CN116436643A - Information transmission method, decryption data generation method, device, equipment and medium - Google Patents

Information transmission method, decryption data generation method, device, equipment and medium Download PDF

Info

Publication number
CN116436643A
CN116436643A CN202310266184.5A CN202310266184A CN116436643A CN 116436643 A CN116436643 A CN 116436643A CN 202310266184 A CN202310266184 A CN 202310266184A CN 116436643 A CN116436643 A CN 116436643A
Authority
CN
China
Prior art keywords
information
encryption
node
data
node information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310266184.5A
Other languages
Chinese (zh)
Inventor
王海龙
王�义
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jingdong Technology Holding Co Ltd
Original Assignee
Jingdong Technology Holding Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jingdong Technology Holding Co Ltd filed Critical Jingdong Technology Holding Co Ltd
Priority to CN202310266184.5A priority Critical patent/CN116436643A/en
Publication of CN116436643A publication Critical patent/CN116436643A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the disclosure discloses an information sending method, a decryption data generating method, a device, equipment and a medium. One embodiment of the method comprises the following steps: in response to determining that the node corresponding to the client node information receives the data encryption request, encrypting the data to be encrypted to obtain ciphertext-related data information; determining at least one trusted party node information and public key information corresponding to a target trusted party node; generating a proxy re-encryption key fragment set; performing a subscription to the message confirmation event; and in response to determining that the message confirmation event is successfully executed, distributing the proxy re-encryption key fragment set to at least one delegate client corresponding to the at least one delegate node information, and sending ciphertext-related data information to a target delegate client corresponding to the target delegate node. This embodiment is related to blockchain, and may enable secure streaming of data.

Description

Information transmission method, decryption data generation method, device, equipment and medium
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to an information sending method, a decrypted data generating method, a device, equipment and a medium.
Background
Currently, for data stream on a blockchain, the following methods are generally adopted: the consignor encrypts the plaintext data using symmetric encryption to obtain encrypted data. The encrypted data and the corresponding key are distributed to the trusted party for decryption by the trusted party through the corresponding key to obtain the plaintext data.
However, the inventors have found that when data is streamed in the above manner, there are often the following technical problems:
in the key distribution process, the key distribution is unsafe and unreliable, so that the possibility of leakage of data in the circulation process exists.
The above information disclosed in this background section is only for enhancement of understanding of the background of the inventive concept and, therefore, may contain information that does not form the prior art that is already known to those of ordinary skill in the art in this country.
Disclosure of Invention
The disclosure is in part intended to introduce concepts in a simplified form that are further described below in the detailed description. The disclosure is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
Some embodiments of the present disclosure propose an information transmission method, a decrypted data generation method, an apparatus, a device, and a medium to solve the technical problems mentioned in the background section above.
In a first aspect, some embodiments of the present disclosure provide an information sending method applied to a client of a trusted party, including: in response to determining that a node corresponding to the client node information in the node information network receives a data encryption request, encrypting data to be encrypted through a proxy re-encryption layer corresponding to the client node information to obtain ciphertext-related data information, wherein each node corresponding to the node information in the node information network comprises: proxy re-encryption layer; determining at least one trusted party node information in the node information network for at least one trusted party client and public key information corresponding to a target trusted party node in the at least one trusted party node information; generating a proxy re-encryption key fragment set for the at least one delegatee node information according to the public key information; executing a subscription to a message confirmation event of the principal node information and the at least one delegatee node information; and in response to determining that the message confirmation event is successfully executed, distributing the proxy re-encryption key fragment set to at least one delegate client corresponding to the at least one delegate node information, and transmitting the ciphertext-related data information to a target delegate client corresponding to the target delegate node.
Optionally, each node information corresponding node in the node information network further includes: an interface layer; and before the node corresponding to the entrusted node information in the node information network receives the data encryption request, and encrypts the data to be encrypted through the proxy re-encryption layer corresponding to the entrusted node information to obtain ciphertext-related data information, the method further comprises: calling the interface layer of the node corresponding to the client node information to generate a public node parameter; synchronizing the public node parameter with at least one trusted party node corresponding to the at least one trusted party node information.
Optionally, the ciphertext-related data information includes: ciphertext data, key encryption data, ciphertext data position information, key encryption data position information, ciphertext data identification; and encrypting the data to be encrypted through the proxy re-encryption layer corresponding to the client node information to obtain ciphertext-related data information, wherein the method comprises the following steps: generating the ciphertext data, the key encryption data and the ciphertext data identifier by calling a proxy re-encryption layer; and storing the ciphertext data and the key encryption data in the client node information corresponding node, and determining a storage position of the ciphertext data and a storage position of the key encryption data as ciphertext data position information and key encryption data position information, respectively.
Optionally, the method further comprises: calling a decryption data interface of an interface layer corresponding to the client node information according to the ciphertext data identifier so as to retrieve the ciphertext data position information; and calling a proxy re-encryption layer interface corresponding to the client node information according to the ciphertext data position information, and decrypting the ciphertext data to obtain decrypted data.
Optionally, the ciphertext-related data information includes: a re-encryption result integration threshold corresponding to the node information of the target trusted party; and generating a proxy re-encryption key fragment set for the at least one delegatee node information based on the public key information, comprising: and generating the proxy re-encryption key fragment set according to the public key information, the number of the trusted party node information included in the at least one trusted party node information and the re-encryption result integration threshold.
Optionally, the method further comprises: and storing the key fragment set and the ciphertext data identifier.
Optionally, each node information corresponding node in the node information network further includes: the system comprises a cryptographic algorithm management layer, a proxy re-encryption realization layer and an algorithm layer.
In a second aspect, some embodiments of the present disclosure provide an information transmitting apparatus applied to a client of a consignor, including: the encryption unit is configured to encrypt data to be encrypted through a proxy re-encryption layer corresponding to the client node information in response to determining that the client node information corresponding node in the node information network receives a data encryption request, so as to obtain ciphertext-related data information, wherein each node information corresponding node in the node information network comprises: proxy re-encryption layer; a determining unit configured to determine, for at least one delegate client, at least one delegate node information in the node information network and public key information corresponding to a target delegate node in the at least one delegate node information; a first generation unit configured to generate a proxy re-encryption key fragment set for the at least one delegatee node information based on the public key information; an execution unit configured to execute a subscription to a message confirmation event of the principal node information and the at least one delegatee node information; and a transmitting unit configured to distribute the proxy re-encryption key segment set to at least one delegate client corresponding to the at least one delegate node information and to transmit the ciphertext-related data information to a target delegate client corresponding to the target delegate node in response to determining that the message confirmation event is successfully executed.
Optionally, each node information corresponding node in the node information network further includes: an interface layer; the apparatus further comprises: calling the interface layer of the node corresponding to the client node information to generate a public node parameter; synchronizing the public node parameter with at least one trusted party node corresponding to the at least one trusted party node information.
Optionally, the ciphertext-related data information includes: ciphertext data, key encryption data, ciphertext data position information, key encryption data position information, ciphertext data identification; and the encryption unit may be further configured to: generating the ciphertext data, the key encryption data and the ciphertext data identifier by calling a proxy re-encryption layer; and storing the ciphertext data and the key encryption data in the client node information corresponding node, and determining a storage position of the ciphertext data and a storage position of the key encryption data as ciphertext data position information and key encryption data position information, respectively.
Optionally, the apparatus further includes: calling a decryption data interface of an interface layer corresponding to the client node information according to the ciphertext data identifier so as to retrieve the ciphertext data position information; and calling a proxy re-encryption layer interface corresponding to the client node information according to the ciphertext data position information, and decrypting the ciphertext data to obtain decrypted data.
Optionally, the ciphertext-related data information includes: the re-encryption result integration threshold corresponding to the node information of the target trusted party; and the first generation unit may be configured to generate the proxy re-encryption key segment set based on the public key information, the number of delegate node information included in the at least one delegate node information, and the re-encryption result integration threshold.
Optionally, the apparatus further includes: and storing the key fragment set and the ciphertext data identifier.
Optionally, each node information corresponding node in the node information network further includes: the system comprises a cryptographic algorithm management layer, a proxy re-encryption realization layer and an algorithm layer.
In a third aspect, some embodiments of the present disclosure provide a decrypted data generating method applied to a target trusted party client, including: receiving proxy re-encryption key fragments and ciphertext-related data information sent by a client of a client as target proxy re-encryption key fragments and target ciphertext-related data information, wherein the target ciphertext-related data information comprises: a re-encryption result integration threshold; generating a re-encryption result to obtain event information; distributing the event information obtained by the re-encryption result in a node information network; receiving a re-encryption result sent by at least one other node information corresponding node in the node information network and aiming at a corresponding proxy re-encryption key fragment in response to successful release, so as to obtain a re-encryption result set; and generating decryption data according to the target agent re-encryption key fragment, the target ciphertext-related data information and the re-encryption result set in response to the received number of re-encryption results corresponding to the re-encryption result set reaching the re-encryption result integration threshold.
Optionally, the re-encryption result is generated by: and for each piece of the at least one piece of the rest node information, acquiring event information in response to receiving the re-encryption result, and re-encrypting the corresponding proxy re-encryption key segment by utilizing a proxy re-encryption layer corresponding to the rest node information according to the key segment encryption requirement information included in the re-encryption result acquisition event information to obtain a re-encryption result.
Optionally, the target ciphertext-related data information includes: ciphertext data; and generating decryption data according to the target agent re-encryption key fragment, the target ciphertext-related data information, and the re-encryption result set, including: generating re-encryption key information according to the target agent re-encryption key fragment and the re-encryption result set; and decrypting the ciphertext data according to the recombined key information to obtain the decrypted data.
In a fourth aspect, some embodiments of the present disclosure provide a decrypted data generating device applied to a target trusted party client, including: the first receiving unit is configured to receive the first signal, configured to receive proxy re-encryption key fragments and ciphertext-related data information sent by a client of the delegate, the target agent re-encrypts the key fragment and the target ciphertext-related data information, wherein the target ciphertext-related data information comprises: a re-encryption result integration threshold; a second generation unit configured to generate re-encryption result acquisition event information; a publishing unit configured to publish the re-encryption result acquisition event information on a node information network; the second receiving unit is configured to receive the re-encryption result sent by the corresponding node of at least one other node information in the node information network and aiming at the corresponding proxy re-encryption key fragment in response to successful release, so as to obtain a re-encryption result set; and a third generation unit configured to generate decryption data according to the target proxy re-encryption key segment, the target ciphertext-related data information, and the re-encryption result set in response to the number of re-encryption results corresponding to the received re-encryption result set reaching the re-encryption result integration threshold.
Optionally, the re-encryption result is generated by: and for each piece of the at least one piece of the rest node information, acquiring event information in response to receiving the re-encryption result, and re-encrypting the corresponding proxy re-encryption key segment by utilizing a proxy re-encryption layer corresponding to the rest node information according to the key segment encryption requirement information included in the re-encryption result acquisition event information to obtain a re-encryption result.
Optionally, the target ciphertext-related data information includes: ciphertext data; and the third generating unit may be configured to: generating re-encryption key information according to the target agent re-encryption key fragment and the re-encryption result set; and decrypting the ciphertext data according to the recombined key information to obtain the decrypted data.
In a fifth aspect, some embodiments of the present disclosure provide an electronic device comprising: one or more processors; a storage device having one or more programs stored thereon, which when executed by one or more processors, cause the one or more processors to implement the method as described in any of the implementations of the first and third aspects.
In a sixth aspect, some embodiments of the present disclosure provide a computer readable medium having a computer program stored thereon, wherein the program when executed by a processor implements a method as described in any of the implementations of the first and third aspects.
In a seventh aspect, some embodiments of the present disclosure provide a computer program product comprising a computer program which, when executed by a processor, implements the method described in any one of the implementations of the first and third aspects above.
The above embodiments of the present disclosure have the following advantageous effects: the information sending method of some embodiments of the present disclosure can realize secure circulation of data. Specifically, the reason for making data streaming insufficiently secure is that: in the key distribution process, the key distribution is unsafe and unreliable, so that the possibility of leakage of data in the circulation process exists. Based on this, in the information sending method of some embodiments of the present disclosure, first, in response to determining that a node corresponding to the principal node information in a node information network receives a data encryption request, data to be encrypted is encrypted by a proxy re-encryption layer corresponding to the principal node information, so as to obtain ciphertext-related data information, where each node corresponding to the node information in the node information network includes: proxy re-encryption layer. Here, through the proxy re-encryption layer corresponding to the client node information, the accurate encryption of the data to be encrypted is realized, and the obtained ciphertext-related data information is used for being subsequently sent to the target client to realize the decryption of the ciphertext data. Next, public key information corresponding to at least one trusted party node information in the node information network and a target trusted party node in the at least one trusted party node information is determined for at least one trusted party client. Here, the determined at least one delegate node information includes a target delegate node (i.e., a delegate node to which the target delegate client corresponds). Here, the target trusted party node is a node to which the real trusted party corresponds. At least one remaining delegate of the at least one delegate from which the real delegate is removed may be at least one proxy delegate. Therefore, the problem of unsafe key circulation caused by direct key circulation between the trusted party and the real trusted party is avoided through participation of the proxy trusted party, and the safe circulation of encrypted data can be effectively ensured. In addition, the obtained public key information is used for data decryption of the subsequent target trusted party node. Then, a proxy re-encryption key fragment set for the at least one delegatee node information is generated based on the public key information. The proxy re-encryption key fragment set is generated through the public key information, so that data decryption is conveniently carried out on the node corresponding to the node information of the subsequent target trusted party. Further, a subscription to a message confirmation event of the principal node information and the at least one principal node information is performed to confirm a message between the principal node and the at least one principal node. Finally, in response to determining that the message confirmation event is successfully executed, the proxy re-encryption key segment set is distributed to at least one delegate client corresponding to the at least one delegate node information, and the ciphertext-related data information is sent to a target delegate client corresponding to the target delegate node for use by a subsequent target delegate client corresponding to the delegate node to generate decrypted data. In summary, the present disclosure not only realizes the accurate encryption of the data to be encrypted through the proxy re-encryption layer, but also realizes the participation of the proxy trusted node by generating the proxy re-encryption key fragment set, thereby avoiding the problem that the key is directly sent to the real trusted party and the key distribution is unsafe and unreliable, and further ensuring the data security circulation between the real trusted party and the trusted party.
Drawings
The above and other features, advantages, and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. The same or similar reference numbers will be used throughout the drawings to refer to the same or like elements. It should be understood that the figures are schematic and that elements and components are not necessarily drawn to scale.
Fig. 1 is a schematic diagram of one application scenario of an information transmission method according to some embodiments of the present disclosure;
FIG. 2 is a flow chart of some embodiments of an information transmission method according to the present disclosure;
FIG. 3 is a schematic diagram of a node information network in some embodiments of an information transmission method according to the present disclosure;
FIG. 4 is a flow chart of other embodiments of information transmission methods according to the present disclosure;
FIG. 5 is a flow chart of some embodiments of a decrypted data generation method according to the present disclosure;
fig. 6 is a schematic structural diagram of some embodiments of an information transmission apparatus according to the present disclosure;
FIG. 7 is a schematic diagram of the structure of some embodiments of a decrypted data generating device according to the present disclosure;
fig. 8 is a schematic structural diagram of an electronic device suitable for use in implementing some embodiments of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.
It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings. Embodiments of the present disclosure and features of embodiments may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in this disclosure are merely used to distinguish between different devices, modules, or units and are not used to define an order or interdependence of functions performed by the devices, modules, or units.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.
The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 is a schematic diagram of an application scenario of an information transmission method according to some embodiments of the present disclosure.
In the application scenario of fig. 1, first, in response to determining that a node corresponding to the principal node information 103 in the node information network 102 receives a data encryption request, the principal client 101 may encrypt data 105 to be encrypted through the proxy re-encryption layer 104 corresponding to the principal node information 103, so as to obtain ciphertext-related data information 106. Wherein each node information corresponding node in the node information network 102 includes: proxy re-encryption layer. The client 101 may then determine, for the at least one client, at least one trusted party node information 107 in the node information network 102 and public key information 108 corresponding to the target trusted party node 1072 in the at least one trusted party node information 107. In the present application scenario, the at least one delegate client includes: a delegate client 110, a delegate client 111, and a delegate client 112. The at least one delegatee node information 107 includes: trusted party node information 1071, trusted party node information 1072, and trusted party node information 1073. Next, the client 101 may generate a proxy re-encryption key fragment set 109 for the at least one trusted party node information 107 based on the public key information 108. In this application scenario, the proxy re-encryption key fragment set 109 includes: a proxy re-encryption key segment 1091 corresponding to the delegate node information 1071, a proxy re-encryption key segment 1092 corresponding to the delegate node information 1072, and a proxy re-encryption key segment 1093 corresponding to the delegate node information 1073. Further, the client 101 may perform subscription of a message confirmation event with respect to the client node information 103 and the at least one client node information 107. Finally, in response to determining that the message confirmation event was successfully performed, the delegator client 101 may distribute the proxy re-encryption key segment set 109 to at least one delegatee client corresponding to the at least one delegatee node information 107. And transmitting the ciphertext-related data information 106 to a target trusted party client 111 corresponding to the target trusted party node.
The client 101 may be hardware or software. When the client of the consignor is hardware, the client of the consignor can be realized as a distributed cluster composed of a plurality of servers or terminal devices, or may be implemented as a single server or as a single terminal device. When the client of the consigner is embodied as software, it may be installed in the above-listed hardware device. It may be implemented as a plurality of software or software modules, for example, for providing distributed services, or as a single software or software module. The present invention is not particularly limited herein.
It should be understood that the number of principal clients in fig. 1 is merely illustrative. There may be any number of principal clients, as desired for implementation.
With continued reference to fig. 2, a flow 200 of some embodiments of an information transmission method according to the present disclosure is shown. The information sending method is applied to the client side of the consignor and comprises the following steps:
step 201, in response to determining that a node corresponding to the principal node information in the node information network receives a data encryption request, encrypting data to be encrypted through a proxy re-encryption layer corresponding to the principal node information, so as to obtain ciphertext-related data information.
In some embodiments, in response to determining that the node corresponding to the principal node information in the node information network receives the data encryption request, the executing body of the information sending method (for example, the principal client 101 shown in fig. 1) may encrypt the data to be encrypted through the proxy re-encryption layer corresponding to the principal node information, so as to obtain the ciphertext-related data information. The node information network may be a network composed of individual node information. The node information may be identification information of the node. The nodes may be nodes on a blockchain. The node information corresponding node can communicate with the re-encryption server. The actual communication means between the two may include, but is not limited to, at least one of: unix domain sockets, RPC (Remote Produce Call) protocol, hyperText transfer protocol (Hyper Text Transfer Protocol, HTTP). The communication mode between the two is preferably Unix domain socket. Each node information in the node information network has corresponding organization information. Each organization information has at least one corresponding node information. In practice, the organization information may be an identification of the organization in the blockchain. The organization information among the organizations in the node information network is shared with each other. In practice, the sharing of the organization information can be realized through a broadcast interface built in the organization corresponding node. The principal node information may be node information of a principal node. The client node may be a node corresponding to a client of the blockchain. The principal node may be a node on a blockchain corresponding to the node information network. The data encryption request may be a request to encrypt data. The proxy re-encryption layer may provide proxy re-encryption functionality to implement proxy re-encryption operations. In addition, the proxy re-encryption layer masks the implementation of proxy re-encryption operations. The data to be encrypted may be data to be encrypted. That is, the data to be encrypted may be plaintext data to be streamed. The ciphertext-related data information may be related data information of the encrypted data. For example, the related data information may include: data size of the encrypted data.
It should be noted that, each node corresponding to the node information network has a pre-added proxy re-encryption module, so as to implement proxy re-encryption operation. Wherein, the proxy re-encryption module comprises: proxy re-encryption layer.
Referring to fig. 3, a node information network of 4 organizations is shown. The 4 tissues included: tissue 1, tissue 2, tissue 3 and tissue 4. The node corresponding to organization 1 is node 1. The node corresponding to organization 2 is node 2. The node corresponding to organization 3 is node 3. The node corresponding to organization 4 is node 4.
In some optional implementations of some embodiments, each node information corresponding node in the node information network further includes: an interface layer. The interface layer exists in the proxy re-encryption module. The interface layer is used for providing common parameter generation.
Optionally, before step 201, the steps further include:
and the first step is to call the interface layer of the node corresponding to the client node information so as to generate the public node parameters.
The common node parameters are node parameters to be configured for each node before data flow.
And a second step of synchronizing the public node parameters with at least one trusted party node corresponding to the at least one trusted party node information.
By way of example, the above described enforcement principals may utilize the blockchain components and blockchain event subscription capabilities built into the nodes to synchronize common node parameters in the node information network.
It should be noted that, after receiving the public node parameter, the trusted node sends the receiving information to the trusted node, so as to respond to the configuration event for the public node parameter.
In some optional implementations of some embodiments, the ciphertext-related data information includes: ciphertext data, key encryption data, ciphertext data position information, key encryption data position information and ciphertext data identification. The ciphertext data may be data after encrypting the data to be encrypted. The key encryption data may be data obtained by encrypting a key. The key may be a key that encrypts data to be encrypted. The ciphertext data location information may be storage location information of ciphertext data. The key encrypted data location information may be storage location information of the key encrypted data. The ciphertext data identifier may be a unique identifier of the ciphertext data. For example, the ciphertext data identification may be a universally unique identification code (Universally Unique Identifier, UUID).
Optionally, the encrypting the data to be encrypted through the proxy re-encrypting layer corresponding to the client node information to obtain ciphertext-related data information may include the following steps:
in the first step, the executing entity may call a proxy re-encryption layer to generate the ciphertext data, the key encryption data, and the ciphertext data identifier.
And a second step in which the execution body may store the ciphertext data and the key encryption data in the client node information corresponding node, and determine a storage location of the ciphertext data and a storage location of the key encryption data as ciphertext data location information and key encryption data location information, respectively.
In some optional implementations of some embodiments, each node information corresponding node in the node information network further includes: the system comprises a cryptographic algorithm management layer, a proxy re-encryption realization layer and an algorithm layer. The agent re-encryption realization layer and the algorithm layer exist in the agent re-encryption module. The cryptographic algorithm management layer can multiplex shared storage and databases constructed in the nodes and access the proxy re-encryption layer. The proxy re-encryption implementation layer may be a proxy re-encryption implementation layer, and there may be 6 small modules. The 6 small modules include: the device comprises a decryption module 1, a decryption module 2, a re-encryption module, an encryption module, a key generation module and a re-encryption key generation module. The decryption 1 module may be a decryption module used by the trusted party. The decryption 2 module may be a decryption module used by the trusted party. The re-encryption module determines the calling mode according to the configuration value of the proxy re-encryption part of the node. If the communication mode is configured into the memory mode, the function in the node process is used for re-encryption, otherwise, the inter-process communication mode is used for re-encryption. The algorithm layer may include an implementation algorithm that proxies the various modules in the re-encryption implementation layer.
Step 202, determining at least one trusted party node information in the node information network for at least one trusted party client and public key information corresponding to a target trusted party node in the at least one trusted party node information.
In some embodiments, the executing entity may determine, for at least one delegate client, at least one delegate node information in the node information network and public key information corresponding to a target delegate node in the at least one delegate node information. Wherein the number of the delegate node information included in the at least one delegate node information may be preset. The delegatee node information may be node information of the delegatee node. The public key information is used for decrypting the received encrypted public key by the target trusted party node. The encryption public key is obtained by encrypting and integrating the re-encryption result set sent by at least one trusted party node corresponding to at least one other trusted party node. The at least one remaining trusted party node is at least one of the at least one trusted party node from which the target trusted party node has been removed. The re-encryption result may be a result of the remaining trusted party nodes re-proxy re-encrypting the received proxy re-encryption key fragment. The target trusted party node corresponds to the trusted party as the trusted party actually needing the data to be encrypted. The remaining trusted party node information of the at least one trusted party node information may be proxy trusted party node information. Here, the proxy trusted party node information corresponding node is used to re-encrypt the received proxy re-encryption key fragment. In addition, the proxy trusted party node information corresponding node may send the re-encrypted re-encryption result to the target trusted party node.
And step 203, generating a proxy re-encryption key fragment set for the at least one trusted party node information according to the public key information.
In some embodiments, the executing entity may generate a proxy re-encryption key fragment set for the at least one delegatee node information based on the at least one public key information. The proxy re-encryption key fragments in the proxy re-encryption key fragment set have a one-to-one correspondence with the trusted party node information in the at least one trusted party node information. The proxy re-encryption key fragment may be a key fragment obtained by re-encrypting the public key information and slicing.
As an example, the executing entity may invoke a re-encryption key generation interface in an interface layer of the trusted node to generate a proxy re-encryption key fragment set for the at least one trusted node information based on the public key information.
In some optional implementations of some embodiments, the ciphertext-related data information includes: and integrating the threshold value of the re-encryption result corresponding to the node information of the target trusted party. The re-encryption result integration threshold may trigger a value that cryptographically integrates the re-encryption result set. For example, the re-encryption result integration threshold may be 5. That is, in response to determining that the number of re-encryption results included in the re-encryption result set is greater than or equal to the re-encryption result integration threshold, encryption result integration for the re-encryption result set is performed, resulting in the re-encryption key information.
Optionally, generating a proxy re-encryption key fragment set for the at least one delegatee node information according to the public key information includes:
the execution body may generate the proxy re-encryption key segment set based on the public key information, the number of trusted party node information included in the at least one trusted party node information, and the re-encryption result integration threshold.
As an example, the execution body may generate the proxy re-encryption key segment set using a key slicing technique according to the public key information, the number of the trusted party node information included in the at least one trusted party node information, and the re-encryption result integration threshold.
Step 204, performing subscription of message confirmation event for the client node information and the at least one client node information.
In some embodiments, the executing entity may execute a subscription to a message confirmation event of the principal node information and the at least one delegatee node information. Wherein the message confirmation event may be an event confirming that messages are mutually circulated between the trusted node and the at least one trusted node.
In step 205, in response to determining that the message confirmation event is successfully executed, the proxy re-encryption key segment set is distributed to at least one trusted party client corresponding to the at least one trusted party node information, and the ciphertext-related data information is sent to a target trusted party client corresponding to the target trusted party node.
In some embodiments, in response to determining that the message confirmation event is successfully executed, the executing entity may distribute the proxy re-encryption key segment set to at least one delegate client corresponding to the at least one delegate node information, and send the ciphertext-related data information to a target delegate client corresponding to the target delegate node. Wherein the number of delegate nodes comprised by the at least one delegate node is the same as the number of proxy re-encryption key fragments comprised by the set of proxy re-encryption key fragments. That is, each delegate node receives a proxy re-encryption key fragment.
The above embodiments of the present disclosure have the following advantageous effects: the information sending method of some embodiments of the present disclosure can realize secure circulation of data. Specifically, the reason for making data streaming insufficiently secure is that: in the key distribution process, the key distribution is unsafe and unreliable, so that the possibility of leakage of data in the circulation process exists. Based on this, in the information sending method of some embodiments of the present disclosure, first, in response to determining that a node corresponding to the principal node information in a node information network receives a data encryption request, data to be encrypted is encrypted by a proxy re-encryption layer corresponding to the principal node information, so as to obtain ciphertext-related data information, where each node corresponding to the node information in the node information network includes: proxy re-encryption layer. Here, through the proxy re-encryption layer corresponding to the client node information, the accurate encryption of the data to be encrypted is realized, and the obtained ciphertext-related data information is used for being subsequently sent to the target client to realize the decryption of the ciphertext data. Next, public key information corresponding to at least one trusted party node information in the node information network and a target trusted party node in the at least one trusted party node information is determined for at least one trusted party client. Here, the determined at least one delegate node information includes a target delegate node (i.e., a delegate node to which the target delegate client corresponds). Here, the target trusted party node is a node to which the real trusted party corresponds. At least one remaining delegate of the at least one delegate from which the real delegate is removed may be at least one proxy delegate. Therefore, the problem of unsafe key circulation caused by direct key circulation between the trusted party and the real trusted party is avoided through participation of the proxy trusted party, and the safe circulation of encrypted data can be effectively ensured. In addition, the obtained public key information is used for data decryption of the subsequent target trusted party node. Then, a proxy re-encryption key fragment set for the at least one delegatee node information is generated based on the public key information. The proxy re-encryption key fragment set is generated through the public key information, so that data decryption is conveniently carried out on the node corresponding to the node information of the subsequent target trusted party. Further, a subscription to a message confirmation event of the principal node information and the at least one principal node information is performed to confirm a message between the principal node and the at least one principal node. Finally, in response to determining that the message confirmation event is successfully executed, the proxy re-encryption key segment set is distributed to at least one delegate client corresponding to the at least one delegate node information, and the ciphertext-related data information is sent to a target delegate client corresponding to the target delegate node for use by a subsequent target delegate client corresponding to the delegate node to generate decrypted data. In summary, the present disclosure not only realizes the accurate encryption of the data to be encrypted through the proxy re-encryption layer, but also realizes the participation of the proxy trusted node by generating the proxy re-encryption key fragment set, thereby avoiding the problem that the key is directly sent to the real trusted party and the key distribution is unsafe and unreliable, and further ensuring the data security circulation between the real trusted party and the trusted party.
With further reference to fig. 4, a flow 400 of further embodiments of the information transmission method according to the present disclosure is shown. The information sending method is applied to the client side of the consignor and comprises the following steps:
step 401, in response to determining that a node corresponding to the principal node information in the node information network receives a data encryption request, encrypting data to be encrypted through a proxy re-encryption layer corresponding to the principal node information, so as to obtain ciphertext-related data information.
Step 402, determining at least one trusted party node information in the node information network for at least one trusted party client and public key information corresponding to a target trusted party node in the at least one trusted party node information.
Step 403, generating a proxy re-encryption key fragment set for the at least one trusted party node information according to the public key information.
Step 404, performing subscription of message confirmation event for the above-mentioned trusted party node information and the above-mentioned at least one trusted party node information.
In response to determining that the message confirmation event is successfully executed, the proxy re-encryption key segment set is distributed to at least one delegate client corresponding to the at least one delegate node information, and the ciphertext-related data information is sent to a target delegate client corresponding to the target delegate node.
In some embodiments, the specific implementation of steps 401-405 and the technical effects thereof may refer to steps 201-205 in the corresponding embodiment of fig. 2, which are not described herein.
Step 406, calling the decryption data interface of the interface layer corresponding to the client node information according to the ciphertext data identifier to retrieve the ciphertext data location information.
In some embodiments, the executing entity (such as the client 101 of fig. 1) may invoke the decryption data interface of the interface layer corresponding to the client node information according to the ciphertext data identifier to retrieve the ciphertext data location information. The ciphertext data identifier may be an identifier of ciphertext data. The ciphertext data may be data after encrypting the data to be encrypted. The decryption data interface may be an interface for decrypting ciphertext data. The interface layer described above may also be used for decryption of decrypted data. The ciphertext data location information may be a storage location of ciphertext data.
Step 407, calling the proxy re-encryption layer corresponding to the client node information according to the ciphertext data position information, and decrypting the ciphertext data to obtain decrypted data.
In some embodiments, the executing body may call a proxy re-encryption layer interface corresponding to the principal node information according to the ciphertext data location information, and decrypt the ciphertext data to obtain decrypted data. Here, the proxy re-encryption layer may also implement the decryption operation of ciphertext data.
As can be seen from fig. 4, compared with the description of some embodiments corresponding to fig. 2, the flow 400 of the information sending method in some embodiments corresponding to fig. 4 can accurately retrieve the storage location of the ciphertext data by calling the decryption data interface through the ciphertext data identifier. Based on the method, the encryption of the ciphertext data can be realized through the proxy re-encryption layer, so that the client of the client party can realize the encryption and decryption of the data by itself.
With continued reference to fig. 5, a flow 500 of some embodiments of a decrypted data generation method according to the present disclosure is shown. The decryption data generation method is applied to a target trusted party client and comprises the following steps:
step 501, receiving proxy re-encryption key fragments and ciphertext-related data information sent by a client of a trusted party, the key fragment and the target ciphertext-related data information are re-encrypted as the target agent.
In some embodiments, an executing principal (e.g., a target delegatee client) may receive the proxy re-encryption key fragment and ciphertext-related data information sent by the delegate client as a target proxy re-encryption key fragment and target ciphertext-related data information. Wherein, the target ciphertext-related data information comprises: the re-encryption result integrates the threshold. For example, the re-encryption result integration threshold may be "5". The target delegate client may be a client to which the real delegate corresponds. The real trusted party may be a streaming party of the data to be encrypted.
Step 502, generating a re-encryption result to obtain event information.
In some embodiments, the execution body may generate the re-encryption result acquisition event information. The re-encryption result obtaining event information may be information of an event that requests a re-encryption result from at least one piece of remaining node information.
And step 503, issuing the re-encryption result acquisition event information in a node information network.
In some embodiments, the executing entity may issue the re-encrypted event information on a node information network.
And step 504, receiving the re-encryption result sent by the corresponding node of at least one other node information in the node information network and aiming at the corresponding proxy re-encryption key fragment, and obtaining a re-encryption result set.
In some embodiments, in response to the successful release, the executing entity may receive the re-encryption result for the corresponding proxy re-encryption key segment sent by the corresponding node for at least one remaining node information in the node information network, to obtain a re-encryption result set. The at least one piece of rest node information may be at least one piece of information from which the target trusted party node information is removed from the at least one piece of trusted party node information. The at least one remaining node information may be at least one proxy delegate node information. The re-encryption result in the re-encryption result set has a one-to-one correspondence with the rest of the node information in the at least one rest of the node information.
In some alternative implementations of some embodiments, the re-encryption result is generated by:
for each of the at least one piece of remaining node information, in response to receiving the re-encryption result to obtain event information, the proxy client corresponding to the remaining node information may utilize the proxy re-encryption layer corresponding to the remaining node information to re-encrypt the corresponding proxy re-encryption key segment according to the key segment encryption requirement information included in the re-encryption result to obtain a re-encryption result. The key segment encryption request information may be request information for encrypting the key segment.
And step 505, generating decryption data according to the target agent re-encryption key fragment, the target ciphertext-related data information and the re-encryption result set in response to the received number of re-encryption results corresponding to the re-encryption result set reaching the re-encryption result integration threshold.
In some embodiments, in response to the number of re-encryption results corresponding to the received re-encryption result set reaching the re-encryption result integration threshold, the execution body may generate decryption data according to the target proxy re-encryption key segment, the target ciphertext-related data information, and the re-encryption result set.
As an example, the executing body may perform result stitching on the re-encrypted result set to obtain a re-encrypted stitching result. And then, decrypting the re-encryption splicing result to obtain a key fragment. Then, the key fragment is re-encrypted according to the key fragment and the target agent, and a reconstruction key is generated. And finally, decrypting the ciphertext data in the target ciphertext-related data information according to the reconstruction key to obtain decrypted data.
In some optional implementations of some embodiments, the target ciphertext-related data information includes: ciphertext data.
Optionally, the generating decryption data according to the target proxy re-encryption key segment, the target ciphertext-related data information, and the re-encryption result set may include the following steps:
and a first step of generating the recombined key information according to the target agent recombined key fragment and the recombined result set.
The re-encryption key information may be key information generated by the target agent re-encrypting the key fragment and the decryption result set corresponding to the re-encryption result set for the ciphertext data.
As an example, first, the execution body may decrypt each re-encryption result in the re-encryption result set to obtain each decryption result. Then, the executing body may re-encrypt the key segments according to the respective decryption results and the target agent, and generate re-encrypted key information through a key re-encryption technology.
As yet another example, first, the execution body may perform the re-encryption processing on the target agent re-encryption key segment to obtain the target re-encryption result. Then, the executing body may add the target re-encryption result to the re-encryption result set to obtain an added re-encryption result set. And finally, integrally decrypting the re-encryption result set in a multi-layer decryption mode to obtain re-encryption key information.
And secondly, decrypting the ciphertext data according to the recombined key information to obtain the decrypted data.
The above embodiments of the present disclosure have the following advantageous effects: accurate decryption of ciphertext data may be achieved by the decrypted data generation methods of some embodiments of the present disclosure.
With further reference to fig. 6, as an implementation of the method shown in the above figures, the present disclosure provides some embodiments of an information transmission apparatus, which correspond to those method embodiments shown in fig. 2, and which are particularly applicable to various electronic devices.
As shown in fig. 6, an information transmission apparatus 600 includes: an encryption unit 601, a determination unit 602, a first generation unit 603, an execution unit 604, and a transmission unit 605. The encryption unit 601 is configured to encrypt data to be encrypted through a proxy re-encryption layer corresponding to the client node information in response to determining that the client node information corresponding node in the node information network receives a data encryption request, so as to obtain ciphertext-related data information, where each node information corresponding node in the node information network includes: proxy re-encryption layer; a determining unit 602 configured to determine, for at least one delegate client, at least one delegate node information in the node information network and public key information corresponding to a target delegate node in the at least one delegate node information; a first generating unit 603 configured to generate a proxy re-encryption key fragment set for the at least one delegatee node information based on the public key information; an execution unit 604 configured to execute a subscription for a message confirmation event of the delegation node information and the at least one delegatee node information; the sending unit 605 is configured to send the proxy re-encryption key segment set to at least one delegate client corresponding to the at least one delegate node information, and send the ciphertext-related data information to a target delegate client corresponding to the target delegate node, in response to determining that the message confirmation event is successfully executed.
In some optional implementations of some embodiments, each node information corresponding node in the node information network further includes: an interface layer; the information transmission apparatus 600 further includes: a first call unit and a synchronization unit (not shown). Wherein the first calling unit may be configured to: and calling the interface layer of the node corresponding to the client node information to generate the public node parameters. The synchronization unit may be configured to: synchronizing the public node parameter with at least one trusted party node corresponding to the at least one trusted party node information.
In some optional implementations of some embodiments, the ciphertext-related data information includes: ciphertext data, key encryption data, ciphertext data position information, key encryption data position information, ciphertext data identification; and the encryption unit 601 may be further configured to: generating the ciphertext data, the key encryption data and the ciphertext data identifier by calling a proxy re-encryption layer; and storing the ciphertext data and the key encryption data in the client node information corresponding node, and determining a storage position of the ciphertext data and a storage position of the key encryption data as ciphertext data position information and key encryption data position information, respectively.
In some optional implementations of some embodiments, the information sending apparatus 600 further includes: a second call unit and a third call unit (not shown). Wherein the second calling unit may be configured to: and calling a decryption data interface of an interface layer corresponding to the client node information according to the ciphertext data identifier so as to retrieve the ciphertext data position information. The third calling unit may be configured to: and calling a proxy re-encryption layer corresponding to the client node information according to the ciphertext data position information, and decrypting the ciphertext data to obtain decrypted data.
In some optional implementations of some embodiments, the ciphertext-related data information includes: the re-encryption result integration threshold corresponding to the node information of the target trusted party; and the above-described first generation unit 603 may be further configured to: and generating the proxy re-encryption key fragment set according to the public key information, the number of the trusted party node information included in the at least one trusted party node information and the re-encryption result integration threshold.
In some optional implementations of some embodiments, each node information corresponding node in the node information network further includes: the system comprises a cryptographic algorithm management layer, a proxy re-encryption realization layer and an algorithm layer.
It will be appreciated that the elements described in the information transmitting apparatus 600 correspond to the respective steps in the method described with reference to fig. 2. Thus, the operations, features and advantages described above with respect to the method are equally applicable to the information sending apparatus 600 and the units contained therein, and are not described herein.
With further reference to fig. 7, as an implementation of the method shown in the above figures, the present disclosure provides some embodiments of a decrypted data generating device, which correspond to those method embodiments shown in fig. 5, and which are particularly applicable in various electronic devices.
As shown in fig. 7, a decrypted data generating device 700 includes: a first receiving unit 701, a second generating unit 702, a distributing unit 703, a second receiving unit 704, and a third generating unit 705. Wherein the first receiving unit 701 is configured to receive the proxy re-encryption key fragment and the ciphertext-related data information transmitted by the client of the delegator, the target agent re-encrypts the key fragment and the target ciphertext-related data information, wherein the target ciphertext-related data information comprises: a re-encryption result integration threshold; a second generating unit 702 configured to generate re-encryption result acquisition event information; a publishing unit 703 configured to publish the re-encryption result acquisition event information on the node information network; a second receiving unit 704, configured to receive, in response to a successful release, a re-encryption result for a corresponding proxy re-encryption key segment sent by at least one other node information corresponding node in the node information network, to obtain a re-encryption result set; the third generating unit 705 is configured to generate decryption data according to the target proxy re-encryption key segment, the target ciphertext-related data information, and the re-encryption result set in response to the number of re-encryption results corresponding to the received re-encryption result set reaching the re-encryption result integration threshold.
In some alternative implementations of some embodiments, the re-encryption result is generated by: and for each piece of the at least one piece of the rest node information, acquiring event information in response to receiving the re-encryption result, and re-encrypting the corresponding proxy re-encryption key segment by utilizing a proxy re-encryption layer corresponding to the rest node information according to the key segment encryption requirement information included in the re-encryption result acquisition event information to obtain a re-encryption result.
In some optional implementations of some embodiments, the target ciphertext-related data information includes: ciphertext data; and the third generation unit 705 may be configured to: generating re-encryption key information according to the target agent re-encryption key fragment and the re-encryption result set; and decrypting the ciphertext data according to the recombined key information to obtain the decrypted data.
It will be appreciated that the elements described in the decrypted data generating device 700 correspond to the various steps in the method described with reference to fig. 5. Thus, the operations, features and advantages described above with respect to the method are equally applicable to the decrypted data generating device 500 and the units contained therein, and are not described here again.
Referring now to fig. 8, a schematic diagram of an electronic device 800 suitable for use in implementing some embodiments of the present disclosure is shown. The electronic device shown in fig. 8 is merely an example, and should not impose any limitations on the functionality and scope of use of embodiments of the present disclosure.
As shown in fig. 8, the electronic device 800 may include a processing means (e.g., a central processor, a graphics processor, etc.) 801 that may perform various appropriate actions and processes according to programs stored in a read-only memory 802 or programs loaded from a storage means 808 into a random access memory 803. In the random access memory 803, various programs and data necessary for the operation of the electronic device 800 are also stored. The processing device 801, the read-only memory 802, and the random access memory 803 are connected to each other through a bus 804. An input/output interface 806 is also connected to the bus 804.
In general, the following devices may be connected to the I/O interface 806: input devices 806 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, and the like; an output device 807 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, etc.; storage 808 including, for example, magnetic tape, hard disk, etc.; communication means 809. The communication means 809 may allow the electronic device 800 to communicate wirelessly or by wire with other devices to exchange data. While fig. 8 shows an electronic device 800 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead. Each block shown in fig. 8 may represent one device or a plurality of devices as needed.
In particular, according to some embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, some embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via communication device 809, or from storage device 808, or from read only memory 802. The above-described functions defined in the methods of some embodiments of the present disclosure are performed when the computer program is executed by the processing device 801.
It should be noted that, in some embodiments of the present disclosure, the computer readable medium may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In some embodiments of the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In some embodiments of the present disclosure, however, the computer-readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
In some implementations, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: in response to determining that a node corresponding to the client node information in the node information network receives a data encryption request, encrypting data to be encrypted through a proxy re-encryption layer corresponding to the client node information to obtain ciphertext-related data information, wherein each node corresponding to the node information in the node information network comprises: proxy re-encryption layer; determining at least one trusted party node information in the node information network for at least one trusted party client and public key information corresponding to a target trusted party node in the at least one trusted party node information; generating a proxy re-encryption key fragment set for the at least one delegatee node information according to the public key information; executing a subscription to a message confirmation event of the principal node information and the at least one delegatee node information; and in response to determining that the message confirmation event is successfully executed, distributing the proxy re-encryption key fragment set to at least one delegate client corresponding to the at least one delegate node information, and transmitting the ciphertext-related data information to a target delegate client corresponding to the target delegate node.
Computer program code for carrying out operations for some embodiments of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in some embodiments of the present disclosure may be implemented by means of software, or may be implemented by means of hardware. The described units may also be provided in a processor, for example, described as: a processor includes an encryption unit, a determination unit, a first generation unit, an execution unit, and a transmission unit. The names of these units do not constitute a limitation on the unit itself in some cases, and for example, the first generation unit may also be described as "a unit that generates a proxy re-encryption key segment set for the at least one trusted party node information based on the at least one public key information".
The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a Complex Programmable Logic Device (CPLD), and the like.
Some embodiments of the present disclosure also provide a computer program product comprising a computer program which, when executed by a processor, implements any of the above-described information transmission method and decryption data generation method.
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above technical features, but encompasses other technical features formed by any combination of the above technical features or their equivalents without departing from the spirit of the invention. Such as the above-described features, are mutually substituted with (but not limited to) the features having similar functions disclosed in the embodiments of the present disclosure.

Claims (14)

1. An information sending method applied to a client of a consignor includes:
in response to determining that a node corresponding to the client node information in the node information network receives a data encryption request, encrypting data to be encrypted through a proxy re-encryption layer corresponding to the client node information to obtain ciphertext-related data information, wherein each node corresponding to the node information in the node information network comprises: proxy re-encryption layer;
determining at least one delegatee node information in the node information network for at least one delegatee client and public key information corresponding to a target delegatee node in the at least one delegatee node information;
Generating a proxy re-encryption key fragment set for the at least one delegatee node information according to the public key information;
performing a subscription to a message confirmation event of the delegate node information and the at least one delegate node information;
and in response to determining that the message confirmation event is successfully executed, distributing the proxy re-encryption key fragment set to at least one delegate client corresponding to the at least one delegate node information, and sending the ciphertext-related data information to a target delegate client corresponding to the target delegate node.
2. The method of claim 1, wherein each node information corresponding node in the node information network further comprises: an interface layer; and
before the node corresponding to the entrusted node information in the node information network is determined to receive the data encryption request, and the data to be encrypted is encrypted through the proxy re-encryption layer corresponding to the entrusted node information, so as to obtain ciphertext-related data information, the method further comprises:
calling an interface layer of a node corresponding to the client node information to generate a public node parameter;
And synchronizing the public node parameters to at least one trusted party node corresponding to the at least one trusted party node information.
3. The method of claim 1, wherein the ciphertext-related data information comprises: ciphertext data, key encryption data, ciphertext data position information, key encryption data position information, ciphertext data identification; and
the encrypting the data to be encrypted through the proxy re-encrypting layer corresponding to the client node information to obtain ciphertext-related data information comprises the following steps:
generating the ciphertext data, the key encryption data and the ciphertext data identifier by calling a proxy re-encryption layer;
and storing the ciphertext data and the key encryption data in the node corresponding to the client node information, and determining the storage position of the ciphertext data and the storage position of the key encryption data as ciphertext data position information and key encryption data position information respectively.
4. A method according to claim 3, wherein the method further comprises:
according to the ciphertext data identifier, invoking a decryption data interface of an interface layer corresponding to the client node information to retrieve the ciphertext data position information;
And calling a proxy re-encryption layer corresponding to the client node information according to the ciphertext data position information, and decrypting the ciphertext data to obtain decrypted data.
5. The method of claim 1, wherein the ciphertext-related data information comprises: the re-encryption result integration threshold corresponding to the node information of the target trusted party; and
the generating a proxy re-encryption key fragment set for the at least one delegatee node information according to the public key information includes:
and generating the proxy re-encryption key fragment set according to the public key information, the number of the trusted party node information included in the at least one trusted party node information and the re-encryption result integration threshold.
6. The method of claim 1, wherein each node information corresponding node in the node information network further comprises: the system comprises a cryptographic algorithm management layer, a proxy re-encryption realization layer and an algorithm layer.
7. A decryption data generation method is applied to a target trusted party client, and comprises the following steps:
receiving the proxy re-encryption key fragment and the ciphertext-related data information sent by the client of the client as target proxy re-encryption key fragment and target ciphertext-related data information, wherein the target ciphertext-related data information comprises: a re-encryption result integration threshold;
Generating a re-encryption result to obtain event information;
distributing the re-encryption result acquisition event information in a node information network;
receiving a re-encryption result sent by at least one other node information corresponding node in the node information network and aiming at a corresponding proxy re-encryption key fragment in response to successful release, so as to obtain a re-encryption result set;
and generating decryption data according to the target agent re-encryption key fragment, the target ciphertext-related data information and the re-encryption result set in response to the received re-encryption result number corresponding to the re-encryption result set reaching the re-encryption result integration threshold.
8. The method of claim 7, wherein the re-encryption result is generated by:
and for each piece of the at least one piece of the rest node information, acquiring event information in response to receiving the re-encryption result, and re-encrypting the corresponding proxy re-encryption key fragment by utilizing a proxy re-encryption layer corresponding to the rest node information according to the key fragment encryption requirement information included in the re-encryption result acquisition event information to obtain a re-encryption result.
9. The method of claim 7, wherein the target ciphertext-related data information comprises: ciphertext data; and
The generating decryption data according to the target agent re-encryption key segment, the target ciphertext-related data information and the re-encryption result set includes:
generating re-encryption key information according to the target agent re-encryption key fragment and the re-encryption result set;
and decrypting the ciphertext data according to the recombined key information to obtain the decrypted data.
10. An information transmitting apparatus applied to a client of a consignor, comprising:
the encryption unit is configured to encrypt data to be encrypted through a proxy re-encryption layer corresponding to the client node information in response to determining that the client node information corresponding node in the node information network receives a data encryption request, so as to obtain ciphertext-related data information, wherein each node information corresponding node in the node information network comprises: proxy re-encryption layer;
a determining unit configured to determine, for at least one delegate client, at least one delegate node information in the node information network and public key information corresponding to a target delegate node in the at least one delegate node information;
a first generation unit configured to generate a proxy re-encryption key fragment set for the at least one delegatee node information from the public key information;
An execution unit configured to execute a subscription for a message confirmation event of the principal node information and the at least one delegatee node information;
and a transmitting unit configured to distribute the proxy re-encryption key segment set to at least one delegate client corresponding to the at least one delegate node information and to transmit the ciphertext-related data information to a target delegate client corresponding to the target delegate node in response to determining that the message confirmation event is successfully executed.
11. A decrypted data generating device, for use with a target trusted party client, comprising:
the first receiving unit is configured to receive the first signal, configured to receive proxy re-encryption key fragments and ciphertext-related data information sent by a client of the delegate, re-encrypting the key fragment and target ciphertext-related data information as a target agent, wherein the target ciphertext-related data information comprises: a re-encryption result integration threshold;
a second generation unit configured to generate re-encryption result acquisition event information;
the release unit is configured to release the re-encryption result acquisition event information in a node information network;
The second receiving unit is configured to receive a re-encryption result sent by at least one other node information corresponding node in the node information network and aiming at a corresponding proxy re-encryption key fragment in response to successful release, so as to obtain a re-encryption result set;
and a third generating unit configured to generate decryption data according to the target proxy re-encryption key fragment, the target ciphertext-related data information and the re-encryption result set in response to the number of re-encryption results corresponding to the received re-encryption result set reaching the re-encryption result integration threshold.
12. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon,
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-9.
13. A computer readable medium having stored thereon a computer program, wherein the program when executed by a processor implements the method of any of claims 1-9.
14. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any of claims 1-9.
CN202310266184.5A 2023-03-13 2023-03-13 Information transmission method, decryption data generation method, device, equipment and medium Pending CN116436643A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310266184.5A CN116436643A (en) 2023-03-13 2023-03-13 Information transmission method, decryption data generation method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310266184.5A CN116436643A (en) 2023-03-13 2023-03-13 Information transmission method, decryption data generation method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN116436643A true CN116436643A (en) 2023-07-14

Family

ID=87083806

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310266184.5A Pending CN116436643A (en) 2023-03-13 2023-03-13 Information transmission method, decryption data generation method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN116436643A (en)

Similar Documents

Publication Publication Date Title
JP3657396B2 (en) Key management system, key management apparatus, information encryption apparatus, information decryption apparatus, and storage medium storing program
CN102546607B (en) Providing security services on the cloud
US20170006001A1 (en) Encryption in the cloud using enterprise managed keys
CN109886692B (en) Data transmission method, device, medium and electronic equipment based on block chain
CN110851210A (en) Interface program calling method, device, equipment and storage medium
CN113300999B (en) Information processing method, electronic device, and readable storage medium
CN117061105A (en) Data processing method and device, readable medium and electronic equipment
CN112511295A (en) Authentication method and device for interface calling, micro-service application and key management center
CN111786955B (en) Method and apparatus for protecting a model
CN111010283B (en) Method and apparatus for generating information
CN112329044A (en) Information acquisition method and device, electronic equipment and computer readable medium
JP2006279269A (en) Information management device, information management system, network system, user terminal, and their programs
CN113810779B (en) Code stream signature verification method, device, electronic equipment and computer readable medium
CN115296807A (en) Key generation method, device and equipment for preventing industrial control network viruses
CN114422123A (en) Communication method, communication device, electronic equipment and computer readable medium
CN116436643A (en) Information transmission method, decryption data generation method, device, equipment and medium
CN113918971A (en) Block chain based message transmission method, device, equipment and readable storage medium
US11856091B2 (en) Data distribution system, data processing device, and program
EP3511852B1 (en) Method for providing an enhanced level of authentication related to a secure software client application that is provided, by an application distribution entity, in order to be transmitted to a client computing device; system, software client application instance or client computing device, third party server entity, and program and computer program product
CN116627664B (en) Service verification method, device, electronic equipment and computer readable medium
CN115378743B (en) Information encryption transmission method, device, equipment and medium
US12047370B2 (en) Data encryption using public key cryptography and certificate verification
CN113301058B (en) Information encryption transmission method and device, electronic equipment and computer readable medium
CN113206837B (en) Information transmission method and device, electronic equipment and computer readable medium
CN115296934B (en) Information transmission method and device based on industrial control network intrusion and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination