CN115664700A - Data encryption method and data decryption method - Google Patents
Data encryption method and data decryption method Download PDFInfo
- Publication number
- CN115664700A CN115664700A CN202211104690.6A CN202211104690A CN115664700A CN 115664700 A CN115664700 A CN 115664700A CN 202211104690 A CN202211104690 A CN 202211104690A CN 115664700 A CN115664700 A CN 115664700A
- Authority
- CN
- China
- Prior art keywords
- user equipment
- distributed identity
- gateway
- gateway device
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a data encryption method and a data decryption method. In the data encryption method, a first gateway device at a first user device side acquires a first transmission key through a distributed identity server and a block chain, encrypts data to be transmitted by using the first transmission key to obtain transmission data and transmits the transmission data to a second user device, so that a second gateway device at the second user device side decrypts the transmission data by using a second transmission key, wherein the first transmission key and the second transmission key are symmetric keys. The invention integrates the block chain technology into the application scenes of the user equipment and the gateway equipment, and can greatly improve the safety of data transmission by utilizing the technical characteristics of decentralization and non-tampering of the block chain.
Description
Technical Field
The present invention relates to a block chain technology, and in particular, to a data encryption method and a data decryption method based on a block chain authentication technology.
Background
Currently, computer networks can be classified into centralized networks and distributed networks according to the working mode of the network.
In one aspect, the centralized network has a central node, the terminals of which are clients, and the data is stored in the central node (i.e., a host), and is managed by a database management system, so that the central node can be directly managed for security defense. The terminal is used for input and output only, does not do anything by itself, and all tasks are processed at the central node. The centralized network has the advantages of facilitating centralized management of data and the disadvantages of centralized management information on management nodes, crowded information flow and influence on the work of the whole network when the management nodes break down.
On the other hand, a distributed network is a computer network consisting of interconnected computer systems with independently functioning functions. The distributed network has the advantages of no central node, good expandability and capability of enhancing the processing capacity of the whole distributed system by increasing the number of servers. The distributed network is beneficial to data transmission, sharing, distribution and optimization, and solves the problems of unbalanced load, difficult resource sharing, fragile network structure and the like in the network. However, in the distributed network, the nodes join and exit frequently, and meanwhile, the distributed network does not have a strict authentication center (median feather node) as in the traditional centralized network structure, and the authentication of the nodes is complicated.
In recent years, with the development of computer communication technology and the wide application of network communication in the social and commercial fields, requirements of data security, data privacy, data transmission traceability, non-falsification and the like are increasingly emphasized by governments, banks, enterprises and public institutions. The block chain is used as a subversive internet technology, the technical characteristics of decentralization and non-tampering are very matched with scenes with high data confidentiality requirements, and the block chain technology is more and more widely applied to the field of data security.
Therefore, how to integrate the blockchain technology into the computer network becomes a technical problem to be solved by the present invention.
Disclosure of Invention
The present invention is directed to the integration of blockchain technology into the design of computer networks.
In order to achieve the above object, an object of the present invention is to provide a data encryption method, including:
the first user equipment obtains a second user equipment distributed identity of second user equipment;
the first user equipment inquires a second user equipment public key corresponding to the second user equipment distributed identity from the blockchain through a distributed identity server;
the first user equipment encrypts data to be transmitted for the first time by using the second user equipment public key to obtain first encrypted data and transmits the first encrypted data to first gateway equipment on the first user equipment side;
the first gateway device obtains a first transmission key, and uses the first transmission key to encrypt the first encrypted data for the second time to obtain transmission data and transmits the transmission data to the second user device, so that the second gateway device at the second user device side decrypts the transmission data by using a second transmission key, wherein the first transmission key and the second transmission key are symmetric keys,
wherein the blockchain stores the following information: a first user equipment distributed identity mark of the first user equipment, a first user equipment distributed identity mark document corresponding to the first user equipment distributed identity mark and a first user equipment public key; a first gateway device distributed identity identifier of the first gateway device, a first gateway device distributed identity identifier document corresponding to the first gateway device distributed identity identifier, and a first gateway device public key; a second user equipment distributed identity mark of the second user equipment, a second user equipment distributed identity mark document corresponding to the second user equipment distributed identity mark and a second user equipment public key; and a second gateway device distributed identity of the second gateway device, a second gateway device distributed identity document corresponding to the second gateway device distributed identity, and a second gateway device public key.
Preferably, the querying, by the first user equipment, a second user equipment public key corresponding to the second user equipment distributed identity from a blockchain via a distributed identity server includes:
the first user equipment uploads the second user equipment distributed identity to the block chain through the distributed identity server;
the block chain extracts a second user equipment distributed identity identification document corresponding to the received second user equipment distributed identity identification;
the block chain compares the second user equipment distributed identity identification document with a prestored hash value;
in the case that the second user equipment distributed identity document and the pre-stored hash value are consistent, the blockchain determines that the extracted second user equipment distributed identity document has not been tampered,
the block chain sends the second user equipment distributed identity identification document to the first user equipment;
and the first user equipment resolves the second user equipment public key from the second user equipment distributed identity identification document.
Preferably, the obtaining, by the first gateway device, the first transmission key includes:
the first user equipment acquires a user key component of the first transmission key and transmits the user key component to the first gateway equipment;
the first gateway equipment acquires a transmission key component of the first transmission key;
and the first gateway equipment applies a predetermined algorithm to the user key component and the transmission key component to obtain the first transmission key.
Preferably, the user key component of the first transmission key is composed of a first user device private key of the first user device and the second user device public key.
Preferably, the obtaining, by the first gateway device, a transmission key component of the first transmission key includes:
the first user equipment searches a second gateway equipment distributed identity of the second gateway equipment through network registration service;
the first gateway device uploads the second gateway device distributed identity to the blockchain via the distributed identity server;
the blockchain extracts a second gateway device distributed identity document corresponding to the received second gateway device distributed identity;
the block chain compares the second gateway equipment distributed identity identification document with a pre-stored hash value;
in the case that the second gateway device distributed identity document and the pre-stored hash value are consistent, the blockchain determines that the extracted second gateway device distributed identity document has not been tampered,
the blockchain sends the second gateway device distributed identity document to the first gateway device;
the first gateway device parses the second gateway device public key from the second gateway device distributed identity document,
and the first gateway equipment obtains a transmission key component of the first transmission key by using a first gateway equipment private key of the first gateway equipment and the second gateway equipment public key.
The invention also provides a data decryption method, which corresponds to the data encryption method. The data decryption method comprises the following steps:
the second gateway equipment of the second user equipment side receives transmission data from the first gateway equipment of the first user equipment side;
the second gateway device obtains a second transmission key through a distributed identity identifier server and a block chain, and performs cross point multiplication on the second transmission key to obtain a first transmission key, wherein the first transmission key and the second transmission key are symmetric keys;
the second gateway device decrypts the transmission data for the first time by using the first transmission key to obtain first decrypted data, and transmits the first decrypted data to the second user device;
the second user equipment decrypts the first decrypted data for the second time by using a second user equipment private key of the second user equipment,
wherein the blockchain stores the following information: a first user equipment distributed identity mark of the first user equipment, a first user equipment distributed identity mark document corresponding to the first user equipment distributed identity mark and a first user equipment public key; a first gateway device distributed identity identifier of the first gateway device, a first gateway device distributed identity identifier document corresponding to the first gateway device distributed identity identifier, and a first gateway device public key; a second user equipment distributed identity mark of the second user equipment, a second user equipment distributed identity mark document corresponding to the second user equipment distributed identity mark and a second user equipment public key; and a second gateway device distributed identity of the second gateway device, a second gateway device distributed identity document corresponding to the second gateway device distributed identity, and a second gateway device public key.
Preferably, the acquiring, by the second gateway device, the second transmission key via the distributed identity server and the blockchain includes:
the second user equipment acquires a user key component of the second transmission key and transmits the user key component to the second gateway equipment;
the second gateway device obtains a transmission key component of the second transmission key;
and the second gateway equipment applies a predetermined algorithm to the user key component and the transmission key component to obtain the second transmission key.
Preferably, the obtaining, by the second user equipment, the user key component of the second transmission key includes:
the second user equipment obtains a first user equipment distributed identity of the first user equipment;
the second user equipment inquires a first user equipment public key corresponding to the first user equipment distributed identity from the blockchain through a distributed identity server;
and the second user equipment obtains the user key component of the second transmission key by using the first user equipment public key and a second user equipment private key of the second user equipment.
Preferably, the second user equipment queries, from the blockchain via the distributed identity server, a first user equipment public key corresponding to the first user equipment distributed identity, and the querying includes:
the second user equipment uploads the first user equipment distributed identity to the block chain through the distributed identity server;
the blockchain extracts a first user equipment distributed identity identification document corresponding to the received first user equipment distributed identity identification;
the block chain compares the first user equipment distributed identity identification document with a prestored hash value;
in the case that the first user equipment distributed identity document and the pre-stored hash value are consistent, the blockchain determines that the extracted first user equipment distributed identity document has not been tampered,
the block chain sends the first user equipment distributed identity identification document to the second user equipment;
and the second user equipment resolves the first user equipment public key from the first user equipment distributed identity identification document.
Preferably, the acquiring, by the second gateway device, the transmission key component of the second transmission key includes:
the second user equipment searches for a first gateway equipment distributed identity identifier of the first gateway equipment through network registration service, and transmits the first gateway equipment distributed identity identifier to the second gateway equipment;
the second gateway device uploads the first gateway device distributed identity to the blockchain via the distributed identity server;
the blockchain extracts a first gateway device distributed identity document corresponding to the received first gateway device distributed identity;
the block chain compares the first gateway equipment distributed identity identification document with a pre-stored hash value;
in the case where the first gateway device distributed identity document and the pre-stored hash value are consistent, the blockchain determines that the extracted first gateway device distributed identity document has not been tampered with,
the block chain sends the distributed identity document of the first gateway device to the second gateway device;
the second gateway device resolves the first gateway device public key from the first gateway device distributed identity document;
and the second gateway equipment obtains the transmission key component of the second transmission key by using a second gateway equipment private key of the second gateway equipment and the first gateway equipment public key.
Compared with the prior art, one or more embodiments in the above scheme can have the following advantages or beneficial effects:
the invention integrates the block chain technology into the application scenes of the user equipment and the gateway equipment, and can greatly improve the safety of data transmission by utilizing the technical characteristics of decentralization and non-tampering of the block chain. Therefore, the user equipment and the gateway equipment of the invention are very suitable for scenes with high data confidentiality requirements, and can be widely applied to the social and commercial fields.
Drawings
The scope of the present disclosure may be better understood by reading the following detailed description of exemplary embodiments in conjunction with the accompanying drawings. Wherein the included drawings are:
fig. 1 shows a block diagram of a user equipment or a gateway device according to an embodiment of the present invention.
Fig. 2 shows a schematic diagram of a framework of a computer network in which a user device or gateway device of the present invention is located.
Fig. 3 shows the identification of the device DID and the key.
Fig. 4 is a flowchart illustrating a data encryption method according to an embodiment of the present invention.
Fig. 5 is a flowchart illustrating a data decryption method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the following will describe in detail an implementation method of the present invention with reference to the accompanying drawings and embodiments, so that how to apply technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented.
The invention aims to integrate the block chain technology into the design of a computer network, thereby providing the following user equipment and gateway equipment. Both the gateway device and the user device are provided with a user agent unit 101, a declaration authentication unit 102, and a data storage unit 103 as shown in fig. 1. The following description will be given taking a gateway device as an example.
The user agent unit 101 is configured to generate a distributed identity, and register the generated distributed identity with the blockchain 4 via the distributed identity server 3. In addition, the user agent unit 101 is also used for verifying the identity legitimacy of the visitor of the gateway device.
Specifically, the gateway device is provided with a User Agent unit 101 (User Agent, software or hardware), and performs identity authentication and authorization by using a distributed identity identifier (DID). Here, the DID is an identification of the corresponding gateway device. Namely, the gateway device generates, manages and controls the identity certificate of the gateway device independently of an organization or government, and has global uniqueness, high availability, resolvability and encryption verifiability.
The user agent unit 101 is an application used by real users to manage decentralized identity by which users can generate DID, manage data and permissions, issue/verify DID identity related claims. In other embodiments of the present invention, the user agent unit 101 may be a digital wallet application.
A data storage unit 103 is provided in the gateway device for storing the distributed identity generated by the user agent unit 101.
Specifically, the data storage unit 103 includes identity data, verifiable Claim data (Claim for short), DID related identity asset data, and DID related identity inventory data. The verifiable assertion is a descriptive assertion that the issuing party endorses to the user using some attribute of his or her DID as an endorsement, and attaches his or her digital signature, which can be considered as a digital certificate.
A declaration validation unit 102 is provided in the gateway device, and is configured to apply for, issue, grant, and validate a verifiable declaration. Meanwhile, the data storage unit 103 is also used to store the verifiable claims applied by the claim verification unit 102.
The user agent unit 101 corresponds to at least one distributed identity. The blockchain 4 stores distributed ids corresponding to the user agent unit 101 and distributed id documents corresponding to the respective distributed ids.
Here, the gateway device needs to register the generated distributed identifiers in the blockchain 4 in advance, and the blockchain 4 also stores the distributed identifier documents corresponding to the distributed identifiers. The distributed identity document is recorded with a public key corresponding to the gateway device. The distributed identity server 3 is used to find and resolve distributed identities and distributed identity documents on a decentralized system (e.g., blockchain 4 or distributed ledger).
The data storage unit 103 is further configured to store the verifiable claims applied by the claim verification unit 102.
By applying the user equipment and the gateway equipment of the embodiment of the invention, the technology of the block chain 4 is integrated into the application scene of the user equipment and the gateway equipment, and the data transmission safety can be greatly improved by utilizing the technical characteristics of decentralization and non-falsification of the block chain 4. Therefore, the user equipment and the gateway equipment of the embodiment are very suitable for the scene with high data confidentiality requirement, and can be widely applied to the social and commercial fields.
Before specifically describing the data encryption method and the data decryption method of the present invention, initialization setting is first performed on the user equipment, the gateway device, and peripheral devices thereof.
Firstly, the user equipment and the gateway equipment generate a Distributed Identity (DID), then the distributed identity is used as a KEY, and the distributed identity document is respectively stored on the block chain 4 as a value.
Secondly, the user equipment or the gateway device submits a request for applying for a Verifiable Credential (VC) to a third party authority (for example, a data communication management department), and needs to submit verification data of the equipment party to the third party and send the distributed identity and the signature to the third party authority.
Next, the third party authority downloads the distributed identity document from the blockchain 4 through the distributed identity, obtains the public key associated with the distributed identity, and then verifies the signature.
The third party authority then creates a verifiable credential and stores the VC to the blockchain 4. Here, the data in the VC is encrypted using a public key.
And then, the equipment downloads the VC from the block chain 4 through the identification ID of the VC, and verifies that the data of the VC is endorsed by a trusted third party and is not modified.
Finally, the user device registers its connected gateway with a centrally managed server or a network service based on distributed ledger techniques (such as a distributed database or blockchain).
The negotiation mechanism for communication between devices is described below in conjunction with fig. 3. Fig. 3 is a schematic diagram of the identification of the device DID and the key.
The invention uses Diffie-Hellman key exchange protocol (DH protocol for short) to make both parties not need to communicate in advance, and can determine a 'negotiation key' in the unsafe network, and the key can be used as a symmetric key to encrypt the message content in the subsequent communication. The principle of the DH protocol can be expressed by the following expression.
DH (private key of sender, public key of receiver) = negotiation key S = DH (private key of receiver, public key of sender)
A device key acquisition method and a data encryption/decryption transmission process between a sender (first device) and a receiver (second device) are explained below with reference to fig. 4 and 5.
(device Key acquisition)
In the present invention, the first device and the second device, and the first gateway (the gateway on the first device side, i.e. the sender gateway) and the second gateway (the gateway on the second device side, i.e. the receiver gateway) can all obtain the public key of the other party, by the following means:
step 1, the first device obtains the DID of the second device to be communicated.
And 2, the first equipment obtains the public key of the second equipment. The specific method comprises the following steps: the first device sends the DID of the second device to a distributed identity identification server (DID server), a DID document corresponding to the DID of the second device is located in the block chain, the document is compared with a pre-stored hash value, the document is determined to be not modified, the DID server obtains the document and returns the document to the first device, and therefore the first device can obtain the public key of the second device.
And 3, the first equipment searches the DID corresponding to the first gateway and the DID of the second gateway where the second equipment is located through the network registration service.
And 4, the first equipment is connected with the first gateway and informs the first gateway of the DID of the second gateway. The first gateway obtains the public key of the second gateway by: and the first gateway sends the DID of the second gateway to a DID server, a DID document corresponding to the DID is positioned in the blockchain, the document is compared with a prestored hash value, the document is determined to be unmodified, and the DID server obtains the document and returns the document to the first gateway so that the first gateway can obtain the public key of the second gateway.
And 5, the second device obtains the first device public key through a process similar to the process in the step 2, and the second gateway obtains the first gateway public key through a process similar to the process in the step 4.
And 6, after the first device obtains the public key of the second device, obtaining the user key component KM by using a DH algorithm.
DH (Spka, rska) = user key component KM = DH (Rpka, sska)
And after the first gateway obtains the public key of the second gateway, calculating a transmission key by using a DH algorithm, and taking the obtained KM as a salt value.
DH (GSpka, GRska) = transport key component SM = DH (GRpka, GSska)
The transport key is derived using the Cryptokey = HKDF (SM, KM) algorithm, which may be an HMAC (key dependent hash message authentication code) or other algorithm. It should be noted that, because KM is used as the salt value, the gateway has different passwords for different users, thereby improving the security of data transmission.
Here, the second gateway obtains the same Cryptokey as a key of the symmetric encryption algorithm by cross-point multiplication.
(data encryption transmission process)
First, the first device encrypts the data to be transmitted to the first gateway by using the public key Rska of the second device on the receiving side.
And then, the first gateway encrypts the data by using Cryptokey and transmits the encrypted data to the second gateway.
(data decryption Transmission Process)
Firstly, the second gateway decrypts the data by using Cryptokey and transmits the decrypted data to the second equipment.
The second device then decrypts the data with its own private key Rpka.
By applying the data encryption method and the data decryption method of the embodiment of the invention, the technology of the block chain 4 is integrated into the application scenes of the user equipment and the gateway equipment, and the data transmission safety can be greatly improved by utilizing the technical characteristics of decentralization and non-falsification of the block chain 4. Therefore, the user equipment and the gateway equipment of the embodiment are very suitable for the scene with high data confidentiality requirement, and can be widely applied to the social and commercial fields.
Although the embodiments of the present invention have been described above, the above description is only for the convenience of understanding the present invention, and is not intended to limit the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A data encryption method, characterized in that the data encryption method comprises:
the first user equipment obtains a second user equipment distributed identity of second user equipment;
the first user equipment inquires a second user equipment public key corresponding to the second user equipment distributed identity from the blockchain through a distributed identity server;
the first user equipment encrypts data to be transmitted for the first time by using the second user equipment public key to obtain first encrypted data and transmits the first encrypted data to first gateway equipment on the first user equipment side;
the first gateway device obtains a first transmission key, and uses the first transmission key to encrypt the first encrypted data for the second time to obtain transmission data and transmits the transmission data to the second user device, so that the second gateway device at the second user device side decrypts the transmission data by using a second transmission key, wherein the first transmission key and the second transmission key are symmetric keys,
wherein the blockchain stores the following information: a first user equipment distributed identity mark of the first user equipment, a first user equipment distributed identity mark document corresponding to the first user equipment distributed identity mark and a first user equipment public key; a first gateway device distributed identity identifier of the first gateway device, a first gateway device distributed identity identifier document corresponding to the first gateway device distributed identity identifier, and a first gateway device public key; a second user equipment distributed identity mark of the second user equipment, a second user equipment distributed identity mark document corresponding to the second user equipment distributed identity mark and a second user equipment public key; and a second gateway device distributed identity of the second gateway device, a second gateway device distributed identity document corresponding to the second gateway device distributed identity, and a second gateway device public key.
2. The data encryption method of claim 1, wherein the first user device querying a blockchain via a distributed identity server for a second user device public key corresponding to the second user device distributed identity, comprises:
the first user equipment uploads the second user equipment distributed identity to the block chain through the distributed identity server;
the block chain extracts a second user equipment distributed identity identification document corresponding to the received second user equipment distributed identity identification;
the block chain compares the second user equipment distributed identity identification document with a pre-stored hash value;
in the case that the second user equipment distributed identity document and the pre-stored hash value are consistent, the blockchain determines that the extracted second user equipment distributed identity document has not been tampered,
the block chain sends the second user equipment distributed identity identification document to the first user equipment;
and the first user equipment analyzes the second user equipment public key from the second user equipment distributed identity identification document.
3. The data encryption method according to claim 1 or 2, wherein the first gateway device obtaining the first transmission key comprises:
the first user equipment acquires a user key component of the first transmission key and transmits the user key component to the first gateway equipment;
the first gateway equipment acquires a transmission key component of the first transmission key;
and the first gateway equipment applies a predetermined algorithm to the user key component and the transmission key component to obtain the first transmission key.
4. The data encryption method of claim 3, wherein the user key component of the first transmission key is comprised of a first user device private key of the first user device and the second user device public key.
5. The data encryption method of claim 3, wherein the obtaining of the transmission key component of the first transmission key by the first gateway device comprises:
the first user equipment searches a second gateway equipment distributed identity of the second gateway equipment through network registration service;
the first gateway device uploads the second gateway device distributed identity to the blockchain via the distributed identity server;
the blockchain extracts a second gateway device distributed identity document corresponding to the received second gateway device distributed identity;
the block chain compares the second gateway equipment distributed identity identification document with a pre-stored hash value;
in the case that the second gateway device distributed identity document and the pre-stored hash value are consistent, the blockchain determines that the extracted second gateway device distributed identity document has not been tampered,
the block chain sends the distributed identity document of the second gateway device to the first gateway device;
the first gateway device parses the second gateway device public key from the second gateway device distributed identity document,
and the first gateway equipment obtains the transmission key component of the first transmission key by using a first gateway equipment private key of the first gateway equipment and the second gateway equipment public key.
6. A data decryption method, characterized in that the data decryption method comprises:
the second gateway equipment of the second user equipment side receives transmission data from the first gateway equipment of the first user equipment side;
the second gateway device obtains a second transmission key through a distributed identity identifier server and a block chain, and performs cross point multiplication on the second transmission key to obtain a first transmission key, wherein the first transmission key and the second transmission key are symmetric keys;
the second gateway device decrypts the transmission data for the first time by using the first transmission key to obtain first decrypted data, and transmits the first decrypted data to the second user device;
the second user equipment decrypts the first decrypted data for the second time by using a second user equipment private key of the second user equipment,
wherein the blockchain stores the following information: a first user equipment distributed identity mark of the first user equipment, a first user equipment distributed identity mark document corresponding to the first user equipment distributed identity mark and a first user equipment public key; a first gateway device distributed identity identifier of the first gateway device, a first gateway device distributed identity identifier document corresponding to the first gateway device distributed identity identifier, and a first gateway device public key; a second user equipment distributed identity mark of the second user equipment, a second user equipment distributed identity mark document corresponding to the second user equipment distributed identity mark and a second user equipment public key; and a second gateway device distributed identity of the second gateway device, a second gateway device distributed identity document corresponding to the second gateway device distributed identity, and a second gateway device public key.
7. The data decryption method of claim 6, wherein the second gateway device obtains the second transmission key via the distributed identity server and the blockchain, and comprises:
the second user equipment acquires a user key component of the second transmission key and transmits the user key component to the second gateway equipment;
the second gateway device obtains a transmission key component of the second transmission key;
and the second gateway equipment applies a predetermined algorithm to the user key component and the transmission key component to obtain the second transmission key.
8. The data decryption method of claim 7, wherein the second user equipment obtaining the user key component of the second transmission key comprises:
the second user equipment obtains a first user equipment distributed identity of the first user equipment;
the second user equipment inquires a first user equipment public key corresponding to the first user equipment distributed identity from the blockchain through a distributed identity server;
and the second user equipment obtains the user key component of the second transmission key by using the first user equipment public key and a second user equipment private key of the second user equipment.
9. The data decryption method of claim 8, wherein the second user device querying the blockchain via a distributed identity server for the first user device public key corresponding to the first user device distributed identity, comprises:
the second user equipment uploads the first user equipment distributed identity to the block chain through the distributed identity server;
the blockchain extracts a first user equipment distributed identity identification document corresponding to the received first user equipment distributed identity identification;
the block chain compares the first user equipment distributed identity identification document with a prestored hash value;
in the case that the first user equipment distributed identity document and the pre-stored hash value are consistent, the blockchain determines that the extracted first user equipment distributed identity document has not been tampered,
the block chain sends the first user equipment distributed identity identification document to the second user equipment;
and the second user equipment analyzes the first user equipment public key from the first user equipment distributed identity document.
10. The data decryption method according to any one of claims 7 to 9, wherein the second gateway device obtaining the transmission key component of the second transmission key comprises:
the second user equipment searches for a first gateway equipment distributed identity identifier of the first gateway equipment through network registration service, and transmits the first gateway equipment distributed identity identifier to the second gateway equipment;
the second gateway device uploads the first gateway device distributed identity to the blockchain via the distributed identity server;
the blockchain extracts a first gateway device distributed identity document corresponding to the received first gateway device distributed identity;
the block chain compares the first gateway equipment distributed identity identification document with a pre-stored hash value;
in the case that the first gateway device distributed identity document and the pre-stored hash value are consistent, the blockchain determines that the extracted first gateway device distributed identity document has not been tampered,
the blockchain sends the first gateway device distributed identity document to the second gateway device;
the second gateway device resolves the first gateway device public key from the first gateway device distributed identity document;
and the second gateway equipment obtains the transmission key component of the second transmission key by using a second gateway equipment private key of the second gateway equipment and the first gateway equipment public key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211104690.6A CN115664700A (en) | 2022-09-09 | 2022-09-09 | Data encryption method and data decryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211104690.6A CN115664700A (en) | 2022-09-09 | 2022-09-09 | Data encryption method and data decryption method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115664700A true CN115664700A (en) | 2023-01-31 |
Family
ID=84984460
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211104690.6A Pending CN115664700A (en) | 2022-09-09 | 2022-09-09 | Data encryption method and data decryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115664700A (en) |
-
2022
- 2022-09-09 CN CN202211104690.6A patent/CN115664700A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10516538B2 (en) | System and method for digitally signing documents using biometric data in a blockchain or PKI | |
| Almadhoun et al. | A user authentication scheme of IoT devices using blockchain-enabled fog nodes | |
| US9635000B1 (en) | Blockchain identity management system based on public identities ledger | |
| CN112291245B (en) | Identity authorization method, identity authorization device, storage medium and equipment | |
| CN113256290A (en) | Decentralized encrypted communication and transaction system | |
| CN110572258B (en) | Cloud password computing platform and computing service method | |
| IES20020190A2 (en) | a biometric authentication system and method | |
| Chalaemwongwan et al. | A practical national digital ID framework on blockchain (NIDBC) | |
| CN112311538A (en) | Identity authentication method, device, storage medium and equipment | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| Griffin | Telebiometric authentication objects | |
| CN113572765A (en) | Lightweight identity authentication key negotiation method for resource-limited terminal | |
| Guo et al. | Using blockchain to control access to cloud data | |
| CN109981637B (en) | Multi-source cross composite authentication method for Internet of things based on block chain | |
| WO2022033350A1 (en) | Service registration method and device | |
| Liou et al. | T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs | |
| Huynh et al. | A reliability guaranteed solution for data storing and sharing | |
| Durán et al. | An architecture for easy onboarding and key life-cycle management in blockchain applications | |
| Salvakkam et al. | Design of fully homomorphic multikey encryption scheme for secured cloud access and storage environment | |
| CN115664700A (en) | Data encryption method and data decryption method | |
| CN114915494B (en) | Anonymous authentication method, system, equipment and storage medium | |
| US20240179015A1 (en) | Method and system for decentralized identity management and data distribution | |
| Wierzbicki et al. | Authentication with controlled anonymity in P2P systems | |
| Dong et al. | Tiger tally: cross-domain scheme for different authentication mechanism | |
| Deng et al. | Design of identity authentication scheme for dynamic service command system based on SM2 algorithm and blockchain technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |