[go: up one dir, main page]

CN113434905B - Data transmission method and device, computer equipment and storage medium - Google Patents

Data transmission method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN113434905B
CN113434905B CN202110758623.5A CN202110758623A CN113434905B CN 113434905 B CN113434905 B CN 113434905B CN 202110758623 A CN202110758623 A CN 202110758623A CN 113434905 B CN113434905 B CN 113434905B
Authority
CN
China
Prior art keywords
key
server
fragments
ciphertext
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110758623.5A
Other languages
Chinese (zh)
Other versions
CN113434905A (en
Inventor
张佳妮
李刚锐
顾费勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Netease Hangzhou Network Co Ltd
Original Assignee
Netease Hangzhou Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netease Hangzhou Network Co Ltd filed Critical Netease Hangzhou Network Co Ltd
Priority to CN202110758623.5A priority Critical patent/CN113434905B/en
Publication of CN113434905A publication Critical patent/CN113434905A/en
Application granted granted Critical
Publication of CN113434905B publication Critical patent/CN113434905B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a data sharing method, a data sharing device, computer equipment and a storage medium; the method and the device can receive a ciphertext acquisition request sent by a first block link node; responding to the ciphertext acquisition request, and if the number of the key fragments not less than the preset number is received within a preset time period, generating a first key according to the key fragments corresponding to the key fragments and the number of the key fragments not less than the preset number; acquiring an original ciphertext, and re-encrypting the original ciphertext by using a first key to obtain a re-encrypted ciphertext; and sending the re-encrypted ciphertext to the first block chain node so that the first block chain node decrypts the re-encrypted ciphertext. The first server needs to receive no less than a preset number of key fragments to generate the first key, and each key fragment can be stored in different servers respectively, so that the first key is maintained by multiple servers together, the security of the first key is improved, and the stability of the whole data sharing method is improved.

Description

Data transmission method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to a data transmission method and apparatus, a computer device, and a storage medium.
Background
In the prior art, when data is transmitted between two blockchain nodes, in order to keep data secret, a re-encryption key is often generated by a blockchain node corresponding to a data holder, and the re-encryption key is sent to a proxy server through a smart contract. The generation of the re-encryption key needs not less than the following two types of information: public key information of block chain link points of a data request party and private key information of block chain link points of a data holding party.
The server can convert the encrypted shared data (i.e. the original ciphertext) into a re-encrypted ciphertext which can be decrypted only by the block link point corresponding to the data requester, and then the server sends the re-encrypted ciphertext to the block link point serving as the data requester so as to decrypt the re-encrypted ciphertext.
In the above process, only one server is used to store the re-encryption key, so that the security of the re-encryption key is low, and the malicious server itself can implement spoofing by using the proxy key. The single server also faces the risk of single point failure, and once the server is down, the whole data sharing process is interrupted, so that the stability of the service is greatly influenced.
Disclosure of Invention
The embodiment of the application provides a data transmission method, a data transmission device, computer equipment and a storage medium, and can improve the stability of the data transmission method.
An embodiment of the present application provides a data transmission method, which is applicable to a first server, and the method includes: receiving a ciphertext acquisition request sent by a first block link node; responding to the ciphertext acquisition request, and if not less than a preset number of key fragments are received within a preset time period, generating a first key according to the key fragments corresponding to the key fragments and the key fragments not less than the preset number, wherein each key fragment in the preset number of key fragments is sent by a corresponding server, and the first key comprises public key information corresponding to the link point of the first block; acquiring an original ciphertext, and re-encrypting the original ciphertext by using the first key to obtain a re-encrypted ciphertext; and sending the re-encrypted ciphertext to the first block chain node, so that the first block chain node decrypts the re-encrypted ciphertext by using a private key corresponding to the first block chain node.
The embodiment of the application provides a data transmission method, which is suitable for a first block chain node, and the method comprises the following steps: sending a ciphertext acquisition request to a first server of n servers, wherein n is a positive integer greater than or equal to 2, and the first server is any one of the n servers; and receiving the re-encrypted ciphertext sent by the first server, and decrypting the re-encrypted ciphertext by using a private key corresponding to the re-encrypted ciphertext, wherein the re-encrypted ciphertext is obtained by the first server by re-encrypting the original ciphertext by using a first key, and the first key is generated by the first server according to a key fragment corresponding to the first server and at least z-1 received key fragments.
The embodiment of the application provides a data transmission method, which is suitable for a second block chain node, and the method comprises the following steps: generating a first key according to the user information corresponding to the second block link point and the user information corresponding to the first block link point, wherein the user information corresponding to the first block link point comprises a public key corresponding to the first block link point; splitting the first key into n key fragments, wherein each key fragment in the n key fragments has a server corresponding to the key fragment; broadcasting each key fragment in the n key fragments and the identity of the server corresponding to the key fragment in the range of the n servers so that each server in the n servers can receive the key fragment corresponding to the server.
According to an aspect of the present application, an embodiment of the present application further provides a data transmission apparatus, which is applicable to a first server, and the apparatus includes:
the ciphertext acquisition receiving module is used for receiving a ciphertext acquisition request sent by the first block chain node;
a first key generation module, configured to respond to the ciphertext acquisition request, and if no less than a preset number of key fragments are received within a preset time period, generate a first key according to the key fragments corresponding to the first key generation module and the key fragments no less than the preset number of key fragments, where each key fragment in the preset number of key fragments is sent by a corresponding server, and the first key includes public key information corresponding to a link point of the first block;
the re-encrypted ciphertext acquisition module is used for acquiring an original ciphertext and re-encrypting the original ciphertext by using the first key to obtain a re-encrypted ciphertext;
and the re-encrypted ciphertext sending module is used for sending the re-encrypted ciphertext to the first block chain node so that the first block chain node decrypts the re-encrypted ciphertext by using a private key corresponding to the first block chain node.
Optionally, the first key generation module is specifically configured to, if receiving the key fragments sent by at least z-1 servers of the n servers, generate the first key according to the key fragments corresponding to the first key generation module and the at least z-1 key fragments.
Optionally, the apparatus further comprises:
and the key discarding module is used for discarding all the key fragments received in the preset time period when the number of the received key fragments sent by the server in the preset time period is less than z-1.
