CN117375823A - Key distribution method and device, electronic equipment and storage medium - Google Patents
Key distribution method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN117375823A CN117375823A CN202311400924.6A CN202311400924A CN117375823A CN 117375823 A CN117375823 A CN 117375823A CN 202311400924 A CN202311400924 A CN 202311400924A CN 117375823 A CN117375823 A CN 117375823A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- data
- encrypted
- derivative
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003860 storage Methods 0.000 title claims abstract description 100
- 238000000034 method Methods 0.000 title claims abstract description 73
- 238000009826 distribution Methods 0.000 title claims abstract description 54
- 238000013475 authorization Methods 0.000 claims abstract description 40
- 230000007246 mechanism Effects 0.000 claims abstract description 8
- 238000012545 processing Methods 0.000 claims description 32
- 230000008569 process Effects 0.000 claims description 28
- 238000004590 computer program Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 6
- 238000012790 confirmation Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The invention relates to a key distribution method, a device, an electronic device and a storage medium, wherein the method comprises the following steps: generating a master key of a first user and generating a derivative key based on the master key; encrypting the derivative key based on the public key of the second user, and sending the encrypted derivative key and the data property right authorization to a consensus system, so that the second user obtains the data property right authorization and the encrypted derivative key based on the consensus system, decrypts the encrypted derivative key based on the private key of the second user, encrypts user data by using the decrypted derivative key and then uploads the encrypted user data to a storage system, or decrypts other user data in the storage system by using the decrypted derivative key. The invention improves the data security coefficient under the data property split mechanism.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a method and an apparatus for distributing a key, an electronic device, and a storage medium.
Background
Data is a key element of digital economy, has become a national important strategic resource, and is becoming an extremely important new asset. In recent years, the related art has also clearly proposed a new model for searching data assets, and has important significance for promoting the data to be made into assets and capital and better playing the multiplication effect of data on the improvement of production efficiency for the asset value of the data elements of the money measurement for searching.
The whole process of data asset accounting mainly comprises four links of data asset confirmation, data asset assessment, data asset metering and data asset disclosure. The data asset confirmation link needs to define the identity and boundary of the data asset, establish a data confirmation system, promote the classified and hierarchical confirmation authorization use of public data, enterprise data and personal data, establish a property operation mechanism of the data resource ownership, data processing use right, data product management right and the like, and strengthen the data element rights protection system.
Therefore, how to solve the problem of data security under the data property split mechanism and ensure the security of the decentralised data is a technical problem to be solved urgently.
Disclosure of Invention
In view of the foregoing, it is necessary to provide a key distribution method, apparatus, electronic device and storage medium for solving the problem of data security under the data property split mechanism and ensuring the security of the decentralised data.
In order to solve the above-mentioned problems, the present invention provides, in a first aspect, a key distribution method comprising:
generating a master key of a first user and generating a derivative key based on the master key;
encrypting the derivative key based on the public key of the second user, and sending the encrypted derivative key and the data property right authorization to a consensus system, so that the second user obtains the data property right authorization and the encrypted derivative key based on the consensus system, decrypts the encrypted derivative key based on the private key of the second user, encrypts user data by using the decrypted derivative key and then uploads the encrypted user data to a storage system, or decrypts other user data in the storage system by using the decrypted derivative key.
Further, the consensus system is constructed by utilizing a merck tree in a preset decentralised computing system;
constructing the consensus system by utilizing a merck tree in a preset decentralised computing system, wherein the method comprises the following steps of:
selecting from a plurality of decentralised computing systems based on a preset proving mechanism, and selecting computing systems meeting preset conditions as candidate consensus nodes;
and selecting part of nodes from the candidate consensus nodes by using a random algorithm as the consensus nodes to construct the consensus system, wherein the system verifies the key distribution process according to the longest chain principle and stores the key state in the key distribution process into a merck tree.
Further, the method further comprises:
and in the process of verifying the key distribution process by utilizing the consensus system, if any consensus node cannot work, moving the node out of the consensus node list and the candidate consensus node list.
Further, the storage system is built using a preset de-centralized computing system;
constructing the storage system using a preset de-centralized computing system, comprising:
selecting a plurality of preset decentralised computing systems as storage nodes, and constructing the storage systems, wherein the number of the selected storage nodes is larger than 1, and the selected storage nodes store data according to a storage consistency protocol.
Further, the method further comprises:
and maintaining the storage nodes at regular time, and selecting other storage nodes from the preset decentralised computing system if any storage node cannot work.
Further, the encrypting the derivative key based on the public key of the second user and transmitting the encrypted derivative key and the data property right authorization to the consensus system includes:
authorizing the data processing right or the data using right to a second user, and acquiring a public key of the second user;
encrypting the derivative key based on the public key of the second user.
Further, the second user is an authorized data processing party or data using party; the second user obtains the data property right authorization and the encrypted derivative key based on the consensus system, decrypts the encrypted derivative key based on a private key of the second user, encrypts user data by using the decrypted derivative key and uploads the encrypted user data to a storage system, or decrypts other user data in the storage system by using the decrypted derivative key, and the method comprises the following steps:
the second user obtains the data property right authorization corresponding to the second user from the consensus system so that the consensus system verifies the signature of the second user, and if the consensus system verifies the signature of the second user, the second user obtains the encrypted derivative key;
decrypting the encrypted derivative key based on the private key of the second user to obtain a decrypted derivative key;
the data processing party encrypts the user data by using the decrypted derivative key and uploads the encrypted user data to a storage system;
and the data user decrypts other user data in the storage system by using the decrypted derivative key.
In a second aspect, the present invention also provides a key distribution apparatus, including:
the key generation module is used for generating a master key of the first user and generating a derivative key based on the master key;
the key distribution module is used for encrypting the derivative key based on the public key of the second user, sending the encrypted derivative key and the data property right authorization to the consensus system, so that the second user obtains the data property right authorization and the encrypted derivative key based on the consensus system, decrypting the encrypted derivative key based on the private key of the second user, encrypting the user data by using the decrypted derivative key and then uploading the encrypted user data to the storage system, or decrypting other user data in the storage system by using the decrypted derivative key.
In a third aspect, the present invention also provides an electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps in the key distribution method described above when executing the computer program.
In a fourth aspect, the present invention also provides a computer storage medium storing a computer program which when executed by a processor implements the steps of the key distribution method as described above.
The beneficial effects of adopting the embodiment are as follows:
the method comprises the steps that a first user generates and holds a master key of the first user, then the master key is used for generating a derivative key, the derivative key is encrypted based on a public key of a second user, the encrypted derivative key and data property rights are issued into a decentralization consensus system together, and the second user is a data processing party or a data user party; after obtaining own data property right authorization and an encrypted derivative key from the consensus system, the data processing party decrypts the encrypted derivative key by using own private key, encrypts the data of the user by using the derivative key, and then uploads the encrypted data to the decentralised storage system; after the data user obtains the own data property right authorization and the encrypted derivative key from the consensus system, the data user decrypts the encrypted derivative key by using the own private key, and then decrypts the user data in the storage system by using the derivative key. The security of the data is ensured by the decentralizing consensus system and the distribution of the secret key by the user data property rights. Only if the user is authorized, the data can be correctly encrypted and decrypted for processing or use. After the data title authorization is deleted, the data processor or data consumer will not be able to access the encrypted derivative key and process or use the user data in the storage system.
Drawings
Fig. 1 is a flow chart of an embodiment of a key distribution method according to the present invention;
FIG. 2 is a timing diagram of data processing in a key distribution process according to an embodiment of the present invention;
FIG. 3 is a timing diagram illustrating data usage during key distribution according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating a key distribution device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
Preferred embodiments of the present invention will now be described in detail with reference to the accompanying drawings, which form a part hereof, and together with the description serve to explain the principles of the invention, and are not intended to limit the scope of the invention.
In the description of the present invention, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. Furthermore, the meaning of "a plurality of" means two or more, unless specifically defined otherwise. Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
Before the description of the embodiments, the related words are interpreted:
merck tree: the merck tree is a binary tree that contains a set of nodes whose root contains the underlying information has a large number of leaf nodes, a set of intermediate nodes, each of which is a hash of its 2 child nodes, and then a final root node, also formed by the hash of its 2 child nodes, represents the "top" of the tree. The purpose of the merck tree is to allow data in a block to be passed sporadically.
Specific embodiments are described in detail below:
referring to fig. 1, fig. 1 is a schematic flow chart of an embodiment of a key distribution method provided by the present invention, and a specific embodiment of the present invention discloses a key distribution method, which includes:
generating a master key of the first user and generating a derivative key based on the master key;
the derivative key is encrypted based on the public key of the second user, and the encrypted derivative key and the data property right authorization are sent to the consensus system, so that the second user obtains the data property right authorization and the encrypted derivative key based on the consensus system, decrypts the encrypted derivative key based on the private key of the second user, encrypts the user data by using the decrypted derivative key and then uploads the encrypted user data to the storage system, or decrypts other user data in the storage system by using the decrypted derivative key.
The method comprises the steps that a first user generates and holds a master key of the first user, then the master key is used for generating a derivative key, the derivative key is encrypted based on a public key of a second user, the encrypted derivative key and data property rights are issued into a decentralization consensus system together, and the second user is a data processing party or a data user party; after obtaining own data property right authorization and an encrypted derivative key from the consensus system, the data processing party decrypts the encrypted derivative key by using own private key, encrypts the data of the user by using the derivative key, and then uploads the encrypted data to the decentralised storage system; after the data user obtains the own data property right authorization and the encrypted derivative key from the consensus system, the data user decrypts the encrypted derivative key by using the own private key, and then decrypts the user data in the storage system by using the derivative key. The security of the data is ensured by the decentralizing consensus system and the distribution of the secret key by the user data property rights. Only if the user is authorized, the data can be correctly encrypted and decrypted for processing or use. After the data title authorization is deleted, the data processor or data consumer will not be able to access the encrypted derivative key and process or use the user data in the storage system.
In one embodiment of the invention, the consensus system is built using the merck tree in a preset de-centralized computing system;
constructing a consensus system by utilizing a merck tree in a preset decentralised computing system, wherein the method comprises the following steps of:
selecting from a plurality of decentralised computing systems based on a preset proving mechanism, and selecting computing systems meeting preset conditions as candidate consensus nodes;
and selecting part of nodes from the candidate consensus nodes by using a random algorithm as the consensus nodes to construct a consensus system, wherein the system verifies the key distribution process according to the longest chain principle and stores the key state in the key distribution process into a merck tree.
It will be appreciated that a plurality of decentralised computing systems are used to construct a decentralised consensus system and a decentralised storage system respectively. In the process of constructing the decentralised consensus system, the key states in the key distribution process are managed by using the merck tree, and each key state corresponds to one leaf node generated as the merck tree, and the merck tree is stored in a plurality of decentralised computing systems.
Specifically, a plurality of users vote on a plurality of decentralised computing systems based on a delegated rights and interests proving mechanism, select part of the computing systems as candidate consensus nodes, and then randomly select part of the candidate consensus nodes to become the consensus nodes by using a random algorithm.
In the process of verifying the key distribution process by using the consensus system, if any consensus node cannot work, the node is moved out of the consensus node list and the candidate consensus node list. Each consensus node verifies the key distribution process according to the longest chain principle and stores the key state in the key distribution process into the merck tree. The consensus nodes form a consensus system to verify the key distribution process, and if a certain node does not act properly or cannot work effectively, the node is moved out of the consensus node list and the candidate consensus node list.
More specifically, the consensus system will be composed of a plurality of decentralised computing systems that will be responsible for voting on key states in the key distribution process, consensus being achieved according to the longest chain principle. The states include the derived key of the data property right authorization and encryption provided by the user, and the data processing party or the data user inquires the derived key of the data property right authorization and encryption, and the verification result of the consensus system. If consensus is reached, these critical states will be stored in the leaf nodes of the merck tree.
In one embodiment of the invention, the storage system is built using a preset de-centralized computing system;
constructing a storage system using a preset de-centralized computing system, comprising:
selecting a plurality of preset decentralised computing systems as storage nodes, and constructing the storage systems, wherein the number of the selected storage nodes is larger than 1, and the selected storage nodes store data according to a storage consistency protocol.
It will be appreciated that a plurality of the de-centralized computing systems are selected by the user as storage nodes, the number of selected storage nodes being greater than 1, the storage systems will be collectively comprised of a plurality of the de-centralized computing systems, which will manage the user's data in accordance with the storage consistency protocol. After receiving a storage request of a data processing party, the storage system stores encrypted data of a user according to a data storage authorization and a certification method of the data storage authorization; after receiving the access request of the data user, the storage system provides the encrypted data of the user according to a decentralised data inquiry authorization and a proving method thereof.
It should be noted that, the storage nodes need to be maintained at regular time, and if any storage node cannot work, other storage nodes are selected from the preset decentralised computing system.
Namely, the storage nodes in the storage system store data according to the storage consistency protocol, users maintain the storage nodes at regular time, and if a certain storage node does not act properly or cannot work effectively, a new storage node is selected to replace the storage node.
In one embodiment of the present invention, encrypting the derivative key based on the public key of the second user and transmitting the encrypted derivative key and the data property right authorization to the consensus system comprises:
authorizing the data processing right or the data using right to the second user, and acquiring a public key of the second user;
the derivative key is encrypted based on the public key of the second user.
It will be appreciated that the second user is either a data processing party or a data consumer. The first user generates and holds own master key, and generates a derivative key by using the master key, wherein the derivative key is used for encrypting and decrypting data; the first user encrypts the derivative key by using the public key of the authorized data processing party or data using party, and issues the encrypted derivative key and the data property right authorization to the decentralised consensus system. And verifying the distribution process of the key by using the constructed decentralised consensus system.
In some preferred embodiments, the act of the data processor or the data consumer obtaining the encrypted derivative key must be authorized by the user to be accomplished, and is not effective if the act of the data processor or the data consumer obtaining the encrypted derivative key is not authorized by the user.
In one embodiment of the invention, the second user is an authorized party for processing data or a party for using data; the second user obtains the data property right authorization and the encrypted derivative key based on the consensus system, decrypts the encrypted derivative key based on the private key of the second user, encrypts the user data by using the decrypted derivative key and uploads the encrypted user data to the storage system, or decrypts other user data in the storage system by using the decrypted derivative key, and the method comprises the following steps:
the second user obtains the data property right authorization corresponding to the second user from the consensus system so that the consensus system verifies the signature of the second user, and if the consensus system verifies the signature of the second user, the second user obtains the encrypted derivative key;
decrypting the encrypted derivative key based on the private key of the second user to obtain a decrypted derivative key;
the data processing party encrypts the user data by using the decrypted derivative key and uploads the encrypted user data to the storage system;
the data consumer decrypts other user data in the storage system using the decrypted derivative key.
It will be appreciated that a user selects a plurality of decentralised computing systems as storage nodes, thereby forming a storage system, storing encrypted data of the user, and providing an access interface. The data of the user is stored in the storage system, after the data processing party or the data using party obtains the authorization of the user, the data processing party or the data using party obtains the encrypted derivative key from the consensus system, then uses the private key of the party to decrypt the encrypted derivative key, uses the derivative key to encrypt the data of the user and stores the data in the storage system or uses the derivative key to decrypt the data of the user in the storage system. Referring to fig. 2 and 3, fig. 2 is a timing chart of data processing in a key distribution process according to an embodiment of the present invention; fig. 3 is a timing chart of data usage in a key distribution process according to an embodiment of the present invention.
The invention constructs a decentralised consensus system by using a plurality of decentralised computing systems, and constructs a decentralised storage system by using a plurality of decentralised computing systems; the user generates and holds own master key, the user uses the master key to generate a derivative key, and the derivative key is used for encrypting and decrypting data; the user encrypts the derivative key by using the public key of the authorized data processing party or the data using party, and issues the encrypted derivative key and the data property right authorization to the decentralization consensus system; after obtaining own data property right authorization and an encrypted derivative key from the consensus system, the data processing party decrypts the encrypted derivative key by using own private key, encrypts the data of the user by using the derivative key, and then uploads the encrypted data to the decentralised storage system; after the data user obtains the own data property right authorization and the encrypted derivative key from the consensus system, the data user decrypts the encrypted derivative key by using the own private key, and then decrypts the user data in the storage system by using the derivative key.
The invention ensures the safety of data through the decentralized consensus system and the distribution of the secret key by the user data property rights. Only if the user is authorized, the data can be correctly encrypted and decrypted for processing or use. After the data title authorization is deleted, the data processor or data consumer will not be able to access the encrypted derivative key and process or use the user data in the storage system.
In order to better implement the key distribution method according to the embodiment of the present invention, referring to fig. 4 correspondingly, fig. 4 is a schematic structural diagram of an embodiment of a key distribution device according to the present invention, where the embodiment of the present invention provides a key distribution device 400, including:
a key generation module 401, configured to generate a master key of a first user, and generate a derivative key based on the master key;
the key distribution module 402 is configured to encrypt the derivative key based on the public key of the second user, and send the encrypted derivative key and the data property right authorization to the consensus system, so that the second user obtains the data property right authorization and the encrypted derivative key based on the consensus system, decrypts the encrypted derivative key based on the private key of the second user, encrypts the user data using the decrypted derivative key and then uploads the encrypted user data to the storage system, or decrypts other user data in the storage system using the decrypted derivative key.
What needs to be explained here is: the apparatus 400 provided in the foregoing embodiments may implement the technical solutions described in the foregoing method embodiments, and the specific implementation principles of the foregoing modules or units may be referred to the corresponding content in the foregoing method embodiments, which is not described herein again.
Based on the above key distribution method, the embodiment of the present invention further provides an electronic device, including: a processor and a memory, and a computer program stored in the memory and executable on the processor; the steps in the key distribution method of the above embodiments are implemented when the processor executes the computer program.
A schematic structural diagram of an electronic device 500 suitable for use in implementing embodiments of the present invention is shown in fig. 5. The electronic device in the embodiment of the present invention may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a car-mounted terminal (e.g., car navigation terminal), etc., and a stationary terminal such as a digital TV, a desktop computer, etc. The electronic device shown in fig. 5 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the present invention.
An electronic device includes: a memory and a processor, where the processor may be referred to as a processing device 501 hereinafter, the memory may include at least one of a Read Only Memory (ROM) 502, a Random Access Memory (RAM) 503, and a storage device 508 hereinafter, as shown in detail below:
as shown in fig. 5, the electronic device 500 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 501, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM503, various programs and data required for the operation of the electronic apparatus 500 are also stored. The processing device 501, the ROM502, and the RAM503 are connected to each other via a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
In general, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 507 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 508 including, for example, magnetic tape, hard disk, etc.; and communication means 509. The communication means 509 may allow the electronic device 500 to communicate with other devices wirelessly or by wire to exchange data. While fig. 5 shows an electronic device 500 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.
In particular, according to embodiments of the present invention, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present invention include a computer program product comprising a computer program embodied on a non-transitory computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 509, or from the storage means 508, or from the ROM 502. The above-described functions defined in the method of the embodiment of the present invention are performed when the computer program is executed by the processing means 501.
Based on the above-described key distribution method, the embodiments of the present invention further provide a computer-readable storage medium storing one or more programs executable by one or more processors to implement the steps in the key distribution method of each of the above-described embodiments.
Those skilled in the art will appreciate that all or part of the flow of the methods of the embodiments described above may be accomplished by way of a computer program to instruct associated hardware, where the program may be stored on a computer readable storage medium. Wherein the computer readable storage medium is a magnetic disk, an optical disk, a read-only memory or a random access memory, etc.
The present invention is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present invention are intended to be included in the scope of the present invention.
Claims (10)
1. A key distribution method, comprising:
generating a master key of a first user and generating a derivative key based on the master key;
encrypting the derivative key based on the public key of the second user, and sending the encrypted derivative key and the data property right authorization to a consensus system, so that the second user obtains the data property right authorization and the encrypted derivative key based on the consensus system, decrypts the encrypted derivative key based on the private key of the second user, encrypts user data by using the decrypted derivative key and then uploads the encrypted user data to a storage system, or decrypts other user data in the storage system by using the decrypted derivative key.
2. The key distribution method according to claim 1, wherein the consensus system is built using a merck tree in a preset decentralised computing system;
constructing the consensus system by utilizing a merck tree in a preset decentralised computing system, wherein the method comprises the following steps of:
selecting from a plurality of decentralised computing systems based on a preset proving mechanism, and selecting computing systems meeting preset conditions as candidate consensus nodes;
and selecting part of nodes from the candidate consensus nodes by using a random algorithm as the consensus nodes to construct the consensus system, wherein the system verifies the key distribution process according to the longest chain principle and stores the key state in the key distribution process into a merck tree.
3. The key distribution method according to claim 2, characterized in that the method further comprises:
and in the process of verifying the key distribution process by utilizing the consensus system, if any consensus node cannot work, moving the node out of the consensus node list and the candidate consensus node list.
4. The key distribution method according to claim 1, wherein the storage system is constructed using a preset decentralised computing system;
constructing the storage system using a preset de-centralized computing system, comprising:
selecting a plurality of preset decentralised computing systems as storage nodes, and constructing the storage systems, wherein the number of the selected storage nodes is larger than 1, and the selected storage nodes store data according to a storage consistency protocol.
5. The key distribution method according to claim 4, wherein the method further comprises:
and maintaining the storage nodes at regular time, and selecting other storage nodes from the preset decentralised computing system if any storage node cannot work.
6. A key distribution method according to claim 3, wherein said encrypting the derivative key based on the public key of the second user comprises:
authorizing the data processing right or the data using right to a second user, and acquiring a public key of the second user;
encrypting the derivative key based on the public key of the second user.
7. The key distribution method according to claim 5, wherein the second user is an authorized party for processing data or a party for using data; the second user obtains the data property right authorization and the encrypted derivative key based on the consensus system, decrypts the encrypted derivative key based on a private key of the second user, encrypts user data by using the decrypted derivative key and uploads the encrypted user data to a storage system, or decrypts other user data in the storage system by using the decrypted derivative key, and the method comprises the following steps:
the second user obtains the data property right authorization corresponding to the second user from the consensus system so that the consensus system verifies the signature of the second user, and if the consensus system verifies the signature of the second user, the second user obtains the encrypted derivative key;
decrypting the encrypted derivative key based on the private key of the second user to obtain a decrypted derivative key;
the data processing party encrypts the user data by using the decrypted derivative key and uploads the encrypted user data to a storage system;
and the data user decrypts other user data in the storage system by using the decrypted derivative key.
8. A key distribution apparatus, comprising:
the key generation module is used for generating a master key of the first user and generating a derivative key based on the master key;
the key distribution module is used for encrypting the derivative key based on the public key of the second user, sending the encrypted derivative key and the data property right authorization to the consensus system, so that the second user obtains the data property right authorization and the encrypted derivative key based on the consensus system, decrypting the encrypted derivative key based on the private key of the second user, encrypting the user data by using the decrypted derivative key and then uploading the encrypted user data to the storage system, or decrypting other user data in the storage system by using the decrypted derivative key.
9. An electronic device comprising a memory and a processor, wherein the memory is configured to store a program; the processor, coupled to the memory, is configured to execute the program stored in the memory to implement the steps in the key distribution method of any of the preceding claims 1 to 7.
10. A computer readable storage medium storing a computer readable program or instructions which, when executed by a processor, is capable of carrying out the steps of the key distribution method of any one of the preceding claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311400924.6A CN117375823A (en) | 2023-10-25 | 2023-10-25 | Key distribution method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311400924.6A CN117375823A (en) | 2023-10-25 | 2023-10-25 | Key distribution method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117375823A true CN117375823A (en) | 2024-01-09 |
Family
ID=89398011
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311400924.6A Pending CN117375823A (en) | 2023-10-25 | 2023-10-25 | Key distribution method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117375823A (en) |
-
2023
- 2023-10-25 CN CN202311400924.6A patent/CN117375823A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP4120114A1 (en) | Data processing method and apparatus, smart device and storage medium | |
| US11750591B2 (en) | Key attestation statement generation providing device anonymity | |
| CN110417750B (en) | Block chain technology-based file reading and storing method, terminal device and storage medium | |
| CN101802833B (en) | Local stores service is provided to the application run in application execution environment | |
| CN110061845A (en) | Block chain data ciphering method, device, computer equipment and storage medium | |
| CN112131316B (en) | Data processing method and device applied to block chain system | |
| CN110611657A (en) | File stream processing method, device and system based on block chain | |
| CN110445840B (en) | File storage and reading method based on block chain technology | |
| CN108923925B (en) | Data storage method and device applied to block chain | |
| CN113242134B (en) | Digital certificate signing method, device, system and storage medium | |
| US8260721B2 (en) | Network resource access control methods and systems using transactional artifacts | |
| AU2019204724B2 (en) | Cryptography chip with identity verification | |
| CN112422287B (en) | Multi-level role authority control method and device based on cryptography | |
| CN113609781B (en) | Method, system, equipment and medium for optimizing automobile production die based on federal learning | |
| CN113486122A (en) | Data sharing method and electronic equipment | |
| CN111460400A (en) | Data processing method and device and computer readable storage medium | |
| CN110737905B (en) | Data authorization method, data authorization device and computer storage medium | |
| CN113315745A (en) | Data processing method, device, equipment and medium | |
| CN109981551A (en) | A kind of data transmission system based on block chain, method and relevant device | |
| CN109818965B (en) | Personal identity verification device and method | |
| CN117375823A (en) | Key distribution method and device, electronic equipment and storage medium | |
| JP2019057827A (en) | Distributed authentication system and program | |
| CN110166226B (en) | Method and device for generating secret key | |
| KR101986690B1 (en) | Key chain management method and key chain management system for end-to-end encryption of message | |
| CN111786955A (en) | Method and apparatus for protecting a model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |