract and the third message abstract.

In an embodiment of the present disclosure, the message verification module 820 is further configured to determine whether the second message digest is identical to the third message digest; if so, determining that the plaintext response message is not tampered; if not, the plaintext response message is determined to have been tampered.

As will be appreciated by one skilled in the art, aspects of the present disclosure may be embodied as a system, method or program product. Accordingly, various aspects of the present disclosure may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.), or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.

An electronic device 900 according to this embodiment of the disclosure is described below with reference to fig. 9. The electronic device 900 shown in fig. 9 is only an example and should not bring any limitations to the functionality and scope of use of the embodiments of the present disclosure.

As shown in fig. 9, the electronic device 900 is embodied in the form of a general purpose computing device. Components of electronic device 900 may include, but are not limited to: the at least one processing unit 910, the at least one memory unit 920, and a bus 930 that couples various system components including the memory unit 920 and the processing unit 910.

Where the storage unit stores program code, which may be executed by the processing unit 910, to cause the processing unit 910 to perform the steps according to various exemplary embodiments of the present disclosure described in the above section "exemplary method" of this specification. For example, the processing unit 910 may perform the following steps of the above-described method embodiments: acquiring a plaintext response message, wherein the plaintext response message is response strategy or operation information for solving a certain event; calculating a plaintext response message by using a Hash algorithm to obtain a first message abstract; encrypting the first message digest by using a private key to obtain a digital signature; and sending the plaintext response message and the digital signature to the message receiving equipment so that the message receiving equipment can verify whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 910 is further configured to: and calculating the plaintext response message by using an SHA-1 Hash algorithm to obtain a first message abstract with preset digits.

In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 910 is further configured to: and storing the plaintext response message sent to the message receiving equipment within a preset time period into the same block in the block chain network.

In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 910 is further configured to: receiving a plaintext response message and a digital signature sent by message sending equipment, wherein the digital signature is obtained by the message sending equipment through carrying out private key encryption on a first message digest by using a private key, and the first message digest is obtained by the message sending equipment through calculating the plaintext response message by using a Hash algorithm; and verifying whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 910 is further configured to: acquiring a public key from a Public Key Infrastructure (PKI); decrypting the digital signature by using the public key to obtain a second message digest; calculating a plaintext response message by using a Hash algorithm to obtain a third message abstract; and determining whether the plaintext response message is tampered or not according to the second message abstract and the third message abstract.

In some embodiments, in the electronic device provided in the embodiments of the present disclosure, the processing unit 910 is further configured to: judging whether the second message abstract and the third message abstract are consistent; if so, determining that the plaintext response message is not tampered; if not, the plaintext response message is determined to have been tampered.

The storage unit 920 may include a readable medium in the form of a volatile storage unit, such as a random access storage unit (RAM) 9201 and/or a cache storage unit 9202, and may further include a read only storage unit (ROM) 9203.

Storage unit 920 may also include a program/utility 9204 having a set (at least one) of program modules 9205, such program modules 9205 including but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which or some combination thereof may comprise an implementation of a network environment.

Bus 930 can be any of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The electronic device 900 may also communicate with one or more external devices 940 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 900, and/or any device (e.g., router, modem, etc.) that enables the electronic device 900 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interface 950. Also, the electronic device 900 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet) via the network adapter 960. As shown, the network adapter 960 communicates with the other modules of the electronic device 900 via the bus 930. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 900, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.

In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium, which may be a readable signal medium or a readable storage medium. On which a program product capable of implementing the above-described method of the present disclosure is stored. In some possible embodiments, various aspects of the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to perform the steps according to various exemplary embodiments of the disclosure described in the above-mentioned "exemplary methods" section of this specification, when the program product is run on the terminal device. For example, when the computer program stored on the computer readable storage medium in the embodiment of the present disclosure is executed by the processor, the following steps of the following method can be realized: acquiring a plaintext response message, wherein the plaintext response message is response strategy or operation information for solving a certain event; calculating a plaintext response message by using a Hash algorithm to obtain a first message abstract; carrying out private key encryption on the first message digest by using a private key to obtain a digital signature; and sending the plaintext response message and the digital signature to the message receiving equipment so that the message receiving equipment can verify whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

In some embodiments, when the computer program stored on the computer readable storage medium is executed by the processor, the following steps of the following method can be realized: and calculating the plaintext response message by using an SHA-1 Hash algorithm to obtain a first message abstract with preset digits.