Optionally, the apparatus further comprises:
the broadcast information interface module is used for receiving key fragment broadcast information sent by a second blockchain node, wherein the key fragment broadcast information comprises key fragments and server identity identifications corresponding to the key fragments;
the identity identification comparison module is used for comparing the server identity identification in the key fragment broadcast information with the identity identification of the server identity identification;
and the key fragment storage module is used for storing the key fragments in the key fragment broadcast information when the server identity in the key fragment broadcast information is consistent with the identity of the server identity.
Optionally, the apparatus further comprises:
and the key fragment discarding module is used for discarding the key fragment broadcast information when the server identity in the key fragment broadcast information is inconsistent with the identity of the server identity.
According to an aspect of the present application, an embodiment of the present application further provides a data transmission apparatus, which is applicable to a first blockchain node, and the apparatus includes:
the ciphertext acquisition and transmission module is used for transmitting a ciphertext acquisition request to a first server of n servers, wherein n is a positive integer greater than or equal to 2, and the first server is any one of the n servers;
and the re-encrypted ciphertext receiving module is used for receiving the re-encrypted ciphertext sent by the first server and decrypting the re-encrypted ciphertext by using a private key corresponding to the re-encrypted ciphertext, wherein the re-encrypted ciphertext is obtained by the first server by re-encrypting the original ciphertext by using a first key, and the first key is generated by the first server according to a key fragment corresponding to the first server and at least z-1 received key fragments.
Optionally, the apparatus further comprises:
and a ciphertext request retransmission module, configured to send a ciphertext acquisition request to a second server of the n servers when the first server returns request failure information, where the second server is any one of the n servers except the first server.
According to an aspect of the present application, an embodiment of the present application further provides a data transmission apparatus, which is applicable to a second blockchain node, and the apparatus includes:
a first ciphertext generating module, configured to generate a first key according to the user information corresponding to the second block link point and the user information corresponding to the first block link point, where the user information corresponding to the first block link point includes a public key corresponding to the first block link point;
the key splitting module is used for splitting the first key into n key fragments, wherein each key fragment in the n key fragments has a server corresponding to the key fragment;
and the key fragment broadcasting module is used for broadcasting each key fragment in the n key fragments and the identity of the server corresponding to the key fragment in the range of the n servers so that each server in the n servers can receive the key fragment corresponding to the server.
Embodiments of the present application further provide a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method when executing the computer program.
Embodiments of the present application also provide a computer-readable storage medium, where a plurality of instructions are stored, where the instructions are suitable for being loaded by a processor to execute steps implementing the method described above.
The embodiment of the application provides a data transmission method, a data transmission device, computer equipment and a storage medium, and a first server can be enabled to receive a ciphertext acquisition request sent by a first block link node; responding to the ciphertext acquisition request, if key fragments not less than a preset number are received within a preset time period, generating a first key according to the key fragments and the received key fragments, wherein the first key comprises public key information corresponding to the chain link points of the first block; the first server obtains an original ciphertext, re-encrypts the original ciphertext by using the first key to obtain a re-encrypted ciphertext, and sends the re-encrypted ciphertext to the first block chain node, so that the first block chain node can encrypt the re-encrypted ciphertext by using a private key of the first block chain node. In the above scheme, the first server needs to receive no less than a preset number of key fragments within a preset time period to generate the first key, and each key fragment may be stored in a different server, so that the multiple servers maintain the first key together. Compared with the prior art, the security of the first secret key is improved, and therefore the stability of the whole data transmission method is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1a is a schematic view of an application scenario of a data transmission method provided in an embodiment of the present application;
fig. 1b is a schematic flowchart of a data transmission method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a data transmission method according to another embodiment of the present application;
fig. 3 is a schematic flowchart of a data transmission method according to another embodiment of the present application;
fig. 4 is a timing diagram illustrating a data transmission method according to an embodiment of the present application;
fig. 5 is a schematic diagram of a first structure of a data transmission device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a second data transmission device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a third data transmission device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a computer device provided in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a data transmission method, a data transmission device, computer equipment and a storage medium. Referring to fig. 1a, fig. 1a shows a schematic view of an application scenario of a data transmission method provided in an embodiment of the present application.
Each of the N servers is in communication with a second blockchain link point 30, the first server 20 is any one of the N servers, the first server 20 is in communication with a first blockchain node 10, and the first blockchain node 10 is also in communication with a second blockchain node 30. The first block chain node 10 is a block chain node corresponding to a user as a data requester, and the second block chain node 30 is a block chain node corresponding to a user as a data holder, where the data requester may be a party requesting data and the data holder may be a party holding data.
The second blockchain node 30 is configured to communicate with the first blockchain node 10 to obtain user information of the data requester; and generating a first key according to the user information of the data request party and the user information of the data holding party, splitting the first key into n key fragments, and broadcasting the n key fragments to the n servers, so that each server in the n servers can receive the corresponding key fragment.
The first server 20 is configured to receive a ciphertext obtaining request sent by the first blockchain node 10, and determine, in response to the ciphertext obtaining request, whether to receive key fragments of not less than a preset number within a preset time period. If the key fragments not less than the preset number are received within the preset time period, generating a first key according to the key fragments corresponding to the key fragments and the key fragments. The first server 20 is further configured to obtain an original ciphertext, re-encrypt the original ciphertext with the first key to obtain a re-encrypted ciphertext, and send the re-encrypted ciphertext to the first block chain node 10, where the original ciphertext is the ciphertext obtained by encrypting the information to be shared with the private key of the second block chain node 30.
The first block chain node 10 is configured to decrypt the re-encrypted ciphertext using a private key corresponding to the first block chain node, so as to obtain original information to be shared.
The first blockchain node 10 and the second blockchain node 30 may be terminals or servers. The terminal can be a mobile phone, a tablet Computer, an intelligent bluetooth device, a notebook Computer, or a Personal Computer (PC), and the like; the server may be a single server or a server cluster composed of a plurality of servers.
In some embodiments, the server may also be implemented in the form of a terminal.
The following are detailed below. The numbers in the following examples are not intended to limit the order of preference of the examples.
In this embodiment, a data transmission method is provided, which is applicable to a first server, where the first server is any one of n servers. As shown in fig. 1b, the specific flow of the data transmission method may include the following steps 101 to 104:
101. and receiving a ciphertext acquisition request sent by the first block chain node.
The first blockchain node is a corresponding blockchain link node of a user as a data requester. The ciphertext acquisition request is a request for acquiring a re-encrypted ciphertext, and the re-encrypted ciphertext is a ciphertext which can be decrypted by a private key stored in a chain node of the first block.
102. Responding to the ciphertext acquisition request, and if not less than a preset number of key fragments are received within a preset time period, generating a first key according to the key fragments corresponding to the key fragments and the key fragments not less than the preset number, wherein each key fragment in the preset number of key fragments is sent by a corresponding server, and the first key comprises public key information corresponding to the link point of the first block.
The preset time period may be a predefined time period, and the specific time length of the time period should not be construed as a limitation to the present application. The preset number is a preset numerical value, and the generation of the first key can be realized by receiving no less than the preset number of key fragments, namely, no less than the preset number of +1 key fragments together with the key fragments stored by the first server. Because each key fragment corresponds to a different server, the first key can be generated by receiving the key fragments respectively sent by not less than a preset number of servers.
The first server is any one of n servers, the preset number is z-1, n is a positive integer not less than 2, and z is a positive integer not less than 2 and not more than n.
Optionally, in a specific embodiment, step 102 may include:
and if the key fragments sent by at least z-1 servers in the n servers are received, generating a first key according to the key fragments corresponding to the first key fragments and the at least z-1 key fragments.
103. And acquiring an original ciphertext, and re-encrypting the original ciphertext by using the first key to obtain a re-encrypted ciphertext.
The original ciphertext may be stored in the cloud server, and thus, the first server may obtain the original ciphertext from the cloud server. The specific manner in which the first server obtains the original ciphertext should not be construed as a limitation to the present application.
104. And sending the re-encrypted ciphertext to the first block chain node, so that the first block chain node decrypts the re-encrypted ciphertext by using a private key corresponding to the first block chain node.
And the first server sends the re-encrypted ciphertext to the first block chain node, so that the first block chain node decrypts the re-encrypted ciphertext by using a private key corresponding to the first block chain node, and the original information to be shared is obtained.
In the foregoing embodiment, the first server may generate the first key together with the key fragments stored by the first server by using the key fragments not less than the preset number, and each key fragment not less than the preset number corresponds to one server, so that the key fragments not less than the preset number are sent by the servers not less than the preset number, thereby implementing common maintenance of the first key by the plurality of servers.
Optionally, in a specific embodiment, after step 101, the method further includes: if the number of the key fragments sent by the server in the preset time period is less than z-1, discarding all the key fragments received in the preset time period.
If the number of the key fragments sent by the server received within the preset time period is less than z-1, it indicates that the generation of the first key cannot be successfully realized, and therefore, all the key fragments received within the preset time period can be discarded, and the storage space of the first server can be saved.
Optionally, in a specific embodiment, before step 101, the method further includes: receiving key fragment broadcast information sent by a second blockchain node, wherein the key fragment broadcast information comprises key fragments and server identity identifications corresponding to the key fragments; comparing the server identity in the key fragment broadcast information with the identity of the server identity; and if the server identity in the key fragment broadcast information is consistent with the identity of the server identity, storing the key fragments in the key fragment broadcast information.
In order to determine whether the received key fragment broadcast information corresponds to the first server, the first server may obtain a server identity in the key fragment broadcast information, and compare the server identity with the identity of the first server. If the comparison between the two is consistent, it indicates that the key fragment broadcast information corresponds to the first server, and therefore, the first server may store the key fragment in the key fragment broadcast information.
Optionally, after the step of "comparing the server identity in the key fragment broadcast information with the identity of itself", the method may further include: and if the server identity in the key fragment broadcast information is inconsistent with the identity of the server identity, discarding the key fragment broadcast information.
If the comparison between the two is inconsistent, it indicates that the key fragment broadcast information does not correspond to the key fragment broadcast information, and therefore, the first server may discard the key fragment broadcast information, so that the storage space of the first server may be further saved.
In some embodiments, if a first server fails, the first server stops sending heartbeat information to servers, except the first server, of the n servers, so that the servers, except the first server, of the n servers assume a role that the first server generates a re-encrypted ciphertext according to a preset assuming priority.
When the first server normally operates, the first server operates as a main node for generating the re-encrypted ciphertext, and if the first server fails, other servers in the n servers cannot receive heartbeat information sent by the first server. Therefore, the other servers in the n servers can be switched to the operating mode of the master node according to the preset burden priority. For example, the other servers may divide the time slices in the order of increasing mac addresses and switch to the master node mode of operation within the time slices.
The method provided by the embodiment of the application can realize that a plurality of servers maintain the generation of the first key together, for example, for a server cluster formed by n servers, the number of the servers capable of normally operating, including the first server, is more than z, so that the first key can be normally generated, and the stability of data transmission is better improved.
In this embodiment, a data transmission method is provided, and the method is applied to a first blockchain node, as shown in fig. 2, a specific flow of the data transmission method may include the following steps 201 to 202:
201. sending a ciphertext acquisition request to a first server of n servers, wherein n is a positive integer greater than or equal to 2, and the first server is any one of the n servers.
202. And receiving the re-encrypted ciphertext sent by the first server, and decrypting the re-encrypted ciphertext by using a private key corresponding to the re-encrypted ciphertext, wherein the re-encrypted ciphertext is obtained by the first server by re-encrypting the original ciphertext by using a first key, and the first key is generated by the first server according to a key fragment corresponding to the first server and at least z-1 received key fragments.
The advantageous effects generated in steps 201 to 202 are the same as those generated in steps 101 to 104, and are not described herein again.
Optionally, in a specific embodiment, after step 201, the method may further include: and if the first server returns request failure information, sending a ciphertext acquisition request to a second server of the n servers, wherein the second server is any one of the n servers except the first server.
If the first server cannot normally operate, the first server may return request failure information so that the first block link node sends a ciphertext acquisition request to any one of the n servers except the first server, and accordingly fluency of data transmission may be improved.
In this embodiment, a data transmission method is provided, where the method is applied to a second blockchain node, as shown in fig. 3, a specific flow of the data transmission method may include the following steps 301 to 303:
301. and generating a first key according to the user information corresponding to the second block link point and the user information corresponding to the first block link point, wherein the user information corresponding to the first block link point comprises a public key corresponding to the first block link point.
The second block link node is a block link point corresponding to a user as a data owner, and the first block link node is a block link point corresponding to a user as a data requester. For convenience of description, a user as a data holder is not referred to as user i, and a user as a data requester is referred to as user j.
The user information corresponding to the second block chain link point comprises the identity id of the user i Private key Pri used by user to decrypt original ciphertext i And a blockchain system parameter Params. Wherein, the identity id of the user i The user corresponding to the second block link point is generated by the second block link point when performing identity registration with a Certificate Authority (CA). The original ciphertext is the ciphertext obtained by encrypting the information to be shared, and the information to be shared can be obtained by a private key Pri held by a user corresponding to the second block link point i Encryption, the private key Pri i It may be that the CA generates and returns to the user in response to the user's identity registration. The block chain system parameter Params comprises q, G and h (), wherein q is the order of a finite field, G is a base point of an elliptic curve generated based on the finite field, and h () is a secure hash function.
The user information corresponding to the first block chain link point comprises the identity id of the user j Private key Pri held by the user j . Wherein, the identity id of the user j The user corresponding to the first block chain link point is generated by the first block chain link point when the user registers the identity with the CA. Private key Pri held by the user j It may be that the CA generates and returns to the user in response to the user's identity registration.
Optionally, the user information corresponding to the first block link point may further include a public key certificate Cert corresponding to the user j The public key certificate Cert j And is also generated and returned to the user by the CA in response to the user's identity registration.
Optionally, a proxy re-Encryption (PRE) algorithm may be performed on the user information corresponding to the second block link point and the user information corresponding to the first block link point, so as to obtain a first key, where the first key is a key capable of re-encrypting the original ciphertext.
302. Splitting the first key into n key fragments, wherein each key fragment in the n key fragments has a server corresponding to the key fragment.
The first key may be split into n key fragments, so that the n servers may respectively receive their corresponding key fragments.
The specific process of splitting the first key can be realized as follows:
the second block chain node constructs a z-degree polynomial: f (x) = a 1 x^(z-1)+a 2 x^(z-1)+…+a 1-1 And x + RK. Wherein z is the minimum number of key fragments capable of generating the first key by the key fragments; a is 1 、a 2 、…a 1-1 The random number is obtained from a configuration file; RK is the first key.
The second block link point operates on the above-mentioned z-th order polynomial to obtain n values (x) k ,y k ) Wherein k =1,2, \ 8230n.
The second block chain node uses the pre-stored public key corresponding to each server in the n servers to obtain the corresponding value (x) of the server k ,y k ) Encrypting to obtain private key fragments E corresponding to each server PKk [(x k ,y k )]Thus, n pieces of private key can be obtained: e PK1 ,E PK2 ,…E PKn . The public key corresponding to each server may be issued by the certificate authority, or may be issued by another certificate authority belonging to the same root certificate authority as the certificate authority.
303. Broadcasting each key fragment in the n key fragments and the identity of the server corresponding to the key fragment in the range of the n servers so that each server in the n servers can receive the key fragment corresponding to the server.
After the second blockchain node obtains the n key shards, each key shard of the n key shards and the identity of the server corresponding to each key shard can be broadcasted within the range of the n servers. Each server in the N servers can receive the N key fragments, and after each server receives the N key fragments, the identity corresponding to the key fragments can be compared with the identity of the server, so that the key fragments corresponding to the server are obtained. The identity of the server corresponding to each key fragment may be the public key corresponding to each server.
In the foregoing embodiment, the second block link point may generate the first key, split the first key into n key fragments, and broadcast the n key fragments to the n servers, so that each server in the n servers can receive its corresponding key fragment. The above embodiment provides a basis for a plurality of servers to cooperatively generate the first key by using their own key shards. Because the generation of the first key can be realized only by collecting at least z key fragments in the n key fragments, even if individual servers in the n servers cannot operate due to faults, the whole data transmission process cannot be influenced.
In this embodiment, a data transmission method is provided, as shown in fig. 4, a specific flow of the data transmission method may include the following steps:
401. the second blockchain node sends key shard broadcast information to the first server.
The second block link node is a block link node corresponding to a user as a data holder, and the key fragment broadcast information is broadcast information including the key fragment and an identifier of a server corresponding to the key fragment. The number of the key fragment broadcast messages is n, and the n key fragment broadcast messages can be broadcast by the second blockchain node within the range of the n servers. Wherein n is a positive integer greater than or equal to 2. Please refer to the above steps 301 to 303, and the method for obtaining the key fragment is not described herein.
402. And the first server compares the server identity in the key fragment broadcast information with the identity of the first server.
403. If the two are consistent, the first server stores the key fragment in the key fragment broadcast information.
404. And if the two are not consistent, the first server discards the key fragment broadcast information.
The first server is any one of n servers. The first server can receive n different key fragment broadcast messages in total, and in order to judge whether the received key fragment broadcast messages correspond to the first server, the first server can obtain the server identity identifiers in the key fragment broadcast messages and compare the server identity identifiers with the identity identifiers of the first server. If the comparison between the two is consistent, it indicates that the key fragment broadcast information corresponds to itself, and therefore, the first server may store the key fragment in the key fragment broadcast information. If the comparison between the two is inconsistent, it indicates that the key fragment broadcast information does not correspond to the first server, and therefore, the first server may discard the key fragment broadcast information.
Any one of the n servers may obtain its corresponding key fragment through steps 402 to 404, so as to provide a basis for the multiple servers in the n servers to cooperatively generate the first key by using their key fragments.
405. The first blockchain node sends a ciphertext acquisition request to the first server.
The first blockchain node is a corresponding blockchain link node of a user as a data requester. The ciphertext obtaining request is a request for obtaining a re-encrypted ciphertext, and the re-encrypted ciphertext is a ciphertext which can be decrypted by a private key stored by the first block link point. The first block link point may send a ciphertext acquisition request to the first server in response to an operation instruction of a user as a data requester.
406. The first server responds to the ciphertext obtaining request, and if the number of the key fragments is not less than the preset number within the preset time period, a first key is generated according to the key fragments corresponding to the first server and the key fragments.
The preset time period may be a predefined time period, and the specific time length of the time period should not be construed as a limitation to the present application. The preset number is z-1, and the generation of the first key can be realized by receiving no less than z-1 key fragments, namely, no less than z key fragments are received together with the key fragments stored by the first server. Because each key fragment corresponds to a different server, the first key can be generated by receiving the key fragments respectively sent by not less than z-1 servers.
407. The first server obtains an original ciphertext and re-encrypts the original ciphertext by using the first key to obtain a re-encrypted ciphertext.
The original ciphertext is the ciphertext obtained by encrypting the information to be shared, the original ciphertext can be stored in the cloud server, and the hash value of the ciphertext is packed and linked up and recorded in the block data for data integrity verification; thus, the first server may obtain the original ciphertext from the cloud server. The specific manner in which the first server obtains the original ciphertext should not be construed as a limitation to the present application.
After obtaining the original ciphertext, the first server may process the original ciphertext using the first key generated in step 406, so as to obtain a re-encrypted ciphertext.
408. The first server sends the re-encrypted ciphertext to the first blockchain node.
409. The first block chain link point decrypts the re-encrypted ciphertext by using the private key corresponding to the first block chain link point.
The first server sends the re-encrypted ciphertext to the first block chain node, and the first block chain node can decrypt the re-encrypted ciphertext by using a private key corresponding to the first block chain node, so that original information to be shared is obtained.
In the above embodiment, the first server needs to receive the key fragments sent by no less than a preset number of servers within a preset time period to generate the first key, so that the first key is maintained by multiple servers together. Compared with the prior art, the security of the first secret key is improved, and therefore the stability of the whole data transmission method is improved.
In order to better implement the above method, embodiments of the present application further provide a data transmission apparatus, which may be specifically integrated in the first server. The server may be a single server or a server cluster composed of a plurality of servers.
For example, as shown in fig. 5, the data transmission device may include:
a ciphertext obtaining and receiving module 501, configured to receive a ciphertext obtaining request sent by a first block chain node;
a first key generation module 502, configured to, in response to the ciphertext acquisition request, generate a first key according to a key fragment corresponding to the first key generation module and key fragments not smaller than a preset number if key fragments not smaller than the preset number are received within a preset time period, where each key fragment in the key fragments in the preset number is sent by a corresponding server, and the first key includes public key information corresponding to the link point of the first block;
a re-encrypted ciphertext obtaining module 503, configured to obtain an original ciphertext, and re-encrypt the original ciphertext by using the first key to obtain a re-encrypted ciphertext;
a re-encrypted ciphertext sending module 504, configured to send the re-encrypted ciphertext to the first block link node, so that the first block link node decrypts the re-encrypted ciphertext by using a private key corresponding to the first block link node.
Optionally, the first key generating module 502 is specifically configured to, if receiving the key fragments sent by at least z-1 servers of the n servers, generate the first key according to the key fragments corresponding to the first key and the at least z-1 key fragments.
Optionally, the apparatus further comprises:
and the key discarding module is used for discarding all the key fragments received in the preset time period when the number of the received key fragments sent by the server in the preset time period is less than z-1.
Optionally, the apparatus further comprises:
the broadcast information interface module is used for receiving key fragment broadcast information sent by a second blockchain node, wherein the key fragment broadcast information comprises key fragments and server identity identifications corresponding to the key fragments;
the identity identification comparison module is used for comparing the server identity identification in the key fragment broadcast information with the identity identification of the server identity identification;
and the key fragment storage module is used for storing the key fragments in the key fragment broadcast information when the server identity in the key fragment broadcast information is consistent with the identity of the server identity.
Optionally, the apparatus further comprises:
and the key fragment discarding module is used for discarding the key fragment broadcast information when the server identity in the key fragment broadcast information is inconsistent with the identity of the server identity.
In order to better implement the above method, an embodiment of the present application further provides a data transmission apparatus, where the data transmission apparatus may be specifically integrated in the first blockchain node. The first block link point may be a terminal or a server, and the terminal may be a terminal device such as a smart phone, a tablet computer, a notebook computer, a touch screen, a game machine, a Personal computer, and a Personal Digital Assistant (PDA). The server may be a single server or a server cluster composed of a plurality of servers.
Referring to fig. 6, the apparatus includes:
a ciphertext obtaining and sending module 601, configured to send a ciphertext obtaining request to a first server of n servers, where n is a positive integer greater than or equal to 2, and the first server is any one of the n servers;
a re-encrypted ciphertext receiving module 602, configured to receive a re-encrypted ciphertext sent by the first server, and decrypt the re-encrypted ciphertext by using a private key corresponding to the re-encrypted ciphertext, where the re-encrypted ciphertext is obtained by re-encrypting, by the first server, the original ciphertext by using a first key, and the first key is generated by the first server according to a key fragment corresponding to the first server and at least z-1 received key fragments.
Optionally, the apparatus further comprises:
and a ciphertext request resending module, configured to send a ciphertext acquisition request to a second server of the n servers when the first server returns request failure information, where the second server is any one of the n servers except for the first server.
In order to better implement the above method, an embodiment of the present application further provides a data transmission apparatus, where the data transmission apparatus may be specifically integrated in the second blockchain node. The second block link point may be a terminal or a server, and the terminal may be a terminal device such as a smart phone, a tablet computer, a notebook computer, a touch screen, a game machine, a Personal computer, or a Personal Digital Assistant (PDA). The server may be a single server or a server cluster composed of a plurality of servers.
Referring to fig. 7, the apparatus includes:
a first ciphertext generating module 701, configured to generate a first key according to the user information corresponding to the second block link point and the user information corresponding to the first block link point, where the user information corresponding to the first block link point includes a public key corresponding to the first block link point;
a key splitting module 702, configured to split the first key into n key fragments, where each key fragment in the n key fragments has a server corresponding to the key fragment;
a key fragment broadcasting module 703, configured to broadcast each key fragment of the n key fragments and the identity of the server corresponding to the key fragment within a range of the n servers, so that each server of the n servers can receive its corresponding key fragment.
In a specific implementation, the above units may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and the specific implementation of the above units may refer to the foregoing method embodiments, which are not described herein again.
Correspondingly, the embodiment of the present application further provides a computer device, where the computer device may be a terminal or a server, and the terminal may be a terminal device such as a smart phone, a tablet computer, a notebook computer, a touch screen, a game machine, a Personal computer, and a Personal Digital Assistant (PDA).
As shown in fig. 8, fig. 8 is a schematic structural diagram of a computer device provided in the embodiment of the present application, where the computer device 800 includes a processor 801 having one or more processing cores, a memory 802 having one or more computer-readable storage media, and a computer program stored in the memory 802 and capable of running on the processor. The processor 801 is electrically connected to the memory 802. Those skilled in the art will appreciate that the computer device configurations illustrated in the figures are not meant to be limiting of computer devices and may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components.
The processor 801 is a control center of the computer apparatus 800, connects various parts of the entire computer apparatus 800 using various interfaces and lines, performs various functions of the computer apparatus 800 and processes data by running or loading software programs and/or modules stored in the memory 802, and calling data stored in the memory 802, thereby monitoring the computer apparatus 800 as a whole.
In the embodiment of the present application, the processor 801 in the computer device 800 loads instructions corresponding to processes of one or more application programs into the memory 802, and the processor 801 executes the application programs stored in the memory 802 according to the following steps, so as to implement various functions:
receiving a ciphertext acquisition request sent by a first block link node; responding to the ciphertext acquisition request, and if not less than a preset number of key fragments are received within a preset time period, generating a first key according to the key fragments corresponding to the key fragments and the key fragments not less than the preset number, wherein each key fragment in the preset number of key fragments is sent by a corresponding server, and the first key comprises public key information corresponding to the link point of the first block; acquiring an original ciphertext, and re-encrypting the original ciphertext by using the first key to obtain a re-encrypted ciphertext; and sending the re-encrypted ciphertext to the first block chain node, so that the first block chain node decrypts the re-encrypted ciphertext by using a private key corresponding to the first block chain node.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Optionally, as shown in fig. 8, the computer device 800 further includes: a touch display 803, a radio frequency circuit 804, an audio circuit 805, an input unit 806, and a power supply 807. The processor 801 is electrically connected to the touch display 803, the radio frequency circuit 804, the audio circuit 805, the input unit 806, and the power supply 807 respectively. Those skilled in the art will appreciate that the computer device configuration illustrated in FIG. 8 does not constitute a limitation of computer devices, and may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components.
The touch display screen 803 can be used for displaying a graphical user interface and receiving operation instructions generated by a user acting on the graphical user interface. The touch display 803 may include a display panel and a touch panel. The display panel may be used, among other things, to display information entered by or provided to a user and various graphical user interfaces of the computer device, which may be made up of graphics, text, icons, video, and any combination thereof. Alternatively, the Display panel may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. The touch panel may be used to collect touch operations of a user (for example, operations of the user on or near the touch panel by using a finger, a stylus pen, or any other suitable object or accessory) and generate corresponding operation instructions, and the operation instructions execute corresponding programs. Alternatively, the touch panel may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 801, and can receive and execute commands sent by the processor 801. The touch panel may overlay the display panel, and when the touch panel detects a touch operation thereon or nearby, the touch panel transmits the touch operation to the processor 801 to determine the type of the touch event, and then the processor 801 provides a corresponding visual output on the display panel according to the type of the touch event. In the embodiment of the present application, the touch panel and the display panel may be integrated into the touch display screen 803 to realize input and output functions. However, in some embodiments, the touch panel and the touch panel can be implemented as two separate components to perform the input and output functions. That is, the touch display 803 may also be used as a part of the input unit 806 to implement an input function.
The radio frequency circuit 804 may be used for transceiving radio frequency signals to establish wireless communication with a network device or other computer device through wireless communication, and to transceive signals with the network device or other computer device.
The audio circuit 805 may be used to provide an audio interface between a user and a computer device through speakers and microphones. The audio circuit 805 may transmit the electrical signal converted from the received audio data to a speaker, and convert the electrical signal into an audio signal for output; on the other hand, the microphone converts the collected sound signal into an electrical signal, which is received by the audio circuit 805 and converted into audio data, and the audio data is processed by the audio data output processor 801 and then transmitted to another computer device via the rf circuit 804, or the audio data is output to the memory 802 for further processing. The audio circuit 805 may also include an earbud jack to provide communication of peripheral headphones with the computer device.
The input unit 806 may be used to receive input numbers, character information, or user characteristic information (e.g., fingerprint, iris, facial information, etc.), and generate keyboard, mouse, joystick, optical, or trackball signal inputs related to user settings and function control.
The power supply 807 is used to power the various components of the computer device 800. Optionally, the power supply 807 may be logically connected to the processor 801 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system. The power supply 807 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.
Although not shown in fig. 8, the computer device 800 may further include a camera, a sensor, a wireless fidelity module, a bluetooth module, etc., which are not described in detail herein.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to the related descriptions of other embodiments.
As can be seen from the above, the computer device provided in this embodiment can implement the maintenance of the first key by multiple servers in common. Compared with the prior art, the security of the first secret key is improved, and therefore the stability of the whole data transmission method is improved.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor.
To this end, the present application provides a computer-readable storage medium, in which a plurality of computer programs are stored, and the computer programs can be loaded by a processor to execute the steps in any one of the data transmission methods provided in the embodiments of the present application. For example, the computer program may perform the steps of:
receiving a ciphertext acquisition request sent by a first block chain node; responding to the ciphertext acquisition request, and if not less than a preset number of key fragments are received within a preset time period, generating a first key according to the key fragments corresponding to the key fragments and the key fragments not less than the preset number, wherein each key fragment in the preset number of key fragments is sent by a corresponding server, and the first key comprises public key information corresponding to the link point of the first block; acquiring an original ciphertext, and re-encrypting the original ciphertext by using the first key to obtain a re-encrypted ciphertext; and sending the re-encrypted ciphertext to the first block chain node, so that the first block chain node decrypts the re-encrypted ciphertext by using a private key corresponding to the first block chain node.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Wherein the storage medium may include: read Only Memory (ROM), random Access Memory (RAM), magnetic or optical disks, and the like.
Since the computer program stored in the storage medium can execute the steps in any data transmission method provided in the embodiments of the present application, beneficial effects that can be achieved by any data transmission method provided in the embodiments of the present application can be achieved, for details, see the foregoing embodiments, and are not described herein again.
The data transmission method, the data transmission device, the data storage medium, and the computer device provided in the embodiments of the present application are described in detail above, and a specific example is applied in the present application to explain the principle and the implementation of the present application, and the description of the above embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for those skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (12)

1. A data transmission method, adapted for a first server, the method comprising:
receiving key fragment broadcast information sent by a second blockchain node, wherein the key fragment broadcast information comprises key fragments and server identity identifications corresponding to the key fragments;
comparing the server identity in the key fragment broadcast information with the identity of the server identity;
if the server identity in the key fragment broadcast information is consistent with the identity of the server identity, storing the key fragments in the key fragment broadcast information;
receiving a ciphertext acquisition request sent by a first block chain node;
responding to the ciphertext acquisition request, if key fragments not less than a preset number are received within a preset time period, generating a first key according to the key fragments corresponding to the key fragments and the key fragments not less than the preset number, wherein each key fragment in the key fragments in the preset number is sent by a corresponding server, and the first key comprises public key information corresponding to the chain links of the first block;
acquiring an original ciphertext, and re-encrypting the original ciphertext by using the first key to obtain a re-encrypted ciphertext;
and sending the re-encrypted ciphertext to the first block chain node, so that the first block chain node decrypts the re-encrypted ciphertext by using a private key corresponding to the first block chain node.
2. The method of claim 1, wherein the first server is any one of n servers, the predetermined number is z-1, n is a positive integer not less than 2, z is a positive integer not less than 2 and not more than n;
if the key fragments not less than the preset number are received in the preset time period, generating a first key according to the key fragments corresponding to the key fragments and the key fragments not less than the preset number, including:
and if the key fragments sent by at least z-1 servers in the n servers are received, generating a first key according to the key fragments corresponding to the first key fragments and the at least z-1 key fragments.
3. The method of claim 2, wherein after the receiving the ciphertext acquisition request sent by the first blockchain node, the method further comprises:
and if the number of the key fragments sent by the server in the preset time period is less than z-1, discarding all the key fragments received in the preset time period.
4. The method of claim 1, wherein after comparing the server identity in the key shard broadcast message with the identity of itself, the method further comprises:
and if the server identity in the key fragment broadcast information is inconsistent with the identity of the server identity, discarding the key fragment broadcast information.
5. A data transmission method, adapted for a first blockchain node, the method comprising:
sending a ciphertext acquisition request to a first server of n servers, wherein n is a positive integer greater than or equal to 2, and the first server is any one of the n servers;
receiving a re-encrypted ciphertext sent by the first server, and decrypting the re-encrypted ciphertext by using a private key corresponding to the re-encrypted ciphertext, wherein the re-encrypted ciphertext is obtained by the first server through re-encrypting an original ciphertext by using a first key, the first key is generated by the first server according to a key fragment corresponding to the first server and at least z-1 received key fragments, and z is a positive integer not less than 2 and not more than n;
the first server obtains the key fragment corresponding to the first server in the following manner: receiving key fragment broadcast information sent by a second block chain node, wherein the key fragment broadcast information comprises key fragments and server identity identifications corresponding to the key fragments; comparing the server identity in the key fragment broadcast information with the identity of the server identity; and if the server identity in the key fragment broadcast information is consistent with the identity of the server identity, storing the key fragment in the key fragment broadcast information.
6. The method of claim 5, wherein after sending the ciphertext acquisition request to the first of the n servers, the method further comprises:
and if the first server returns request failure information, sending a ciphertext acquisition request to a second server of the n servers, wherein the second server is any one of the n servers except the first server.
7. A data transmission method, adapted for a second blockchain node, the method comprising:
generating a first key according to the user information corresponding to the second block link point and the user information corresponding to the first block link point, wherein the user information corresponding to the first block link point comprises a public key corresponding to the first block link point;
splitting the first key into n key fragments, wherein each key fragment in the n key fragments has a server corresponding to the key fragment;
and broadcasting each key fragment in the n key fragments and the identity of the server corresponding to the key fragment in the range of the n servers so that each server in the n servers can receive the key fragment corresponding to the server.
8. A data transmission apparatus adapted for use with a first server, the apparatus comprising:
the broadcast information interface module is used for receiving key fragment broadcast information sent by a second blockchain node, wherein the key fragment broadcast information comprises key fragments and server identity identifications corresponding to the key fragments;
the identity identification comparison module is used for comparing the server identity identification in the key fragment broadcast information with the identity identification of the server identity identification;
the key fragment storage module is used for storing the key fragments in the key fragment broadcast information when the server identity in the key fragment broadcast information is consistent with the identity of the server identity;
the ciphertext acquisition receiving module is used for receiving a ciphertext acquisition request sent by the first block chain node;
a first key generation module, configured to respond to the ciphertext acquisition request, and if no less than a preset number of key fragments are received within a preset time period, generate a first key according to the key fragments corresponding to the first key generation module and the key fragments no less than the preset number of key fragments, where each key fragment in the preset number of key fragments is sent by a corresponding server, and the first key includes public key information corresponding to a link point of the first block;
the re-encrypted ciphertext acquisition module is used for acquiring an original ciphertext and re-encrypting the original ciphertext by using the first key to obtain a re-encrypted ciphertext;
and the re-encrypted ciphertext sending module is used for sending the re-encrypted ciphertext to the first block chain node so that the first block chain node decrypts the re-encrypted ciphertext by using a private key corresponding to the first block chain node.
9. A data transmission apparatus adapted for use in a first blockchain node, the apparatus comprising:
the ciphertext acquisition and transmission module is used for transmitting a ciphertext acquisition request to a first server of n servers, wherein n is a positive integer greater than or equal to 2, and the first server is any one of the n servers;
the re-encrypted ciphertext receiving module is used for receiving a re-encrypted ciphertext sent by the first server and decrypting the re-encrypted ciphertext by using a private key corresponding to the re-encrypted ciphertext, wherein the re-encrypted ciphertext is obtained by re-encrypting an original ciphertext by using a first key by the first server, and the first key is generated by the first server according to a key fragment corresponding to the re-encrypted ciphertext and at least z-1 received key fragments;
the first server obtains the key fragment corresponding to the first server in the following manner: receiving key fragment broadcast information sent by a second blockchain node, wherein the key fragment broadcast information comprises key fragments and server identity identifications corresponding to the key fragments; comparing the server identity in the key fragment broadcast information with the identity of the server identity; and if the server identity in the key fragment broadcast information is consistent with the identity of the server identity, storing the key fragment in the key fragment broadcast information.
10. A data transmission apparatus adapted for use in a second blockchain node, the apparatus comprising:
a first ciphertext generating module, configured to generate a first key according to the user information corresponding to the second block link point and the user information corresponding to the first block link point, where the user information corresponding to the first block link point includes a public key corresponding to the first block link point;
the key splitting module is used for splitting the first key into n key fragments, wherein each key fragment in the n key fragments has a server corresponding to the key fragment;
and the key fragment broadcasting module is used for broadcasting each key fragment in the n key fragments and the identity of the server corresponding to the key fragment in the range of the n servers so that each server in the n servers can receive the key fragment corresponding to the server.
11. A computer device comprising a processor and a memory, the memory storing a plurality of instructions; the processor loads instructions from the memory to perform the steps in the data transmission method according to any one of claims 1 to 7.
12. A computer readable storage medium storing instructions adapted to be loaded by a processor to perform the steps of the data transmission method according to any one of claims 1 to 7.
CN202110758623.5A 2021-07-05 2021-07-05 Data transmission method and device, computer equipment and storage medium Active CN113434905B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110758623.5A CN113434905B (en) 2021-07-05 2021-07-05 Data transmission method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110758623.5A CN113434905B (en) 2021-07-05 2021-07-05 Data transmission method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113434905A CN113434905A (en) 2021-09-24
CN113434905B true CN113434905B (en) 2022-11-15

Family

ID=77759152

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110758623.5A Active CN113434905B (en) 2021-07-05 2021-07-05 Data transmission method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113434905B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113922969B (en) * 2021-10-27 2025-01-10 杭州弦冰科技有限公司 Intel SGX trusted service cluster deployment implementation method, system and electronic device
CN115310132B (en) * 2022-08-25 2023-04-25 北京华宜信科技有限公司 Data identity identification and data fragmentation method and device
CN117040936B (en) * 2023-10-10 2024-02-02 北京市农林科学院信息技术研究中心 Data sharing method, device, electronic equipment and medium
CN118984224A (en) * 2024-09-19 2024-11-19 浙江万有码力网络科技有限公司 End-to-end encrypted data transmission and privacy security protection method

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7257844B2 (en) * 2001-07-31 2007-08-14 Marvell International Ltd. System and method for enhanced piracy protection in a wireless personal communication device
CN101820621A (en) * 2010-01-14 2010-09-01 北京科技大学 Key updating method based on local information collaboration
US10789373B2 (en) * 2011-10-31 2020-09-29 Reid Consulting Group, Inc. System and method for securely storing and sharing information
CN103595793B (en) * 2013-11-13 2017-01-25 华中科技大学 Cloud data safe deleting system and method without support of trusted third party
US10033702B2 (en) * 2015-08-05 2018-07-24 Intralinks, Inc. Systems and methods of secure data exchange
CN105227566A (en) * 2015-10-16 2016-01-06 中国联合网络通信集团有限公司 Cipher key processing method, key handling device and key handling system
US10411907B2 (en) * 2017-01-25 2019-09-10 Salesforce.Com, Inc. Secure remote user authentication leveraging public key cryptography and key splitting
CN107623569A (en) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 Block chain key escrow and restoration methods, device based on Secret sharing techniques
US11483306B2 (en) * 2018-03-26 2022-10-25 Matrics2, Inc. Secure communication with random numbers
CN109150968B (en) * 2018-07-13 2021-09-14 上海大学 Block chain distributed storage method based on secret sharing
CN111294379B (en) * 2018-12-10 2022-06-07 北京沃东天骏信息技术有限公司 Block chain network service platform, authority hosting method thereof and storage medium
CN110069949A (en) * 2019-04-19 2019-07-30 浙江鲸腾网络科技有限公司 A kind of electronic contract signature method, apparatus, equipment and medium
US11418340B2 (en) * 2019-10-11 2022-08-16 Atakama LLC Waterfall request for decryption
CN111222155A (en) * 2020-01-08 2020-06-02 湖南智慧政务区块链科技有限公司 Method and system for combining re-encryption and block link
CN111314067B (en) * 2020-02-05 2021-04-16 腾讯科技(深圳)有限公司 Block storage method and device, computer equipment and storage medium
CN111427897A (en) * 2020-03-13 2020-07-17 安徽高山科技有限公司 Data storage management method on block chain
CN111835512B (en) * 2020-07-13 2023-01-31 杭州时戳信息科技有限公司 Private key fragment management method, signature fragment generation method, system and node equipment
CN111934889B (en) * 2020-10-13 2021-02-26 百度在线网络技术(北京)有限公司 Key generation method, signature and signature verification method, device, equipment and medium
CN112468297B (en) * 2020-11-30 2022-10-18 中国工商银行股份有限公司 Key backup method and device based on block chain
CN112737777B (en) * 2020-12-29 2023-01-10 北京百度网讯科技有限公司 Threshold signature and signature verification method, device, equipment and medium based on secret key
CN112383389B (en) * 2021-01-08 2021-04-20 深圳索信达数据技术有限公司 Block chain random number generation method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种基于区块链的分布式公钥管理方案研究;刘敬浩等;《信息网络安全》;20180810(第08期);全文 *
安全高效的分布式加密存储系统设计(英文);杨晓元等;《中国通信》;20110315(第02期);全文 *

Also Published As

Publication number Publication date
CN113434905A (en) 2021-09-24

Similar Documents

Publication Publication Date Title
CN106686008B (en) Information storage means and device
CN113434905B (en) Data transmission method and device, computer equipment and storage medium
CN111193695B (en) Encryption method and device for third party account login and storage medium
CN110266480B (en) Data transmission method, device and storage medium
CN106850220B (en) Data encryption method, data decryption method and device
CN111600710B (en) Key storage method, device, terminal, server and readable medium
WO2018014723A1 (en) Key management method, apparatus, device and system
US12381728B2 (en) Accessory assisted account recovery
CN110417543B (en) Data encryption method, device and storage medium
CN109379772B (en) Network channel switching method, device, equipment and storage medium
CN107154935B (en) Service request method and device
CN112019541B (en) Data transmission method and device, computer equipment and storage medium
US10454905B2 (en) Method and apparatus for encrypting and decrypting picture, and device
CN106845177A (en) Cipher management method and system
EP4030802A1 (en) Method and apparatus for managing subscription data
CN113434904A (en) Data processing method and device, computer equipment and storage medium
CN114553612B (en) Data encryption and decryption method and device, storage medium and electronic equipment
CN107872315B (en) Data processing method and intelligent terminal
US20170359172A1 (en) Security for monitoring and detection systems
US20240356760A1 (en) Network communication method and apparatus, computer device, and storage medium
CN109257630B (en) Data transmission system, method, device and storage medium in video-on-demand
CN114389825B (en) Data communication method based on block chain and related device
CN119853935A (en) Data transmission method, device, storage medium and equipment
CN108880787B (en) Information key processing method and related equipment
CN114793178A (en) Network distribution method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant