[go: up one dir, main page]

CN120234813A - File generation method, device, server and storage medium - Google Patents

File generation method, device, server and storage medium Download PDF

Info

Publication number
CN120234813A
CN120234813A CN202311851261.XA CN202311851261A CN120234813A CN 120234813 A CN120234813 A CN 120234813A CN 202311851261 A CN202311851261 A CN 202311851261A CN 120234813 A CN120234813 A CN 120234813A
Authority
CN
China
Prior art keywords
server
bmc
file
update file
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311851261.XA
Other languages
Chinese (zh)
Inventor
刘育逢
王卫钢
余新来
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongke Sugon Information Industry Chengdu Co ltd
Dawning Information Industry Beijing Co Ltd
Dawning Information Industry Co Ltd
Original Assignee
Zhongke Sugon Information Industry Chengdu Co ltd
Dawning Information Industry Beijing Co Ltd
Dawning Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongke Sugon Information Industry Chengdu Co ltd, Dawning Information Industry Beijing Co Ltd, Dawning Information Industry Co Ltd filed Critical Zhongke Sugon Information Industry Chengdu Co ltd
Priority to CN202311851261.XA priority Critical patent/CN120234813A/en
Publication of CN120234813A publication Critical patent/CN120234813A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本申请涉及一种文件生成方法、装置、服务器和存储介质。所述方法包括:根据第一服务器的文件证书和基板管理控制器BMC原始更新文件,生成第一服务器的初始BMC更新文件;第一服务器为待更新BMC固件所在的服务器;根据预设的对称密钥对初始BMC更新文件进行加密,得到加密后的BMC更新文件;对称密钥为第一服务器预先生成的;根据预先生成的第一非对称密钥的第一私钥对加密后的BMC更新文件进行加密,得到第一服务器的BMC更新文件。采用本方法能够提高BMC更新文件的安全性。

The present application relates to a file generation method, device, server and storage medium. The method comprises: generating an initial BMC update file of the first server according to a file certificate of the first server and an original update file of a baseboard management controller BMC; the first server is a server where the BMC firmware to be updated is located; encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file; the symmetric key is pre-generated by the first server; encrypting the encrypted BMC update file according to a first private key of a pre-generated first asymmetric key to obtain a BMC update file of the first server. The use of this method can improve the security of BMC update files.

Description

File generation method, device, server and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, a server, and a storage medium for generating a file.
Background
The baseboard management controller (Baseboard Management Control, BMC) is an important firmware in the server, and the BMC is responsible for monitoring the running status of the whole server, so that in order to ensure the normal running of the server, the BMC needs to be updated in time.
In the conventional technology, a server to be updated BMC acquires a BMC update file from a server managing the BMC, and updates the BMC file to be updated by using the BMC update file.
However, the security of the obtained BMC update file in the conventional technology is low, and updating the BMC firmware to be updated by using the BMC update file may pose a security threat to the running environment of the server.
Disclosure of Invention
In view of the above, it is desirable to provide a file generation method, device, server, and storage medium that can improve the security of a BMC update file.
In a first aspect, the present application provides a file generating method, the method including:
Generating an initial BMC update file of a first server according to a file certificate of the first server and an original update file of a baseboard management controller BMC, wherein the first server is the server where BMC firmware to be updated is located;
Encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is generated in advance by the first server;
And encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
In one embodiment, the generating the initial BMC update file of the first server according to the file certificate of the first server and the baseboard management controller BMC original update file includes:
signing the BMC original updated file according to a second private key which is generated in advance to obtain a BMC signed file;
Writing the file certificate into the BMC signature file to generate the initial BMC updating file.
In one embodiment, the signing processing is performed on the BMC original update file according to a second private key generated in advance to obtain a BMC signature file, including:
According to the header information of the BMC original update file, calculating a hash value of a region to be signed of the BMC update file;
And signing the hash value of the to-be-signed area by using a preset signing algorithm and the second private key to obtain the BMC signature file.
In one embodiment, the method further comprises:
And generating a second asymmetric key according to a preset key generation algorithm, and acquiring the second private key.
In one embodiment, the method further comprises:
the method comprises the steps of sending a CPU certificate generation request of a first server to a second server, wherein the second server is a server for managing a CPU of the first server;
And receiving the file certificate generated by the second server in response to the certificate generation request, wherein the file certificate is generated by the second server according to the second public key.
In one embodiment, the method further comprises:
transmitting a first public key of the first asymmetric key to the first server;
receiving an encrypted symmetric key sent by the first server, wherein the encrypted symmetric key is obtained by encrypting a symmetric key generated in advance by the first server according to the first public key;
and decrypting the encrypted symmetric key according to the first private key to obtain the symmetric key.
In one embodiment, the method further comprises:
Receiving a file acquisition request sent by a first server;
and responding to the file acquisition request, and sending the BMC update file to the first server so that the first server updates the BMC firmware to be updated according to the BMC update file.
In a second aspect, the present application further provides a file generating apparatus, including:
The system comprises a generation module, a management controller (BMC) and a base plate management controller (BMC), wherein the generation module is used for generating an initial BMC update file of a first server according to a file certificate of the first server and an original BMC update file of the BMC;
The first encryption module is used for encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is generated in advance by the first server;
And the second encryption module is used for encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
In a third aspect, the present application also provides a computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
Generating an initial BMC update file of a first server according to a file certificate of the first server and an original update file of a baseboard management controller BMC, wherein the first server is the server where BMC firmware to be updated is located;
Encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is generated in advance by the first server;
And encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
In a fourth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
Generating an initial BMC update file of a first server according to a file certificate of the first server and an original update file of a baseboard management controller BMC, wherein the first server is the server where BMC firmware to be updated is located;
Encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is generated in advance by the first server;
And encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
In a fifth aspect, the application also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of:
Generating an initial BMC update file of a first server according to a file certificate of the first server and an original update file of a baseboard management controller BMC, wherein the first server is the server where BMC firmware to be updated is located;
Encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is generated in advance by the first server;
And encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
According to the file generation method, the device, the server and the storage medium, the first server is the server where the BMC firmware to be updated is located, the initial BMC update file of the first server is generated according to the file certificate of the first server and the BMC original update file, namely, the BMC original update file is subjected to first re-encryption according to the file certificate of the first server, then the initial BMC update file is encrypted according to the preset symmetric key, the encrypted BMC update file is obtained, namely, the initial BMC file is subjected to second re-encryption, further, the encrypted BMC update file of the first server is obtained by encrypting the first private key of the first asymmetric key which is generated in advance, namely, the BMC update file subjected to third re-encryption is subjected to the BMC update file which is obtained through triple encryption, the symmetric key is generated in advance by the first server, the initial update file is encrypted by the symmetric key, and the security of data transmission between the target server and the first server is improved, and therefore the security of the BMC update file is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the drawings that are required to be used in the embodiments or the related technical descriptions will be briefly described, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.
FIG. 1 is an application environment diagram of a file generation method in one embodiment;
FIG. 2 is a flow diagram of a file generation method in one embodiment;
FIG. 3 is a flow chart of a file generation method according to another embodiment;
FIG. 4 is a flow chart of a file generation method according to another embodiment;
FIG. 5 is a flow chart of a file generation method according to another embodiment;
FIG. 6 is a flow chart of a file generation method according to another embodiment;
FIG. 7 is a flow chart of a method of file generation in another embodiment;
FIG. 8 is a flow chart of a file generation method according to another embodiment;
FIG. 9 is a block diagram showing the structure of a file generating apparatus according to one embodiment;
FIG. 10 is a block diagram showing the structure of a file generating apparatus according to another embodiment;
FIG. 11 is a block diagram showing the structure of a file generating apparatus according to another embodiment;
FIG. 12 is a block diagram showing the structure of a file generating apparatus according to another embodiment;
FIG. 13 is a block diagram showing the structure of a file generating apparatus according to another embodiment;
FIG. 14 is a block diagram showing the structure of a file generating apparatus according to another embodiment;
fig. 15 is an internal structural view of a computer device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
In the conventional technology, when updating the baseboard management controller (Board Management Controller, BMC) firmware of a server, a user inputs an account number and a password corresponding to the server in a web page updated by the BMC firmware, and when the input account number is valid and the account number and the password are successfully matched, a BMC update file capable of being used for updating the BMC firmware is displayed to the user in the web page, and the user can trigger a BMC update file acquisition request in the web page to store the BMC update file in the server, so that the BMC firmware in the server is updated by calling the BMC update file, or the server can acquire the BMC update file from the server managing the BMC and update the BMC firmware in the server by calling the BMC update file. However, the security of the update file of the BMC obtained in the conventional technology cannot be ensured, and when the BMC firmware of the server is updated by using the BMC update file with lower security, there is a problem that security threat may be caused to the running environment of the server.
The file generation method provided by the embodiment of the application can be applied to an application environment shown in figure 1. Wherein the target server 102 may manage the BMC of the first server 103, the second server 104 may manage the CPU of the first server 103, i.e., the target server 102 may be a producer server of the BMC in the first server 103, and the second server 104 may be a producer server of the CPU in the first server, wherein the target server 102 communicates with the first server 103 via a network, and the target server 102 communicates with the second server 104 via the network. The target server 102, the first server 103, and the second server 104 may each be implemented as a separate server or as a server cluster composed of a plurality of servers.
In one embodiment, as shown in fig. 2, a file generating method is provided, and the method is applied to the target server in fig. 1, for illustration, the method includes:
S201, generating an initial BMC update file of a first server according to a file certificate of the first server and an original update file of a baseboard management controller BMC, wherein the first server is the server where the BMC firmware to be updated is located.
The first server is a server which needs to update BMC firmware.
In this embodiment, a second server of a generator that manages a central processing unit (Central Processing Unit, CPU) of the first server may generate a file certificate of the first server in advance and transmit the generated file certificate to a target server. In this embodiment, since the file certificate of the first server is a file certificate of the CPU of the first server, the file certificate may carry information of the CPU of the first server, and further, when the target server generates an initial BMC update file of the first server, the received file certificate of the first server may be carried in an original update file of the baseboard management controller (Board Management Controller, BMC), to generate an initial BMC update file of the first server, and the corresponding relationship between the generated initial BMC update file and the first server is reflected by the file certificate of the first server in the initial BMC update file of the first server.
As an optional implementation manner, the target server may parse the file certificate of the first server to obtain a public key in the file certificate, so as to encrypt the BMC original update file by using the public key, and use the encrypted BMC original update file as the initial BMC update file of the first server.
S202, encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is pre-generated by a first server.
Alternatively, in this embodiment, the first server may generate the symmetric key in advance according to a preset symmetric key generation algorithm, and the target server may send a key acquisition request to the first server, and the first server sends the generated symmetric key to the target server in response to the key acquisition request.
Further, in the process of generating the BMC update file of the first server, the target server may encrypt the initial BMC update file by using the received symmetric key generated in advance by the first server, so as to obtain an encrypted BMC update file. It can be understood that, because the target server encrypts the initial BMC update file by using the symmetric key generated in advance by the first server, the corresponding relationship between the obtained encrypted BMC update file and the first server can be ensured, that is, the encrypted BMC update file can only be decrypted by using the symmetric key generated by the first server when decrypting the encrypted BMC update file, thereby ensuring the security of the encrypted BMC update file.
And S203, encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
In this embodiment, the target server may generate a first asymmetric key in advance according to a preset key generation algorithm, where the first asymmetric key includes a first public key and a first private key, and store the first private key in the first asymmetric key in its own memory, and send the first public key of the first asymmetric key to the first server.
Further, in this embodiment, the target server may encrypt the encrypted BMC update file again according to the first private key, to obtain the BMC update file of the first server.
It can be understood that, because the target server sends the first public key of the first asymmetric key to the first server in advance, after the first server receives the BMC update file of itself, the first public key of the received first asymmetric key can be used to perform security verification on the obtained BMC update file, so as to ensure security of the obtained BMC update file of the first server, and avoid the problem of security of the first server caused by the BMC update file in the case that the received BMC update file is generated by other servers.
In the file generation method, the first server is the server where the BMC firmware to be updated is located, the initial BMC update file of the first server is generated according to the file certificate of the first server and the BMC original update file, namely, the BMC original update file is first re-encrypted according to the file certificate of the first server, then the initial BMC update file is encrypted according to the preset symmetric key, the encrypted BMC update file is obtained, namely, the initial BMC file is second re-encrypted, further, the encrypted BMC update file is encrypted according to the first private key of the first asymmetric key which is generated in advance, the BMC update file of the first server is obtained, namely, the BMC update file which is encrypted is third re-encrypted, the BMC update file obtained through triple encryption is higher in security, the symmetric key is generated in advance for the first server, the initial BMC update file is encrypted by the symmetric key, and the security of data transmission between the target server and the first server is improved, and therefore the security of the BMC update file is further improved.
In the scenario of generating the initial BMC update file of the first server according to the file certificate of the first server and the baseboard management controller BMC original update file, the initial BMC update file of the first server may be signed, and then the file certificate of the first server is written into the BMC signature file, so as to obtain the initial BMC update file of the first server. In one embodiment, as shown in fig. 3, S201 includes:
s301, signing the BMC original updated file according to a second private key generated in advance to obtain a BMC signed file.
Optionally, in this embodiment, the target server may generate a second asymmetric key according to a preset key generation algorithm, where the second asymmetric key includes a second public key and a second private key, and further, the target server may perform signature processing on the generated BMC original update file according to the second private key to obtain a BMC signature file.
Optionally, in this embodiment, the target server may sign the BMC original update file according to the second private key and a preset signing method, to obtain a BMC signature file. By way of example, the pre-set signature methods may include a message digest Algorithm (MESSAGE DIGEST Algorithm MD5, MD 5), a secure hash Algorithm (Secure Hash Algorithm, SHA-1), and the like.
S302, writing the file certificate into a BMC signature file to generate an initial BMC update file.
In this embodiment, after signing the original update file of the BMC to obtain the BMC signed file, the target server may write the file certificate of the first server into the obtained BMC signed file, so that the BMC signed file carries the file certificate of the first server, thereby generating the initial BMC update file of the first server.
In the embodiment, the target server performs signature processing on the BMC original update file according to the second private key, the process of obtaining the BMC signature file is simpler, and the BMC signature file of the first server can be obtained relatively quickly, so that the efficiency of writing the file certificate of the first server into the BMC signature file is improved, the target server is ensured to be capable of timely generating the initial BMC update file of the first server, and in addition, the generated file certificate with the first server written in the initial BMC update file of the first server is ensured, the corresponding relation between the generated initial BMC update file of the first server and the first server is ensured, and the accuracy of the generated initial BMC update file of the first server is ensured.
The detailed process of signing the BMC original update file by the target server according to the pre-generated second private key to obtain the BMC signed file will be explained below. In one embodiment, as shown in fig. 4, S301 includes:
S401, calculating a hash value of a region to be signed of the BMC update file according to header information of the BMC original update file.
The header information of the BMC original update file may include an offset address and a size of a region to be signed of the BMC original update file. It will be understood that the hash value is a value obtained by mapping input data with any length to output data with a fixed length, and given one input data, the hash value corresponding to the input data is unique and does not change with time, place, environment, etc., that is, the hash value of the area to be signed is a value with a fixed format.
In this embodiment, a hash algorithm may be used to calculate the offset address and the size of the to-be-signed area of the BMC original update file, so as to obtain the hash value of the to-be-signed area of the BMC original update file. Optionally, the hash algorithm includes any one of a cryptographic hash function, a verification hash function, and a hash function.
As another optional implementation manner, the header information may further include attribute information of the BMC original update file, so that whether the BMC original update file needs to be signed or not may be determined according to the attribute information.
S402, signing the hash value of the area to be signed by using a preset signing algorithm and a second private key to obtain a BMC signature file.
In this embodiment, a preset signature algorithm and a second private key may be used to sign the hash value of the to-be-signed area in the to-be-signed area, so as to obtain the BMC signature file. Illustratively, the preset signature Algorithm may be a message digest Algorithm (MESSAGE DIGEST Algorithm MD5, MD 5), a secure hash Algorithm (Secure Hash Algorithm, SHA-1), or the like.
Optionally, the second asymmetric key corresponding to the BMC original update file may be read according to the identification information of the BMC original update file. The identification information of the BMC original update file may be used to characterize the type or purpose of the BMC original update file, where the second asymmetric keys corresponding to the BMC original update files of different types or purposes are different. The identification information of the BMC original updated file can be obtained through the information input by the user, so that a second asymmetric key corresponding to the BMC original updated file is determined according to the identification information of the BMC original updated file, and the BMC original updated file is signed by using a second private key in the determined second asymmetric key, so that a BMC signature file is obtained.
In this embodiment, according to header information of the original update file of the BMC, a hash value of the to-be-signed area is calculated, and then the hash value of the to-be-signed area is signed by using a preset signing algorithm and a private key corresponding to the public key, so as to obtain a BMC signature file, and improve security of the BMC signature file.
In the above scenario of generating the initial BMC update file of the first server according to the file certificate of the first server and the original update file of the baseboard management controller BMC, the target server needs to obtain the file certificate of the first server first, and in this embodiment, a process of obtaining the file certificate of the first server by the target server will be described in detail. In one embodiment, as shown in fig. 5, the method further includes:
s501, a CPU certificate generation request of the first server is sent to a second server, the second server is a server for managing a CPU of the first server, and the certificate generation request comprises a second public key of a second asymmetric key.
The second server is a server provided by a manufacturer of the CPU and used for managing the CPU, that is, in this embodiment, the second server is a server used for managing the CPU of the first server.
Optionally, in this embodiment, the target server generates a certificate generation request according to the second public key in the generated second asymmetric key and the user information of the target server, and sends the generated certificate request to the second server, so that after receiving the certificate generation request sent by the target server, the second server may first authenticate the identity of the target server based on the user information in the certificate generation request, and after the identity authentication of the target server passes, then respond to the certificate generation request to generate the file certificate of the CPU of the target server.
S502, receiving a file certificate generated by the second server in response to the certificate generation request, wherein the file certificate is generated by the second server according to the second public key.
In this embodiment, the second server may analyze the received certificate generation request to obtain the user information and the second public key, perform identity authentication according to the user information, generate an initial file certificate according to the second public key if the identity authentication passes, sign the initial file certificate according to the CPU private key of the first server, obtain the file certificate, and send the file certificate to the target server. It may be appreciated that, in this embodiment, if the identity of the second server to the target server is not authenticated, the second server may not respond to the certificate generation request.
Optionally, the user information may include identification information of the target server, the second server may include a pre-established database, the database includes identification information of a plurality of servers, if the preset database includes identification information of the target server, the identity authentication of the target server is determined to pass, and if the preset database does not include identification information of the target server, the identity authentication of the target server is determined to not pass.
In this embodiment, the second public key of the second asymmetric key pre-generated by the target server is included in the request for generating the CPU certificate of the first server sent by the target server to the second server, so that the second server can generate the file certificate of the first server based on the second public key included in the received request for the CPU certificate, the file certificate of the first server generated by the second server is generated based on the second public key generated by the target server, so that the security of the file certificate of the first server generated by the second server is ensured, and the target server can acquire the file certificate of the first server with higher security.
In the above scenario where the target server encrypts the initial BMC update file according to the symmetric key that is pre-generated by the first server, the target server needs to first obtain the symmetric key that is pre-generated by the first server. In one embodiment, as shown in fig. 6, the method further includes:
S601, a first public key of a first asymmetric key is sent to a first server.
In this embodiment, the target server may generate the first asymmetric key according to a preset key generation algorithm, and the target server may store the first private key of the first asymmetric key in its own memory, and send the first public key of the first asymmetric key to the first server through a communication connection with the first server, so that the first server stores the first public key in the memory of the first server.
Alternatively, the preset key generation algorithm may be an elliptic encryption algorithm (Elliptic curve cryptography, ECC), a knapsack algorithm, an ElGamal encryption algorithm, a RSA (RSA algorithm) encryption algorithm, or the like.
And S602, receiving an encrypted symmetric key sent by the first server, wherein the encrypted symmetric key is obtained by encrypting a symmetric key generated in advance by the first server according to the first public key.
In this embodiment, the first server may generate a symmetric key according to a preset symmetric key generation algorithm, and further, the first server may encrypt the generated symmetric key with the first public key to obtain an encrypted symmetric key, and send the encrypted symmetric key to the target server.
S603, decrypting the encrypted symmetric key according to the first private key to obtain the symmetric key.
In this embodiment, the target server may read the first private key of the first asymmetric key from a preset storage location, and because the read first private key corresponds to the first public key, the target server may decrypt the encrypted symmetric key with the read first private key to obtain the symmetric key.
In this embodiment, the target server sends the first public key of the first asymmetric key generated in advance to the first server, so that the first server can encrypt the symmetric key by using the first public key, thereby ensuring the transmission security of the first server sending the encrypted symmetric key to the target server, and further, the target server can decrypt the received encrypted symmetric key by using the first private key of the generated first asymmetric key, thereby obtaining the symmetric key generated by the first server, and ensuring the security of the target server obtaining the symmetric key of the first server.
In some scenarios, when the first server needs to update its own BMC firmware, a file acquisition request may be sent to the target server to acquire a BMC update file of the first server, so as to update the BMC firmware. In one embodiment, as shown in fig. 7, the method further includes:
S701, receiving a file acquisition request sent by a first server.
In this embodiment, when the BMC firmware of the first server itself fails, or the BMC firmware of the first server needs to be updated, the first server may generate a file acquisition request of the BMC firmware to be updated, and because the first server and the target server may communicate through a network, the target server may receive the file acquisition request sent by the first server based on network communication with the first server.
S702, responding to a file acquisition request, and sending a BMC update file to a first server so that the first server updates BMC firmware to be updated according to the BMC update file.
Optionally, in this embodiment, the target server may determine, based on the identifier in the file acquisition request, the identifier of the BMC of the first server in response to the acquisition request sent by the first server, so as to determine a BMC update file corresponding to the BMC firmware of the first server, and send the determined BMC update file of the first server to the first server.
In this embodiment, it may be understood that, the BMC update file of the first server is obtained by re-encrypting the initial BMC update file of the first server based on the symmetric key generated in advance by the first server, and then double-encrypting the encrypted BMC update file according to the first private key of the first asymmetric key generated in advance by the first server, so that, as an optional implementation manner, after the first server receives the BMC update file sent by the target server, the first server may verify the BMC update file according to the received first public key, in the case that the BMC update file is verified, decrypt the BMC update file according to the symmetric key generated by the first server, to obtain a decrypted BMC update file, further, the first server may parse the BMC update file after decryption, obtain a file certificate and a file signature of the decrypted BMC update file, and call a secure interface to obtain a root public key of a CPU of the first server, verify the validity of the file by using the root public key of the CPU, verify the validity of the file in the case that the file passes through the received first public key, verify the validity of the update file in the case that the update file passes through the received public key, and verify the validity of the BMC update file is verified by the second key, and verify the validity of the update file in the case that the update file passes through the update file.
It can be understood that the principle of verifying the validity of the file certificate by using the root public key of the CPU may be that, because the file certificate includes the private key signature of the CPU of the first server, when the root public key of the CPU of the first server and the private key signature of the CPU in the file certificate form a pair of key pairs, the first server may determine that the validity of the file certificate passes through verification, and when the root public key of the CPU of the first server and the private key signature of the CPU in the file certificate do not have a corresponding relationship, the first server may determine that the validity of the file certificate does not pass through verification.
Further, the principle of verifying the validity of the file signature by using the second public key in the file certificate may be that the file signature of the BMC update file is a signature generated according to the second private key generated by the target server, and in the case that the validity verification of the file certificate is passed, since the file certificate is generated according to the second public key, the first server may perform validity verification on the file signature of the BMC update file according to the second public key in the file certificate, when the correspondence between the second private key corresponding to the file signature of the BMC update file and the second public key of the file certificate is a preset key correspondence, the first server may determine that the validity verification of the file signature of the BMC update file is passed, that is, the validity verification of the BMC update file is passed, and when the second private key corresponding to the file signature of the BMC update file and the second public key of the file certificate cannot be matched, the first server may determine that the validity verification of the file signature of the BMC update file is failed, and the validity verification of the BMC update file is failed.
In this embodiment, the target server receives the file acquisition request sent by the first server, and can send the BMC update file of the first server to the first server in response to the received file acquisition request, so that the first server can update the BMC firmware to be updated of the first server according to the received BMC update file, thereby ensuring timeliness of updating the BMC firmware of the first server.
One embodiment of the present disclosure is described below in connection with a particular file generation scenario, as shown in FIG. 8, the method comprising the steps of:
s1, generating a first asymmetric key and a second asymmetric key according to a preset key generation algorithm.
S2, sending a CPU certificate generation request to a second server, wherein the second server is a server for managing the CPU of the first server, and the CPU certificate generation request comprises a second public key of a second asymmetric key.
And S3, receiving a file certificate generated by the second server in response to the certificate generation request, wherein the file certificate is generated by the second server according to the second public key.
S4, a first public key of the first asymmetric key is sent to a first server;
and S5, receiving an encrypted symmetric key sent by the first server, wherein the encrypted symmetric key is obtained by encrypting a symmetric key which is generated in advance by the first server according to the first public key.
S6, decrypting the encrypted symmetric key according to the first private key to obtain the symmetric key.
S7, calculating the hash value of the to-be-signed area of the BMC updating file according to the header information of the BMC original updating file.
And S8, signing the hash value of the area to be signed by using a preset signing algorithm and a second private key to obtain a BMC signature file.
And S9, writing the file certificate into a BMC signature file to generate an initial BMC update file, wherein the first server is the server where the BMC firmware to be updated is located.
S10, encrypting the initial BMC update file according to the symmetric key to obtain the encrypted BMC update file.
And S11, encrypting the encrypted BMC update file according to the first private key of the first asymmetric key to obtain the BMC update file of the first server.
S12, receiving a file acquisition request sent by the first server.
And S13, responding to the file acquisition request, and sending the BMC update file to the first server so that the first server updates the BMC firmware to be updated according to the BMC update file.
In the file generation method, the first server is the server where the BMC firmware to be updated is located, the initial BMC update file of the first server is generated according to the file certificate of the first server and the BMC original update file, namely, the BMC original update file is first re-encrypted according to the file certificate of the first server, then the initial BMC update file is encrypted according to the preset symmetric key, the encrypted BMC update file is obtained, namely, the initial BMC file is second re-encrypted, further, the encrypted BMC update file is encrypted according to the first private key of the first asymmetric key which is generated in advance, the BMC update file of the first server is obtained, namely, the BMC update file which is encrypted is third re-encrypted, the BMC update file obtained through triple encryption is higher in security, the symmetric key is generated in advance for the first server, the initial BMC update file is encrypted by the symmetric key, and the security of data transmission between the target server and the first server is improved, and therefore the security of the BMC update file is further improved.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a file generating device for realizing the file generating method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of the file generating device or devices provided below may refer to the limitation of the file generating method hereinabove, and will not be repeated herein.
In one embodiment, as shown in FIG. 9, there is provided a file generating apparatus including an updating module 10, a first encrypting module 11, and a second encrypting module 12, wherein:
The generating module 10 is configured to generate an initial BMC update file of the first server according to the file certificate of the first server and the original update file of the baseboard management controller BMC, where the first server is a server where the BMC firmware to be updated is located.
The first encryption module 11 is configured to encrypt the initial BMC update file according to a preset symmetric key, to obtain an encrypted BMC update file, where the symmetric key is pre-generated by the first server.
The second encryption module 12 is configured to encrypt the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance, so as to obtain a BMC update file of the first server.
The file generating apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, as shown in fig. 10, the generating module 10 includes a processing unit 101 and a generating unit 102, where:
The processing unit 101 is configured to perform signature processing on the BMC original update file according to a second private key that is generated in advance, so as to obtain a BMC signature file.
The generating unit 102 is configured to write the file certificate into the BMC signature file, and generate an initial BMC update file.
The file generating apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, the processing unit 101 is configured to calculate a hash value of a to-be-signed area of the BMC update file according to header information of the BMC original update file, and sign the hash value of the to-be-signed area by using a preset signing algorithm and a second private key to obtain a BMC signature file.
The file generating apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, as shown in fig. 11, the generating module 10 further includes an obtaining unit 103, configured to generate a second asymmetric key according to a preset key generating algorithm, and obtain a second private key.
The file generating apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, as shown in fig. 12, the generating module 10 further includes a transmitting unit 104 and a receiving unit 105, where:
The sending unit 104 is configured to send a CPU certificate generation request of the central processing unit of the first server to a second server, where the second server is a server for managing a CPU of the first server, and the CPU certificate generation request includes a second public key of the second asymmetric key.