In some embodiments, when the computer program stored on the computer readable storage medium is executed by the processor, the following steps of the following method can be realized: and storing the plaintext response message sent to the message receiving equipment within a preset time period into the same block in the block chain network.

In some embodiments, when the computer program stored on the computer readable storage medium is executed by the processor in the embodiments of the disclosure, the following steps of the following method can be further implemented: receiving a plaintext response message and a digital signature sent by message sending equipment, wherein the digital signature is obtained by the message sending equipment through carrying out private key encryption on a first message digest by using a private key, and the first message digest is obtained by the message sending equipment through calculating the plaintext response message by using a Hash algorithm; and verifying whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

In some embodiments, when the computer program stored on the computer readable storage medium is executed by the processor in the embodiments of the disclosure, the following steps of the following method can be further implemented: acquiring a public key from a Public Key Infrastructure (PKI); decrypting the digital signature by using the public key to obtain a second message digest; calculating a plaintext response message by using a Hash algorithm to obtain a third message abstract; and determining whether the plaintext response message is tampered or not according to the second message abstract and the third message abstract.

In some embodiments, when the computer program stored on the computer readable storage medium is executed by the processor in the embodiments of the disclosure, the following steps of the following method can be further implemented: judging whether the second message abstract is consistent with the third message abstract or not; if so, determining that the plaintext response message is not tampered; if not, the plaintext response message is determined to have been tampered.

More specific examples of the computer-readable storage medium in the present disclosure may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

In the present disclosure, a computer readable storage medium may include a propagated data signal with readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Alternatively, program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

In particular implementations, program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.

Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that these steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken into multiple step executions, etc.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims

1. A message verification method is applied to a message sending device and comprises the following steps:

acquiring a plaintext response message, wherein the plaintext response message is response strategy or operation information for solving a certain event;

calculating the plaintext response message by using a Hash algorithm to obtain a first message abstract;

carrying out private key encryption on the first message digest by using a private key to obtain a digital signature;

and sending the plaintext response message and the digital signature to a message receiving device, so that the message receiving device can verify whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

2. The message verification method of claim 1, wherein computing the plaintext response message using a hashing algorithm to obtain a first message digest comprises:

and calculating the plaintext response message by using an SHA-1 Hash algorithm to obtain a first message abstract with a preset digit.

3. The message authentication method as claimed in claim 1, wherein the method further comprises:

and storing the plaintext response message sent to the message receiving equipment within a preset time period into the same block in the block chain network.

4. A message verification method is applied to a message receiving device and comprises the following steps:

receiving a plaintext response message and a digital signature sent by message sending equipment, wherein the digital signature is obtained by the message sending equipment through carrying out private key encryption on a first message digest by using a private key, and the first message digest is obtained by the message sending equipment through calculating the plaintext response message by using a hash algorithm;

and verifying whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

5. The message authentication method of claim 4, wherein the authenticating the plaintext response message based on the plaintext response message and the digital signature comprises:

acquiring a public key from a Public Key Infrastructure (PKI);

carrying out public key decryption on the digital signature by using the public key to obtain a second message abstract;

calculating the plaintext response message by using a Hash algorithm to obtain a third message abstract;

and determining whether the plaintext response message is tampered according to the second message abstract and the third message abstract.

6. The message verification method of claim 5, wherein determining whether the plaintext response message is tampered with based on the second message digest and the third message digest comprises:

if yes, determining that the plaintext response message is not tampered;

if not, determining that the plaintext response message is tampered.

7. A message authentication device, applied to a message sending device side, includes:

the message acquisition module is used for acquiring a plaintext response message, wherein the plaintext response message is a response strategy or operation information for solving a certain event;

the hash calculation module is used for calculating the plaintext response message by using a hash algorithm to obtain a first message abstract;

the private key encryption module is used for carrying out private key encryption on the first message digest by using a private key to obtain a digital signature;

and the message sending module is used for sending the plaintext response message and the digital signature to message receiving equipment so that the message receiving equipment can verify whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

8. A message authentication apparatus, applied to a message receiving device side, includes:

the message receiving module is used for receiving a plaintext response message and a digital signature sent by message sending equipment, wherein the digital signature is obtained by encrypting a first message digest by the message sending equipment by using a private key, and the first message digest is obtained by calculating the plaintext response message by the message sending equipment by using a Hash algorithm;

and the message verification module is used for verifying whether the plaintext response message is tampered or not according to the plaintext response message and the digital signature.

9. An electronic device, comprising:

a processor; and

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the message authentication method of any one of claims 1-6 via execution of the executable instructions.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the message authentication method of any one of claims 1 to 6.