CN116346469A - Data transmission method, device, electronic equipment and storage medium - Google Patents

Data transmission method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116346469A
CN116346469A CN202310320330.8A CN202310320330A CN116346469A CN 116346469 A CN116346469 A CN 116346469A CN 202310320330 A CN202310320330 A CN 202310320330A CN 116346469 A CN116346469 A CN 116346469A
Authority
CN
China
Prior art keywords
server
key
servers
sent
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310320330.8A
Other languages
Chinese (zh)
Inventor
李祖金
陈德伟
周添伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Digital Guangdong Network Construction Co Ltd
Original Assignee
Digital Guangdong Network Construction Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital Guangdong Network Construction Co Ltd filed Critical Digital Guangdong Network Construction Co Ltd
Priority to CN202310320330.8A priority Critical patent/CN116346469A/en
Publication of CN116346469A publication Critical patent/CN116346469A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a data transmission method, a device, an electronic device and a storage medium, wherein the method comprises the following steps: sending a registration request to a trust foundation platform; the registration request at least comprises unique identifiers corresponding to one or more servers; receiving key pairs corresponding to each server sent by a trust foundation platform in response to a registration request; wherein the key pair comprises a private key and a public key; and sending the key pairs corresponding to the servers, so that the servers use the corresponding key pairs to transmit the content to be sent to the target server. The method and the device can complete the generation of the key pair on the trust foundation platform and issue the key pair to the server through the cloud resource management platform without purchasing CA organization digital certificates, thereby reducing the enterprise cost and solving the trust gap and trust island problems between cross-domain servers or terminal devices.

Description

Data transmission method, device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a data transmission method, a data transmission device, an electronic device, and a storage medium.
Background
The trust infrastructure is typically implemented based on a mature public key infrastructure (public key infrastructure, PKI) that relies on hardware and software systems, certificate authorities (certificate authority, CA), registration authorities (registration authority, RA), certificate issuing systems, and the like.
In the prior art, the traditional PKI system needs to perform complicated public key certificate issue management and certificate exchange operations, each server or terminal needs to apply for a CA organization digital certificate, and communication between servers in a local area network adopts a hypertext transfer security (hypertext transfer protocol secure, https) protocol. The server binds the CA mechanism digital certificate and adopts https protocol to increase the enterprise cost; there is also a trust gap between the cross-domain servers or terminal devices, and the problem of trust islanding exists.
Disclosure of Invention
The data transmission method, the device, the electronic equipment and the storage medium can finish the generation of the key pair on the trust basic platform and issue the key pair to the server through the cloud resource management platform without purchasing a CA (certificate authority) digital certificate, thereby reducing the enterprise cost and solving the trust gap and trust island problems between cross-domain servers or terminal equipment.
In a first aspect, the present application provides a data transmission method, applied to a cloud resource management platform, where the method includes:
sending a registration request to a trust foundation platform; wherein, the registration request at least comprises unique identifiers corresponding to one or more servers;
receiving key pairs corresponding to all servers sent by the trust foundation platform in response to the registration request; wherein the key pair comprises a private key and a public key;
and sending the key pairs corresponding to the servers, so that the servers use the corresponding key pairs to transmit the content to be sent to the target server.
In a second aspect, the present application provides a data transmission method applied to a trust base platform, the method including:
receiving a registration request sent by a cloud resource management platform;
calculating key pairs corresponding to the servers according to the unique identifiers corresponding to the servers and public parameters stored in advance;
and sending the key pairs corresponding to the servers to the cloud resource management platform, so that the cloud resource management platform sends the key pairs corresponding to the servers, and the servers transmit the content to be sent to the target server by using the key pairs corresponding to the servers.
In a third aspect, the present application provides a data transmission method, applied to a first server, where the method includes:
receiving a key pair corresponding to the first server issued by a cloud resource management platform; the key pair corresponding to the first server is generated by a trust foundation platform in response to a registration request of a cloud resource management platform and is issued to the cloud resource management platform; the method comprises the steps of carrying out a first treatment on the surface of the
Signing the content to be sent of the first server by using a private key corresponding to the first server to obtain the content to be sent after the first server is signed;
and transmitting the public key corresponding to the first server and the content to be transmitted after the signature of the first server to a second server, so that the second server authenticates the content to be transmitted after the signature of the first server by using the public key corresponding to the first server.
In a fourth aspect, the present application provides a data transmission device, applied to a cloud resource management platform, where the device includes:
the request module is used for sending a registration request to the trust foundation platform;
the response receiving module is used for receiving a response message returned by the trust foundation platform; wherein, the response message at least comprises one or more key pairs corresponding to the server;
And the key pair issuing module is used for sending the key pairs corresponding to the one or more servers to each server, so that each server uses the corresponding key pairs to transmit the content to be sent to the target server.
In a fifth aspect, the present application provides a data transmission device applied to a trust base platform, the device comprising:
the first receiving module is used for receiving a registration request sent by the cloud resource management platform;
the computing module is used for computing key pairs corresponding to the servers according to the unique identifiers corresponding to the servers and the public parameters stored in advance;
the first sending module is used for sending the key pairs corresponding to the servers to the cloud resource management platform, so that the cloud resource management platform sends the key pairs corresponding to the servers, and the servers transmit the content to be sent to the target server by using the key pairs corresponding to the servers.
In a sixth aspect, the present application provides a data transmission device, applied to a first server, the device including:
the second receiving module is used for receiving a key pair corresponding to the first server issued by the cloud resource management platform, wherein the key pair corresponding to the first server is generated by the trust foundation platform in response to a registration request of the cloud resource management platform and issued to the cloud resource management platform;
The signing module is used for signing the content to be sent of the first server by using the private key corresponding to the first server to obtain the content to be sent after the first server signs;
and the second sending module is used for transmitting the public key corresponding to the first server and the content to be sent after the signature of the first server to a second server, so that the second server uses the public key corresponding to the first server to authenticate the content to be sent after the signature of the first server.
In a seventh aspect, the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements a data transmission method according to any embodiment of the present application when the program is executed by the processor.
In an eighth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a data transmission method according to any of the embodiments of the present application.
According to the scheme, the registration request can be sent to the trust foundation platform; the registration request at least comprises unique identifiers corresponding to one or more servers; receiving key pairs corresponding to each server sent by a trust foundation platform in response to a registration request; wherein the key pair comprises a private key and a public key; and sending the key pairs corresponding to the servers, so that the servers use the corresponding key pairs to transmit the content to be sent to the target server. The method and the device can complete the generation of the key pair on the trust foundation platform and issue the key pair to the server through the cloud resource management platform without purchasing CA organization digital certificates, thereby reducing the enterprise cost and solving the trust gap and trust island problems between cross-domain servers or terminal devices.
Drawings
For a clearer description of the technical solutions of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and should therefore not be considered limiting in scope, and that other related drawings can be obtained from these drawings without the inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an exemplary structure of a data transmission method provided in the present application;
fig. 2 is a schematic flow chart of a data transmission method provided in the present application;
fig. 3 is another flow chart of the data transmission method provided in the present application;
fig. 4 is another flow chart of the data transmission method provided in the present application;
fig. 5 is a schematic structural diagram of a data transmission device provided in the present application;
fig. 6 is another schematic structural diagram of the data transmission device provided in the present application;
fig. 7 is another schematic structural diagram of the data transmission device provided in the present application;
fig. 8 is a schematic structural diagram of an electronic device provided in the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The data transmission method provided by the application is suitable for a data transmission device, and fig. 1 is an exemplary schematic structural diagram of the data transmission method provided by the application, as shown in fig. 1, where the data transmission method in the application includes a trust base platform, a cloud resource management platform and a first server, where the trust base platform and the cloud resource management platform can be connected through a local area network or a government external network, and the cloud resource management platform and the first server can also be connected through the local area network or the government external network, and in the data transmission process, information interaction needs to be performed between the trust base platform and the cloud resource management platform and between the cloud resource management platform and the first server, specifically, when one entity needs to send indication information, the corresponding other entity needs to receive the indication information, so that one-time information interaction is completed.
Fig. 2 is a schematic flow chart of a data transmission method provided in the present application, where the method may be performed by a control device of an electronic device provided in the present application, and the device may be implemented in software and/or hardware. In a specific embodiment, the apparatus may be applied between a trust base platform, a cloud resource management platform, and a first server. The following embodiment will be described taking the example of the integration of the apparatus in an electronic device, and referring to fig. 2, the method may specifically include the following steps:
s101, sending a registration request to a trust foundation platform.
The trust foundation platform can complete key generation, public parameters and registration; the registration request includes at least a unique identifier corresponding to one or more servers.
Specifically, the cloud resource management platform may send a registration request to the trust base platform according to a request of one or more servers connected to the cloud resource management platform, where the registration request includes at least a unique identifier corresponding to the one or more servers. The cloud resource management platform is a cloud computing service center for managing and maintaining cloud virtualized resources (such as software and systems in a server), and provides functions and applications in aspects of computing, storage, network, security and the like, such as an ali cloud and the like. The unique identifier corresponding to the server is identification information capable of confirming the identity of the server, such as an internet protocol address, a dedicated number of the server or a mobile phone number of a user corresponding to the server. Optionally, before sending the registration request to the trust base platform, the cloud resource management platform may also perform self-checking, such as determining whether the cloud resource management platform establishes a connection with the trust base platform.
Illustratively, the cloud resource management platform sends a registration request to the trust base platform, where the registration request includes internet protocol addresses of the two servers.
S102, calculating key pairs corresponding to the servers according to the unique identifiers corresponding to the servers and the public parameters stored in advance.
Wherein the key pair includes a private key and a public key.
Specifically, after receiving the registration request, the trust base platform calculates the key pair corresponding to each server by a key generation center (Key Generate Center, KGC) in the trust base platform according to the unique identifier corresponding to each server and the public parameter stored in advance.
The trust base platform may generate the key pair according to the SM9 algorithm after receiving the registration request, that is, the key generation center generates the random number as the master private key of each server, and calculates the key pair corresponding to each server according to the master private key corresponding to each server, the internet protocol address of each server, and the public parameter stored in advance.
And S103, sending the key pairs corresponding to the servers to the cloud resource management platform, so that the cloud resource management platform sends the key pairs corresponding to the servers.
And each server uses the corresponding key pair to transmit the content to be transmitted to the target server.
Specifically, the trust base platform sends the key pairs corresponding to the servers to the cloud resource management platform, and accordingly, the cloud resource management platform receives the key pairs corresponding to the servers. And then, the cloud resource management platform issues the key pairs corresponding to the servers according to the unique identification information of the servers.
The cloud resource management platform sends the key pairs corresponding to the third server to the cloud resource management platform, and sends the key pairs corresponding to the third server to the fourth server, the fifth server and the sixth server respectively.
And S104, sending the key pairs corresponding to the servers, so that the servers use the corresponding key pairs to transmit the content to be sent to the target server.
Wherein, the target server is a server for receiving the transmission content when the transmission content is transmitted between the servers.
Specifically, the cloud resource management platform sends the key pairs corresponding to the servers, and accordingly, the servers receive the key pairs corresponding to the servers. After each server receives the key pair, the content to be transmitted may be transmitted to the target server using the respective corresponding key pair.
The cloud resource management platform sends keys corresponding to the fourth server, the fifth server and the sixth server respectively according to the IP addresses of the three servers, and when the fourth server takes the fifth server as a target server, the fourth server uses a key pair corresponding to the fourth server to transmit the content to be sent to the fifth server.
S105, signing the content to be sent of the first server by using a private key corresponding to the first server, and obtaining the signed content to be sent of the first server.
After signing by the private key, the server generates a signature value, and the content to be sent comprises the signature value, the original sent content, the timestamp and the like.
Specifically, when the first server needs to send the content to the target server safely, the private key corresponding to the first server is used for signing the content to be sent of the first server, and a signature value generated during signing and signed content to be sent are obtained.
S106, transmitting the public key corresponding to the first server and the signed content to be sent of the first server to the second server, so that the second server authenticates the signed content to be sent of the first server by using the public key corresponding to the first server.
Specifically, the first server transmits the public key corresponding to the first server and the signed content to be transmitted of the first server to the second server, and correspondingly, the second server receives the public key corresponding to the first server and the signed content to be transmitted of the first server. And then, the second server calculates according to the public key corresponding to the first server and the public parameter value issued by the cloud resource management platform, and authenticates the signed content to be sent of the first server according to the calculation result. When the calculation result is the same as a signature value generated when the first server signs, the authentication is passed; otherwise, the authentication is not passed.
The fourth server transmits the public key corresponding to the fourth server and the signed content to be sent to the fifth server, and the fifth server calculates according to the public key corresponding to the fourth server and the public parameter value issued by the cloud resource management platform according to the SM9 algorithm after receiving the public key corresponding to the fourth server and the signed content to be sent, and authenticates the signed content to be sent of the fourth server according to the calculation result.
According to the scheme, the registration request can be sent to the trust foundation platform; the registration request at least comprises unique identifiers corresponding to one or more servers; receiving key pairs corresponding to each server sent by a trust foundation platform in response to a registration request; wherein the key pair comprises a private key and a public key; and sending the key pairs corresponding to the servers, so that the servers use the corresponding key pairs to transmit the content to be sent to the target server. The method and the device can complete the generation of the key pair on the trust foundation platform and issue the key pair to the server through the cloud resource management platform without purchasing CA organization digital certificates, thereby reducing the enterprise cost and solving the trust gap and trust island problems between cross-domain servers or terminal devices.
Fig. 3 is another schematic flow chart of the data transmission method provided in the present application, which further illustrates that the data transmission method provided in the present application may be integrated in an electronic device, such as a computer, of the trust base platform and the cloud resource management platform. The following embodiment will be described taking the example of the integration of the apparatus in an electronic device, as shown in fig. 3, the method may comprise the steps of:
S201, a registration request is sent to a trust foundation platform.
Specifically, the cloud resource management platform sends a registration request to the trust base platform, and the trust base platform receives the registration request sent by the cloud resource management platform.
S202, respectively extracting a first public parameter corresponding to the private key and a second public parameter corresponding to the public key from the public parameters.
Wherein the first public parameter is a public parameter that the KGC needs to apply when generating the private key, and the second public parameter is a public parameter that the KGC needs to apply when generating the public key.
Specifically, in the trust base platform, there are multiple public parameters, and KGC needs a first public parameter corresponding to the private key when generating the private key through calculation, and needs a second public parameter corresponding to the public key when generating the public key through calculation, so that the first public parameter and the second public parameter need to be extracted from the public parameters respectively.
S203, randomly generating one or more random numbers larger than 0 as a main private key corresponding to each server.
Specifically, the key generation center randomly generates one or more random numbers larger than 0 according to the unique identification information corresponding to each server, and the random numbers are used as the main private key corresponding to each server.
Illustratively, the key generation center uses a random number generation function to generate a random number of 8 as the master private key corresponding to the fourth server according to the internet protocol address of the fourth server.
S204, calculating the private key corresponding to each server according to the main private key corresponding to each server, the unique identifier corresponding to each server and the first public parameter.
Specifically, the key generation center of the trust base platform calculates the private key corresponding to each server according to the main private key corresponding to each server, the unique identifier corresponding to each server and the first public parameter.
S205, calculating the public key corresponding to each server according to the main private key corresponding to each server, the unique identifier corresponding to each server and the second public parameter.
Specifically, the key generation center of the trust base platform calculates the public key corresponding to each server according to the main private key corresponding to each server, the unique identifier corresponding to each server and the second public parameter.
S206, the private key and the public key form key pairs corresponding to the servers.
Specifically, the key generation center composes the generated private key and public key corresponding to the server into a key pair corresponding to the server, and the server completes registration on the trust base platform.
S207, sending the key pairs corresponding to the servers to the cloud resource management platform, so that the cloud resource management platform issues the key pairs corresponding to the servers.
Specifically, the trust base platform sends the key pairs corresponding to the servers to the cloud resource management platform, and accordingly, the cloud resource management platform receives the key pairs corresponding to the servers.
According to the scheme, the registration request sent by the cloud resource management platform can be received; calculating key pairs corresponding to the servers according to the unique identifiers corresponding to the servers and public parameters stored in advance; and sending the key pairs corresponding to the servers to the cloud resource management platform, so that the cloud resource management platform sends the key pairs corresponding to the servers, and the servers transmit the content to be sent to the target server by using the key pairs corresponding to the servers. The method and the device can complete the generation of the key pair on the trust foundation platform and issue the key pair to the server through the cloud resource management platform without purchasing CA organization digital certificates, thereby reducing the enterprise cost and solving the trust gap and trust island problems between cross-domain servers or terminal devices.
Fig. 4 is another schematic flow chart of the data transmission method provided in the present application, which further illustrates that the data transmission method provided in the present application may be integrated in an electronic device, such as a computer, of the cloud resource management platform and the first server. The following embodiment will be described taking the example of the integration of the apparatus in an electronic device, as shown in fig. 4, the method may include the steps of:
and S301, sending the key pairs corresponding to the servers, so that the servers use the corresponding key pairs to transmit the content to be sent to the target server.
Specifically, the cloud resource management platform sends the key pairs corresponding to the servers, and accordingly, the servers receive the key pairs corresponding to the servers. After each server receives the key pair, the content to be transmitted may be transmitted to the target server using the respective corresponding key pair.
S302, signing the content to be sent of the first server by using a private key corresponding to the first server, and obtaining the signed content to be sent of the first server.
S303, transmitting the public key corresponding to the first server and the signed content to be sent of the first server to the second server, so that the second server uses the public key corresponding to the first server to authenticate the signed content to be sent of the first server.
S304, receiving the public key corresponding to the third server and the content to be transmitted of the third server, wherein the public key corresponds to the third server and is transmitted by the third server.
Specifically, the first server may receive, in addition to the content to be sent by the first server, the public key corresponding to the third server and the content to be sent by the third server. The content to be sent by the third server comprises a signature value generated when the content to be sent is signed by a private key corresponding to the third server, original sent content, a time stamp and the like.
For example, when the sixth server uses the fourth server as the target server, the sixth server uses the key pair corresponding to the sixth server to transmit the content to be transmitted to the fourth server, and the fourth server receives the public key corresponding to the sixth server and the content to be transmitted of the sixth server.
And S305, authenticating the signed content to be sent of the third server by using the public key corresponding to the third server.
Specifically, after the first server receives the public key corresponding to the third server and the content to be sent of the third server, which are sent by the third server, the first server calculates according to the public key corresponding to the third server and the public parameter value sent by the cloud resource management platform, and authenticates the signed content to be sent of the third server according to the calculation result. When the calculation result is the same as the signature value generated when the third server signs, the authentication is passed; otherwise, the authentication is not passed.
The sixth server transmits the public key corresponding to the sixth server and the signed content to be sent to the fourth server, and after the fourth server receives the public key corresponding to the sixth server and the signed content to be sent, the fourth server calculates according to the public key corresponding to the sixth server and the public parameter value issued by the cloud resource management platform according to the SM9 algorithm, and authenticates the signed content to be sent of the sixth server according to the calculation result.
According to the scheme, the key pair corresponding to the first server issued by the cloud resource management platform can be received; the key pair corresponding to the first server is generated by the trust foundation platform in response to a registration request of the cloud resource management platform and is issued to the cloud resource management platform; signing the content to be sent of the first server by using a private key corresponding to the first server to obtain the content to be sent after the signature of the first server; and transmitting the public key corresponding to the first server and the content to be transmitted after the signature of the first server to a second server, so that the second server authenticates the content to be transmitted after the signature of the first server by using the public key corresponding to the first server. The method and the device can complete the generation of the key pair on the trust foundation platform and issue the key pair to the server through the cloud resource management platform without purchasing CA organization digital certificates, thereby reducing the enterprise cost and solving the trust gap and trust island problems between cross-domain servers or terminal devices.
Fig. 5 is a schematic structural diagram of a data transmission device provided by the present application, where the device is suitable for executing the data transmission method provided by the present application, and is applied to a cloud resource management platform. As shown in fig. 5, the apparatus may specifically include:
a request module 401, configured to send a registration request to a trust base platform;
a response receiving module 402, configured to receive a response message returned by the trust base platform; wherein, the response message at least comprises one or more key pairs corresponding to the server;
and the key pair issuing module 403 is configured to send the key pairs corresponding to the one or more servers to each server, so that each server uses the corresponding key pair to transmit the content to be sent to the target server.
The device sends a registration request to a trust basic platform; the registration request at least comprises unique identifiers corresponding to one or more servers; receiving key pairs corresponding to each server sent by a trust foundation platform in response to a registration request; wherein the key pair comprises a private key and a public key; and sending the key pairs corresponding to the servers, so that the servers use the corresponding key pairs to transmit the content to be sent to the target server. The method and the device can complete the generation of the key pair on the trust foundation platform and issue the key pair to the server through the cloud resource management platform without purchasing CA organization digital certificates, thereby reducing the enterprise cost and solving the trust gap and trust island problems between cross-domain servers or terminal devices.
Fig. 6 is another schematic structural diagram of a data transmission device provided in the present application, where the device is adapted to perform the data transmission method provided in the present application and is applied to a trust base platform. As shown in fig. 6, the apparatus may specifically include:
a first receiving module 501, configured to receive a registration request sent by a cloud resource management platform;
the calculating module 502 is configured to calculate a key pair corresponding to each server according to the unique identifier corresponding to each server and the public parameter stored in advance;
the first sending module 503 is configured to send the key pairs corresponding to each server to the cloud resource management platform, so that the cloud resource management platform issues the key pairs corresponding to each server, and each server uses the key pairs corresponding to each server to transmit the content to be sent to the target server.
In one embodiment, the computing module 502 is specifically configured to:
respectively extracting a first public parameter corresponding to the private key and a second public parameter corresponding to the public key from the public parameters;
calculating private keys corresponding to the servers according to the unique identifiers corresponding to the servers and the first public parameters;
calculating public keys corresponding to the servers according to the unique identifiers corresponding to the servers and the second public parameters;
And forming the private key and the public key into key pairs corresponding to the servers.
In an embodiment, the calculating module 502 specifically includes:
randomly generating one or more random numbers larger than 0 as a main private key corresponding to each server;
and calculating the private key corresponding to each server according to the main private key corresponding to each server, the unique identifier corresponding to each server and the first public parameter.
In an embodiment, the calculating module 502 specifically includes:
and calculating the public key corresponding to each server according to the main private key corresponding to each server, the unique identifier corresponding to each server and the second public parameter.
The device can receive the registration request sent by the cloud resource management platform; calculating key pairs corresponding to the servers according to the unique identifiers corresponding to the servers and public parameters stored in advance; and sending the key pairs corresponding to the servers to the cloud resource management platform, so that the cloud resource management platform sends the key pairs corresponding to the servers, and the servers transmit the content to be sent to the target server by using the key pairs corresponding to the servers. The method and the device can complete the generation of the key pair on the trust foundation platform and issue the key pair to the server through the cloud resource management platform without purchasing CA organization digital certificates, thereby reducing the enterprise cost and solving the trust gap and trust island problems between cross-domain servers or terminal devices.
Fig. 7 is a schematic structural diagram of another data transmission device provided in the present application, where the device is adapted to perform the data transmission method provided in the present application and is applied to the first server. As shown in fig. 7, the apparatus may specifically include:
the second receiving module 601 is configured to receive a key pair corresponding to the first server issued by the cloud resource management platform, where the key pair corresponding to the first server is generated by the trust base platform in response to a registration request of the cloud resource management platform and issued to the cloud resource management platform;
a signature module 602, configured to sign the content to be sent of the first server by using a private key corresponding to the first server, so as to obtain the content to be sent after the first server signs;
and a second sending module 603, configured to transmit the public key corresponding to the first server and the content to be sent after the signature of the first server to a second server, so that the second server uses the public key corresponding to the first server to authenticate the content to be sent after the signature of the first server.
In one embodiment, the apparatus further comprises:
the third receiving module is used for receiving the public key corresponding to the third server and the content to be sent of the third server, which are sent by the third server;
And the authentication module is used for authenticating the signed content to be sent of the third server by using the public key corresponding to the third server.
The device can receive the key pair corresponding to the first server issued by the cloud resource management platform, and the key pair corresponding to the first server is generated by the trust foundation platform in response to the registration request of the cloud resource management platform and issued to the cloud resource management platform; signing the content to be sent of the first server by using a private key corresponding to the first server to obtain the content to be sent after the signature of the first server; and transmitting the public key corresponding to the first server and the content to be transmitted after the signature of the first server to a second server, so that the second server authenticates the content to be transmitted after the signature of the first server by using the public key corresponding to the first server. The method and the device can complete the generation of the key pair on the trust foundation platform and issue the key pair to the server through the cloud resource management platform without purchasing CA organization digital certificates, thereby reducing the enterprise cost and solving the trust gap and trust island problems between cross-domain servers or terminal devices.
The application also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the data transmission method provided by any one of the embodiments when executing the program.
The present application also provides a computer readable medium having stored thereon a computer program which when executed by a processor implements the data transmission method provided by any of the above embodiments.
Referring now to FIG. 8, a schematic diagram of a computer system 700 suitable for use in implementing the electronic device of the present application is shown. The electronic device shown in fig. 8 is only an example and should not impose any limitation on the functionality and scope of use of the present application.
As shown in fig. 8, the computer system 700 includes a Central Processing Unit (CPU) 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data required for the operation of the system 700 are also stored. The CPU 701, ROM 702, and RAM 703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input section 706 including a keyboard, a mouse, and the like; an output portion 707 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments disclosed herein include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. The above-described functions defined in the system of the present application are performed when the computer program is executed by a Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules and/or units referred to in this application may be implemented in software or hardware. The described modules and/or units may also be provided in a processor, e.g., may be described as: a processor is applied to a cloud resource management platform and comprises a request module, a response receiving module and a key pair issuing module. Alternatively, it can be described as: a processor is applied to a trust foundation platform and comprises a first receiving module, a calculating module and a first sending module. Alternatively, it can be described as: a processor is applied to a first server and comprises a second receiving module, a signing module and a second sending module. The names of these modules do not constitute a limitation on the module itself in some cases.
As another aspect, the present application also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to include:
sending a registration request to a trust foundation platform; the registration request at least comprises unique identifiers corresponding to one or more servers; receiving key pairs corresponding to each server sent by a trust foundation platform in response to a registration request; wherein the key pair comprises a private key and a public key; and sending the key pairs corresponding to the servers, so that the servers use the corresponding key pairs to transmit the content to be sent to the target server.