And a receiving unit 105, configured to receive a file certificate generated by the second server in response to the certificate generation request, where the file certificate is generated by the second server according to the second public key.
The file generating apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, as shown in fig. 13, the file generating apparatus further includes a first sending module 13, a first receiving module 14, and a decrypting module 15, where:
A first sending module 13, configured to send the first public key of the first asymmetric key to the first server.
The first receiving module 14 is configured to receive an encrypted symmetric key sent by the first server, where the encrypted symmetric key is obtained by encrypting, by the first server, a symmetric key that is generated in advance according to the first public key.
The decryption module 15 is configured to decrypt the encrypted symmetric key according to the first private key to obtain the symmetric key.
The file generating apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, as shown in fig. 14, the file generating apparatus further includes a second receiving module 16 and a second transmitting module 17, wherein:
The second receiving module 16 is configured to receive a file acquisition request sent by the first server.
The second sending module 17 is configured to send a BMC update file to the first server in response to the file acquisition request, so that the first server updates the BMC firmware to be updated according to the BMC update file.
The file generating apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
The respective modules in the above-described file generating apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 15. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing file generation data. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a file generation method.
It will be appreciated by those skilled in the art that the structure shown in fig. 15 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements are applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:
generating an initial BMC update file of the first server according to a file certificate of the first server and an original update file of a baseboard management controller BMC;
Encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is pre-generated by a first server;
and encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
In one embodiment, the processor when executing the computer program further performs the steps of:
signing the BMC original updated file according to a second private key which is generated in advance to obtain a BMC signed file;
writing the file certificate into the BMC signature file to generate an initial BMC update file.
In one embodiment, the processor when executing the computer program further performs the steps of:
according to the header information of the BMC original updated file, calculating a hash value of a to-be-signed area of the BMC updated file;
And signing the hash value of the area to be signed by using a preset signing algorithm and a second private key to obtain a BMC signature file.
In one embodiment, the processor when executing the computer program further performs the steps of:
and generating a second asymmetric key according to a preset key generation algorithm, and acquiring a second private key.
In one embodiment, the processor when executing the computer program further performs the steps of:
The method comprises the steps of sending a CPU certificate generation request of a central processing unit of a first server to a second server, wherein the second server is a server for managing a CPU of the first server;
and receiving a file certificate generated by the second server in response to the certificate generation request, wherein the file certificate is generated by the second server according to the second public key.
In one embodiment, the processor when executing the computer program further performs the steps of:
transmitting a first public key of the first asymmetric key to a first server;
Receiving an encrypted symmetric key sent by a first server, wherein the encrypted symmetric key is obtained by encrypting a symmetric key generated in advance by the first server according to a first public key;
and decrypting the encrypted symmetric key according to the first private key to obtain the symmetric key.
In one embodiment, the processor when executing the computer program further performs the steps of:
Receiving a file acquisition request sent by a first server;
And responding to the file acquisition request, and sending the BMC update file to the first server so that the first server updates the BMC firmware to be updated according to the BMC update file.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
generating an initial BMC update file of the first server according to a file certificate of the first server and an original update file of a baseboard management controller BMC;
Encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is pre-generated by a first server;
and encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
In one embodiment, the computer program when executed by the processor further performs the steps of:
signing the BMC original updated file according to a second private key which is generated in advance to obtain a BMC signed file;
writing the file certificate into the BMC signature file to generate an initial BMC update file.
In one embodiment, the computer program when executed by the processor further performs the steps of:
according to the header information of the BMC original updated file, calculating a hash value of a to-be-signed area of the BMC updated file;
And signing the hash value of the area to be signed by using a preset signing algorithm and a second private key to obtain a BMC signature file.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and generating a second asymmetric key according to a preset key generation algorithm, and acquiring a second private key.
In one embodiment, the computer program when executed by the processor further performs the steps of:
The method comprises the steps of sending a CPU certificate generation request of a central processing unit of a first server to a second server, wherein the second server is a server for managing a CPU of the first server;
and receiving a file certificate generated by the second server in response to the certificate generation request, wherein the file certificate is generated by the second server according to the second public key.
In one embodiment, the computer program when executed by the processor further performs the steps of:
transmitting a first public key of the first asymmetric key to a first server;
Receiving an encrypted symmetric key sent by a first server, wherein the encrypted symmetric key is obtained by encrypting a symmetric key generated in advance by the first server according to a first public key;
and decrypting the encrypted symmetric key according to the first private key to obtain the symmetric key.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Receiving a file acquisition request sent by a first server;
And responding to the file acquisition request, and sending the BMC update file to the first server so that the first server updates the BMC firmware to be updated according to the BMC update file.
In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:
generating an initial BMC update file of the first server according to a file certificate of the first server and an original update file of a baseboard management controller BMC;
Encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is pre-generated by a first server;
and encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
In one embodiment, the computer program when executed by the processor further performs the steps of:
signing the BMC original updated file according to a second private key which is generated in advance to obtain a BMC signed file;
writing the file certificate into the BMC signature file to generate an initial BMC update file.
In one embodiment, the computer program when executed by the processor further performs the steps of:
according to the header information of the BMC original updated file, calculating a hash value of a to-be-signed area of the BMC updated file;
And signing the hash value of the area to be signed by using a preset signing algorithm and a second private key to obtain a BMC signature file.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and generating a second asymmetric key according to a preset key generation algorithm, and acquiring a second private key.
In one embodiment, the computer program when executed by the processor further performs the steps of:
The method comprises the steps of sending a CPU certificate generation request of a central processing unit of a first server to a second server, wherein the second server is a server for managing a CPU of the first server;
and receiving a file certificate generated by the second server in response to the certificate generation request, wherein the file certificate is generated by the second server according to the second public key.
In one embodiment, the computer program when executed by the processor further performs the steps of:
transmitting a first public key of the first asymmetric key to a first server;
Receiving an encrypted symmetric key sent by a first server, wherein the encrypted symmetric key is obtained by encrypting a symmetric key generated in advance by the first server according to a first public key;
and decrypting the encrypted symmetric key according to the first private key to obtain the symmetric key.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Receiving a file acquisition request sent by a first server;
And responding to the file acquisition request, and sending the BMC update file to the first server so that the first server updates the BMC firmware to be updated according to the BMC update file.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magneto-resistive random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims (11)

1. A method of generating a file, the method comprising:
Generating an initial BMC update file of a first server according to a file certificate of the first server and an original update file of a baseboard management controller BMC, wherein the first server is the server where BMC firmware to be updated is located;
Encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is generated in advance by the first server;
And encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
2. The method of claim 1, wherein generating the initial BMC update file for the first server based on the file certificate for the first server and the baseboard management controller BMC original update file comprises:
signing the BMC original updated file according to a second private key which is generated in advance to obtain a BMC signed file;
Writing the file certificate into the BMC signature file to generate the initial BMC updating file.
3. The method of claim 2, wherein signing the BMC original update file according to the pre-generated second private key to obtain a BMC signed file comprises:
According to the header information of the BMC original update file, calculating a hash value of a region to be signed of the BMC update file;
And signing the hash value of the to-be-signed area by using a preset signing algorithm and the second private key to obtain the BMC signature file.
4. The method according to claim 2, wherein the method further comprises:
And generating a second asymmetric key according to a preset key generation algorithm, and acquiring the second private key.
5. The method according to claim 4, wherein the method further comprises:
the method comprises the steps of sending a CPU certificate generation request of a first server to a second server, wherein the second server is a server for managing a CPU of the first server;
And receiving the file certificate generated by the second server in response to the certificate generation request, wherein the file certificate is generated by the second server according to the second public key.
6. The method according to claim 1, wherein the method further comprises:
transmitting a first public key of the first asymmetric key to the first server;
receiving an encrypted symmetric key sent by the first server, wherein the encrypted symmetric key is obtained by encrypting a symmetric key generated in advance by the first server according to the first public key;
and decrypting the encrypted symmetric key according to the first private key to obtain the symmetric key.
7. The method according to any one of claims 1-6, further comprising:
Receiving a file acquisition request sent by a first server;
and responding to the file acquisition request, and sending the BMC update file to the first server so that the first server updates the BMC firmware to be updated according to the BMC update file.
8. A document generating apparatus, the apparatus comprising:
The system comprises a generation module, a management controller (BMC) and a base plate management controller (BMC), wherein the generation module is used for generating an initial BMC update file of a first server according to a file certificate of the first server and an original BMC update file of the BMC;
The first encryption module is used for encrypting the initial BMC update file according to a preset symmetric key to obtain an encrypted BMC update file, wherein the symmetric key is generated in advance by the first server;
And the second encryption module is used for encrypting the encrypted BMC update file according to a first private key of a first asymmetric key generated in advance to obtain the BMC update file of the first server.
9. A server comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.
11. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.
CN202311851261.XA 2023-12-29 2023-12-29 File generation method, device, server and storage medium Pending CN120234813A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311851261.XA CN120234813A (en) 2023-12-29 2023-12-29 File generation method, device, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311851261.XA CN120234813A (en) 2023-12-29 2023-12-29 File generation method, device, server and storage medium

Publications (1)

Publication Number Publication Date
CN120234813A true CN120234813A (en) 2025-07-01

Family

ID=96160126

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311851261.XA Pending CN120234813A (en) 2023-12-29 2023-12-29 File generation method, device, server and storage medium

Country Status (1)

Country Link
CN (1) CN120234813A (en)

Similar Documents

Publication Publication Date Title
EP3610624B1 (en) Retrieving access data for blockchain networks using highly available trusted execution environments
CN113656806B (en) Trusted starting method and device of block chain all-in-one machine
US8997198B1 (en) Techniques for securing a centralized metadata distributed filesystem
CN109711184B (en) A block chain data access control method and device based on attribute encryption
CN111355705A (en) A blockchain-based data auditing and security deduplication cloud storage system and method
US20090316907A1 (en) System and method for automated validation and execution of cryptographic key and certificate deployment and distribution
CN117155549A (en) Key distribution method, key distribution device, computer equipment and storage medium
CN116232639B (en) Data transmission method, device, computer equipment and storage medium
CN115208656A (en) Supply chain data sharing method and system based on block chain and authority management
CN114553557B (en) Key calling method, device, computer equipment and storage medium
CN110659522A (en) Storage medium security authentication method and device, computer equipment and storage medium
Zhou et al. An efficient and secure data integrity auditing scheme with traceability for cloud-based EMR
JP7795048B2 (en) Key derivation for account management
CN110912892B (en) Certificate management method and device, electronic equipment and storage medium
CN110377225B (en) A method to support secure transfer and verifiable deletion of outsourced data
CN119519980B (en) Identity authentication method and system
CN115001864B (en) Communication authentication method, device, computer equipment and storage medium for smart furniture
CN120234813A (en) File generation method, device, server and storage medium
CN114238886B (en) Power grid PMU identity authentication method, device, computer equipment and medium based on IBE
Kamboj et al. DEDUP: Deduplication system for encrypted data in cloud
CN116170176A (en) Power monitoring system control method, device, computer equipment and storage medium
CN118300879B (en) Communication authentication method, apparatus, computer device, storage medium, and program product
CN115022406B (en) Communication method, device, equipment, medium and program product of power spot system
KR100897075B1 (en) How to Pass Direct Certificate Private Keys from a Signature Group to a Device Using a Distribution CD
CN118070254A (en) Digital identity authentication method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination