WO2022068360A1 - Procédé et appareil de traitement d'informations basés sur une clé racine partagée, dispositif, et support - Google Patents

Procédé et appareil de traitement d'informations basés sur une clé racine partagée, dispositif, et support Download PDF

Info

Publication number
WO2022068360A1
WO2022068360A1 PCT/CN2021/109261 CN2021109261W WO2022068360A1 WO 2022068360 A1 WO2022068360 A1 WO 2022068360A1 CN 2021109261 W CN2021109261 W CN 2021109261W WO 2022068360 A1 WO2022068360 A1 WO 2022068360A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
sub
piece
institution
random number
Prior art date
Application number
PCT/CN2021/109261
Other languages
English (en)
Chinese (zh)
Inventor
贾牧
谢丹力
陆陈一帆
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2022068360A1 publication Critical patent/WO2022068360A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Definitions

  • the present application relates to the field of blockchain technology, and in particular, to an information processing method, apparatus, device and medium based on a shared root key.
  • the way of information interaction through the network is favored by a large number of users.
  • the increase in the number of users using the network leads to an increase in the amount of information generated, and a large amount of information needs to be stored.
  • the prescription for patients in hospital management Information such as circulation and patient management needs to be stored to facilitate subsequent traceability.
  • the inventor realized that the traditional information storage method is generally the local storage of the terminal, and this kind of information storage method has great risks.
  • the illegal terminal can easily obtain the locally stored information, resulting in the leakage of information, and the illegal user can store the locally stored information.
  • the information is tampered with, resulting in low information security, and when the local storage fails, the information cannot be retrieved, resulting in losses. Therefore, how to ensure the security of information in the process of information storage and prevent information leakage is an urgent problem to be solved.
  • the embodiments of the present application provide an information processing method, device, device, and medium based on a shared root key, which can encrypt information, improve information security, and prevent information leakage.
  • the embodiments of the present application provide an information processing method based on a shared root key, including:
  • each piece of adjusted sub-information obtain coordinate information corresponding to each of the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • the embodiments of the present application provide an information processing apparatus based on a shared root key, including:
  • the root key generation module is used to obtain the objective function used to describe the information, and the institution information corresponding to the institution to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the institution information, and the institution information includes the At least one of the institution's confidentiality level, the institution's debt information, and the institution's profit information;
  • a sub-key generation module used for generating a key corresponding to each sub-information in the target information according to the root key, and the target information includes at least two sub-information;
  • an information adjustment module configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
  • a coordinate obtaining module configured to obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information according to the objective function and each piece of adjusted sub-information;
  • an information encryption module configured to encrypt the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information, and obtain the ciphertext of the coordinate information corresponding to each sub-information;
  • the information storage module is configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • One aspect of the present application provides a computer device, including: a processor, a memory, and a network interface;
  • the above-mentioned processor is connected to a memory and a network interface, wherein the network interface is used to provide a data communication function, the above-mentioned memory is used to store a computer program, and the above-mentioned processor is used to call the above-mentioned computer program to execute the embodiment of the present application.
  • method which includes:
  • each piece of adjusted sub-information obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • An aspect of the embodiments of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, the computer program includes program instructions, and when executed by a processor, the program instructions cause the processor to execute the above-mentioned first step.
  • An information processing method based on a shared root key the method includes:
  • each piece of adjusted sub-information obtain coordinate information corresponding to each piece of sub-information in the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • the embodiment of the present application can improve the security of information; in addition, storing the ciphertext of the target information in the blockchain network can reduce the resource occupation of the local storage space of the terminal.
  • FIG. 1 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application
  • FIG. 2 is a schematic flowchart of a method for adjusting each piece of sub-information provided by an embodiment of the present application
  • FIG. 3 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application
  • FIG. 4 is a schematic diagram of the composition and structure of an information processing apparatus based on a shared root key provided by an embodiment of the present application;
  • FIG. 5 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
  • the blockchain involved in this application is a new application mode of computer technologies such as distributed data storage, point-to-point transmission (P2P transmission), consensus mechanism, and encryption algorithm.
  • each data block contains a batch of network transaction information, which is used to verify the validity of its information (anti-counterfeiting) and generate the next block.
  • the blockchain can include the underlying platform of the blockchain, the platform product service layer and the application service layer; the blockchain can be composed of multiple serial transaction records (also known as blocks) that are connected and protected by cryptography.
  • the distributed ledger connected by the blockchain allows multiple parties to effectively record the transaction, and the transaction can be permanently checked (it cannot be tampered with).
  • the consensus mechanism refers to the mathematical algorithm that realizes the establishment of trust between different nodes and the acquisition of rights and interests in the blockchain network; that is to say, the consensus mechanism is a mathematical algorithm recognized by all network nodes of the blockchain.
  • the technical solution of the present application is suitable for hospital management, that is, the target information may refer to information such as patient prescription circulation, patient management, etc., and the patient prescription circulation, patient management and other information can be obtained by encrypting the patient's prescription circulation, patient management and other information.
  • the ciphertext corresponding to the information, and the encrypted data is stored in the blockchain network, which is conducive to the management of information such as the circulation of patients' prescriptions and patient management, and improves the security of information managed by the hospital.
  • FIG. 1 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application.
  • the method is applied to a node in a blockchain network, and the node may be an independent physical server. , it can also be a server cluster or distributed system composed of multiple physical servers, or it can provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security Services, Content Delivery Network (CDN), and cloud servers for basic cloud computing services such as big data and artificial intelligence platforms.
  • CDN Content Delivery Network
  • the node may refer to computer equipment, including mobile phones, tablet computers, notebook computers, PDAs, smart speakers, mobile internet devices (MID, mobile internet device), POS (Point Of Sales, point of sale) machines, wearable devices (such as smart watches, smart bracelets, etc.)
  • the method includes:
  • S101 Acquire an objective function for describing information and institution information corresponding to an institution to which the target information to be processed belongs, and generate a root key corresponding to the target information according to the institution information.
  • the objective function may refer to a function corresponding to an elliptic curve, and the objective function may also refer to a function corresponding to other curves.
  • the target information may refer to data such as transaction data, business data, and internal information of an institution.
  • the institution information corresponding to the institution to which the target information belongs includes at least one of the institution's confidentiality level, the institution's debt information, and the institution's profit information.
  • the root key corresponding to the target information can be generated according to the organization information, which can be based on the organization's confidentiality level, the organization's debt information and At least one of the profit information of the organization generates the root key corresponding to the target information.
  • the institution information corresponding to the institution to which the target information belongs includes the security level of the institution
  • the method for generating the root key corresponding to the target information according to the institution information may be: generating a second random number according to the security level of the institution to which the target information belongs; Obtain the byte length in the second random number, and perform padding processing on the second random number according to the byte length to obtain the second random number after the padding processing; perform a hash operation on the second random number after the padding processing to obtain the target The root key corresponding to the information.
  • the security level of the institution may be divided according to the nature of the institution, for example, the nature of the institution may include a defense institution, an educational institution, a small retail institution, and the like. Among them, the confidentiality level of national defense institutions is higher than that of educational institutions, and the confidentiality level of educational institutions is higher than that of small retail institutions.
  • the byte length in the second random number refers to the number of bytes corresponding to the second random number. For example, if the second random number is a number between 0 and 255, the corresponding byte length is 1. The random number is a number greater than 255, the byte length is greater than 1, and so on.
  • the value of the second random number after filling is different from the value corresponding to the second random number before filling, the second random number before filling is k, the second random number after filling is p, and p corresponds to k values are different.
  • the filled second random number is obtained, and there are multiple filling methods for a second random number, including filling one or more bits in 8 bits, so the filled second random number is The second random number is not equal to the second random number before filling, even if the illegal terminal obtains the security level of the organization to which the target information belongs, and generates the second random number according to the security level, because the filling method of the second random number has It is difficult for an illegal terminal to obtain a correct random number after filling, so it is impossible to obtain the root key corresponding to the target information, thereby improving the security of the information.
  • the institution information corresponding to the institution to which the target information belongs includes the institution's debt information and the institution's profit information
  • the method for generating the root key corresponding to the target information according to the institution information may be: according to the institution's debt information and the institution's profit information to determine the fund level of the organization; generate a third random number according to the fund level of the organization; perform a hash operation on the third random number to obtain the root key corresponding to the target information.
  • the debt information of an institution may refer to the creditor's rights-debt relationship between the institution's company and a specific person or a specific institution, including company loans, accounts payable, unpaid purchases, and the like.
  • the profit information of the institution may refer to the income obtained by the institution, and so on.
  • determining the capital level of the institution according to the debt information of the institution and the profit information of the institution may refer to determining the capital level of the institution according to the difference between the profit information of the institution and the debt information of the institution. The higher the funding level of the institution, the better the effectiveness of the institution; the lower the funding level of the institution, the worse the effectiveness of the institution.
  • the capital level of the institution is the first capital grade
  • the funding level of the institution is the second funding level
  • the funding level of the institution is the third funding level
  • the third random number is generated according to the fund level of the institution, and the fund level of the institution is determined based on the debt information of the institution and the profit information of the institution, and the debt information of the institution and the profit information of the institution belong to the high confidentiality of the institution. Therefore, it is not easy for illegal terminals to obtain the information, so it is impossible to obtain the financial level of the institution, and thus cannot generate the third random number, so it is impossible to obtain the root key corresponding to the target information, thereby improving the security of the information.
  • the information associated with the institution can also be obtained from the blockchain network, and the number of pieces of information whose privacy level is greater than the level threshold can be obtained from the associated information, and the number of pieces of information can be hashed to obtain the target information. the corresponding root key.
  • the information associated with the organization refers to all the information stored by the organization in the blockchain network.
  • the privacy level of the information is greater than the level threshold, indicating that the information is highly private, such as top secret; the privacy level of the information is less than the level threshold, indicating that the information is less private, such as secret, top secret is more private than secret.
  • top-secret information is information with a high degree of institutional confidentiality, it is difficult for an illegal terminal to obtain the information, and thus cannot obtain the root key corresponding to the target information, which can improve the security of the information.
  • S102 Generate a key corresponding to each piece of sub-information in the target information according to the root key.
  • the target information includes at least two pieces of sub-information.
  • the method for generating a key corresponding to each piece of sub-information in the target information according to the root key includes: obtaining the generation time of each piece of sub-information; determining the first sub-information and the second sub-information according to the generation time of each piece of sub-information, and the second The generation time of the sub-information is later than the generation time of the first sub-information; perform a hash operation on the root key to obtain the key of the first sub-information; perform a hash operation on the key of the first sub-information to obtain the second sub-information information key.
  • the root key corresponding to the target information is n
  • the number of second sub-information is greater than 1, for example, the number of second sub-information is 3, which are respectively sub-information a2, sub-information a3 and sub-information a4, and the generation times of the three second sub-information are t2, t3, and t4 respectively.
  • the key corresponding to each piece of sub-information can be calculated.
  • the difficulty of the key corresponding to the sub-information can be improved, so that when each piece of sub-information is encrypted using the key corresponding to the sub-information subsequently, the encryption efficiency can be improved. Difficulty, reduce the probability of ciphertext being cracked by illegal terminals, and improve the security of information.
  • the method for generating a key corresponding to each piece of sub-information in the target information according to the root key includes: acquiring the information length of each piece of sub-information; determining the first sub-information and the first sub-information according to the information length of each piece of sub-information Two sub-information, the first sub-information is the sub-information with the largest information length in the target information, and the information length of the second sub-information is less than the information length of the first sub-information; Hash operation is performed on the root key to obtain the information of the first sub-information. key; perform a hash operation on the key of the first sub-information to obtain the key of the second sub-information.
  • the root key corresponding to the target information is k
  • the sorted second sub-information includes sub-information b2, b3 , b4, and the length of b2 is greater than that of b3, the length of the information is greater than that of b4, and the key of the first sub-information is k1, then the key of the first sub-information is hashed to obtain the second sub-information b2.
  • the key is k2; perform a hash operation on the key of the second sub-information b2 to obtain the key of the second sub-information b3 as k3; perform a hash operation on the key of the second sub-information b3 to obtain the second sub-information
  • the key of b4 is k4. Therefore, the key corresponding to each sub-information can be calculated according to the information length of each sub-information and the root key. Since the length of each sub-information is not equal, the sub-information calculated according to the length of each sub-information and the root key can be obtained.
  • the corresponding keys are different, which can improve the difficulty of encrypting each piece of sub-information by using the key corresponding to the sub-information subsequently, reduce the probability of the ciphertext being cracked by an illegal terminal, and improve the security of the information.
  • S103 Obtain a first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information.
  • the first random number can be used to adjust each piece of sub-information, so that the value corresponding to each piece of sub-information after adjustment is less than or equal to the first threshold, so that each piece of sub-information is mapped to the curve of the objective function, according to the curve of the objective function Calculate the coordinate point corresponding to each sub-information.
  • the first threshold may be determined according to a curve parameter corresponding to the objective function. If the curve parameter is the curve length c, the first threshold is 2 256 -w, where w is a very small value.
  • random number generation algorithms can be used to generate random numbers, such as the central limit theorem and Box Muller (coordinate transformation method), Monte Carlo algorithm, numerical probability algorithm, Las Vegas algorithm or other algorithms to generate random numbers, and
  • the generated random number is determined as the first random number corresponding to each piece of sub-information.
  • each piece of sub-information is not numeric data
  • each piece of sub-information can be encoded to obtain numeric-type encoded data, and each piece of sub-information corresponds to each piece of information according to the first random number corresponding to each piece of sub-information
  • the encoded data is adjusted to obtain each piece of sub-information after adjustment.
  • each piece of sub-information is numerical data
  • each piece of sub-information is adjusted according to the first random number corresponding to each piece of sub-information to obtain each piece of adjusted sub-information. It can be known that each piece of sub-information after adjustment includes the piece of sub-information and the first random number corresponding to the piece of sub-information.
  • FIG. 2 is a schematic flowchart of a method for adjusting each piece of sub-information provided by an embodiment of the present application, as shown in FIG. 2 . As shown, the method includes the following steps:
  • each piece of sub-information after subtraction is smaller than the information threshold, determine each piece of sub-information after subtraction as each piece of adjusted sub-information.
  • steps S11 to S12 if each piece of sub-information after subtraction is less than the information threshold, it is considered that the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, which can be based on the first coordinate and the target. function, the second coordinate of the target point on the curve corresponding to the objective function is obtained by calculation, that is, the coordinate information corresponding to each piece of sub-information can be obtained.
  • each piece of sub-information after subtraction is greater than or equal to the information threshold, it is considered that the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the first coordinate and the objective function cannot be calculated to obtain the The second coordinate of the target point on the curve corresponding to the objective function, that is, the coordinate information corresponding to each piece of sub-information cannot be obtained.
  • the first random numbers corresponding to each piece of sub-information may be equal or unequal.
  • the information threshold may be, for example, 2 256 , or may be smaller than 2 256 .
  • each piece of sub-information after the subtraction can be obtained, so that each piece of sub-information after subtraction is determined to be adjusted according to the relationship between each piece of sub-information after subtraction and the information threshold each subsequent sub-message.
  • the subtraction of each piece of sub-information from the first random number may refer to subtracting the first random number from the value corresponding to each piece of sub-information. It can be known that the value corresponding to each piece of sub-information obtained after the subtraction is less than the sub-information before the subtraction. corresponding value.
  • each piece of sub-information after subtraction is greater than or equal to the information threshold, the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, which cannot be calculated according to the first coordinate and the objective function.
  • the second coordinate of the target point on the curve corresponding to the objective function that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. Therefore, it is necessary to adjust the first random number corresponding to each piece of sub-information, and subtract each adjusted piece of sub-information from the first random number to obtain each candidate sub-information.
  • each piece of candidate sub-information is smaller than the information threshold, determine each piece of candidate sub-information as each adjusted piece of sub-information.
  • each piece of candidate sub-information is less than the information threshold, the piece of sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the corresponding value of the objective function can be calculated according to the first coordinate and the objective function.
  • the second coordinate of the target point on the curve that is, the coordinate information corresponding to each piece of sub-information can be obtained. If each candidate sub-information is greater than or equal to the information threshold, it is considered that the sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function, and the objective function cannot be calculated based on the first coordinate and the objective function.
  • the second coordinate of the target point on the corresponding curve that is, the coordinate information corresponding to each piece of sub-information cannot be obtained. That is, if each candidate sub-information is greater than or equal to the information threshold, continue to adjust the first random number until each candidate sub-information is subtracted from the adjusted first random number, and each candidate sub-information after the subtraction is subtracted. If the information is less than the information threshold, each piece of sub-information of the candidate after subtraction is determined as each piece of adjusted sub-information. By subtracting each sub-information and the first random number corresponding to each sub-information, and continuously adjusting the first random number corresponding to each sub-information, each adjusted sub-information can be obtained, which improves the success of subsequent encryption of each sub-information Rate.
  • each piece of sub-information of the adjusted non-numeric type can be encoded to obtain coded data corresponding to each piece of sub-information of the adjusted numerical type, and the coded data corresponding to each piece of sub-information of the adjusted numerical type can be mapped to the corresponding coded data of the objective function.
  • the corresponding coordinate point is obtained on the curve, so as to obtain the coordinate information corresponding to each piece of sub-information according to the coordinate point.
  • the curve corresponding to the objective function can be obtained, and each piece of adjusted sub-information is mapped to the first coordinate of the target point on the curve corresponding to the objective function; according to the first coordinate and the objective function , determine the second coordinate of the target point on the curve corresponding to the objective function; determine the first coordinate and the second coordinate as the coordinate information corresponding to each piece of sub-information, thereby obtaining at least two pieces of sub-information corresponding to each sub-information Coordinate information.
  • the second coordinate of the target point on the curve corresponding to the objective function can be determined according to the first coordinate and the objective function, and the first coordinate can be determined.
  • the coordinates and the second coordinates are determined as the coordinate information corresponding to the sub-information c.
  • the curve corresponding to the objective function can be shown in formula (1-1):
  • a and b are known real numbers, and x and y are both parameters.
  • the value of the other parameter can be calculated by formula (1-1), for example , by determining the value of x, the value of y can be calculated according to formula (1-1).
  • a is 1, b is -1, the sub-information c is mapped to the first coordinate of the target point on the curve corresponding to the objective function (for example, the abscissa of the target point) is 1, and a, b and the first coordinate
  • the coordinates are substituted into formula (1-1) as x, and y is obtained as 1, that is, the second coordinate of the target point on the curve corresponding to the objective function is 1, then the coordinate information corresponding to the sub-information c is (1, 1),
  • the coordinate information corresponding to the other sub-information in the at least two pieces of sub-information can be acquired, thereby acquiring the coordinate information corresponding to each sub-information in the at least two pieces of sub-information.
  • the computer device may use the key corresponding to each piece of sub-information to encrypt the coordinate information corresponding to each of the at least two pieces of sub-information to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  • the computer device can obtain the private key of the terminal to which the target information belongs, and encrypt the coordinate information corresponding to each sub-information in the at least two sub-information according to the private key of the terminal and the key corresponding to each sub-information, and obtain each sub-information.
  • the ciphertext of the coordinate information corresponding to the sliver information It can be seen that the ciphertext of the coordinate information corresponding to the sub-information is the ciphertext obtained by encrypting the sub-information.
  • the ciphertext of the corresponding sub-information corresponding to the ciphertext cannot be known even if the ciphertext is obtained. content.
  • S106 Determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information.
  • the ciphertext of the target information includes the ciphertext of the coordinate information corresponding to each of the at least two sub-information, so far, the ciphertext of the target information can be obtained by encrypting the target information, and the ciphertext of the target information can be obtained.
  • the documents are stored in the blockchain network.
  • the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc., it is an institution.
  • the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc.
  • For relatively confidential information it is difficult for an illegal terminal to obtain the organization information, that is, it is difficult to obtain the root key corresponding to the target information.
  • the Decrypting the ciphertext can improve the difficulty of cracking the ciphertext and improve the security of information.
  • FIG. 3 is a schematic flowchart of an information processing method based on a shared root key provided by an embodiment of the present application, and the method is applied to a node in a blockchain network. As shown in Figure 3, the method includes:
  • S201 Acquire an objective function for describing information and institution information corresponding to an institution to which the target information to be processed belongs, and generate a root key corresponding to the target information according to the institution information.
  • S202 Generate a key corresponding to each piece of sub-information in the target information according to the root key.
  • S203 Obtain a first random number corresponding to each piece of sub-information, and adjust each piece of sub-information according to the first random number to obtain each piece of adjusted sub-information.
  • steps S201 to S204 reference may be made to the content of steps S101 to S104 in the embodiment corresponding to FIG. 1 , which will not be repeated here.
  • S205 Obtain the private key of the terminal to which the target information belongs, and the key corresponding to each piece of sub-information.
  • the terminal to which the target information belongs is the terminal that uploads the target information to the blockchain network for processing such as encryption and storage
  • the private key of the terminal to which the target information belongs is the private key generated by the terminal.
  • the identifier of the terminal to which the target information belongs can be obtained, a fourth random number can be generated by using the SECP256K1 algorithm, and the fourth random number can be filled to obtain the private key of the terminal. number.
  • the identifier of the terminal may refer to the factory serial number of the terminal, or other identifiers used to uniquely indicate the terminal.
  • the candidate coordinates are obtained according to the base point coordinates of the curve of the objective function and the private key of the terminal. Specifically, the coordinates of the base point of the curve of the objective function can be obtained; the product of the coordinates of the base point and the private key of the terminal can be obtained to obtain the candidate coordinates.
  • the coordinates of the base point of the curve of the objective function can be acquired.
  • the base point is G
  • the corresponding base point coordinates are (x1, y1)
  • the private key of the terminal is h
  • the candidate coordinates can be calculated according to formula (1-2):
  • the candidate coordinate is H
  • the base point is G
  • the private key of the terminal is h.
  • S207 Encrypt the candidate coordinates according to the key corresponding to each piece of sub-information to obtain the ciphertext of the candidate coordinates.
  • the candidate coordinates can be encrypted by formula (1-3) to obtain the ciphertext of the candidate coordinates , and fuse the coordinate information corresponding to the sub-information i with the ciphertext of the candidate coordinates to obtain the ciphertext of the coordinate information corresponding to the sub-information i.
  • Ci Mi+ki*H (1-3)
  • the candidate coordinates are H, Ci is the ciphertext of the coordinate information corresponding to the sub-information i, Mi is the coordinate information corresponding to the sub-information i, and ki is the key corresponding to the sub-information i.
  • ki*H indicates that the candidate coordinates are encrypted according to the key corresponding to the sub-information i, and the ciphertext of the candidate coordinates is obtained. It can be known that, for other sub-information in the n pieces of sub-information, the encryption and fusion can also be performed by formula (1-3) to obtain the ciphertext of the coordinate information corresponding to the other sub-information.
  • the ciphertext of the coordinate information corresponding to the piece of sub-information can be obtained by encrypting and fusing the formula (1-3), that is to say, a piece of sub-information corresponds to the number of ciphertexts of the coordinate information corresponding to a piece of sub-information , that is, for n pieces of sub-information, the number of ciphertexts of the coordinate information corresponding to the finally obtained sub-information is n.
  • an encryption algorithm can be used to encrypt the coordinate information corresponding to each piece of sub-information to obtain the ciphertext of the coordinate information corresponding to each piece of sub-information.
  • the encryption algorithm can include, for example, Elgamal algorithm (an asymmetric encryption algorithm), Rabin algorithm ( An asymmetric encryption algorithm), Diffie-Hellman algorithm (an asymmetric encryption algorithm), ECC algorithm (elliptic curve encryption algorithm).
  • the computer device encrypts the coordinate information corresponding to each piece of sub-information in at least two pieces of sub-information according to the private key of the terminal and the key corresponding to each piece of sub-information, and obtains the ciphertext of the coordinate information corresponding to each piece of sub-information. Encryption is performed to obtain the corresponding ciphertext. After the terminal obtains the ciphertext corresponding to each piece of sub-information, it needs to be decrypted to obtain the sub-information corresponding to each piece of ciphertext.
  • S209 Determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • step S209 for the specific content of step S209, reference may be made to the content of step S106 in the embodiment corresponding to FIG. 1 , which will not be repeated here.
  • the coordinate information corresponding to each sub-information in the at least two sub-information is encrypted, and the ciphertext of the coordinate information corresponding to each sub-information is obtained, which can realize Each piece of sub-information is encrypted to obtain the corresponding ciphertext.
  • the terminal obtains the ciphertext corresponding to each piece of sub-information, it needs to be decrypted to obtain the corresponding sub-information of each piece of ciphertext.
  • FIG. 4 is a schematic diagram of the composition and structure of an information processing apparatus based on a shared root key provided by an embodiment of the present application
  • the above-mentioned information processing apparatus based on a shared root key may be a computer program running in a computer device (including program code), for example, the information processing device based on the shared root key is an application software; the device can be used to execute corresponding steps in the methods provided by the embodiments of the present application.
  • the device 40 includes:
  • the root key generation module 401 is used to obtain the target function used to describe the information, and the organization information corresponding to the organization to which the target information to be processed belongs, and generate the root key corresponding to the target information according to the organization information, and the organization information includes At least one of the institution's confidentiality level, the institution's debt information, and the institution's profit information;
  • a subkey generation module 402 configured to generate a key corresponding to each piece of subinformation in the target information according to the root key, and the target information includes at least two pieces of subinformation;
  • an information adjustment module 403 configured to obtain a first random number corresponding to each piece of sub-information, adjust each piece of sub-information according to the first random number, and obtain each piece of adjusted sub-information;
  • Coordinate acquisition module 404 is used to obtain the coordinate information corresponding to each sub-information in this at least two sub-information according to this objective function and each sub-information after the adjustment;
  • the information encryption module 405 is used for encrypting the coordinate information of the corresponding sub-information in the at least two pieces of sub-information by using the key corresponding to each sub-information to obtain the ciphertext of the coordinate information corresponding to each sub-information;
  • the information storage module 406 is configured to determine the ciphertext of the coordinate information corresponding to each piece of sub-information as the ciphertext of the target information, and store the ciphertext of the target information in the blockchain network.
  • the institution information includes the confidentiality level of the institution, and the root key generation module 401 is specifically used for:
  • a hash operation is performed on the filled second random number to obtain a root key corresponding to the target information.
  • the institution information includes debt information of the institution and profit information of the institution;
  • the root key generation module 401 is specifically used for:
  • Hash operation is performed on the third random number to obtain the root key corresponding to the target information.
  • sub-key generation module 402 is specifically used for:
  • the first sub-information and the second sub-information are determined according to the generation time of each piece of sub-information, the first sub-information is the sub-information with the earliest generation time in the target information, and the second sub-information is generated later than the first sub-information the time when the information was generated;
  • the information adjustment module 403 is specifically used for:
  • each piece of sub-information after the subtraction is smaller than the information threshold, then each piece of sub-information after the subtraction is determined as each piece of adjusted sub-information.
  • the apparatus 40 further includes: a random number adjustment module 407 for:
  • each piece of sub-information of the candidate is smaller than the information threshold, then each piece of sub-information of the candidate is determined as each piece of adjusted sub-information.
  • the information encryption module 405 is specifically used for:
  • the steps involved in the shared root key-based information processing method shown in FIG. 1 can be performed by various modules in the shared root key-based information processing apparatus shown in FIG. 4 .
  • step S101 shown in FIG. 1 may be performed by the root key generation module 401 in FIG. 4
  • step S102 shown in FIG. 1 may be performed by the sub-key generation module 402 in FIG. 4
  • the step S103 shown in FIG. 4 can be executed by the information adjustment module 403 in FIG. 4
  • the step S104 shown in FIG. 1 can be executed by the coordinate obtaining module 404 in FIG. 4
  • the encryption module 405 can perform it; the step S106 shown in FIG.
  • each module in the information processing based on the shared root key shown in FIG. 4 may be respectively or all combined into one or several units to form, or some unit(s) may also be formed. The same operation can be achieved without affecting the realization of the technical effects of the embodiments of the present application by being split into multiple sub-units with smaller functions.
  • the above modules are divided based on logical functions. In practical applications, the function of one module may also be implemented by multiple units, or the functions of multiple modules may be implemented by one unit. In other embodiments of the present application, the information processing apparatus based on the shared root key may also include other units. In practical applications, these functions may also be implemented with the assistance of other units, and may be implemented by cooperation of multiple units.
  • a general-purpose computer device such as a computer including processing elements and storage elements such as a central processing unit (CPU), random access storage medium (RAM), read only storage medium (ROM), etc.
  • CPU central processing unit
  • RAM random access storage medium
  • ROM read only storage medium
  • Running a computer program capable of executing the steps involved in the corresponding methods as shown in FIG. 1 , FIG. 2 and FIG. 3 , to construct a shared root key-based information processing apparatus as shown in FIG. 4 , and to implement the information processing method based on the shared root key of the embodiment of the present application.
  • the above-mentioned computer program can be recorded on, for example, a computer-readable recording medium, loaded in the above-mentioned computing device via the computer-readable recording medium, and executed therein.
  • the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc., it is an institution.
  • the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc.
  • For relatively confidential information it is difficult for an illegal terminal to obtain the organization information, that is, it is difficult to obtain the root key corresponding to the target information.
  • the Decrypting the ciphertext can improve the difficulty of cracking the ciphertext and improve the security of information.
  • FIG. 5 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
  • the above-mentioned computer device 50 may include: a processor 501 , a network interface 504 and a memory 505 , in addition, the above-mentioned computer device 50 may further include: a user interface 503 , and at least one communication bus 502 .
  • the communication bus 502 is used to realize the connection and communication between these components.
  • the user interface 503 may include a display screen (Display) and a keyboard (Keyboard), and the optional user interface 503 may also include a standard wired interface and a wireless interface.
  • the network interface 504 may include a standard wired interface and a wireless interface (eg, a WI-FI interface).
  • the memory 505 may be a high-speed RAM memory, or a non-volatile memory, such as at least one disk memory.
  • the memory 505 can optionally also be at least one storage device located away from the aforementioned processor 501 .
  • the memory 505 as a computer-readable storage medium may include an operating system, a network communication module, a user interface module, and a device control application program.
  • the network interface 504 can provide a network communication function;
  • the user interface 503 is mainly used to provide an input interface for the user; and
  • the processor 501 can be used to call the device control application stored in the memory 505 program to achieve:
  • each piece of adjusted sub-information obtain coordinate information corresponding to each of the at least two pieces of sub-information
  • the ciphertext of the coordinate information corresponding to each piece of sub-information is determined as the ciphertext of the target information, and the ciphertext of the target information is stored in the blockchain network.
  • the computer device 50 described in this embodiment of the present application can execute the description of the above-mentioned information processing method based on the shared root key in the foregoing embodiments corresponding to FIG. 1 , FIG. 2 and FIG.
  • the description of the above-mentioned information processing apparatus based on the shared root key in the corresponding embodiment will not be repeated here.
  • the description of the beneficial effects of using the same method will not be repeated.
  • the root key corresponding to the target information is generated by the institution information corresponding to the institution to which the target information belongs, and the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc., it is an institution.
  • the institution information includes the confidentiality level of the institution, the debt information of the institution, and the profit information of the institution, etc.
  • For relatively confidential information it is difficult for an illegal terminal to obtain the organization information, that is, it is difficult to obtain the root key corresponding to the target information.
  • the Decrypting the ciphertext can improve the difficulty of cracking the ciphertext and improve the security of information.
  • Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and the computer program includes program instructions, which, when executed by a computer, cause the computer to execute the above-mentioned embodiments.
  • the method, the computer may be part of the above mentioned computer equipment.
  • it is the above-mentioned processor 501 .
  • program instructions may be deployed for execution on one computer device, or on multiple computer devices located at one site, or alternatively, distributed across multiple sites and interconnected by a communications network Implemented, multiple computer devices distributed in multiple locations and interconnected by a communication network can form a blockchain network.
  • the storage medium involved in this application such as a computer-readable storage medium, may be non-volatile or volatile.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.

Abstract

Des modes de réalisation de la présente demande concernent un procédé et un appareil de traitement d'informations basés sur une clé racine partagée, un dispositif, et un support, se rapportant principalement à des technologies de chaîne de blocs et à des technologies de logistique hospitalière, le procédé consistant à : acquérir une fonction cible pour décrire des informations et des informations d'établissement d'un établissement auquel des informations cibles à traiter appartiennent, et générer une clé racine correspondant aux informations cibles selon les informations d'établissement ; générer une clé correspondant à chaque élément de sous-informations dans les informations cibles selon la clé racine ; acquérir un premier nombre aléatoire correspondant à chaque élément de sous-informations, et ajuster chaque élément de sous-informations selon le premier nombre aléatoire ; acquérir des informations de coordonnées correspondant à chaque élément de sous-informations selon la fonction cible et à chaque élément de sous-informations ajustées ; chiffrer les informations de coordonnées de chaque élément de sous-informations à l'aide de la clé correspondant à chaque élément de sous-informations, et obtenir un cryptogramme des informations de coordonnées correspondant à chaque élément de sous-informations ; et déterminer le cryptogramme en tant que cryptogramme d'informations cibles, et stocker le cryptogramme d'informations cibles dans un réseau à chaîne de blocs. La sécurité des informations peut être améliorée à l'aide des modes de réalisation de la présente demande.
PCT/CN2021/109261 2020-09-29 2021-07-29 Procédé et appareil de traitement d'informations basés sur une clé racine partagée, dispositif, et support WO2022068360A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011068461.4 2020-09-29
CN202011068461.4A CN112199697A (zh) 2020-09-29 2020-09-29 基于共享根密钥的信息处理方法、装置、设备及介质

Publications (1)

Publication Number Publication Date
WO2022068360A1 true WO2022068360A1 (fr) 2022-04-07

Family

ID=74012994

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/109261 WO2022068360A1 (fr) 2020-09-29 2021-07-29 Procédé et appareil de traitement d'informations basés sur une clé racine partagée, dispositif, et support

Country Status (2)

Country Link
CN (1) CN112199697A (fr)
WO (1) WO2022068360A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202554B (zh) * 2020-09-29 2022-03-08 平安科技(深圳)有限公司 基于信息的属性生成密钥的信息处理方法、装置及设备
CN112202555B (zh) * 2020-09-29 2023-07-18 平安科技(深圳)有限公司 基于信息的属性生成随机数的信息处理方法、装置及设备
CN112199697A (zh) * 2020-09-29 2021-01-08 深圳壹账通智能科技有限公司 基于共享根密钥的信息处理方法、装置、设备及介质

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710668A (zh) * 2012-06-29 2012-10-03 上海海事大学 一种适于云存储的数据隐私性保障方法
US20140233736A1 (en) * 2011-11-01 2014-08-21 Huawei Technologies Co., Ltd. Method and related device for generating group key
CN110378128A (zh) * 2019-06-17 2019-10-25 深圳壹账通智能科技有限公司 数据加密方法、装置及终端设备
CN110417553A (zh) * 2019-08-07 2019-11-05 北京阿尔山区块链联盟科技有限公司 多方保密通信方法、装置及用户终端
CN110839026A (zh) * 2019-11-12 2020-02-25 深圳市网心科技有限公司 基于区块链的数据处理方法及相关设备
CN111339545A (zh) * 2020-03-20 2020-06-26 苏州链原信息科技有限公司 用于生成数据标签的方法、电子设备及计算机存储介质
CN112199697A (zh) * 2020-09-29 2021-01-08 深圳壹账通智能科技有限公司 基于共享根密钥的信息处理方法、装置、设备及介质

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140233736A1 (en) * 2011-11-01 2014-08-21 Huawei Technologies Co., Ltd. Method and related device for generating group key
CN102710668A (zh) * 2012-06-29 2012-10-03 上海海事大学 一种适于云存储的数据隐私性保障方法
CN110378128A (zh) * 2019-06-17 2019-10-25 深圳壹账通智能科技有限公司 数据加密方法、装置及终端设备
CN110417553A (zh) * 2019-08-07 2019-11-05 北京阿尔山区块链联盟科技有限公司 多方保密通信方法、装置及用户终端
CN110839026A (zh) * 2019-11-12 2020-02-25 深圳市网心科技有限公司 基于区块链的数据处理方法及相关设备
CN111339545A (zh) * 2020-03-20 2020-06-26 苏州链原信息科技有限公司 用于生成数据标签的方法、电子设备及计算机存储介质
CN112199697A (zh) * 2020-09-29 2021-01-08 深圳壹账通智能科技有限公司 基于共享根密钥的信息处理方法、装置、设备及介质

Also Published As

Publication number Publication date
CN112199697A (zh) 2021-01-08

Similar Documents

Publication Publication Date Title
CN110915164B (zh) 基于可信执行环境中执行的智能合约操作处理区块链数据
US11438383B2 (en) Controlling permissible actions a computing device can perform on a data resource based on a use policy evaluating an authorized context of the device
US10860710B2 (en) Processing and storing blockchain data under a trusted execution environment
WO2022068360A1 (fr) Procédé et appareil de traitement d'informations basés sur une clé racine partagée, dispositif, et support
WO2022068237A1 (fr) Procédé et appareil de traitement d'informations pour générer une clé sur la base d'un attribut d'informations, et dispositif
WO2022068236A1 (fr) Procédé et appareil de traitement d'informations sur la base de caractéristiques d'informations, et dispositif et support
US10791122B2 (en) Blockchain user account data
WO2022068355A1 (fr) Procédé et appareil de chiffrement basés sur une caractéristique d'informations, dispositif, et support d'enregistrement
Tang et al. A secure and trustworthy medical record sharing scheme based on searchable encryption and blockchain
WO2022068356A1 (fr) Procédé et appareil de chiffrement d'informations basés sur une chaîne de blocs, dispositif, et support
Bosamia et al. Current trends and future implementation possibilities of the Merkel tree
US20190260715A1 (en) Computer system, connection apparatus, and processing method using transaction
WO2022068235A1 (fr) Procédé et appareil de traitement d'informations pour générer un nombre aléatoire sur la base d'un attribut d'informations, et dispositif
WO2022068358A1 (fr) Procédé et appareil de chiffrement pour générer des clés sur la base d'attributs d'informations, et dispositif
WO2022068362A1 (fr) Procédé et appareil de traitement d'informations basés sur une chaîne de blocs, dispositif, et support
WO2022068234A1 (fr) Procédé et appareil de chiffrement basés sur une clé racine partagée, dispositif, et support
WO2022068359A1 (fr) Procédé et appareil de chiffrement pour la compression de cryptogramme d'informations, et dispositif et support
Homoliak et al. An air-gapped 2-factor authentication for smart-contract wallets
WO2022068361A1 (fr) Procédé et appareil de chiffrement fondés sur une quantité de modifications, dispositif et support
Charanya et al. Design of Secure Ehealth System Through Temporal Shadow using Blockchain
Sharma et al. Blockchain Application in Retirement Planning Investment: Improving Transparency and Viability
Patil Auditing authorization of big data on cloud

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21874022

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 03/07/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 21874022

Country of ref document: EP

Kind code of ref document: A1