Or the computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise:
receiving a registration request sent by a cloud resource management platform; calculating key pairs corresponding to the servers according to the unique identifiers corresponding to the servers and public parameters stored in advance; and sending the key pairs corresponding to the servers to the cloud resource management platform, so that the cloud resource management platform sends the key pairs corresponding to the servers, and the servers transmit the content to be sent to the target server by using the key pairs corresponding to the servers.
Or the computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise:
receiving a key pair corresponding to a first server issued by a cloud resource management platform; the key pair corresponding to the first server is generated by the trust foundation platform in response to a registration request of the cloud resource management platform and is issued to the cloud resource management platform; signing the content to be sent of the first server by using a private key corresponding to the first server to obtain the content to be sent after the signature of the first server; and transmitting the public key corresponding to the first server and the content to be transmitted after the signature of the first server to a second server, so that the second server authenticates the content to be transmitted after the signature of the first server by using the public key corresponding to the first server.
According to the technical scheme of the application, a registration request is sent to a trust foundation platform; the registration request at least comprises unique identifiers corresponding to one or more servers; receiving key pairs corresponding to each server sent by a trust foundation platform in response to a registration request; wherein the key pair comprises a private key and a public key; and sending the key pairs corresponding to the servers, so that the servers use the corresponding key pairs to transmit the content to be sent to the target server. The method and the device can complete the generation of the key pair on the trust foundation platform and issue the key pair to the server through the cloud resource management platform without purchasing CA organization digital certificates, thereby reducing the enterprise cost and solving the trust gap and trust island problems between cross-domain servers or terminal devices.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present application may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solutions of the present application are achieved, and the present application is not limited herein.
The above embodiments do not limit the scope of the application. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present application are intended to be included within the scope of the present application.

Claims (12)

1. A data transmission method, characterized in that it is applied to a cloud resource management platform, the method comprising:
sending a registration request to a trust foundation platform; wherein, the registration request at least comprises unique identifiers corresponding to one or more servers;
receiving key pairs corresponding to all servers sent by the trust foundation platform in response to the registration request; wherein the key pair comprises a private key and a public key;
And sending the key pairs corresponding to the servers, so that the servers use the corresponding key pairs to transmit the content to be sent to the target server.
2. A method of data transmission, for application to a trust base platform, the method comprising:
receiving a registration request sent by a cloud resource management platform;
calculating key pairs corresponding to the servers according to the unique identifiers corresponding to the servers and public parameters stored in advance;
and sending the key pairs corresponding to the servers to the cloud resource management platform, so that the cloud resource management platform sends the key pairs corresponding to the servers, and the servers transmit the content to be sent to the target server by using the key pairs corresponding to the servers.
3. The method according to claim 2, wherein calculating the key pair corresponding to each server based on the unique identifier corresponding to each server and the pre-stored public parameter, comprises:
respectively extracting a first public parameter corresponding to the private key and a second public parameter corresponding to the public key from the public parameters;
calculating private keys corresponding to the servers according to the unique identifiers corresponding to the servers and the first public parameters;
Calculating public keys corresponding to the servers according to the unique identifiers corresponding to the servers and the second public parameters;
and forming the private key and the public key into key pairs corresponding to the servers.
4. A method according to claim 3, wherein calculating the private key corresponding to each server from the unique identifier corresponding to each server and the first public parameter comprises:
randomly generating one or more random numbers larger than 0 as a main private key corresponding to each server;
and calculating the private key corresponding to each server according to the main private key corresponding to each server, the unique identifier corresponding to each server and the first public parameter.
5. The method of claim 4, wherein computing the public key corresponding to each server based on the unique identification corresponding to each server and the second public parameter comprises:
and calculating the public key corresponding to each server according to the main private key corresponding to each server, the unique identifier corresponding to each server and the second public parameter.
6. A data transmission method, applied to a first server, comprising:
receiving a key pair corresponding to the first server issued by a cloud resource management platform; the key pair corresponding to the first server is generated by a trust foundation platform in response to a registration request of a cloud resource management platform and is issued to the cloud resource management platform;
Signing the content to be sent of the first server by using a private key corresponding to the first server to obtain the content to be sent after the first server is signed;
and transmitting the public key corresponding to the first server and the content to be transmitted after the signature of the first server to a second server, so that the second server authenticates the content to be transmitted after the signature of the first server by using the public key corresponding to the first server.
7. The method of claim 6, wherein the method further comprises:
receiving a public key corresponding to a third server and content to be transmitted of the third server, wherein the public key corresponds to the third server and is transmitted by the third server;
and authenticating the signed content to be sent of the third server by using the public key corresponding to the third server.
8. A data transmission device, applied to a cloud resource management platform, the device comprising:
the request module is used for sending a registration request to the trust foundation platform;
the response receiving module is used for receiving a response message returned by the trust foundation platform; wherein, the response message at least comprises one or more key pairs corresponding to the server;
And the key pair issuing module is used for sending the key pairs corresponding to the one or more servers to each server, so that each server uses the corresponding key pairs to transmit the content to be sent to the target server.
9. A data transmission apparatus for use with a trust base platform, the apparatus comprising:
the first receiving module is used for receiving a registration request sent by the cloud resource management platform;
the computing module is used for computing key pairs corresponding to the servers according to the unique identifiers corresponding to the servers and the public parameters stored in advance;
the first sending module is used for sending the key pairs corresponding to the servers to the cloud resource management platform, so that the cloud resource management platform sends the key pairs corresponding to the servers, and the servers transmit the content to be sent to the target server by using the key pairs corresponding to the servers.
10. A data transmission apparatus for use with a first server, the apparatus comprising:
the second receiving module is used for receiving a key pair corresponding to the first server issued by the cloud resource management platform, wherein the key pair corresponding to the first server is generated by the trust foundation platform in response to a registration request of the cloud resource management platform and issued to the cloud resource management platform;
The signing module is used for signing the content to be sent of the first server by using the private key corresponding to the first server to obtain the content to be sent after the first server signs;
and the second sending module is used for transmitting the public key corresponding to the first server and the content to be sent after the signature of the first server to a second server, so that the second server uses the public key corresponding to the first server to authenticate the content to be sent after the signature of the first server.
11. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the data transmission method according to claim 1 when executing the program, or the processor implements the data transmission method according to any of claims 2 to 5 when executing the program, or the processor implements the data transmission method according to any of claims 6 to 7 when executing the program.
12. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when executed by a processor, implements the data transmission method according to claim 1, or the program, when executed by a processor, implements the data transmission method according to any one of claims 2 to 5, or the program, when executed by a processor, implements the data transmission method according to any one of claims 6 to 7.
CN202310320330.8A 2023-03-28 2023-03-28 Data transmission method, device, electronic equipment and storage medium Pending CN116346469A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310320330.8A CN116346469A (en) 2023-03-28 2023-03-28 Data transmission method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310320330.8A CN116346469A (en) 2023-03-28 2023-03-28 Data transmission method, device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116346469A true CN116346469A (en) 2023-06-27

Family

ID=86892683

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310320330.8A Pending CN116346469A (en) 2023-03-28 2023-03-28 Data transmission method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116346469A (en)

Similar Documents

Publication Publication Date Title
CN110958118B (en) Certificate authentication management method, device, equipment and computer readable storage medium
CN109005538B (en) Message authentication method between unmanned vehicle and multi-mobile-edge computing server
CN108769230B (en) Transaction data storage method, device, server and storage medium
CN108173659B (en) Certificate management method and system based on UKEY equipment and terminal equipment
EP2391083A1 (en) Method for realizing authentication center and authentication system
CN109660534B (en) Multi-merchant-based security authentication method and device, electronic equipment and storage medium
CN114978635B (en) Cross-domain authentication method and device, user registration method and device
CN108683506B (en) Digital certificate application method, system, fog node and certificate authority
CN113193961B (en) Digital certificate management method and device
CN112311779B (en) Data access control method and device applied to block chain system
CN111814131B (en) Method and device for equipment registration and configuration management
CN113206746B (en) Digital certificate management method and device
CN111050326B (en) Block chain-based short message verification method, device, equipment and medium
CN115879074B (en) Identity authentication method, device and system based on blockchain
CN115766294B (en) Cloud server resource authentication processing method, device, equipment and storage medium
CN111787044A (en) Internet of things terminal platform
CN114880397B (en) Decentralised data storage method and device, computer medium and electronic equipment
CN113179169B (en) Digital certificate management method and device
CN113206738B (en) Digital certificate management method and device
CN113206745B (en) Digital certificate management method and device
CN116346469A (en) Data transmission method, device, electronic equipment and storage medium
CN115150072A (en) Cloud network issuing authentication method, equipment, device and storage medium
CN109639409B (en) Key initialization method, key initialization device, electronic equipment and computer-readable storage medium
CN114567443A (en) Block chain-based electronic contract signing method and device
CN111294315B (en) Block chain-based security authentication method, block chain-based security authentication device, block chain-based security authentication equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination