WO2020143318A1 - Procédé de vérification de données et dispositif terminal - Google Patents

Procédé de vérification de données et dispositif terminal Download PDF

Info

Publication number
WO2020143318A1
WO2020143318A1 PCT/CN2019/118157 CN2019118157W WO2020143318A1 WO 2020143318 A1 WO2020143318 A1 WO 2020143318A1 CN 2019118157 W CN2019118157 W CN 2019118157W WO 2020143318 A1 WO2020143318 A1 WO 2020143318A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
storage node
data
certificate
public key
Prior art date
Application number
PCT/CN2019/118157
Other languages
English (en)
Chinese (zh)
Inventor
雷琼
郑映锋
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020143318A1 publication Critical patent/WO2020143318A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present application belongs to the field of computer application technology, and particularly relates to a data verification method, terminal device, and computer non-volatile readable storage medium.
  • P2P storage is a kind of network storage based on P2P (Peer-to-Peer, Peer-to-Peer) technology. It organizes many machines in a peer-to-peer way to provide users with a large-capacity data storage service.
  • Network technology on the Internet It is the product of the combination of computer networks and distributed systems. The core idea is to remove the concept of a central server and build the Internet on the basis of peer-to-peer interconnection to achieve maximum resource sharing.
  • signatures are verified by certificates to achieve identity authentication. However, it may still happen that the certificate and the signature are forged at the same time, resulting in threats to data security.
  • embodiments of the present application provide a data verification method, terminal device, and computer non-volatile readable storage medium to solve the situation in the prior art where certificates and signatures may be forged at the same time, resulting in data security The problem is threatened.
  • the first aspect of the embodiments of the present application provides a data verification method, including:
  • the storage node is used to store the storage data sent by the data owner terminal, and the storage data includes the signature of the storage node;
  • the node certificate is issued by the trusted root certificate, obtain the public key of the storage node, and verify whether the public key of the storage node is correct according to the pre-stored node ID; the node ID is determined by the storage Digital digest generation of the node's public key;
  • the signature in the stored data stored by the storage node is verified according to the public key of the storage node, and if the signature verification is passed, the stored data is correct.
  • a second aspect of an embodiment of the present application provides a terminal device, including a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, and the processor executes the computer
  • the method of the first aspect described above can be realized when the instructions are readable.
  • a third aspect of the embodiments of the present application provides a terminal device, including various units that implement the method of the first aspect described above.
  • a fourth aspect of the embodiments of the present application provides a computer nonvolatile readable storage medium.
  • the computer storage medium stores computer readable instructions.
  • the computer readable instructions include program instructions. When the processor executes, the processor is caused to execute the method of the first aspect.
  • the embodiment of the present application verifies whether the node certificate is issued by a preset trusted root certificate by acquiring the node certificate of the storage node; the storage node is used to store the storage data sent by the data owner terminal, and the storage data includes The signature of the storage node; if the node certificate is issued by the trusted root certificate, obtain the public key of the storage node, and verify whether the public key of the storage node is correct according to the pre-stored node ID; the node The identification is generated by a digital digest of the storage node's public key; if the storage node's public key is correct, the signature in the stored data stored by the storage node is verified according to the storage node's public key, if the The signature verification indicates that the stored data is correct. By verifying both the node certificate and signature of the storage node and the correctness of the stored data in the storage node, the security of the stored data of the node in the peer-to-peer network is improved.
  • FIG. 1 is a flowchart of a data verification method provided in Embodiment 1 of the present application.
  • FIG. 2 is a flowchart of a data verification method provided in Embodiment 2 of the present application.
  • FIG. 3 is a schematic diagram of a terminal device provided in Embodiment 3 of this application.
  • FIG. 4 is a schematic diagram of a terminal device provided in Embodiment 4 of the present application.
  • FIG. 1 is a flowchart of a data verification method provided in Embodiment 1 of the present application.
  • the execution subject of the data verification method in this embodiment is a terminal.
  • Terminals include but are not limited to mobile terminals such as smart phones, tablet computers, and wearable devices, and may also be desktop computers.
  • the data verification method shown in the figure may include the following steps:
  • S101 Obtain a node certificate of a storage node, and verify whether the node certificate is issued by a preset trusted root certificate; the storage node is used to store storage data sent by a data owner terminal, and the storage data includes the storage node's signature.
  • Digital certificate is a series of numbers that mark the identity information of all parties in the communication, and provides a way to verify the identity of the communicating entity on the Internet.
  • Digital certificate is a stamp or seal stamped on the digital ID card by the identity certification agency.
  • the digital identity of the storage node is obtained to verify whether the node identity of the storage node is authentic.
  • a digital certificate is a file digitally signed by a certificate authority that contains information about the owner of the public key and the public key. The simplest certificate contains a public key, name and digital signature of the certificate authority. Another important feature of digital certificates is that they are only valid for a specific period of time.
  • the digital certificate is bound to the true identity of the public key and its holder. It is similar to the resident ID card in real life. The difference is that the digital certificate is no longer a paper certificate, but a section containing the identity of the certificate holder.
  • the information and the electronic data issued by the certification center can be used more conveniently and flexibly in the process of verifying the data accuracy of the storage node.
  • the process of issuing digital certificates for storage nodes is generally to first generate a key pair for each storage node, that is, a public key and a private key, and transmit the public key and part of the node information to the certification center. After verifying the identity, the certification center will perform some necessary steps to ensure that the request is indeed sent by the storage node. Then, the certification center will issue a digital certificate to the storage node, which contains the node information and other information of the storage node. At the same time, the public key information of the certificate is also attached.
  • the storage node can use its own digital certificate to perform various related activities. Digital certificates are issued by independent certificate issuing agencies. Digital certificates are different, and each certificate can provide different levels of credibility. You can obtain your own digital certificate from the certificate issuing agency.
  • the way to obtain the node certificate of the node may be to send a certificate request to the storage node. After receiving the certificate request, the storage node sends its own certificate to the data owner terminal. It may also be that the storage node periodically sends its own node certificate to the terminal of the data owner, and the data owner is not required to actively request to obtain the node certificate to reduce the workload of the data owner terminal.
  • the storage node in this embodiment is used to store the storage data sent by the data owner terminal.
  • the storage data may be due to the limited data storage capability or data processing capability of the data owner terminal, and the needs determined by the data owner terminal
  • the data owner terminal sends the data stored in the storage node to the storage node, and specifies that this part of the stored data can only be stored by the corresponding storage node, but the storage node cannot perform any type of storage data Only the data owner terminal or the terminal device with the processing authority can handle the processing.
  • the storage data stored by the storage node includes the signature of the storage node, and the signature of the storage node can be used to verify that the storage data is written by the storage node.
  • the signature in this embodiment is generated only by the storage node and cannot be forged by others. This digital string is also an effective proof of the correctness of the stored information.
  • the node certificate in this embodiment is through a certificate authority (Certificate Authority, CA).
  • CA Certificate Authority
  • the certificate entrusting center bears the responsibility of checking the legality of the public key in the public key system.
  • the CA center issues a digital certificate for each storage node that uses the public key.
  • the role of the digital certificate is to prove that the storage node listed in the certificate has the public key listed in the certificate.
  • the CA organization's digital signature prevents attackers from forging and tampering with certificates. It is responsible for generating, distributing and managing the digital certificates required by all individuals involved in online transactions, so it is the core link of secure electronic transactions.
  • the organization is responsible for issuing and managing e-commerce security certificates that meet the national and international standards for secure electronic transactions to all subjects of e-commerce.
  • the issuer ID When verifying the node certificate, first obtain the node certificate of the storage node, and determine the issuer ID that issued the node certificate. According to the issuer ID, check whether the issuer ID exists in the preset trusted e-commerce certification authority table ; If the issuer ID exists in the trusted e-commerce certification authority table, it is determined that the node certificate is issued by the trusted root certificate.
  • S102 If the node certificate is issued by the trusted root certificate, obtain the public key of the storage node, and verify whether the public key of the storage node is correct according to the pre-stored node ID; the node ID is determined by all Generate a digital digest of the storage node's public key.
  • the public key of the storage node is obtained from the storage node.
  • the method of obtaining the public key may be a method of sending a public key acquisition request to the storage node. Since the public key of each storage node can be public, the public key of the storage node can also be pre-stored in the data owner terminal.
  • the data owner terminal needs to verify the storage node's public key, it can access its own database Directly obtain the public key of the storage node.
  • the data owner terminal can obtain the public key of the storage node in real time, and store the situation where the node modifies its own public key in a manner.
  • the verification determines that the node certificate is not issued by the preset trusted root certificate
  • the data owner terminal stores the node ID of each storage node.
  • the node ID is obtained by performing a summary calculation on the storage node's public key, and is used to verify whether the storage node's public key is correct through the node ID.
  • the specific verification method is to first calculate the data summary of the storage node's public key to obtain the public key summary, and then compare the public key summary with the data identification. If the public key summary and the data identification are consistent, the storage node's public key is determined to be correct.
  • the digital signature is some data attached to the stored data, and it can also be a cryptographic transformation made to the stored data. This data or transformation allows the data owner of the stored data to verify the integrity of the stored data to protect the data and prevent the risk of storage node falsification.
  • It is a method for signing messages in electronic form. A signed message can be transmitted in a communication network. Both digital signatures based on public key cryptosystems and private key cryptosystems can be obtained, mainly digital signatures based on public key cryptosystems. Including ordinary digital signatures and special digital signatures.
  • the common digital signature algorithm has a data encryption standard algorithm (Data Encryption Standard (DES), elliptic curve digital signature algorithm and limited automaton digital signature algorithm, etc.
  • DES Data Encryption Standard
  • elliptic curve digital signature algorithm and limited automaton digital signature algorithm
  • it can also include blind signature, proxy signature, group signature, non-repudiation signature, fair blind signature, threshold signature, with message
  • the signature of the recovery function is closely related to the specific application
  • the storage node When verifying the stored data according to the storage node's public key, how to verify the correctness of the data to ensure that the data is the original data of the data owner, and has not been tampered with or deleted by the storage node. At this time, the signature will be used. If the public key of the storage node is correct, the signature in the storage data stored by the storage node is verified according to the public key of the storage node, and the correctness of the data is also determined. Before the data owner sends the stored data to the storage node, perform a data summary process on the stored data to obtain a data summary of the stored data. At this time, the original data cannot be obtained by inverting the data summary.
  • the data owner terminal sends a public key request to the storage node again. After obtaining the storage node's public key again, the public key verification and data verification.
  • the storage node is used to store the storage data sent by the data owner terminal, and the storage data includes storage The signature of the node; if the node certificate is issued by the trusted root certificate, obtain the public key of the storage node, and verify whether the public key of the storage node is correct according to the pre-stored node ID; the node ID Generated from the digital summary of the storage node's public key; if the storage node's public key is correct, verify the signature in the stored data stored by the storage node according to the storage node's public key, if the signature If the verification is passed, the stored data is correct.
  • the security of the stored data of the node in the peer-to-peer network is improved.
  • FIG. 2 is a flowchart of a data verification method provided in Embodiment 2 of the present application.
  • the execution subject of the data verification method in this embodiment is a terminal.
  • Terminals include but are not limited to mobile terminals such as smart phones, tablet computers, and wearable devices, and may also be desktop computers.
  • the data verification method as shown in the figure may include the following steps:
  • S201 Obtain the node certificate of the storage node, and verify whether the node certificate is issued by a preset trusted root certificate; the storage node is used to store the storage data sent by the data owner terminal, and the storage data includes the storage node’s signature.
  • the data owner terminal sends a certificate request to the storage node. After obtaining the node certificate of the storage node, it is verified whether the node certificate is issued by a preset trusted root certificate.
  • the specific way to verify whether the node certificate is issued by the preset trusted root certificate is to first determine the issuer ID that issued the node certificate, and according to the issuer ID, look for the existence in the preset trusted e-commerce certification authority table Issuer ID.
  • the node certificate is determined to be issued by the trusted root certificate; if the issuer ID does not exist in the trusted e-commerce certification authority table, the node certificate is determined not to be valid A letter-root certificate is issued, and the identity of the storage node is stored in a problem, which requires stricter identity authentication, such as obtaining the processing authority of the storage node, and viewing the historical data processing status of the storage node, according to the historical data processing status and processing authority , Perform corresponding processing on the storage node, for example, restrict its data authority or format.
  • step S201 may specifically include steps S2011 ⁇ S2012:
  • S2011 If the node certificate is issued by the trusted root certificate, send an authorization instruction to store the stored data to the storage node.
  • the specific authorization method is to send an authorization instruction for storing data to the storage node.
  • the authorization instruction may include data information to be stored, data storage requirements, etc., and may also include terminal authentication information of the data owner, which is not limited herein.
  • S2012 Receive a write completion notification sent by the storage node; the write completion notification is used to indicate that the storage node has completed the data writing process; the data writing process includes the storage node according to the node After the certificate verifies the authorized content in the authorization instruction, the stored data is written, and the signature of the storage node is attached after the writing is completed; the signature is used to verify whether the stored data is correct.
  • the storage node may start to store the stored data according to the data information and data storage requirements in the authorization instruction. Further, in order to ensure the security of the data and the orderliness of the storage process, the storage node can verify whether the authorization content in the authorization instruction is correct through its own node certificate after receiving the authorization instruction. After the verification is passed, write the storage data in its own storage space, and attach the signature of the storage node after the writing is completed, to verify whether the stored data is correct by the signature, after the writing is completed, the write completion notification Send to the data owner terminal.
  • the terminal authentication information stored in the local data owner can be compared with the terminal authentication information of the data owner in the authorized content. If the two are consistent, Then the authorized content in the authorization instruction is verified.
  • the node certificate After verifying that the node certificate is issued by the trusted root certificate, obtain the public key of the storage node. Since there may be cases where the public key may be tampered when both parties pass the public key in the network, in this embodiment, according to the pre-stored node The ID verifies that the storage node's public key is correct.
  • step S202 may specifically include steps S2021 to S2023:
  • both parties may be tampered with when passing the public key on the network.
  • the public key of the storage node Since the public key of each storage node can be public, the public key of the storage node can also be stored in advance in the data owner terminal. When the data owner terminal needs the public key of the storage node When verifying, you can obtain the public key of the storage node directly from your own database.
  • S2022 Calculate the data digest of the public key of the storage node to obtain a public key digest.
  • a public key cryptosystem is used, and two secret keys are used, one for encrypting information and the other for decrypting information. There is a certain mathematical relationship between these two keys, so that data encrypted with any one of the two keys can only be decrypted with the other one.
  • Each storage node has two secret keys, which are a public key and a private key. The public key is used to send to the data owner terminal for verification, and the private key is used to encrypt and store data. Due to the mathematical relationship between the two secret keys, any other terminal device that receives the public key can guarantee that the data encrypted with the public key can only be decrypted by the storage node using its own private key. Of course, this guarantee is It is based on the privacy of users' private keys.
  • the data owner terminal stores the node ID of each storage node.
  • the node ID is obtained by performing a summary calculation on the storage node's public key, and is used to verify whether the storage node's public key is correct through the node ID.
  • the digest algorithm calculates the message digest of the public key to obtain the public key digest. By comparing the two message digests, you can clearly determine whether the storage node's public key has been tampered with during transmission. The same result indicates that the data has not been modified, and the different results indicate that the data has been modified or the data has been lost, thereby ensuring the accuracy of the storage node in the transmission process.
  • commonly used digest algorithms are Message Digest Algorithm (Message Digest Algorithm, MD5), not limited here.
  • S2023 Compare the public key digest with the data identifier, and if the public key digest is consistent with the data identifier, determine that the public key of the storage node is correct.
  • a fair third party can be introduced.
  • a party wants to publish the public key it submits its own identity information and public key to this third party. The identity is verified, and if there is no problem, the information and public key are packaged into a certificate.
  • this fair third party is often referred to as a certificate authority.
  • S203 If the public key of the storage node is correct, verify the signature in the stored data stored by the storage node according to the public key of the storage node, and if the signature verification is passed, the stored data is correct.
  • S203 is implemented in the same way as S103 in the embodiment corresponding to FIG. 1.
  • S101 in the embodiment corresponding to FIG. 1, and details are not described herein again.
  • the storage node may fail, its storage hard disk may be damaged, or the storage node suddenly goes down, etc.; it may also be intercepted or tampered by a malicious terminal during data transmission, so we have no way to guarantee that the stored data is not The correctness is caused by malicious processing by the storage node. So we determine the situation of the storage node and deal with it by situation.
  • the historical processing records of the stored data that occurred incorrectly can include historical processing time, processing methods, etc.
  • the user information can be the user
  • the user account and other information used when logging in to the storage node are not limited here.
  • it is also necessary to determine the processing terminal corresponding to each historical processing record which can be determined by acquiring the terminal identification of the data processing execution terminal, such as hardware encoding Wait, not limited here.
  • S205 Acquire the data processing authority of each processing terminal.
  • the data processing authority After determining the historical processing records of stored data and the processing terminal corresponding to each historical processing record, we obtain the data processing authority of each processing terminal.
  • the data processing authority may be determined according to the level of data processing, such as primary data processing authority, secondary data processing authority, etc., or it may be a specific method of determining the data processing, for example, only read stored data, or may Modify and delete stored data.
  • the data processing authority By acquiring the data processing authority of each processing terminal, we can use the data processing authority to measure whether the data processing terminal's processing behavior of the stored data is correct.
  • the processing terminal is determined Compliance with the modification records in the historical processing records of stored data.
  • the historical processing record of the processing terminal does not correspond to the data processing authority, for example, the processing authority of a processing terminal is only to read the stored data, and the processing terminal in the historical processing record modifies the stored data, it is determined that the Handle the violation of data by the terminal to the storage node.
  • the corresponding processing method of the violating terminal may be adopted, for example, to delete all processing rights of the processing terminal on the stored data and to pull the processing terminal into the blacklist of stored data processing in.
  • the storage node is used to store the storage data sent by the data owner terminal, and the storage data includes storage The signature of the node; if the node certificate is issued by the trusted root certificate, obtain the public key of the storage node, and verify whether the public key of the storage node is correct according to the pre-stored node ID; the node ID Generated from the digital summary of the storage node's public key; if the storage node's public key is correct, verify the signature in the stored data stored by the storage node according to the storage node's public key, if the storage If the data is incorrect, determine the historical processing records of the stored data and the processing terminal corresponding to each historical processing record; obtain the data processing authority of each processing terminal; according to the historical processing records of each processing terminal and The data processing authority determines whether the historical processing records of the processing terminal are in compliance.
  • the storage node By verifying the node certificate and signature of the storage node, and verifying the correctness of the storage data in the storage node, and after determining that the storage data is incorrect, the storage node is processed according to the historical processing record and data processing authority of the storage node, It improves the authority of the data owner in data processing and the security of the data stored by the nodes in the distributed network.
  • FIG. 3 is a schematic diagram of a terminal device provided in Embodiment 3 of the present application.
  • Each unit included in the terminal device is used to execute each step in the embodiments corresponding to FIG. 1 to FIG. 2.
  • the terminal device 300 of this embodiment includes:
  • the obtaining unit 301 is used to obtain a node certificate of a storage node and verify whether the node certificate is issued by a preset trusted root certificate; the storage node is used to store stored data sent by a data owner terminal, and the stored data Including the signature of the storage node;
  • the first verification unit 302 is configured to obtain the public key of the storage node and verify whether the public key of the storage node is correct according to the pre-stored node identifier if the node certificate is issued by the trusted root certificate;
  • the node identification is generated from a digital summary of the storage node's public key;
  • the second verification unit 303 is used to verify the signature in the storage data stored by the storage node according to the public key of the storage node if the public key of the storage node is correct. The stored data is correct.
  • the terminal device may further include:
  • An authorization unit configured to send an authorization instruction to store the stored data to the storage node if the node certificate is issued by the trusted root certificate;
  • the receiving unit is configured to receive a write completion notification sent by the storage node; the write completion notification is used to indicate that the storage node has completed the data writing process; the data writing process includes the storage node according to After the node certificate verifies the authorization content in the authorization instruction, write the stored data, and attach the signature of the storage node after the writing is completed; the signature is used to verify whether the stored data is correct .
  • the node identifier is obtained by performing digest processing according to the node public key of the storage node in advance, and stored in the data owner terminal;
  • the first verification unit 302 may include:
  • a public key obtaining unit configured to obtain the public key of the storage node if the node certificate is issued by the trusted root certificate
  • a public key digest unit used to calculate a data digest of the public key of the storage node to obtain a public key digest
  • the public key comparison unit is used to compare the public key summary with the data identification, and if the public key summary is consistent with the data identification, it is determined that the public key of the storage node is correct.
  • the acquiring unit 301 may include:
  • An identification determining unit used to obtain a node certificate of a storage node, and determine an identification of an issuing authority that issued the node certificate
  • An identification search unit configured to search for the existence of the issuer ID in a preset trusted e-commerce certification authority table based on the issuer ID;
  • the certificate determination unit is used to determine that the node certificate is issued by a trusted root certificate if the issuer ID exists in the trusted e-commerce certification authority table.
  • the terminal device may further include:
  • a terminal determining unit configured to determine the historical processing record of the stored data and the processing terminal corresponding to each historical processing record if the stored data is incorrect;
  • the authority determination unit is used to acquire the data processing authority of each processing terminal
  • the record determining unit is configured to determine that the history processing record of the processing terminal is in compliance with the history processing record of the processing terminal corresponding to the data processing authority.
  • the above solution improves the security of data stored by nodes in a peer-to-peer network by verifying both the node certificate and signature of the storage node and the accuracy of the stored data in the storage node.
  • the terminal device 4 of this embodiment includes: a processor 40, a memory 41, and computer-readable instructions 42 stored in the memory 41 and executable on the processor 40.
  • the processor 40 executes the computer-readable instructions 42
  • the steps in the above embodiments of each data verification method are implemented, for example, steps 101 to 103 shown in FIG. 1.
  • the processor 40 executes the computer-readable instructions 42
  • the functions of each module/unit in the foregoing device embodiments are realized, for example, the functions of the units 301 to 303 shown in FIG. 3.
  • the terminal device 4 may be a computing device such as a desktop computer, a notebook, a palmtop computer and a cloud server.
  • the terminal device may include, but is not limited to, the processor 40 and the memory 41.
  • FIG. 4 is only an example of the terminal device 4 and does not constitute a limitation on the terminal device 4, and may include more or less components than the illustration, or a combination of certain components or different components.
  • the terminal device may further include an input and output device, a network access device, a bus, and the like.
  • the processor 40 may be a central processing unit (Central Processing Unit (CPU), can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application-specific integrated circuits (Application Specific Integrated Circuit (ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory 41 may be an internal storage unit of the terminal device 4, such as a hard disk or a memory of the terminal device 4.
  • the memory 41 may also be an external storage device of the terminal device 4, such as a plug-in hard disk equipped on the terminal device 4, a smart memory card (Smart Media Card, SMC), and a secure digital (SD) Cards, flash cards (Flash Card, FC), etc.
  • the memory 41 may also include both an internal storage unit of the terminal device 4 and an external storage device.
  • the memory 41 is used to store the computer-readable instructions and other programs and data required by the terminal device.
  • the memory 41 can also be used to temporarily store data that has been or will be output.
  • the integrated module/unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium.
  • this application implements all or part of the processes in the methods of the above embodiments, and can also be completed by instructing relevant hardware through computer-readable instructions, which can be stored in a computer non-volatile Readable storage medium.
  • Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory can include random access memory (RAM) or external cache memory.
  • RAM random access memory
  • DRAM dynamic RAM
  • SDRAM synchronous DRAM
  • DDRSDRAM double data rate SDRAM
  • ESDRAM enhanced SDRAM
  • SLDRAM synchronous chain (Synchlink) DRAM
  • RDRAM direct RAM
  • DRAM direct memory bus dynamic RAM
  • RDRAM memory bus dynamic RAM

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention relève du domaine technique des applications informatiques. La présente invention concerne un procédé de vérification de données, un dispositif terminal et un support de stockage non volatil lisible par ordinateur. Le procédé consiste à : acquérir un certificat de nœud d'un nœud de stockage et vérifier si le certificat de nœud est émis par un certificat racine de confiance prédéfini ; le cas échéant, acquérir une clé publique du nœud de stockage et, en fonction d'un identifiant de nœud préstocké, vérifier si la clé publique du nœud de stockage est correcte ; puis, si tel est le cas, en fonction de la clé publique du nœud de stockage, vérifier une signature dans des données de stockage stockées dans le nœud de stockage et, si la vérification de la signature est favorable, indiquer que les données de stockage sont correctes. La vérification d'un certificat de nœud et d'une signature d'un nœud de stockage et la vérification de l'exactitude des données de stockage dans le nœud de stockage permettent d'améliorer la sécurité des données de stockage d'un nœud dans un réseau d'homologue à homologue.
PCT/CN2019/118157 2019-01-07 2019-11-13 Procédé de vérification de données et dispositif terminal WO2020143318A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910012597.4 2019-01-07
CN201910012597.4A CN109905360B (zh) 2019-01-07 2019-01-07 数据验证方法及终端设备

Publications (1)

Publication Number Publication Date
WO2020143318A1 true WO2020143318A1 (fr) 2020-07-16

Family

ID=66943715

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/118157 WO2020143318A1 (fr) 2019-01-07 2019-11-13 Procédé de vérification de données et dispositif terminal

Country Status (2)

Country Link
CN (1) CN109905360B (fr)
WO (1) WO2020143318A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112491893A (zh) * 2020-11-26 2021-03-12 秦丽霞 区块链的终端设备入网方法、装置、服务器及存储介质
CN114095180A (zh) * 2021-11-29 2022-02-25 深圳市电子商务安全证书管理有限公司 数字证书管理方法、装置及介质
CN116361860A (zh) * 2022-12-27 2023-06-30 深圳市网新新思软件有限公司 一种信息存储和验证的方法、装置、设备及存储介质

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109905360B (zh) * 2019-01-07 2021-12-03 平安科技(深圳)有限公司 数据验证方法及终端设备
CN111541733B (zh) * 2020-03-06 2022-09-20 杜晓楠 在p2p网络中测试消息存储的方法、计算机可读存储介质和p2p网络
CN111902815B (zh) * 2020-03-11 2023-06-27 合肥达朴汇联科技有限公司 数据传送方法、系统、设备、电子设备及可读存储介质
CN111612456A (zh) * 2020-04-27 2020-09-01 深圳壹账通智能科技有限公司 过期数字证书管控方法、系统、装置及存储介质
CN113051630A (zh) * 2021-03-31 2021-06-29 联想(北京)有限公司 一种控制方法及电子设备
CN114092092B (zh) * 2022-01-19 2022-04-29 安徽中科晶格技术有限公司 基于门限签名的去中心化的数字证书管理系统及使用方法

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664739A (zh) * 2012-04-26 2012-09-12 杜丽萍 一种基于安全证书的pki实现方法
CN103326856A (zh) * 2013-05-20 2013-09-25 西北工业大学 基于双向数字签名的云存储数据责任认定结构及方法
CN105024824A (zh) * 2014-11-05 2015-11-04 祝国龙 基于非对称加密算法的可信标签的生成与验证方法及系统
US20160344725A1 (en) * 2014-04-02 2016-11-24 William B. SEVERIN Signal haystacks
CN108092982A (zh) * 2017-12-22 2018-05-29 广东工业大学 一种基于联盟链的数据存储方法及系统
CN109905360A (zh) * 2019-01-07 2019-06-18 平安科技(深圳)有限公司 数据验证方法及终端设备

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9270467B1 (en) * 2013-05-16 2016-02-23 Symantec Corporation Systems and methods for trust propagation of signed files across devices
CN104202168A (zh) * 2014-09-19 2014-12-10 浪潮电子信息产业股份有限公司 一种基于可信第三方的云数据完整性验证方法
CN104378386A (zh) * 2014-12-09 2015-02-25 浪潮电子信息产业股份有限公司 一种云数据机密性保护和访问控制的方法
CN104811450B (zh) * 2015-04-22 2017-10-17 电子科技大学 云计算中一种基于身份的数据存储方法及完整性验证方法
CN105227317B (zh) * 2015-09-02 2019-04-05 青岛大学 一种支持认证器隐私的云数据完整性检测方法和系统
CN107959656B (zh) * 2016-10-14 2021-08-31 阿里巴巴集团控股有限公司 数据安全保障系统及方法、装置

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664739A (zh) * 2012-04-26 2012-09-12 杜丽萍 一种基于安全证书的pki实现方法
CN103326856A (zh) * 2013-05-20 2013-09-25 西北工业大学 基于双向数字签名的云存储数据责任认定结构及方法
US20160344725A1 (en) * 2014-04-02 2016-11-24 William B. SEVERIN Signal haystacks
CN105024824A (zh) * 2014-11-05 2015-11-04 祝国龙 基于非对称加密算法的可信标签的生成与验证方法及系统
CN108092982A (zh) * 2017-12-22 2018-05-29 广东工业大学 一种基于联盟链的数据存储方法及系统
CN109905360A (zh) * 2019-01-07 2019-06-18 平安科技(深圳)有限公司 数据验证方法及终端设备

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112491893A (zh) * 2020-11-26 2021-03-12 秦丽霞 区块链的终端设备入网方法、装置、服务器及存储介质
CN114095180A (zh) * 2021-11-29 2022-02-25 深圳市电子商务安全证书管理有限公司 数字证书管理方法、装置及介质
CN116361860A (zh) * 2022-12-27 2023-06-30 深圳市网新新思软件有限公司 一种信息存储和验证的方法、装置、设备及存储介质
CN116361860B (zh) * 2022-12-27 2024-02-09 深圳市网新新思软件有限公司 一种信息存储和验证的方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN109905360A (zh) 2019-06-18
CN109905360B (zh) 2021-12-03

Similar Documents

Publication Publication Date Title
US10673632B2 (en) Method for managing a trusted identity
WO2020143318A1 (fr) Procédé de vérification de données et dispositif terminal
EP3701668B1 (fr) Procédés permettant d'enregistrer et de partager une identité numérique d'un utilisateur au moyen de registres répartis
WO2020062668A1 (fr) Procédé d'authentification d'identité, dispositif d'authentification d'identité et support lisible par ordinateur
US6381696B1 (en) Method and system for transient key digital time stamps
CN102577229B (zh) 在一个往返行程中的密钥认证
JP2022545627A (ja) 分散化されたデータ認証
KR20010043332A (ko) 인증된 문서의 전자 전송, 저장 및 검색을 위한 시스템 및방법
JPH11512841A (ja) 文書認証システムおよび方法
KR100563515B1 (ko) 과도 키 디지탈 시간 스탬프 방법 및 시스템
CN111460457A (zh) 不动产权登记监管方法、装置、电子设备及存储介质
CN112699353B (zh) 一种金融信息传输方法以及金融信息传输系统
EP4092984A1 (fr) Procédé et appareil de traitement de données, dispositif et support
CN112074861A (zh) 针对时间敏感事件的基于区块链的消息服务
CN114969786A (zh) 基于区块链的保函数据处理方法、节点及系统
CN113302612A (zh) 基于区块链的可信平台
CN113597608A (zh) 基于区块链的可信平台
CN112074862A (zh) 基于消息反馈的存储管理
US11729159B2 (en) System security infrastructure facilitating protecting against fraudulent use of individual identity credentials
Zhu et al. Research on Modify Protection of Metrology Electronic Certificate Based on Blockchain Technology
Verma et al. Applications of Data Security and Blockchain in Smart City Identity Management
Chen et al. A traceable online insurance claims system based on blockchain and smart contract technology. Sustainability 2021, 13, 9386
TWM579789U (zh) Electronic contract signing device
Ren et al. BIA: A blockchain-based identity authorization mechanism
CN114567444B (zh) 数字签名验证方法、装置、计算机设备和存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19909419

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19909419

Country of ref document: EP

Kind code of ref document: A1