CN116366261A

CN116366261A - Data processing method, user side, service platform, trusted hardware and system

Info

Publication number: CN116366261A
Application number: CN202310395400.6A
Authority: CN
Inventors: 张磊; 朱泽雨; 周晨程; 原超; 邢志远; 鲁华林; 孙英男; 王炜煜
Original assignee: Shanghai Encryption Native Technology Co ltd
Current assignee: Shanghai Encryption Native Technology Co ltd
Priority date: 2023-04-12
Filing date: 2023-04-12
Publication date: 2023-06-30

Abstract

The embodiment of the invention discloses a data processing method, a user side, a service platform, trusted hardware and a system. The method comprises the following steps: the user side generates a random number seed and sends the random number seed to the service platform; the service platform transmits the random number seeds into the trusted hardware; the trusted hardware signs the random number seed by using a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed; the trusted hardware or service platform generates a random number based on the digital signature. By adopting the scheme, the whole process control of the platform on random number generation can be avoided, the fairness of random number generation is ensured, the random number cannot be predicted by the user side and the service platform, and the unpredictability of the random number is ensured.

Description

Data processing method, user side, service platform, trusted hardware and system

Technical Field

The embodiment of the invention relates to the technical field of data processing, in particular to a data processing method, a user side, a service platform, trusted hardware and a system.

Background

With the continuous development of science and technology and society, the appearance of various internet services greatly enriches the work and life of people. Some internet services rely on random number generation in the service providing process, for example, some benefit extraction services need to generate random numbers to realize user benefit extraction, and the like.

The current common random number generation method is that a service platform generates random numbers through corresponding random number functions, however, the random numbers generated by the method can be predicted, random number results are easy to be controlled by platform personnel, and the fairness of the random numbers is not enough.

Disclosure of Invention

In view of the technical problems that a random number can be predicted and a random number result is easy to be controlled by a platform in the prior art, embodiments of the present invention are provided to provide a data processing method, a user side, a service platform, trusted hardware and a system for overcoming or at least partially solving the problems.

According to a first aspect of an embodiment of the present invention, there is provided a data processing method, the method including:

the method comprises the steps that a user side generates a random number seed and sends the random number seed to a service platform;

the service platform transmits the random number seeds into trusted hardware;

the trusted hardware signs the random number seed by utilizing a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed;

the trusted hardware or the service platform generates a random number based on the digital signature.

In an alternative embodiment, the generating the random number seed further includes: and acquiring user-defined data input by a user, and generating a random number seed according to the user-defined data.

In an alternative embodiment, the generating the random number seed further includes: acquiring user-defined data input by a user and the number of times of acquiring a random number seed which is currently generated by a user side;

and generating a random number seed according to the custom data and the times.

In an alternative embodiment, the generating the random number seed further includes: acquiring user-defined data input by a user, acquiring the number of times of random number seeds generated by the user at present, and acquiring identification information corresponding to the user;

and generating a random number seed according to the custom data, the times and the identification information.

In an alternative embodiment, after said sending the random number seed to the service platform, the method further comprises: the service platform checks the generation mode of the random number seeds;

the service platform transmitting the random number seed into trusted hardware further comprises: the service platform transmits the random number seeds which pass the verification of the generation mode into the trusted hardware.

In an alternative embodiment, after said sending the random number seed to the service platform, the method further comprises: the service platform performs uniqueness verification on the random number seeds;

the service platform transmitting the random number seed into trusted hardware further comprises: the service platform transmits the random number seeds which pass the uniqueness verification into the trusted hardware.

In an alternative embodiment, the generating a random number based on the digital signature further includes:

and carrying out hash operation on the digital signature to obtain the random number.

In an optional embodiment, after the user terminal generates the random number seed, the method further includes: the user encrypts the random number seed by utilizing a public key corresponding to a private key derived from the trusted hardware to obtain an encrypted random number seed;

said sending the random number seed to a service platform further comprises: sending the encrypted random number seed to a service platform;

the service platform transmitting the random number seed into trusted hardware further comprises: the service platform transmits the encrypted random number seeds into trusted hardware;

Before the trusted hardware signs the random number seed by using a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed, the method further includes: the trusted hardware decrypts the encrypted random number seed by using a private key derived from the trusted hardware, and restores the random number seed.

In an alternative embodiment, after the generating of the random number, the method further comprises:

the service platform stores the random number seed, the digital signature, the random number and/or a public key corresponding to the private key into a blockchain;

the user terminal initiates a random number verification request; wherein, the random number verification request carries a random number;

and searching storage information matched with the random number in the random number verification request by the blockchain, and verifying the random number in the random number verification request by using the storage information.

In an alternative embodiment, the matched stored information includes a digital signature and a public key corresponding to the private key;

said verifying the random number in the random number verification request using the stored information further comprises: and carrying out signature verification on the digital signature by using the public key, and obtaining a random number verification result according to the signature verification result.

In an alternative embodiment, the matched stored information includes a digital signature;

said verifying the random number in the random number verification request using the stored information further comprises: and carrying out hash operation on the digital signature to obtain a hash operation result value, comparing the hash operation result value with the random number in the random number verification request, and obtaining a random number verification result according to the comparison result.

According to a second aspect of an embodiment of the present invention, there is provided a data processing method, the method being performed at a user side, the method including:

generating a random number seed;

and sending the random number seed to a service platform, so that the service platform transmits the random number seed into trusted hardware, the trusted hardware signs the random number seed by using a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed, and the trusted hardware or the service platform generates a random number based on the digital signature.

and generating a random number seed according to the custom data and the times.

In an alternative embodiment, the generating the random number seed further includes:

acquiring user-defined data input by a user, acquiring the number of times of random number seeds generated by the user at present, and acquiring identification information corresponding to the user;

In an alternative embodiment, the method further comprises: encrypting the random number seed by using a public key corresponding to a private key derived from the trusted hardware to obtain an encrypted random number seed;

said sending the random number seed to a service platform further comprises: and sending the encrypted random number seed to a service platform.

In an alternative embodiment, the method further comprises: and initiating a random number verification request, wherein the random number verification request carries a random number for verifying the random number in the random number verification request.

According to a third aspect of the embodiment of the present invention, there is provided a data processing method, the method being performed on a service platform side, the method including:

receiving a random number seed generated by a user terminal;

transmitting the random number seed into trusted hardware, so that the trusted hardware can sign the random number seed by utilizing a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed;

a random number is generated based on the digital signature.

In an alternative embodiment, the method further comprises: checking the generation mode of the random number seeds;

said step of seeding said random number into trusted hardware further comprises: and transmitting the random number seeds which pass the verification of the generation mode into the trusted hardware.

In an alternative embodiment, the method further comprises: carrying out uniqueness check on the random number seeds;

said step of seeding said random number into trusted hardware further comprises: and transmitting the random number seeds passing the uniqueness verification into trusted hardware.

In an alternative embodiment, the method further comprises: and storing the random number seed, the digital signature, the random number and/or a public key corresponding to the private key into a blockchain.

According to a fourth aspect of an embodiment of the present invention, there is provided a data processing method, the method being performed on a trusted hardware side, the method including:

receiving a random number seed transmitted by a service platform; wherein, the random number seed is generated by a user terminal;

signing the random number seed by utilizing a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed;

a random number is generated based on the digital signature.

In an alternative embodiment, before the signing the random number seed with the private key derived from the trusted hardware to obtain the digital signature corresponding to the random number seed, the method further includes: and decrypting the encrypted random number seed by using a private key derived from the trusted hardware, and restoring the random number seed.

According to a fifth aspect of an embodiment of the present invention, there is provided a data processing system, the system comprising:

the user terminal is used for generating a random number seed and sending the random number seed to the service platform;

the service platform is used for transmitting the random number seeds into the trusted hardware;

the trusted hardware is used for signing the random number seed by utilizing a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed;

wherein the service platform or trusted hardware generates a random number based on the digital signature.

In an alternative embodiment, the user side is configured to: and acquiring user-defined data input by a user, and generating a random number seed according to the user-defined data.

In an alternative embodiment, the user side is configured to: acquiring user-defined data input by a user and the number of times of acquiring a random number seed which is currently generated by a user side;

and generating a random number seed according to the custom data and the times.

In an alternative embodiment, the user side is configured to: acquiring user-defined data input by a user, acquiring the number of times of random number seeds generated by the user at present, and acquiring identification information corresponding to the user;

In an alternative embodiment, the service platform is configured to: and checking the generation mode of the random number seeds, and transmitting the random number seeds which pass the generation mode checking into the trusted hardware.

In an alternative embodiment, the service platform is configured to: and carrying out the uniqueness check on the random number seeds, and transmitting the random number seeds passing through the uniqueness check into the trusted hardware.

In an alternative embodiment, the service platform or trusted hardware is used to: and carrying out hash operation on the digital signature to obtain the random number.

In an alternative embodiment, the user side is configured to: encrypting the random number seed by utilizing a public key corresponding to a private key derived from the trusted hardware to obtain an encrypted random number seed, and transmitting the encrypted random number seed to a service platform;

the service platform is used for: transmitting the encrypted random number seed into trusted hardware;

trusted hardware is used to: and decrypting the encrypted random number seed by using a private key derived from the trusted hardware, and restoring the random number seed.

In an alternative embodiment, the service platform is configured to: storing the random number seed, the digital signature, the random number and/or a public key corresponding to the private key into a blockchain;

the user terminal is used for: initiating a random number verification request; wherein, the random number verification request carries a random number;

the system also includes a blockchain for searching for stored information matching the random number in the random number verification request, and verifying the random number in the random number verification request using the stored information.

the blockchain is used to: and carrying out signature verification on the digital signature by using the public key, and obtaining a random number verification result according to the signature verification result.

the blockchain is used to: and carrying out hash operation on the digital signature to obtain a hash operation result value, comparing the hash operation result value with the random number in the random number verification request, and obtaining a random number verification result according to the comparison result.

According to a sixth aspect of the embodiment of the present invention, there is provided a client, including:

the generation module is used for generating random number seeds;

the sending module is used for sending the random number seed to a service platform, so that the service platform can transmit the random number seed into trusted hardware, the trusted hardware can sign the random number seed by utilizing a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed, and the trusted hardware or the service platform can generate a random number based on the digital signature.

In an alternative embodiment, the generating module is configured to: and acquiring user-defined data input by a user, and generating a random number seed according to the user-defined data.

In an alternative embodiment, the generating module is configured to: acquiring user-defined data input by a user and the number of times of acquiring a random number seed which is currently generated by a user side;

and generating a random number seed according to the custom data and the times.

In an alternative embodiment, the generating module is configured to: acquiring user-defined data input by a user, acquiring the number of times of random number seeds generated by the user at present, and acquiring identification information corresponding to the user;

In an alternative embodiment, the client further includes: the encryption module is used for encrypting the random number seed by utilizing a public key corresponding to a private key derived from the trusted hardware to obtain an encrypted random number seed;

the sending module is used for: and sending the encrypted random number seed to a service platform.

In an alternative embodiment, the sending module is configured to: and initiating a random number verification request, wherein the random number verification request carries a random number for verifying the random number in the random number verification request.

According to a seventh aspect of an embodiment of the present invention, there is provided a service platform, including:

the receiving module is used for receiving the random number seeds generated by the user side;

the input module is used for inputting the random number seed into the trusted hardware so that the trusted hardware can obtain a digital signature corresponding to the random number seed after signing the random number seed by utilizing a private key derived from the trusted hardware;

and the generation module is used for generating random numbers based on the digital signature.

In an alternative embodiment, the service platform further comprises: the verification module is used for verifying the generation mode of the random number seeds;

the incoming module is used for: and transmitting the random number seeds which pass the verification of the generation mode into the trusted hardware.

In an alternative embodiment, the service platform further comprises: the verification module is used for carrying out uniqueness verification on the random number seeds;

the incoming module is used for: and transmitting the random number seeds passing the uniqueness verification into trusted hardware.

In an alternative embodiment, the generating module is configured to: and carrying out hash operation on the digital signature to obtain the random number.

In an alternative embodiment, the service platform further comprises: and the storage module is used for storing the random number seed, the digital signature, the random number and/or the public key corresponding to the private key into a blockchain.

According to an eighth aspect of an embodiment of the present invention, there is provided trusted hardware comprising:

the receiving module is used for receiving the random number seeds transmitted by the service platform; wherein, the random number seed is generated by a user terminal;

the signature module is used for signing the random number seed by utilizing a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed;

In an alternative embodiment, the trusted hardware further comprises: and the decryption module is used for decrypting the encrypted random number seed by utilizing a private key derived from the trusted hardware and restoring the random number seed.

According to a ninth aspect of embodiments of the present invention, there is provided a computing device comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;

the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the data processing method.

According to a tenth aspect of the embodiments of the present invention, there is provided a computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the above-described data processing method.

According to the embodiment of the invention, the random seed is provided by the user side, so that on one hand, the whole process control of the platform on the random number generation is avoided, the fairness of the random number generation is ensured, and on the other hand, the user side can verify based on the random number seed conveniently, and the verification of the random number is realized; and the trusted hardware signs the random number seed by using the private key to obtain a digital signature, and generates the random number based on the digital signature, so that the security of the random number is ensured, the global control of the platform on the random number generation process and collusion between a user and the platform are avoided, the fairness of the random number generation is ensured, the random number cannot be predicted by the user side and the service platform, and the unpredictability of the random number is ensured.

The embodiment of the invention acquires the user-defined data input by the user, and generates the random number seed according to the user-defined data, thereby ensuring that the platform cannot predict the random number seed.

According to the embodiment of the invention, the random number seeds are generated according to the custom data and the number of times of the random number seeds which are currently generated by the user terminal, and the uniqueness of the random number seeds is further ensured on the basis that the platform cannot predict the random number seeds.

The embodiment of the invention generates the random number seeds according to the user-defined data, the times of the random number seeds generated by the user terminal at present and the identification information, thereby further guaranteeing the uniqueness of the random number seeds.

In the embodiment of the invention, the service platform checks the generation mode of the random number seeds, and the random number seeds which pass the check of the generation mode are transmitted into the trusted hardware, so that the uniqueness of the generated random number is ensured. In the embodiment of the invention, the service platform performs the uniqueness check on the random number seeds, thereby guaranteeing the uniqueness of the generated random numbers.

According to the embodiment of the invention, the random number is obtained after the hash operation is carried out on the digital signature, so that the uniformity of the generated random number is improved.

In the embodiment of the invention, the user terminal encrypts the random number seed by using the public key corresponding to the private key derived from the trusted hardware to obtain the encrypted random number seed, and the trusted hardware decrypts the encrypted random number seed by using the private key derived from the trusted hardware to restore the random number seed, thereby preventing the random number seed from being tampered.

According to the embodiment of the invention, the service platform stores the random number seed, the digital signature, the random number and/or the public key corresponding to the private key into the blockchain, so that the security of the random number related data is ensured; and the accuracy of random number verification is convenient to improve.

The embodiment of the invention utilizes the public key to carry out signature verification on the digital signature, and obtains a random number verification result according to the signature verification result, thereby determining whether the digital signature is generated by trusted hardware; and carrying out hash operation on the digital signature to obtain a hash operation result value, comparing the hash operation result value with the random number in the random number verification request, and obtaining a random number verification result according to the comparison result, thereby detecting whether tampering occurs in the process of converting the data signature into the random number.

The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and may be implemented according to the content of the specification, so that the technical means of the embodiments of the present invention can be more clearly understood, and the following specific implementation of the embodiments of the present invention will be more apparent.

Drawings

Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:

Fig. 1 is a schematic flow chart of a first data processing method according to an embodiment of the present invention;

FIG. 2 is a schematic flow chart of a second data processing method according to an embodiment of the present invention;

fig. 3 is a schematic flow chart of a third data processing method according to an embodiment of the present invention;

fig. 4 is a schematic flow chart of a fourth data processing method according to an embodiment of the present invention;

fig. 5 is a schematic flow chart of a fifth data processing method according to an embodiment of the present invention;

FIG. 6 is a flowchart illustrating a sixth data processing method according to an embodiment of the present invention;

FIG. 7 is a schematic diagram of a data processing system according to an embodiment of the present invention;

fig. 8 shows a schematic structural diagram of a client according to an embodiment of the present invention;

fig. 9 shows a schematic structural diagram of a service platform according to an embodiment of the present invention;

FIG. 10 is a schematic diagram of the structure of trusted hardware according to an embodiment of the present invention;

FIG. 11 illustrates a schematic diagram of a computing device provided by an embodiment of the present invention.

Detailed Description

Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that embodiments of the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the embodiments to those skilled in the art.

Fig. 1 shows a flowchart of a first data processing method according to an embodiment of the present invention. The data processing method provided in this embodiment may be executed by a preset data processing system. Specifically, the embodiment of the invention provides a random number generation method.

As shown in fig. 1, the method comprises the steps of:

in step S110, the user terminal generates a random number seed.

The user terminal is a service object terminal corresponding to a random number dependent service, and the random number dependent service refers to an internet service of which the service operation needs to depend on a random number. For example, if the random number dependent service is a benefit extraction service, the ue is a ue that enjoys the benefit extraction service.

The user terminal generates a Random number Seed, which is also called as a Random Seed and Random Seed, and is the basis for generating the Random number subsequently. In the embodiment of the invention, the user terminal generates the random number seed, and the random number generated based on the random number seed is used for serving the user terminal. By adopting the mode, on one hand, the user can verify the random number according to the random number seed, and on the other hand, the whole process control of the service platform on the random number generation process is avoided, so that the fairness of the random number is improved.

In an optional embodiment, in order to avoid the prediction of the random number seed by the service platform and ensure fairness of the random number generated subsequently, the embodiment obtains user-defined data input by a user, and generates the random number seed according to the user-defined data. The content of the custom data is not limited in this embodiment, and the custom data is input by the user, so that the service platform can avoid predicting the random number seed. Optionally, when the user side detects the request for generating the random number, a corresponding input entry is presented in the user side, and the user can input the custom data through the input entry.

Further optionally, in order to ensure the uniqueness of the generated random number seed, the user side may specifically generate the random number seed by: and acquiring user-defined data input by a user and the number of times of acquiring the random number seeds which are currently generated by the user terminal, and generating the random number seeds according to the user-defined data and the number of times. The total number of the random number seeds generated by the user terminal at present can be used as the number of the random number seeds generated by the user terminal at present; or, the number of times of the random number seed currently generated by the user terminal and used for the target random number dependent service can be used as the number of times of the random number seed currently generated by the user terminal. For example, if the generated random number seed is used for the member reward extraction service, the number of times the random number seed for the member reward extraction service is currently generated by the user terminal is used as the number of times the random number seed is currently generated by the user terminal. The difference between the number of times and the number of times the current ue requests to generate a random number is 1, for example, if the number of times is 1, the number of times the current ue requests to generate a random number is 2. When the random number seeds are generated according to the custom data and the times, the random number seeds can be obtained after the custom data and the times are spliced.

Further optionally, to further ensure the uniqueness of the generated random number seed, the user side may specifically generate the random number seed by: acquiring user-defined data input by a user, acquiring the number of times of random number seeds generated by the user at present, acquiring identification information corresponding to the user, and generating the random number seeds according to the user-defined data, the number of times and the identification information. The identification information corresponding to the user side includes, but is not limited to: user identification, service platform identification, and/or service identification of a target random number dependent service to which the random number seed is applied. When the random number seeds are generated according to the self-defined data, the times and the identification information, the random number seeds can be obtained after the self-defined data, the times and the identification information are spliced. For example, the "custom data" + "times" + "service platform ID" + "service ID" + "user ID" may be used as a random number seed.

In step S120, the user side sends the random number seed to the service platform.

The service platform is a platform for providing the random number dependent service to the client, for example, if the random number dependent service is a benefit extraction service, the service platform is a platform for providing the benefit extraction service.

In step S130, the service platform transmits the random number seed into the trusted hardware.

In order to further reduce the control degree of the service platform on the random number and improve the fairness of the random number, the service platform in the embodiment of the invention does not directly generate the random number based on the random number seed after obtaining the random number seed provided by the user side, but transmits the random number seed into the trusted hardware. The trusted hardware is hardware capable of providing a computer trusted execution environment, and the embodiment of the invention is not limited to the specific type, model and the like of the trusted hardware. The data in the trusted hardware cannot be detected by the outside, so that the safety of the execution environment is ensured.

In an optional implementation manner, in order to ensure the uniqueness of the subsequent random number generation, after obtaining the random number seed provided by the user side, the service platform of the embodiment further checks the random number seed, and then transmits the random number seed into trusted hardware to perform the subsequent random number generation step under the condition that the check is passed; and feeding back corresponding prompt information to the user side under the condition of verification failure. Wherein, one or more of the following verification methods can be adopted:

Check mode one: the service platform checks the generation mode of the random number seeds, and the random number seeds passing the check of the generation mode are transmitted into the trusted hardware. Specifically, if the random number seeds are generated according to a preset mode, checking the generation mode; if the random number seeds are not generated according to the preset mode, the generation mode check is not passed. The preset manner may refer to the random number seed generation manner in step S110, that is, checking whether the random number seed is generated by the user-input user-defined data, the number of times the random number seed is currently generated by the user, and/or the identification information corresponding to the user, and if the random number seed is generated by the user-input user-defined data, the number of times the random number seed is currently generated by the user, and/or the identification information corresponding to the user, checking the generation manner.

And a second checking mode: the service platform performs the uniqueness check on the random number seeds, and the service platform transmits the random number seeds passing the uniqueness check into the trusted hardware. Specifically, the service platform compares the newly generated random number seed with the received random number seed, and if the newly generated random number seed is consistent with a certain received random number seed, the uniqueness check of the newly generated random number seed is determined to be failed; if the newly generated random number seed is inconsistent with each received random number seed, determining that the newly generated random number seed passes the uniqueness check. Further, only the local uniqueness check in the same platform and service can be performed on the random number seed, and the random number seed is transmitted into the trusted hardware under the condition that the local uniqueness check passes. In the process of local uniqueness verification, specifically, determining a target random number dependent service applied by a newly generated random number seed, comparing the newly generated random number seed with a generated random number seed corresponding to the target random number dependent service of the same platform, if the newly generated random number seed is consistent with a certain generated random number seed corresponding to the target random number dependent service, failing the local uniqueness verification, and if the newly generated random number seed is inconsistent with all generated random number seeds corresponding to the target random number dependent service, passing the local uniqueness verification.

And step S140, the trusted hardware signs the random number seed by using a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed.

Deriving a private key and a public key in the trusted hardware, wherein the public key can be derived and sent to the service platform; the private key cannot be derived, the trusted hardware signs the random number seed by using the private key, and the data obtained after the private key signature is carried out on the random number seed is the digital signature corresponding to the random number seed. Because the digital signature is signed by a private key in trusted hardware, the digital signature cannot be predicted by a user terminal and a service platform, and the unpredictability of subsequent random number generation is guaranteed. Optionally, the private key may be reused to save system resources.

In step S150, the trusted hardware or service platform generates a random number based on the digital signature.

After the digital signature is obtained, as an alternative embodiment, a random number may be generated by trusted hardware based on the digital signature. For example, the digital signature may be directly used as the random number, or the corresponding algorithm may be used to process the digital signature and generate the random number. As another alternative, the trusted hardware may send the digital signature to a service platform, which generates a random number based on the digital signature. For example, the digital signature may be directly used as the random number, or the corresponding algorithm may be used to post-process the digital signature to generate the random number.

In an alternative embodiment, in the process of generating the random number based on the digital signature, the random number can be obtained after the digital signature is hashed, and the hash operation can return an input with an unlimited length to an output with a fixed length, so that the uniformity of the generated random number can be improved in the embodiment.

In yet another alternative embodiment, after the random number is generated, the generated random number is fed back to the user side, so that the user side participates in the corresponding random number dependent service.

Therefore, the embodiment of the invention provides the random seed by the user terminal, so that the whole process control of the platform on the random number generation is avoided, the fairness of the random number generation is ensured, and the user terminal can verify based on the random seed conveniently to realize the verification of the random number; and the trusted hardware signs the random number seed by using the private key to obtain a digital signature, and generates the random number based on the digital signature, so that the security of the random number is ensured, the global control of the platform on the random number generation process and collusion between a user and the platform are avoided, the fairness of the random number generation is ensured, the random number cannot be predicted by the user side and the service platform, and the unpredictability of the random number is ensured.

Fig. 2 is a schematic flow chart of a second data processing method according to an embodiment of the present invention. The data processing method provided in this embodiment may be executed by a preset data processing system. Specifically, the embodiment of the invention provides a random number generation method.

As shown in fig. 2, the method comprises the steps of:

step S210, the user terminal generates a random number seed, encrypts the random number seed by using a public key corresponding to a private key derived from the trusted hardware, and then obtains an encrypted random number seed.

After deriving the private key and the corresponding public key in the trusted hardware, the public key can be exported to the service platform, and the public key is provided to the user terminal through the service platform. The user terminal encrypts the random number seed by using the public key after generating the random number seed, and the encrypted data is the encrypted random number seed. The random number seed generation method may refer to descriptions in other method embodiments, and is not described herein.

Step S220, the user side sends the encrypted random number seed to the service platform.

Because the random number seeds generated by the user side are encrypted by the public key, the service platform cannot obtain the original random number seeds of the user side, so that the random number seeds are prevented from being tampered, and the accuracy and the safety of the random number generation are ensured.

In step S230, the service platform transmits the encrypted random number seed into the trusted hardware.

In step S240, the trusted hardware decrypts the encrypted random number seed by using the derived private key in the trusted hardware, restores the random number seed, and signs the random number seed by using the derived private key in the trusted hardware to obtain the digital signature corresponding to the random number seed.

The trusted hardware decrypts the encrypted random number seed by using the private key, so that the random number seed generated by the user terminal is restored, and the digital signature corresponding to the random number seed is obtained after the random number seed is signed by using the private key.

In step S250, the trusted hardware or service platform generates a random number based on the digital signature.

The specific process of random number generation in this step may refer to descriptions in other method embodiments, and will not be described herein.

Therefore, in the embodiment of the invention, the user side encrypts the random number seed by using the public key to obtain the encrypted random number seed, the encrypted random number seed is transmitted into the trusted hardware through the service platform, and the trusted hardware decrypts the random number seed by using the private key to restore the random number seed, so that the random number seed is prevented from being tampered, and the accuracy and the safety of the generated random number are ensured.

Fig. 3 is a schematic flow chart of a third data processing method according to an embodiment of the present invention. The data processing method provided in this embodiment may be executed by a preset data processing system. Specifically, the embodiment of the invention provides a random number verification method. The present embodiment is specifically executed after the generation of the random number, and the random number generation process may refer to descriptions in other method embodiments, which are not described herein.

As shown in fig. 3, the method comprises the steps of:

in step S310, the service platform stores the random number seed, the digital signature, the random number, and/or the public key corresponding to the private key in the blockchain.

Specifically, if the service platform generates a random number based on the digital signature, the trusted hardware sends the digital signature and a public key corresponding to the private key to the service platform, and the service platform generates the random number based on the digital signature and stores the random number seed, the digital signature, the random number and/or the public key corresponding to the private key into the blockchain; if the trusted hardware generates the random number based on the digital signature, the trusted hardware sends the digital signature, the random number and the public key corresponding to the private key to the service platform, and the service platform generates the random number based on the digital signature and stores the random number seed, the digital signature, the random number and/or the public key corresponding to the private key to the blockchain. By storing the random number seed, the digital signature, the random number and/or the public key corresponding to the private key in the blockchain, the data in the random number generation process can be prevented from being tampered, and the security of the random number generation process and the accuracy of subsequent random number verification are improved. Specifically, during the storing process, a random number seed, a digital signature, a random number, and/or a public key corresponding to a private key may be stored into the blockchain based on the blockchain smart contract.

Step S320, a user initiates a random number verification request; wherein the random number verification request carries a random number.

After receiving the generated random number, the user terminal can initiate a random number verification request to determine the authenticity of the generated random number. The random number verification request carries a random number to be verified.

Step S330, the block chain searches the storage information matched with the random number in the random number verification request, and verifies the random number in the random number verification request by using the storage information.

After the public key corresponding to the random number seed, the digital signature, the random number, and/or the private key is stored in the blockchain, the public key corresponding to the random number seed, the digital signature, the random number, and/or the private key is the stored information associated with the random number in the blockchain. After receiving a random number verification request initiated by a user terminal, a logic processing module (such as an intelligent contract) in the blockchain analyzes the random number carried by the random number verification request, and obtains storage information matched with the random number in the random number verification request by searching data stored in the blockchain. The matched stored information includes: a random number seed corresponding to the random number in the random number verification request, a digital signature, and/or a public key corresponding to the private key, and the like.

Further, the random number in the random number verification request is verified by using the stored information matched with the random number, and a verification result is obtained.

In an alternative verification mode, the matched stored information includes a digital signature and a public key corresponding to the private key, and then the public key is used for carrying out signature verification on the digital signature, and a random number verification result is obtained according to the signature verification result, so that whether the digital signature in the random number is generated by trusted hardware is verified. If the signature verification is passed, the digital signature in the random number is generated by the trusted hardware, and the random number verification is successful; if the signature verification is not passed, the digital signature in the random number is not generated by the trusted hardware, and the random number verification is unsuccessful.

In yet another alternative verification mode, the matched stored information includes a digital signature, a hash operation result value is obtained after the digital signature is subjected to hash operation, the hash operation result value is compared with a random number in a random number verification request, and a random number verification result is obtained according to the comparison result, so that whether the random number is obtained from the digital signature through hash operation is verified, and whether the random number is tampered in the process of obtaining the random number from the digital signature is determined. Specifically, if the hash operation result value is consistent with the random number in the random number verification request, the random number verification is successful; if the hash result value is inconsistent with the random number in the random number verification request, the random number verification fails.

In step S340, the blockchain feeds the verification result back to the client.

Therefore, in the embodiment of the invention, the user terminal can initiate a random number verification request and realize verification of the generated random number; and the data associated with the random number generation is stored in the blockchain, so that the data associated with the random number generation is prevented from being tampered, and the accuracy of a random number verification result is further ensured.

Fig. 4 is a schematic flow chart of a fourth data processing method according to an embodiment of the present invention. The data processing method provided by the embodiment of the invention is executed at the user side.

As shown in fig. 4, the method includes:

in step S410, a random number seed is generated.

Step S420, the random number seed is sent to the service platform, so that the service platform can transmit the random number seed into the trusted hardware, the trusted hardware can sign the random number seed by utilizing a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed, and the trusted hardware or the service platform can generate the random number based on the digital signature.

and generating a random number seed according to the custom data and the times.

Therefore, the scheme can avoid the whole process control of the platform on the generation of the random number, ensure the fairness of the generation of the random number, ensure the unpredictability of the random number because the random number cannot be predicted by the user side and the service platform.

Fig. 5 is a schematic flow chart of a fifth data processing method according to an embodiment of the present invention. The data processing method provided by the embodiment of the invention is executed on the service platform side.

As shown in fig. 5, the method includes:

step S510, receiving a random number seed generated by the user terminal.

Step S520, the random number seed is transmitted into the trusted hardware, so that the trusted hardware can obtain a digital signature corresponding to the random number seed after signing the random number seed by utilizing a private key derived from the trusted hardware.

Step S530, generating a random number based on the digital signature.

Fig. 6 is a flowchart of a sixth data processing method according to an embodiment of the present invention. The data processing method provided by the embodiment of the invention is executed on a trusted hardware side.

As shown in fig. 6, the method includes:

step S610, receiving a random number seed transmitted by a service platform; wherein, the random number seed is generated by the user terminal.

And step S620, signing the random number seed by utilizing a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed.

Step S630, generating a random number based on the digital signature.

FIG. 7 is a schematic diagram of a data processing system according to an embodiment of the present invention. As shown in fig. 7, the system 700 includes: a client 710, a service platform 720, and trusted hardware 730.

and generating a random number seed according to the custom data and the times.

Fig. 8 shows a schematic structural diagram of a client according to an embodiment of the present invention. As shown in fig. 8, the client 710 includes: the generation module 711 and the transmission module 712.

A generation module 711 for generating a random number seed;

and the sending module 712 is configured to send the random number seed to a service platform, so that the service platform transmits the random number seed into trusted hardware, the trusted hardware signs the random number seed by using a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed, and the trusted hardware or the service platform generates a random number based on the digital signature.

and generating a random number seed according to the custom data and the times.

Fig. 9 shows a schematic structural diagram of a service platform according to an embodiment of the present invention. As shown in fig. 9, the service platform 720 includes: a receiving module 721, an incoming module 722, and a generating module 723.

A receiving module 721, configured to receive a random number seed generated by a user terminal;

an input module 722, configured to input the random number seed into trusted hardware, so that the trusted hardware signs the random number seed by using a private key derived from the trusted hardware to obtain a digital signature corresponding to the random number seed;

A generating module 723, configured to generate a random number based on the digital signature.

Fig. 10 shows a schematic structural diagram of trusted hardware according to an embodiment of the present invention. As shown in fig. 10, the trusted hardware 730 includes: a receiving module 731, a signing module 732, and a generating module 733.

A receiving module 731, configured to receive a random number seed that is transmitted by the service platform; wherein, the random number seed is generated by a user terminal;

a signature module 732, configured to obtain a digital signature corresponding to the random number seed after signing the random number seed by using a private key derived from the trusted hardware;

a generating module 733, configured to generate a random number based on the digital signature.

FIG. 11 illustrates a schematic diagram of a computing device provided by an embodiment of the present invention. The specific embodiments of the present invention are not limited to a particular implementation of a computing device.

As shown in fig. 11, the computing device may include: a processor 1102, a communication interface (Communications Interface), a memory 1106, and a communication bus 1108.

Wherein: processor 1102, communication interface 1104, and memory 1106 communicate with each other via a communication bus 1108. A communication interface 1104 for communicating with network elements of other devices, such as clients or other servers. The processor 1102 is configured to execute the program 1110, and may specifically perform the relevant steps in the embodiments of the data processing method described above.

In particular, program 1110 may include program code including computer-operating instructions.

The processor 1102 may be a central processing unit CPU, or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included by the computing device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.

Memory 1106 for storing program 1110. The memory 1106 may include high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory. The program 1110 is specifically configured to cause the processor 1102 to perform the method of any of the method embodiments described above.

Embodiments of the present invention provide a non-volatile computer storage medium storing at least one executable instruction that may perform the data processing method of any of the above-described method embodiments.

The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It will be appreciated that the teachings of embodiments of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the embodiments of the present invention.

In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., an embodiment of the invention that is claimed, requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.

Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of embodiments of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.

The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components according to embodiments of the present invention may be implemented in practice using a microprocessor or Digital Signal Processor (DSP). Embodiments of the present invention may also be implemented as a device or apparatus program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the embodiments of the present invention may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. Embodiments of the invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.

Claims

1. A method of data processing, the method comprising:

The service platform transmits the random number seeds into trusted hardware;

2. The method of claim 1, wherein the generating a random number seed further comprises:

and acquiring user-defined data input by a user, and generating a random number seed according to the user-defined data.

3. The method of claim 2, wherein the generating a random number seed further comprises:

acquiring user-defined data input by a user and the number of times of acquiring a random number seed which is currently generated by a user side;

and generating a random number seed according to the custom data and the times.

4. The method of claim 3, wherein the generating a random number seed further comprises:

5. The method according to any of claims 1-4, wherein after said sending the random number seed to a service platform, the method further comprises: the service platform checks the generation mode of the random number seeds;

6. The method according to any of claims 1-5, wherein after said sending the random number seed to a service platform, the method further comprises: the service platform performs uniqueness verification on the random number seeds;

7. The method of any of claims 1-6, wherein the generating a random number based on the digital signature further comprises:

8. The method according to any one of claims 1-7, wherein after the user terminal generates the random number seed, the method further comprises: the user encrypts the random number seed by utilizing a public key corresponding to a private key derived from the trusted hardware to obtain an encrypted random number seed;

9. The method according to any one of claims 1-8, wherein after the generating of the random number, the method further comprises:

10. The method of claim 9, wherein the matched stored information includes a digital signature and a public key to which the private key corresponds;

11. The method of claim 9 or 10, wherein the matched stored information comprises a digital signature;

12. A data processing method, wherein the method is performed at a user side, the method comprising:

generating a random number seed;

13. A data processing method, wherein the method is performed on a service platform side, the method comprising:

receiving a random number seed generated by a user terminal;

a random number is generated based on the digital signature.

14. A data processing method, the method being performed on a trusted hardware side, the method comprising:

a random number is generated based on the digital signature.

15. A data processing system, the system comprising:

16. A client, the client comprising:

the generation module is used for generating random number seeds;

17. A service platform, the service platform comprising:

18. Trusted hardware, characterized in that it comprises:

19. A computing device, comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;

the memory is configured to store at least one executable instruction that causes the processor to perform operations corresponding to the data processing method according to any one of claims 1 to 14.

20. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the data processing method of any one of claims 1-14.