CN116743407A

CN116743407A - Data processing method and device

Info

Publication number: CN116743407A
Application number: CN202210207632.XA
Authority: CN
Inventors: 张鲁男
Original assignee: China Mobile Communications Group Co Ltd; China Mobile Group Shandong Co Ltd
Current assignee: China Mobile Communications Group Co Ltd; China Mobile Group Shandong Co Ltd
Priority date: 2022-03-04
Filing date: 2022-03-04
Publication date: 2023-09-12

Abstract

The embodiment of the application provides a data processing method and device, wherein the method comprises the steps that a block chain receives a first request message sent by first electronic equipment; the first request message carries identification information of the first electronic equipment, information of data to be sent by the first electronic equipment and identification information of the second electronic equipment; determining an encryption mode of the first electronic equipment according to the first request message; and sending the encryption mode of the first electronic equipment to a Certificate Authority (CA) so that the CA determines an encryption key and a decryption key corresponding to the encryption mode according to the encryption mode of the first electronic equipment, and sends the encryption key to the first electronic equipment. Thus, the dynamic change of the encryption mode can be realized, and the safety of data transmission is improved.

Description

Data processing method and device

Technical Field

The present application relates to the field of data processing technologies, and in particular, to a data processing method and apparatus.

Background

In modern life with developed information, various industries gradually realize data informatization, and along with development of computer technology, more and more data processing services can be analyzed and processed by a computer.

In the prior art, in order to ensure the security of data in the transmission process, the transmitted data is encrypted and transmitted. The data transmitting party and the data receiving party can agree on an encryption and decryption mode in advance, and after the data transmitting party encrypts the data according to the agreed encryption mode, the data transmitting party transmits the encrypted data to the data receiving party, and the data receiving party decrypts according to the agreed decryption mode so as to acquire the data. However, if the agreed encryption and decryption mode is known by the third party, the third party will decrypt the encrypted data, resulting in data leakage. Therefore, how to ensure the security of data is a problem to be solved.

Disclosure of Invention

In view of the above, the present application provides a data processing method and apparatus, which are favorable for solving the problem of data leakage caused by the fact that the encryption mode is stolen.

In a first aspect, an embodiment of the present application provides a data processing method applied to a blockchain, the method including:

the block chain receives a first request message sent by first electronic equipment; the first request message carries identification information of the first electronic equipment, information of data to be sent by the first electronic equipment and identification information of the second electronic equipment;

Determining an encryption mode of the first electronic equipment according to the first request message;

and sending the encryption mode of the first electronic equipment to a Certificate Authority (CA) so that the CA determines an encryption key and a decryption key corresponding to the encryption mode according to the encryption mode of the first electronic equipment, and sends the encryption key to the first electronic equipment.

Preferably, the blockchain includes a main chain and at least one processing slave chain; wherein the main chain comprises a management node and at least one main chain node; the at least one processing slave chain is respectively connected with the at least one main chain node, and one processing slave chain is connected with only one main chain node; each processing slave chain in the at least one processing slave chain comprises at least one slave chain link point;

the block chain receiving a first request message sent by a first electronic device includes:

the management node of the blockchain receives a first request message sent by first electronic equipment;

the determining the encryption mode of the first electronic device according to the first request message comprises the following steps:

the management node determines a target main chain node in at least one main chain node;

the management node sends the information of the data to be sent by the first electronic device to a target processing slave chain through the target main chain node, so that at least one slave chain link point of the target processing slave chain determines the encryption mode of the first electronic device according to the information of the data to be sent by the first electronic device; the target processing slave chain is a processing slave chain connected with the target main chain node;

The management node receives an encryption mode of at least one first electronic device through the target main chain node;

the encryption manner of sending the first electronic device to the certificate authority CA includes:

and if the received encryption modes of at least one first electronic device are the same, sending the encryption modes of the first electronic device to the CA.

Preferably, the blockchain includes a main chain and at least two processing slave chains; wherein the main chain comprises a management node and at least two main chain nodes; the at least two processing slave chains are respectively connected with the at least one main chain node;

the determining, by the management node, the target backbone node from the at least one backbone node includes:

the management node broadcasts a second request message to at least two main chain nodes and records the broadcasting time; the second request message carries identification information of second information to be acquired by the management node;

for each main chain node in at least two main chain nodes, receiving second information sent by the main chain node and arrival time corresponding to the second information; the second information comprises the total number of slave chain link points in the processing slave chain connected with the main chain node and the calculation force of each slave chain node;

Determining the support degree of the main chain node according to the recorded broadcasting time, the received second information sent by the main chain node and the arrival time corresponding to the second information;

among the at least two backbone nodes, the backbone node with the largest support is determined as the target backbone node.

Preferably, the determining the support degree of the main node according to the recorded broadcast time, the received second information sent by the main node and the arrival time corresponding to the second information includes:

determining the calculation force of at least one slave link point of a processing slave chain connected with the main chain node according to the received second information sent by the main chain node, and determining the maximum value of the calculation force of at least one slave link point as the calculation force of the main chain node;

and determining the support degree of the main chain node according to the recorded broadcasting time, the arrival time corresponding to the second information sent by the main chain node and the calculation power of the main chain node.

Preferably, the managing node broadcasts the second request message to at least two backbone nodes, and recording the broadcast time includes:

the management node broadcasts the identification information of the first electronic equipment to at least two main chain nodes;

receiving first information sent by the at least two main chain nodes, and determining whether identification information of a first electronic device is recorded in an account book of each main chain node of the at least two main chain nodes according to the received first information;

If it is determined that the account book of each of the at least two main chain nodes records the identification information of the first electronic device, generating a first random decimal, and broadcasting the first random decimal to the at least two main chain nodes, so that each main chain node can determine whether to send the security level recorded by the main chain node and the first electronic device to a management node according to the received first random decimal;

receiving the security level of the first electronic equipment sent by at least two main chain nodes, and determining the first main chain node according to the received security level;

broadcasting a second request message to at least two main chain nodes, and recording broadcasting time; the second request message carries identification information of the first main chain node and identification information of second information to be acquired by the management node.

Preferably, the determining the first main chain node according to the received security level includes:

determining whether the number of main chain nodes sending the security level exceeds half of the number of all main chain nodes according to the received security level;

if the number of the main chain nodes for transmitting the security level is determined to be more than half of the number of all the main chain nodes, determining whether the received security levels are the same;

And if the received security levels are the same, determining the main chain node sending the security level as the first main chain node.

Preferably, the method further comprises:

if the fact that the identification information of the first electronic equipment is not recorded in the account book with at least one main chain node is determined, a response message for refusing to acquire the encryption mode is returned to the first electronic equipment;

receiving identification information of first electronic equipment sent by the first electronic equipment;

broadcasting identification information of the first electronic device to at least two main chain nodes;

receiving third information sent by at least two main chain nodes, and determining whether each main chain node in the at least two main chain nodes records the identification information of the first electronic equipment according to the received third information;

if the fact that the identification information of the first electronic equipment is not recorded in the account book with at least one main chain node is determined, sending a security level acquisition request message to the first electronic equipment;

receiving a security level sent by first electronic equipment;

and broadcasting the security level of the first electronic device to at least two main chain nodes, so that each main chain node records the identification information of the first electronic device and the security level of the first electronic device into a respective account book.

Preferably, after said sending of the encrypted form of the first electronic device to the certificate authority CA, the method further comprises:

receiving a third request message sent by the second electronic equipment; the third request message carries identification information of the first electronic equipment and identification information of the second electronic equipment;

and sending the encryption mode of the first electronic equipment to the second electronic equipment according to the third request message, so that the second electronic equipment can acquire a decryption key from the CA according to the encryption mode of the first electronic equipment, and further decrypt the received encrypted data to acquire the data.

In a second aspect, an embodiment of the present application provides a data processing method, including:

the first electronic device sends a first request message to the blockchain;

receiving an encryption key sent by a CA, and encrypting data according to an encryption mode of the first electronic equipment and the encryption key;

and sending the encrypted data to the second electronic equipment.

In a third aspect, an embodiment of the present application provides an electronic device, including:

a processor and a memory storing a computer program which, when executed, causes the electronic device to perform the method of any one of the first or second aspects above.

By adopting the scheme provided by the embodiment of the application, when the first electronic device sends data to the second electronic device, the blockchain firstly receives the first request message sent by the first electronic device, wherein the first request message carries the identification information of the first electronic device, the information of the data to be sent by the first electronic device and the identification information of the second electronic device. And then determining the encryption mode of the first electronic equipment according to the first request message, and sending the encryption mode of the first electronic equipment to the certificate authority CA, so that the CA determines an encryption key and a decryption key corresponding to the encryption mode according to the encryption mode of the first electronic equipment, and sends the encryption key to the first electronic equipment. In this way, when the first electronic device sends data to the second electronic device, the blockchain can determine the encryption mode for the data to be sent by the first electronic device according to the information of the data to be sent by the first electronic device, and if the data to be sent by the first electronic device is different, the encryption modes determined by the blockchain may be the same or different. After determining the encryption mode of the first electronic device, sending the encryption mode of the first electronic device to a Certificate Authority (CA), and sending an encryption key corresponding to the encryption mode to the first electronic device by the CA. That is, according to the method provided by the embodiment of the application, the encryption mode used by the first electronic device for transmitting the data is dynamically changed, so that the security of data transmission can be improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic flow chart of a data processing method according to an embodiment of the present application;

FIG. 2 is a block chain architecture diagram according to an embodiment of the present application;

FIG. 3 is a flowchart illustrating another data processing method according to an embodiment of the present application;

FIG. 4 is a flowchart illustrating another data processing method according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

For a better understanding of the technical solution of the present application, the following detailed description of the embodiments of the present application refers to the accompanying drawings.

It should be understood that the described embodiments are merely some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

The terminology used in the embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.

It should be understood that the term "and/or" as used herein is merely one way of describing an association of associated objects, meaning that there may be three relationships, e.g., a and/or b, which may represent: the first and second cases exist separately, and the first and second cases exist separately. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.

Before describing embodiments of the present application in detail, terms applied or likely to be applied to the embodiments of the present application will be explained first.

The computational power (also known as hash rate) is a unit of measure of the processing power of a bitcoin network. I.e. the speed at which the hash function output is calculated for the Computer (CPU). The bitcoin network must perform intensive mathematical and encryption related operations for security purposes.

Blockchain: essentially, the system is a shared database, and data or information stored in the shared database has the characteristics of 'non-falsifiability', 'whole-course trace', 'traceability', 'disclosure transparency', 'collective maintenance', and the like.

Digital certificate authority (Certificate Authority, CA): is a trusted third party entity issuing digital certificate authorities and managing public keys and certificates that encrypt end user data. The responsibility of the CA is to ensure that the company or user receives a valid identity as a unique certificate.

In the related art, a data sender and a data receiver agree on an encryption and decryption mode in advance, and after the data sender encrypts data according to the agreed encryption mode, the data sender transmits the encrypted data to the data receiver, and the data receiver decrypts according to the agreed decryption mode, so that the data is obtained. However, if the agreed encryption and decryption mode is known by the third party, the third party will decrypt the encrypted data, resulting in data leakage.

In view of the above problems, an embodiment of the present application provides a data processing method, where, when a first electronic device sends data to a second electronic device, a blockchain first receives a first request message sent by the first electronic device, where the first request message carries identification information of the first electronic device, information of data to be sent by the first electronic device, and identification information of the second electronic device. And then determining the encryption mode of the first electronic equipment according to the first request message, and sending the encryption mode of the first electronic equipment to the certificate authority CA, so that the CA determines an encryption key and a decryption key corresponding to the encryption mode according to the encryption mode of the first electronic equipment, and sends the encryption key to the first electronic equipment. In this way, when the first electronic device sends data to the second electronic device, the blockchain can determine the encryption mode for the data to be sent by the first electronic device according to the information of the data to be sent by the first electronic device, and if the data to be sent by the first electronic device is different, the encryption mode determined by the blockchain may be different. After determining the encryption mode of the first electronic device, sending the encryption mode of the first electronic device to a Certificate Authority (CA), and sending an encryption key corresponding to the encryption mode to the first electronic device by the CA. That is, according to the method provided by the embodiment of the application, the encryption mode used by the first electronic device for transmitting the data is dynamically changed, so that the security of data transmission can be improved. The following is a detailed description.

Fig. 1 is a schematic diagram of a data processing method according to an embodiment of the present application. Referring to fig. 1, the data processing method provided by the embodiment of the application mainly includes the following steps:

step S101, the block chain receives a first request message sent by a first electronic device.

The first request message carries identification information of the first electronic device, information of data to be sent by the first electronic device and identification information of the second electronic device.

Specifically, when the first electronic device sends data to the second electronic device, first a first request message is sent to the blockchain to obtain an encryption mode, and at this time, the blockchain receives the first request message sent by the first electronic device. The first request message carries identification information of the first electronic device, information of data to be sent by the first electronic device and identification information of the second electronic device.

As one possible implementation, the blockchain includes a main chain and at least one processing slave chain; wherein the main chain comprises a management node and at least one main chain node; at least one processing slave chain is respectively connected with at least one main chain node, and one processing slave chain is connected with only one main chain node; each processing slave chain in the at least one processing slave chain comprises at least one slave link point.

In an embodiment of the present application, a blockchain includes a main chain and at least one processing slave chain. The main chain comprises a management node and at least one main chain node, wherein the management node is used for communicating with the electronic equipment, and the total number of the main chain nodes is stored in the management node. At least one processing slave chain is used for determining the encryption mode, each processing slave chain in the at least one processing slave chain comprises at least one slave link point, and the number of the slave link points contained in each processing slave chain can be the same or different.

Further, the blockchain receiving a first request message sent by the first electronic device includes:

the management node of the blockchain receives a first request message sent by a first electronic device.

Specifically, the management node of the blockchain is configured to communicate with the electronic device, so that when the first electronic device sends a first request message to the blockchain, the management node receives the first request message and performs corresponding processing.

Step S102, determining an encryption mode of the first electronic device according to the first request message.

In the embodiment of the application, after the block link receives the first request message sent by the first electronic device, the encryption mode of the first electronic device can be determined according to the first request message.

As a possible implementation manner, the determining, according to the first request message, the encryption manner of the first electronic device includes:

the management node sends information of data to be sent by the first electronic device to the target processing slave chain through the target main chain node, so that at least one slave link point of the target processing slave chain determines an encryption mode of the first electronic device according to the information of the data to be sent by the first electronic device; the target processing slave chain is a processing slave chain connected with the target main chain node;

the management node receives the encryption mode of at least one first electronic device through the target main chain node.

Specifically, the management node can only perform information interaction with the main chain node, and cannot directly send the data information of the first electronic device to the processing slave chain. Therefore, the management node needs to determine the target main chain node first, for example, all main chain nodes can be determined as the target main chain node, and one main chain node can be determined in at least one main chain node as the target main chain node. And then the data information of the first electronic equipment is sent to a target main chain node, and the target main chain node forwards the data information of the first electronic equipment to a target processing slave chain, namely a processing slave chain connected with the target main chain node, so that at least one slave chain node of the target processing slave chain can determine the encryption mode of the first electronic equipment according to the data information of the first electronic equipment. The data information to be sent by the first electronic device may include a data size, a data security level, and a data transmission mode, for example, the data transmission mode may be public network transmission or private network transmission.

It should be noted that, the data security level can be set by the user according to the actual requirement, and can be classified into 1-5 levels or 1-10 levels, and only the security level of the data is ensured to be higher when the number is larger. And, the data security level of the data to be transmitted by the first electronic device may be determined by the user according to the data to be transmitted after the data is generated, which is not limited in the present application.

For example, from the link point, the encryption mode of the first electronic device may be determined according to the data information of the first electronic device by the following formula (1):

wherein I is an encryption index, a is a data size to be transmitted, a is a value of a data maximum transmission unit, b is a value of a data security level, c is a value corresponding to a data transmission mode, c=0.1 if the data transmission mode is a public network transmission, and c=1 if the data transmission mode is a private network transmission. Since at least one encryption mode is stored in the link point, and each encryption mode has a corresponding selection interval, the slave link point can calculate an encryption index according to the data information of the received first electronic device, and then determine the encryption mode corresponding to the selection interval where the encryption index is located as the encryption mode of the first electronic device. If the encryption index does not have a corresponding selection interval, the encryption mode with the maximum upper limit of the selection interval may be determined as the encryption mode of the first electronic device, or one encryption mode may be randomly selected from at least one encryption mode, and of course, the encryption mode of the first electronic device may be determined by other modes, for example, the application is not limited thereto.

If at least two encryption methods are stored in the link point, the selection intervals corresponding to each two encryption methods may or may not be crossed, that is, the selection intervals corresponding to each two encryption methods may or may not be repeated, which is not limited by the present application. For example, when the selection interval q corresponding to the encryption scheme 1 is 0.ltoreq.q <4 and the selection interval p corresponding to the encryption scheme 1 is 1.ltoreq.p <4, and thus the selection interval p corresponding to the encryption scheme 1 and the encryption scheme 2 is repeated, and when the encryption index is determined to be 5 from the link point, the encryption index 5 does not have a selection interval corresponding to the selection interval with the largest upper limit, that is, the encryption scheme 1 and the encryption scheme 2 can be determined, and among the encryption schemes 1 and 2, the encryption scheme with the smallest lower limit of the selection interval is determined as the encryption scheme of the first electronic device, that is, the encryption scheme 1.

Then, after the target processing slave chain determines the encryption mode of the first electronic device, the encryption mode of the first electronic device is sent to the management node through the target master chain node connected with the target processing slave chain. Since the target processing slave chain contains at least one slave link point, each slave link point in the at least one slave chain node determines the encryption scheme of one first electronic device, and at this time, the management node receives the encryption scheme of the at least one first electronic device.

As a possible implementation manner, the management node may determine at least one main chain node as a target main chain node, and then for each target main chain node, the management node sends information of data to be sent by the first electronic device to a target processing slave chain connected with the main chain node through the target main chain node, so that at least one slave chain link point of the target processing slave chain determines an encryption mode of the first electronic device according to the information of the data to be sent by the first electronic device. And receiving, by the target master chain node, the encryption scheme of the at least one first electronic device after the target process determines the encryption scheme of the first electronic device from at least one slave chain link point of the chain.

As one possible implementation manner, the blockchain includes a main chain and at least two processing slave chains, the main chain includes a management node and at least two main chain nodes, and the at least two processing slave chains are respectively connected with at least one main chain node. Then a target main chain node can be determined in at least two main chain nodes, and the information of the data to be sent by the first electronic device is sent to the processing slave chain connected with the target main chain node through the target main chain node, so that the encryption mode of the first electronic device is determined by the processing slave chain connected with the target main chain node. At this time, the determining, by the management node, the target backbone node from the at least one backbone node includes:

for each main chain node in at least two main chain nodes, receiving second information sent by the main chain node and arrival time corresponding to the second information; the second information includes the total number of slave link points in the processing slave chain connected with the main chain node and the calculation force of each slave chain node;

Specifically, the management node may determine a target backbone node from at least two backbone nodes. First, a second request message is broadcast to at least two main chain nodes, and the broadcast time is recorded. And receiving second information sent by at least two main chain nodes and arrival time corresponding to the second information aiming at each main chain node in the at least two main chain nodes, wherein the second information comprises the total number of slave chain link points corresponding to the main chain nodes and the calculation power of each slave chain node. And then determining the support degree of the main chain node according to the recorded broadcasting time, the received second information sent by the main chain node and the arrival time corresponding to the second information. And after the support degrees of at least two main chain nodes are respectively determined, determining the main chain node with the largest support degree as a target main chain node.

Further, the determining the support degree of the main node according to the recorded broadcasting time, the received second information sent by the main node and the arrival time corresponding to the second information includes:

That is, after receiving the second information transmitted by the master node, the calculation force of each slave link point in the processing slave chain connected to the master node can be known from the second information transmitted by the master node, and the maximum value of the calculation force of each slave link point is determined as the calculation force of the master node. Wherein, the calculation power can indicate the data processing capacity of the main chain node, and the larger the calculation power value is, the stronger the data processing capacity is. After determining the calculation power of the main chain node, the support degree of the main chain node can be determined according to the recorded broadcasting time, the arrival time corresponding to the second information sent by the main chain node and the calculation power of the main chain node. For example, when determining the support degree of the main chain node, the calculation force and the transmission time may be comprehensively considered, and if the calculation force of the main chain node is not zero, the support degree of the main chain node may be determined according to the following formula (2):

Wherein i represents the i-th main chain node, i=1, 2 …, n, n being a positive integer greater than zero; d (D) _i Representing the support degree of the ith main chain node, P _i Representing the computational power of the ith backbone node, n representing the number of at least two backbone nodes, T ₀ For recorded broadcast time, T _i For receiving the transmission time DeltaT corresponding to the second information transmitted by the ith main chain node _i And receiving a difference between a transmission time corresponding to the second information transmitted by the ith main chain node and the recorded broadcast time.

If the calculation force of the main chain node is zero, directly determining that the support degree of the main chain node is zero.

As one possible implementation manner, the managing node broadcasting the second request message to at least two backbone nodes, and recording the broadcasting time includes:

receiving first information sent by at least two main chain nodes, and determining whether identification information of first electronic equipment is recorded in an account book of each main chain node of the at least two main chain nodes according to the received first information;

broadcasting a second request message to at least two main chain nodes, and recording broadcasting time; the second request message carries the identification information of the first main chain node and the identification information of the second information required to be acquired by the management node.

Specifically, when a plurality of main chain nodes exist, the workload of determining the target main chain node in the plurality of main chain nodes is very large, so that part of main chain nodes can be screened out from the plurality of main chain nodes, and the target main chain node is determined only in part of main chain nodes, thereby saving the time of data processing. In this way, the management node may broadcast the identification information of the first electronic device to at least two main chain nodes, and after each main chain node in the at least two main chain nodes receives the identification information of the first electronic device, generate the first information according to the result of determining whether the account book records the identification information of the first electronic device, and send the first information to the management node. The management node receives first information sent by at least two main chain nodes, and determines whether the account book of each main chain node in the at least two main chain nodes is recorded with identification information of the first electronic equipment according to the received first information sent by the at least two main chain nodes. If the account book of each of the at least two main chain nodes is recorded with the identification information of the first electronic device, the account book of each main chain node is recorded with the identification information of the first electronic device and the security level of the first electronic device, at this time, the management node can generate a first random decimal and broadcast the first random decimal to the at least two main chain nodes. In this way, after each main node receives the first random decimal, whether to send the security level recorded by the main node and the first electronic device to the management node is determined according to the first random decimal, for example, the main node may generate a second random decimal, and if the second random decimal is not greater than the first random decimal, the main node determines to send the security level recorded by the main node and the first electronic device to the management node; and if the second random decimal is smaller than the first random decimal, determining that the security level recorded by the second random decimal and the first electronic equipment is not transmitted to the management node. The management node receives the security level of the first electronic device sent by the at least two main chain nodes, and determines the first main chain node according to the received security level. For example, a backbone node that transmits a security level of the first electronic device may be determined as the first backbone node. After determining the first main chain node, broadcasting a second request message to at least two main chain nodes, and recording the broadcasting time, wherein the second request message carries the identification information of the first main chain node and the identification information of second information required to be acquired by the management node. That is, after at least two backbone nodes receive the second request message, only the first backbone node needs to send the second information to the management node, and other backbone nodes do not need to process the second request message. Therefore, the management node only needs to determine the target main chain node in the first main chain node, and the data processing time is saved.

Further, determining the first master node according to the received security level includes:

Specifically, if the number of the first backbone nodes is too small, there may be a case where the calculation power of each of the first backbone nodes is low, and thus the number of the first backbone nodes is controlled to be at least half of that of all the backbone nodes. Because each security level is received, the main chain node of the transmission security level is corresponding to one, the number of the main chain nodes of the transmission security level can be determined according to the received security level, and whether the number of the main chain nodes of the transmission security level exceeds half of the number of all the main chain nodes can be determined. If it is determined that the number of the main chain nodes transmitting the security level exceeds half of the number of all main chain nodes, it is indicated that at least half of the main chain nodes transmit the security level of the first electronic device to the management node. Also, since there is a case where the security level of the first electronic device stored in each of the main chain nodes is different, it is necessary to determine whether or not the received security levels are the same after determining that the number of main chain nodes transmitting the security level exceeds half the number of all main chain nodes. And if the received security levels are the same, determining the main chain node sending the security level as the first main chain node.

If it is determined that different security levels exist in the received security levels, a half of the number of main chain nodes in all main chain nodes sending the security levels may be selected as the first main chain node according to the order of the received security levels from top to bottom, which is not limited by the present application, as long as the number of the first main chain nodes is at least half of the number of all main chain nodes.

If it is determined that the number of the main chain nodes transmitting the security level does not exceed half of the number of all the main chain nodes, the management node regenerates the first random decimal and broadcasts the first random decimal to at least two main chain nodes. And if the total number of the main chain nodes which are currently transmitted and the main chain nodes which are transmitted for the security level last time exceeds half of the total number of all main chain nodes, determining all non-repeated main chain nodes as second main chain nodes in the main chain nodes which are currently transmitted and the main chain nodes which are transmitted for the security level last time, and comparing whether the security level transmitted by all received second main chain nodes is the same or not.

Step S103, the encryption mode of the first electronic device is sent to the certificate authority CA, so that the CA determines an encryption key and a decryption key corresponding to the encryption mode according to the encryption mode of the first electronic device, and sends the encryption key to the first electronic device.

Specifically, only the encryption mode is stored in the blockchain, the encryption key and the decryption key corresponding to the encryption mode are not stored, and the encryption key and the decryption key corresponding to each encryption mode are stored in the certificate authority CA, so that after the encryption mode of the first electronic device is determined, the management node sends the encryption mode of the first electronic device to the certificate authority CA, so that the CA determines the encryption key and the decryption key corresponding to the encryption mode according to the encryption mode of the first electronic device, and sends the encryption key to the first electronic device.

Further, the encryption manner of sending the first electronic device to the certificate authority CA includes:

and if the encryption modes of the received at least one first electronic device are the same, sending the encryption modes of the first electronic device to the CA.

In the embodiment of the application, the management node receives at least one encryption mode, and only if the received encryption modes of at least one first electronic device are the same, the encryption modes of the first electronic device are sent to the CA. If there is at least one first electronic device with different encryption modes, step S102 is re-executed until it is determined that the received at least one first electronic device has the same encryption mode, and then the encryption modes of the first electronic devices are sent to the CA.

It should be noted that the blockchain may include at least one storage slave chain, where the storage slave chain is also connected to a master node, and may be used to store the determined encryption mode of the electronic device. That is, after the management node determines the encryption mode of the first electronic device, the encryption mode of the first electronic device may be sent to the storage slave chain storage through the master chain node.

Illustratively, as shown in FIG. 2, assume that a blockchain includes one backbone, one store slave chain, and two process slave chains. The main chain comprises a management node and four main chain nodes, wherein the four main chain nodes are a main chain node 1, a main chain node 2, a main chain node 3 and a main chain node 4 respectively, and the two processing slave chains are a processing slave chain A and a processing slave chain B respectively. The processing slave chain A comprises four slave link points, namely a slave link point 1, a slave link point 2, a slave link point 3 and a slave link point 4; the processing slave chain B comprises three slave link points, namely a slave link point 5, a slave link point 6 and a slave link point 7; the storage slave chain comprises two slave link points, namely a slave link point 8 and a slave link point 9. The storage slave chain is connected with the main chain node 3, the processing slave chain A is connected with the main chain node 2, and the processing slave chain B is connected with the main chain node 1. Assuming that the first electronic device needs to send data to the second electronic device, the data size of the data to be sent is 1000kb, the data transmission mode is public network transmission, and the data security level is 3, at this time, the first electronic device sends a first request message to the blockchain to obtain an encryption mode, and the first request message carries identification information C of the first electronic device, identification information D of the second electronic device and information of the data to be sent by the first electronic device. Wherein the first electricity The information of the data to be sent by the sub-equipment comprises the data size of 1000kb of the data to be sent, the data transmission mode is public network transmission, and the data security level is 3. The management node of the blockchain receives the first request message and analyzes the first request message to obtain identification information C of the first electronic device, identification information D of the second electronic device and information of data to be sent by the first electronic device. The management node broadcasts the identification information C of the first electronic equipment to the main chain, each main chain node in the four main chain nodes needs to determine whether the identification information C of the first electronic equipment is recorded in the account book of the management node according to the received identification information C of the first electronic equipment, generates first information according to a determination result, and sends the first information to the first electronic equipment. Assuming that identification information C of the first electronic device is recorded in each of the four main chain nodes, the management node can determine that the identification information C of the first electronic device is recorded in each of the four main chain nodes according to the received first information sent by the four main chain nodes, the management node generates a first random decimal of 0.5 and broadcasts the first random decimal to the main chain, so that each main chain node can determine whether to send the security level recorded by the management node and the first electronic device to the management node according to the received first random decimal. Assuming that the main chain node 1 generates a second random decimal 0.4 and the main chain node 2 generates a second random decimal 0.3, the main chain node 3 generates a random decimal 0.8, the main chain node 4 generates a random decimal 0.5, it can be determined that the second random decimal generated by the main chain node 1, the main chain node 2 and the main chain node 4 is not greater than the first random decimal 0.5, then the main chain node 1, the main chain node 2 and the main chain node 4 can all send the security grades of the first electronic device recorded in the account book to the management node, the management node can receive 3 security grades, and since the number of the security grades exceeds half of the number of the main chain node, the management node determines whether the received 3 security grades are identical, and assuming that the security grades of the first electronic device recorded in the account book of the main chain node 1, the main chain node 2 and the main chain node 4 are all 3 grades, the management node can determine that the received 3 security grades are identical, and the main chain node 1, the main chain node 2 and the main chain node 4 are the first main chain node. The management node broadcasts a second request message to the main chain and records The recording and broadcasting time is 8:00:00, wherein the second request message carries identification information of a first main chain node and identification information of second information to be acquired by the management node, and the identification information of the first main chain node is the identification information of the main chain node 1, the main chain node 2 and the main chain node 4, for example, the identification information can be name information of the main chain node. After the 4 main chain nodes receive the second request message, the second request message is analyzed, and identification information of the first main chain node and identification information of second information required to be acquired by the management node are obtained. Firstly, the main chain node 1 can determine that the identification information of the first main chain node is the identification information of the main chain node 1 according to the second request message, and the main chain node 1 needs to send second information to the management node, wherein the second information is the number of the slave chain nodes in the processing slave chain B connected with the main chain node 1 and the calculation force of each slave chain link point, namely, the processing slave chain B comprises 4 slave chain link points, and the calculation forces of the processing slave chain B from the chain link point 1, the slave chain link point 2, the slave chain link point 3 and the slave chain link point 4 are respectively 3KH/s, 7KH/s, 4KH/s and 6KH/s; similarly, the main chain node 2 can determine that the identification information of the first main chain node has the identification information of the main chain node 2 according to the second request message, and the main chain node 2 needs to send second information to the management node, wherein the second information is the number of the slave chain nodes in the processing slave chain A connected with the main chain node 2 and the calculation force of each slave chain link point, namely, the processing slave chain A comprises 3 slave chain link points, and the calculation forces of the slave chain A from the chain link point 5, the slave chain link point 6 and the slave chain link point 7 are respectively 5KH/s, 7KH/s and 2KH/s; the main chain node 3 can determine that the identification information of the main chain node 3 does not exist in the identification information of the first main chain node according to the second request message, and the main chain node 3 does not need to process the second request message at this time; the master node 4 may determine, according to the second request message, that the identification information of the first master node has the identification information of the master node 4, where the master node 4 needs to send second information to the management node, where the second information is a slave node that is not connected to the master node 1. The management node receives second information sent by the first main chain node and arrival time corresponding to the second information, wherein the arrival time corresponding to the second information sent by the receiving main chain node 1 is 8:00:03, and the management node is connected with the first main chain node The arrival time corresponding to the second information sent by the receiving main chain node 2 is 8:00:02, and the arrival time corresponding to the second information sent by the receiving main chain node 4 is 8:00:01. Then determining the support degree of each main chain node in the first main chain node, firstly determining the support degree of the main chain node 1, and determining the maximum value of the calculation forces of the main chain node 1 as the calculation force of the main chain node 1 according to the received second information of the main chain node 1, namely, processing the calculation forces of the main chain node 1, the main chain node 2, the main chain node 3 and the main chain node 4 in the main chain B, wherein the calculation forces of the main chain node 1 are respectively 3KH/s, 7KH/s, 4KH/s and 6 KH/s; calculating the support degree of the main chain node 1 according to the recorded broadcasting time 8:00:00, the arrival time 8:00:03 corresponding to the second information sent by the main chain node 1 and the calculation power 7KH/s of the main chain node 1, and determining the support degree D of the main chain node 1 according to the formula (2) ₁ 2.08. Similarly, the management node may determine that the support degree of the main node 2 is 2.25, and the specific reference may be made to the support degree determination process of the main node 1, which is not described herein. Since the calculation force of the main chain node 4 is zero, the support degree of the main chain node 4 can be directly determined to be zero. And the management node determines the main chain node with the largest support degree as a target main chain node according to the determined support degree of the first main chain node, namely, the main chain node 2. The management node can send data information to be sent by the first electronic device to the processing slave chain A through the main chain node 2, wherein the data information to be sent by the first electronic device is that the data size of the data to be sent is 2kb, the data transmission mode is public network transmission, and the data security level is 3. The processing slave link point 5, slave link point 6 and slave link point 7 in the slave chain a can determine the encryption mode of the first electronic device according to the data information to be sent by the first electronic device, and taking the slave link point 5 as an example, the process of determining the encryption mode of the first electronic device is as follows: according to the data information to be sent by the first electronic device, it can be known that the data size of the data to be sent is 1000Kb, the data security level is 3, the data transmission mode is public network transmission, and if the maximum transmission unit of the data is 1500Kb, then the encryption index I can be determined to be 1.22 according to the above formula (1). Suppose that the encryption scheme stored from link point 5 corresponds to The selection interval of (1) is not crossed, i.e. the selection interval corresponding to encryption mode is 0.ltoreq.D<5. The selection interval E corresponding to the encryption mode 2 is 5-E<10, the selection interval F corresponding to the encryption mode 3 is 10 less than or equal to F<15. Since the determined encryption index I is 1.22, it can be determined that the encryption mode of the first electronic device is encryption mode 1. The slave link point 6 and the slave link point 7 may also determine the encryption mode of the first electronic device according to the data information to be sent by the first electronic device, and specifically, the process of determining the encryption mode of the first electronic device from the slave link point 5 may refer to the process of determining the encryption mode of the first electronic device, which is not described herein again. It is assumed that from the link point 6, the encryption scheme of the first electronic device determined from the link point 7 is encryption scheme 1. The management node receives, via the master node 2, the encrypted form of the first electronic device transmitted from the link point 5, from the link point 6, and from the link point 7. The management node may determine that the encryption modes of the three received first electronic devices are the same, and send the encryption mode of the first electronic device, i.e. encryption mode 1, to the certificate authority CA. After determining that the encryption modes of the three received first electronic devices are the same, the management node may store the encryption modes of the first electronic devices in a storage slave chain through the master chain node 3, for example, the storage may store the encryption modes of the first electronic devices in the storage slave chain in the form of "identification information of the first electronic devices-encryption mode-identification information of the second electronic devices", so that the second electronic devices may obtain the encryption modes of the first electronic devices from the blockchain according to the identification information of the first electronic devices and the identification information of the second electronic devices.

Fig. 3 is a flowchart of another data processing method according to an embodiment of the present application. As shown in fig. 3, the method mainly comprises the following steps:

step S301, the blockchain receives a first request message sent by the first electronic device.

Specific reference may be made to step S101, which is not described herein.

Step S302, determining an encryption mode of the first electronic device according to the first request message.

In particular, reference may be made to step S102, which is not described herein.

As a possible embodiment, if it is determined that the identification information of the first electronic device is not recorded in the account book with at least one main chain node, a response message for refusing to acquire the encryption mode is returned to the first electronic device;

Receiving a security level sent by first electronic equipment;

the security level of the first electronic device is broadcast to at least two backbone nodes, so that each backbone node records the identification information of the first electronic device and the security level of the first electronic device into a respective ledger.

Specifically, if it is determined that the account book with at least one main chain node does not record the identification information of the first electronic device, it is stated that the account book with at least one main chain node does not record the identification information of the first electronic device and the security level of the first electronic device, thereby affecting the determination of the first main chain node. Therefore, if it is determined that the account book with at least one main node does not record the identification information of the first electronic device, the management node returns a response message for refusing to acquire the encryption mode to the first electronic device. After the first electronic device receives the response message of refusing to acquire the encryption mode, the identification information of the first electronic device and the security level of the first electronic device are required to be stored in the blockchain, and then the encryption mode is acquired again. Based on the information, the first electronic device can send the identification information of the first electronic device to the management node again, and the management node receives the identification information of the first electronic device sent by the first electronic device and broadcasts the identification information of the first electronic device to at least two main chain nodes. And receiving third information sent by at least two main chain nodes, wherein the third information is result information generated by each main chain node according to whether the account book of the main chain node records the identification information of the first electronic equipment. The management node may determine, according to the received third information, whether each of the at least two main chain nodes records identification information of the first electronic device. And if the fact that the identification information of the first electronic equipment is not recorded in the account book with at least one main chain node is determined, sending a security level acquisition request message to the first electronic equipment. And after the first electronic equipment receives the security level acquisition request message, the security level of the first electronic equipment is sent to the management node. The management node receives the security level sent by the first electronic device and broadcasts the security level of the first electronic device to at least two main chain nodes, so that each main chain node records the identification information of the first electronic device and the security level of the first electronic device into respective account books. In this way, the account books of the at least two main chain nodes each record the identification information of the first electronic device and the security level of the first electronic device, and the first electronic device can send the first request message to the blockchain again to acquire the encryption mode.

It should be noted that, since the security level of the first electronic device is low, but when the security level is used for processing secret data, the security level of the first electronic device needs to be adjusted to be high, and when the security level of the first electronic device is adjusted, the security levels of the first electronic devices recorded in the account book of all the main chain nodes in the blockchain need to be updated accordingly. At this time, the above steps may be performed to receive the identification information of the first electronic device sent by the first electronic device, and broadcast the security level of the first electronic device to at least two main chain nodes, so that each main chain node records the identification information of the first electronic device and the security level of the first electronic device in respective account books. Thus, the security level of the first electronic device recorded in the account book of all the main chain nodes in the blockchain can be updated simultaneously when the security level of the first electronic device is adjusted.

Step S303, if the encryption modes of at least one first electronic device received are the same, the encryption modes of the first electronic device are sent to the CA.

The specific reference may be made to step S103, which is not described herein.

Step S304, receiving a third request message sent by the second electronic device.

The third request message carries identification information of the first electronic device and identification information of the second electronic device.

Specifically, after receiving the encrypted data sent by the first electronic device, the second electronic device may send a third request message to the management node, so as to obtain an encryption manner of the first electronic device.

Step S305, according to the third request message, the encryption mode of the first electronic device is sent to the second electronic device, so that the second electronic device can obtain the decryption key from the CA according to the encryption mode of the first electronic device, and further decrypt the received encrypted data to obtain the data.

Specifically, the management node can acquire the identification information of the first electronic device and the identification information of the second electronic device by analyzing the third request message, and send the determined encryption mode of the first electronic device to the second electronic device, so that the second electronic device can acquire the decryption key from the CA according to the encryption mode of the first electronic device, and further decrypt the received encrypted data according to the decryption key to acquire the data.

The embodiment of the application provides another data processing method, which comprises the following steps:

The first electronic device sends a first request message to the blockchain;

receiving an encryption key sent by the CA, and encrypting data according to an encryption mode and the encryption key of the first electronic equipment;

and sending the encrypted data to the second electronic equipment.

In the embodiment of the application, the first electronic device needs to encrypt the data to be sent before sending the data to the second electronic device, and at this time, the first electronic device sends a first request message to the blockchain to acquire the encryption mode. The first request message carries identification information of the first electronic device, information of data to be sent by the first electronic device and identification information of the second electronic device. After determining the encryption mode of the first electronic device, the blockchain sends the encryption mode of the first electronic device to the CA, the CA determines the encryption key and the decryption key corresponding to the encryption mode of the first electronic device, and sends the encryption key corresponding to the encryption mode of the first electronic device to the first electronic device. At this time, the first electronic device receives the encryption key sent by the CA, encrypts the data according to the encryption mode and the encryption key of the first electronic device, and then sends the encrypted data to the second electronic device.

Fig. 4 is a flowchart of another data processing method according to an embodiment of the present application. As shown in fig. 4, the method includes:

in step S401, the first electronic device sends a first request message to the blockchain, and the blockchain receives the first request message sent by the first electronic device.

Reference may be made to the above step S101, and details are not repeated here.

Step S402, determining an encryption mode of the first electronic device according to the first request message.

Reference may be made to the above step S102, and details are not repeated here.

Step S403, sending the encryption scheme of the first electronic device to the certificate authority CA, and the CA receiving the encryption scheme of the first electronic device.

Reference may be made to the above step S103, and details are not repeated here.

Step S404, the CA sends an encryption key corresponding to the encryption mode of the first electronic device to the first electronic device, and the first electronic device receives the encryption key corresponding to the encryption mode of the first electronic device.

Specifically, after the CA receives the encryption mode of the first electronic device, the CA may first determine an encryption key corresponding to the encryption mode of the first electronic device, and send the encryption key corresponding to the encryption mode of the first electronic device to the first electronic device, so that the first electronic device may encrypt the data according to the encryption key.

Step S405, the first electronic device encrypts the data according to the encryption mode and the encryption key of the first electronic device, and sends the encrypted data to the second electronic device.

In step S406, the second electronic device sends a third request message to the blockchain, and the blockchain receives the third request message sent by the second electronic device.

Specifically, after receiving the encrypted data sent by the first electronic device, the second electronic device needs to decrypt the data, and can obtain the encryption mode corresponding to the first electronic device from the blockchain first, so that the second electronic device sends a third request message to the blockchain, and the blockchain receives the third request message sent by the second electronic device. The third request message carries identification information of the first electronic device and identification information of the second electronic device.

Step S407, the blockchain sends the encryption mode of the first electronic device to the second electronic device according to the third request message, and the second electronic device receives the encryption mode of the first electronic device.

Reference may be made specifically to the above step S505, and details thereof are not repeated here.

Step S408, the second electronic device sends a fourth request message to the CA.

The fourth request message carries encryption mode information of the first electronic device.

Specifically, after receiving the encryption mode of the first electronic device, the second electronic device may obtain a decryption key corresponding to the encryption mode of the first electronic device from the CA, where the second electronic device sends a fourth request message to the CA.

Step S409, the CA sends the decryption key corresponding to the encryption mode of the first electronic device to the second electronic device, and the second electronic device receives the decryption key corresponding to the encryption mode of the first electronic device.

Step S410, the second electronic device decrypts the encrypted data according to the received decryption key to obtain data.

Therefore, when the first electronic device sends data to the second electronic device, the encryption mode can be obtained from the blockchain according to the data to be sent, then the data is encrypted according to the determined encryption mode of the first electronic device, that is, the encryption mode used by the first electronic device when encrypting the data is changed, the encryption modes determined by the blockchain can be the same or different according to the different data to be sent, so that the safety of data transmission can be improved, and the encryption mode is not easy to leak.

Corresponding to the embodiment, the application also provides electronic equipment. Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application, where the electronic device 500 may include: a processor 501, a memory 502 and a communication unit 503. The components may communicate via one or more buses, and it will be appreciated by those skilled in the art that the configuration of the server as shown in the drawings is not limiting of the embodiments of the application, and that it may be a bus-like structure, a star-like structure, or include more or fewer components than shown, or may be a combination of certain components or a different arrangement of components.

Wherein the communication unit 503 is configured to establish a communication channel, so that the electronic device may communicate with other devices. Receiving user data sent by other devices or sending user data to other devices.

The processor 501, which is a control center of the electronic device, connects various parts of the entire electronic device using various interfaces and lines, performs various functions of the electronic device and/or processes data by running or executing software programs and/or modules stored in the memory 502, and invoking data stored in the memory. The processor may be comprised of integrated circuits (integrated circuit, ICs), such as a single packaged IC, or may be comprised of packaged ICs that connect multiple identical or different functions. For example, the processor 501 may include only a central processing unit (central processing unit, CPU). In the embodiment of the invention, the CPU can be a single operation core or can comprise multiple operation cores.

The memory 502, for storing instructions for execution by the processor 501, the memory 502 may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk, or optical disk.

The execution of the instructions in memory 502, when executed by processor 501, enables electronic device 500 to perform some or all of the steps in the embodiment illustrated in fig. 4.

It will be apparent to those skilled in the art that the techniques of embodiments of the present invention may be implemented in software plus a necessary general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in essence or what contributes to the prior art in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the embodiments or some parts of the embodiments of the present invention.

The same or similar parts between the various embodiments in this specification are referred to each other. In particular, for the device embodiment and the terminal embodiment, since they are substantially similar to the method embodiment, the description is relatively simple, and reference should be made to the description in the method embodiment for relevant points.

Claims

1. A method of data processing applied to a blockchain, the method comprising:

2. The method of claim 1, wherein the blockchain includes a main chain and at least one processing slave chain; wherein the main chain comprises a management node and at least one main chain node; the at least one processing slave chain is respectively connected with the at least one main chain node, and one processing slave chain is connected with only one main chain node; each processing slave chain in the at least one processing slave chain comprises at least one slave chain link point;

3. The method of claim 2, wherein the blockchain includes a main chain and at least two processing slave chains; wherein the main chain comprises a management node and at least two main chain nodes; the at least two processing slave chains are respectively connected with the at least one main chain node;

4. The method of claim 3, wherein determining the support of the master node according to the recorded broadcast time, the received second information sent by the master node, and the arrival time corresponding to the second information comprises:

5. The method of claim 3, wherein the managing node broadcasting the second request message to the at least two master nodes and recording the broadcast time comprises:

6. The method of claim 5, wherein determining the first backbone node based on the received security level comprises:

7. The method of claim 5, wherein the method further comprises:

receiving a security level sent by first electronic equipment;

8. The method according to claim 1, wherein after said sending of the encrypted form of the first electronic device to the certificate authority CA, the method further comprises:

9. A method of data processing, comprising:

the first electronic device sends a first request message to the blockchain;

and sending the encrypted data to the second electronic equipment.

10. An electronic device, comprising: a processor and a memory storing a computer program which, when executed, causes the electronic device to perform the method of any one of claims 1-8.