WO2021120579A1 - Procédé de rapport de données sécurisé, appareil et support d'enregistrement lisible par ordinateur - Google Patents

Procédé de rapport de données sécurisé, appareil et support d'enregistrement lisible par ordinateur Download PDF

Info

Publication number
WO2021120579A1
WO2021120579A1 PCT/CN2020/099067 CN2020099067W WO2021120579A1 WO 2021120579 A1 WO2021120579 A1 WO 2021120579A1 CN 2020099067 W CN2020099067 W CN 2020099067W WO 2021120579 A1 WO2021120579 A1 WO 2021120579A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
data security
security reporting
user
reporting system
Prior art date
Application number
PCT/CN2020/099067
Other languages
English (en)
Chinese (zh)
Inventor
张文伟
Original Assignee
平安国际智慧城市科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安国际智慧城市科技股份有限公司 filed Critical 平安国际智慧城市科技股份有限公司
Publication of WO2021120579A1 publication Critical patent/WO2021120579A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Definitions

  • This application relates to the field of data processing, and in particular to a method, device and computer-readable storage medium for data security reporting.
  • the inventor realizes that the data security reporting system (such as the reporting system) has the problem of information leakage of the reporter (or called the reporter).
  • the general system can directly see the basic information of the reporter. Reporters who do not know the information easily will have some scruples.
  • this application provides a data security reporting method, device, and computer-readable storage medium, the main purpose of which is to effectively ensure the security of the whistleblower, and to ensure the real name and authenticity of the whistleblower.
  • the present application provides a data security reporting method, and the data security reporting method includes:
  • This application provides a data security reporting method, which is applied to an electronic device, and the data security reporting method includes:
  • the present application also provides an electronic device, the electronic device includes a memory and a processor, the memory stores a data security reporting program that can run on the processor, and the data security reporting program is used by the processor. The following steps are implemented during execution:
  • the present application also provides a computer-readable storage medium having a data security reporting program stored on the computer-readable storage medium, and the data security reporting program can be executed by one or more processors to implement the following steps:
  • This application also provides a data security reporting device, the data security reporting device includes:
  • the sending module is used to send the user's registration information to the data security reporting system, and send the report information of the group signature operation to the data security reporting system, so that the data security reporting system can pass the group signature verification operation to the data security reporting system. Verifying the validity of the signature of the reported information;
  • An obtaining module configured to obtain a certificate issued by the data security reporting system based on the registration information
  • the registration module is used to obtain the current image information of the user, perform real-name registration based on the current image information and the registration information, and treat the user who has completed the real-name registration as a member of the group signature of the data security reporting system ;
  • the receiving module is configured to: receive the report information input by the user, and receive the verification result fed back by the data security reporting system;
  • the signature module is used to perform a group signature operation on the reported information based on the group signature technology.
  • the data security reporting method, device, and computer-readable storage medium provided in this application use group signature technology to sign and verify reported information. Since group signature members require real names when registering, and group signature operations on reported information are anonymous operations. This can effectively ensure the real name of the report and at the same time ensure the concealment of the reporter.
  • FIG. 1 is a schematic flowchart of a data security reporting method provided by an embodiment of this application
  • FIG. 2 is a schematic diagram of the internal structure of an electronic device provided by an embodiment of the application.
  • FIG. 3 is a schematic diagram of modules based on a data security reporting program in an electronic device provided by an embodiment of the application.
  • This application provides a data security reporting method.
  • FIG. 1 it is a schematic flowchart of a data security reporting method provided by an embodiment of this application.
  • the method may be executed by a device, and the device may be implemented by software and/or hardware.
  • the device is an intelligent terminal.
  • the data security reporting method includes:
  • S102 Obtain a certificate issued by the data security reporting system based on the registration information
  • S103 Acquire current image information of the user, perform real-name registration based on the current image information and the registration information, and use the real-name registered user as a member of the group signature of the data security reporting system;
  • S104 Receive report information input by the user
  • S105 Perform a group signature operation on the reported information based on the group signature technology
  • S106 Send the report information of the group signature operation to the data security reporting system, so that the data security reporting system verifies the validity of the signature of the report information through the group signature verification operation;
  • the main purpose of the data security reporting method provided in this embodiment is to be able to effectively ensure the safety of the reporter, and to ensure the real name and authenticity of the reporter.
  • the data security reporting system is an anonymous reporting system.
  • the method further includes:
  • the step of performing a group signature operation on the report information based on the group signature technology includes:
  • a group signature is a digital signature scheme that includes the following processes:
  • Signature A probabilistic algorithm, when a message and the private key of a group member are input, the signature of the message is output.
  • Verification A probabilistic algorithm, when a bad message and a private key of a group member are input, the signature of the message is output.
  • Open An algorithm that confirms the legal identity of the signer under the condition of a given signature and group private key.
  • group signature The basic meaning of group signature is to sign digitally in the name of the group.
  • Group members include an administrator and several group members. Any group member has its own private key and group public key, and can sign on behalf of the group. When there is a dispute over the signature result, the administrator can track the identity of the group membership of the signature, thereby realizing effective accountability.
  • Group signature has the following characteristics:
  • the recipient can verify the validity of the signature and can determine whether the signature is from a specific group, but does not know which member of the group signed it;
  • the signature can be made public, and the identity of the signing member can be confirmed by the administrator.
  • Group signature can be regarded as a general "group member anonymous identity authentication", that is, a member can prove which group he belongs to, but does not reveal his identity. Its security requirements include:
  • Unforgeability the group signature cannot be forged by anyone other than the group members
  • Anonymity Signed group members cannot be identified by anyone other than the administrator
  • Anti-collusion attack Group members cannot forge the signatures of other group members in total.
  • the registration information includes the ID information of the user, and the step of obtaining the current image information of the user and performing real-name registration based on the current image information and the registration information includes:
  • real-name registration is performed based on the current image information and the registration information.
  • the step of receiving the verification result fed back by the data security reporting system includes:
  • the data security reporting system When the data security reporting system successfully verifies the validity of the signature of the report information, it receives a verification result that the signature verification of the report information passes.
  • the data security reporting method further includes opening an interface of the data security reporting system on the electronic device to receive the registration information.
  • the report information includes information of the reported person, and the information of the reported person includes the name of the reported person, the name of the unit, the address of the unit, and the current position.
  • the data security reporting method proposed in this embodiment uses group signature technology to sign and verify reported information. Since group signature members need real names when registering, and group signature operations on reported information are anonymous operations, this can effectively ensure the real name of the report. At the same time, it can ensure the concealment of the whistleblower; and when a malicious report occurs, the system can locate the identity of the malicious whistleblower through the group of signature operations of "open", and assist in judicial investigations.
  • the application also provides an electronic device 1.
  • FIG. 2 it is a schematic diagram of the internal structure of an electronic device provided by an embodiment of this application.
  • the electronic device 1 may be a computer, a smart terminal or a server.
  • the electronic device 1 at least includes a memory 11, a processor 13, a communication bus 15, and a network interface 17.
  • the electronic device 1 is an intelligent terminal.
  • the memory 11 includes at least one type of readable storage medium, and the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, and the like.
  • the memory 11 may be an internal storage unit of the electronic device, such as a hard disk of the electronic device.
  • the memory 11 may also be an external storage device of the electronic device, for example, a plug-in hard disk equipped on the electronic device, a smart memory card (Smart Media Card, SMC), Secure Digital (SD) card, Flash Card, etc.
  • the memory 11 may also include both an internal storage unit of an electronic device and an external storage device.
  • the memory 11 can be used not only to store application software and various data installed in the electronic device 1, such as the code of the data security reporting program 111, etc., but also to temporarily store data that has been output or will be output.
  • the processor 13 may be a central processing unit (Central Processing Unit) in some embodiments.
  • Central Processing Unit CPU
  • controller a controller
  • microcontroller a microprocessor or other data processing chips are used to run program codes or process data stored in the memory 11.
  • the communication bus 15 is used to realize the connection and communication between these components.
  • the network interface 17 may optionally include a standard wired interface and a wireless interface (such as a WI-FI interface), and is generally used to establish a communication connection between the electronic device 1 and other electronic devices.
  • a standard wired interface and a wireless interface such as a WI-FI interface
  • the electronic device 1 may further include a user interface.
  • the user interface may include a display (Display) and an input unit such as a keyboard (Keyboard).
  • the optional user interface may also include a standard wired interface and a wireless interface.
  • the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, and an OLED (Organic Light-Emitting Diode, organic light-emitting diode) touch device, etc.
  • the display can also be appropriately called a display screen or a display unit, which is used to display information processed in the electronic device and to display a visualized user interface.
  • FIG. 2 only shows the electronic device 1 with components 11-17. Those skilled in the art can understand that the structure shown in FIG. 2 does not constitute a limitation on the electronic device, and may include fewer or more components than shown in the figure. Component, or combination of some components, or different component arrangements.
  • a data security reporting program 111 is stored in the memory 11; when the processor 13 executes the data security reporting program 111 stored in the memory 11, the following steps are implemented:
  • the main purpose of the electronic device 1 provided in this embodiment is to effectively ensure the safety of the reporter, and to ensure the authenticity and authenticity of the reporter.
  • the step of performing a group signature operation on the report information based on the group signature technology includes:
  • a group signature is a digital signature scheme that includes the following processes:
  • Signature A probabilistic algorithm, when a message and the private key of a group member are input, the signature of the message is output.
  • Verification A probabilistic algorithm, when a bad message and a private key of a group member are input, the signature of the message is output.
  • Open An algorithm that confirms the legal identity of the signer under the condition of a given signature and group private key.
  • group signature The basic meaning of group signature is to sign digitally in the name of the group.
  • Group members include an administrator and several group members. Any group member has its own private key and group public key, and can sign on behalf of the group. When there is a dispute over the result of the signature, the administrator can track the identity of the group membership of the signature, thereby realizing effective accountability.
  • Group signature has the following characteristics:
  • the recipient can verify the validity of the signature and can determine whether the signature is from a specific group, but does not know which member of the group signed it;
  • the signature can be made public, and the identity of the signing member can be confirmed by the administrator.
  • Group signature can be regarded as a general "group member anonymous identity authentication", that is, a member can prove which group he belongs to, but does not reveal his identity. Its security requirements include:
  • Unforgeability the group signature cannot be forged by anyone other than the group members
  • Anonymity Signed group members cannot be identified by anyone other than the administrator
  • Anti-collusion attack Group members cannot forge the signatures of other group members in total.
  • the registration information includes the identity document information of the user, and the step of acquiring the current image information of the user and performing real-name registration based on the current image information and the registration information includes:
  • real-name registration is performed based on the current image information and the registration information.
  • the step of receiving the verification result fed back by the data security reporting system includes:
  • the data security reporting system When the data security reporting system successfully verifies the validity of the signature of the reported information, it receives verification feedback information that the signature of the reported information is verified.
  • the processor 13 executes the data security reporting program 111 stored in the memory 11, the following steps are implemented: opening the interface interface of the data security reporting system on the electronic device In order to receive the registration information.
  • the report information includes information of the reported person, and the information of the reported person includes the name of the reported person, the name of the unit, the address of the unit, and the current position.
  • an embodiment of the present application also proposes a computer-readable storage medium that stores a data security reporting program 111 on the computer-readable storage medium, and the data security reporting program 111 can be executed by one or more processors to To achieve the following operations:
  • the data security reporting program 111 may also be divided into one or more modules, and the one or more modules are stored in the memory 11 and run by one or more processors (this The embodiment is executed by the processor 13) to complete the application.
  • the module referred to in the application refers to a series of computer program instruction segments capable of completing specific functions, and is used to describe the execution process of the data security reporting program in the electronic device.
  • FIG. 3 a schematic diagram of the program modules of the data security reporting program 111 in an embodiment of the electronic device of this application.
  • the data security reporting program 111 can be divided into a sending module 10, an acquiring module 20, The registration module 30, the receiving module 40, and the signature module 50, exemplarily:
  • the sending module 10 is used to send the user's registration information to the data security reporting system
  • the obtaining module 20 is configured to obtain a certificate issued by the data security reporting system based on the registration information;
  • the registration module 30 is configured to obtain the current image information of the user and complete the real-name registration in combination with the registration information, so that the user becomes a member of the group signature of the data security reporting system;
  • the receiving module 40 is configured to receive report information input by the user
  • the signature module 50 is configured to perform a group signature operation on the reported information based on group signature technology
  • the sending module 10 is also used to send the report information of the group signature operation to the data security reporting system, so that the data security reporting system verifies the signature validity of the report information through the group signature verification operation;
  • the receiving module 40 is also used to receive the verification feedback information returned by the data security reporting system.
  • the functions or operation steps implemented by the program modules such as the sending module 10, the acquiring module 20, the registering module 30, the receiving module 40, and the signature module 50 are substantially the same as those in the above-mentioned embodiment, and will not be repeated here.
  • the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM) as described above. , Magnetic disk, optical disk), including several instructions to make a terminal device (can be a mobile phone, a computer, a server, or a network device, etc.) execute the method described in each embodiment of the present application.
  • the computer-readable storage medium may be non-volatile or volatile.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention se rapporte aux mégadonnées. L'invention concerne un procédé de rapport de données sécurisé, un appareil et un support d'enregistrement lisible par ordinateur. Le procédé de rapport de données sécurisé comprend : l'envoi d'informations d'enregistrement d'un utilisateur à un système de rapport de données sécurisé ; l'acquisition d'un certificat signé et émis par le système de rapport de données sécurisé sur la base des informations d'enregistrement ; l'acquisition des informations d'image actuelles de l'utilisateur, la réalisation d'un enregistrement de nom réel sur la base des informations d'image actuelles et des informations d'enregistrement, et la prise de l'utilisateur qui complète l'enregistrement de nom réel en tant qu'élément d'une signature de groupe du système de rapport de données sécurisé ; la réception des informations de rapport entrées par l'utilisateur ; la réalisation d'une opération de signature de groupe sur les informations de rapport sur la base de la technologie de signature de groupe ; l'envoi des informations de rapport soumises à l'opération de signature de groupe au système de rapport de données sécurisé, de sorte que le système de rapport de données sécurisé vérifie la validité de signature des informations de rapport au moyen d'une opération de vérification de signature sur la signature de groupe ; et la réception d'un résultat de vérification renvoyé par le système de rapport de données sécurisé.
PCT/CN2020/099067 2019-12-18 2020-06-30 Procédé de rapport de données sécurisé, appareil et support d'enregistrement lisible par ordinateur WO2021120579A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911321927.4 2019-12-18
CN201911321927.4A CN111064578B (zh) 2019-12-18 2019-12-18 数据安全上报方法、装置及计算机可读存储介质

Publications (1)

Publication Number Publication Date
WO2021120579A1 true WO2021120579A1 (fr) 2021-06-24

Family

ID=70300922

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/099067 WO2021120579A1 (fr) 2019-12-18 2020-06-30 Procédé de rapport de données sécurisé, appareil et support d'enregistrement lisible par ordinateur

Country Status (2)

Country Link
CN (1) CN111064578B (fr)
WO (1) WO2021120579A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111064578B (zh) * 2019-12-18 2021-10-22 平安国际智慧城市科技股份有限公司 数据安全上报方法、装置及计算机可读存储介质
CN114338014B (zh) * 2022-01-04 2023-03-24 内蒙古汉尔信息科技有限公司 一种用于环境监察执法的安全举报方法、装置及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080091941A1 (en) * 2004-09-03 2008-04-17 Nec Corporation Group Signature System, Member Status Judging Device, Group Signature Method And Member Status Judging Program
CN106981016A (zh) * 2017-03-30 2017-07-25 广东微模式软件股份有限公司 一种远程自助实名购买电话卡的方法与系统
CN107609417A (zh) * 2017-08-29 2018-01-19 北京航空航天大学 用于审计和追踪的匿名消息发送系统及方法
CN108551435A (zh) * 2018-03-12 2018-09-18 北京航空航天大学 一种具有匿名性的可验证加密群签名方法
CN111064578A (zh) * 2019-12-18 2020-04-24 平安国际智慧城市科技股份有限公司 数据安全上报方法、装置及计算机可读存储介质

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100122080A1 (en) * 2008-11-11 2010-05-13 Electronics And Telecommunications Research Institute Pseudonym certificate process system by splitting authority
CN103117858B (zh) * 2013-01-22 2015-10-21 河海大学 一种具备指定可撤销性的Schnorr环签名方法
CN103618995B (zh) * 2013-12-04 2017-01-18 西安电子科技大学 基于动态假名的位置隐私保护方法
CN106789077A (zh) * 2016-12-29 2017-05-31 北京握奇智能科技有限公司 一种实名认证方法及系统
CN107749836B (zh) * 2017-09-15 2020-07-31 江苏大学 面向用户隐私保护与数据可靠性的移动感知系统及其移动感知方法
CN110428351B (zh) * 2019-07-29 2022-04-08 电子科技大学 基于区块链的半分布式车辆违章举报方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080091941A1 (en) * 2004-09-03 2008-04-17 Nec Corporation Group Signature System, Member Status Judging Device, Group Signature Method And Member Status Judging Program
CN106981016A (zh) * 2017-03-30 2017-07-25 广东微模式软件股份有限公司 一种远程自助实名购买电话卡的方法与系统
CN107609417A (zh) * 2017-08-29 2018-01-19 北京航空航天大学 用于审计和追踪的匿名消息发送系统及方法
CN108551435A (zh) * 2018-03-12 2018-09-18 北京航空航天大学 一种具有匿名性的可验证加密群签名方法
CN111064578A (zh) * 2019-12-18 2020-04-24 平安国际智慧城市科技股份有限公司 数据安全上报方法、装置及计算机可读存储介质

Also Published As

Publication number Publication date
CN111064578A (zh) 2020-04-24
CN111064578B (zh) 2021-10-22

Similar Documents

Publication Publication Date Title
US9736145B1 (en) Generation and validation of derived credentials
CN106301782B (zh) 一种电子合同的签署方法及系统
WO2021068619A1 (fr) Procédé, appareil et dispositif de gestion d'authentification de certificat, et support d'informations lisible par ordinateur
CN111224788B (zh) 一种基于区块链的电子合同管理方法、装置及系统
US20080016357A1 (en) Method of securing a digital signature
CN107493273A (zh) 身份认证方法、系统及计算机可读存储介质
EP1622301A2 (fr) Méthodes et système fournissant une liste de clés publiques hachées dans un système à clé publique
CN101631022B (zh) 一种签名方法和系统
CN112801663B (zh) 区块链存证方法、装置、系统、设备和介质
WO2021120579A1 (fr) Procédé de rapport de données sécurisé, appareil et support d'enregistrement lisible par ordinateur
WO2021218334A1 (fr) Procédé, système et appareil de gestion d'un certificat numérique expiré, et support de stockage
WO2020173019A1 (fr) Procédé et dispositif de vérification de certificat d'accès, équipement informatique et support d'enregistrement
CN110445771A (zh) 基于区块链的交互记录取证方法、装置、介质及服务器
CN112989309A (zh) 基于多方授权的登录方法、认证方法、系统及计算设备
CN114003925A (zh) 一种基于区块链的签名结合在线申报方法及系统
CN112187471A (zh) 基于区块链与智能合约的数据抄送方法、系统及介质
CN111541657A (zh) 一种基于区块链的安全位置验证方法
US20220230177A1 (en) Identity verification and service provision platform and method
US11575667B1 (en) System and method for secure communications
JP7066863B2 (ja) 電子署名方法及び装置
US10447688B1 (en) System for secure communications
CN114329610A (zh) 区块链隐私身份保护方法、装置、存储介质及系统
JP2003258787A (ja) 電子証明書、電子証明書の発行および検証方法、装置、プログラム、プログラムの記録媒体
US7827599B2 (en) Self-service provisioning of digital certificates
WO2018152597A1 (fr) Système informatique et procédé mis en œuvre par ordinateur permettant de générer un certificat numérique destiné à des données d'identification associées à une entité

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20901057

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/10/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20901057

Country of ref document: EP

Kind code of ref document: A1