[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114301612A - Information processing method, communication apparatus, and encryption apparatus - Google Patents

Information processing method, communication apparatus, and encryption apparatus Download PDF

Info

Publication number
CN114301612A
CN114301612A CN202011000507.9A CN202011000507A CN114301612A CN 114301612 A CN114301612 A CN 114301612A CN 202011000507 A CN202011000507 A CN 202011000507A CN 114301612 A CN114301612 A CN 114301612A
Authority
CN
China
Prior art keywords
encryption
information
equipment
message
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011000507.9A
Other languages
Chinese (zh)
Other versions
CN114301612B (en
Inventor
粟栗
阎军智
陈美玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, Research Institute of China Mobile Communication Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202011000507.9A priority Critical patent/CN114301612B/en
Priority claimed from CN202011000507.9A external-priority patent/CN114301612B/en
Publication of CN114301612A publication Critical patent/CN114301612A/en
Application granted granted Critical
Publication of CN114301612B publication Critical patent/CN114301612B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides an information processing method, a communication device and an encryption device. The information processing method comprises the following steps: sending encryption equipment information of encryption equipment supported by the first communication equipment to the block chain; receiving first data sent by second communication equipment, wherein the first data is obtained by calculation based on encryption equipment information supported by the first communication equipment; and processing the received first data. The scheme of the invention can avoid the counterfeiting of PKG information and malicious PKG attack.

Description

Information processing method, communication apparatus, and encryption apparatus
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an information processing method, a communication device, and an encryption device.
Background
An Identity-Based cryptosystem (Identity-Based Cryptograph, IBC for short) is an asymmetric public key cryptosystem. In an identity-based cryptosystem, each entity has an identity, which may be any meaningful string, which itself serves as the entity's public key. Since the identity itself is the public key of the entity, such systems no longer rely on certificates and certificate management systems, thereby greatly simplifying the complexity of managing cryptographic systems.
The basic structure of a cryptographic system based on the IBC technology is shown in the following figure. A Private Key Generator (PKG) is a core part of the IBC, and has a main function of generating a Master Key (Master Key) and Public parameters (Public Params) when the IBC system is initialized, and publishing the Public parameters in a Public manner, and further generating a corresponding Private Key for a user according to a user ID (e.g., Public information such as IMSI, mailbox address, mobile phone number, etc.). There can be a classification into Identity-Based Encryption algorithm (IBE), and Identity-Based Signature algorithm (IBS).
Compared with the traditional PKI (public key infrastructure) system, the user of the IBC system can easily acquire the public key (directly determined by the ID) of the communication counterpart, does not need to use a special digital certificate to bind the identity information and the public key, does not need a certificate request and a certificate transfer process, can effectively reduce the communication overhead brought by the transfer of the certificate in the data interaction process, and simplifies the certificate management mechanism and flow in the authentication.
When using the IBC technology, a user needs to first obtain public parameters of the IBC system from the PKG, and as the technology develops, there may be multiple sets of IBC systems for network access. If the public parameters of the IBC system have no protection measures, an attacker is likely to issue false public parameters to falsify other legal IBC systems; the user is enabled to encrypt data using false public parameters and the identity of the recipient, and since the public parameters are issued by an attacker, the attacker can decrypt the user's encrypted data and can forge the recipient to sign.
To prevent an attacker from possibly tampering with or publishing the false public parameters of the PKG, the PKG needs to protect the public parameters of the system to ensure the integrity and validity of the public parameters. At present, a more feasible way is to perform signature protection on public parameters of the PKG by using a PKI technology, store signature information and the public parameters together as a part of the public parameters, and verify the validity of the public parameters first when a user uses the public parameters to prevent an attacker from tampering the public parameters. However, by adopting the scheme, not only a trusted digital certificate needs to be preset at the user terminal, but also the signature of the PKI needs to be verified when the identity authentication is performed (currently, a 1024 or 2048 bit RSA algorithm is mostly adopted), which generates a large computational load and increases the burden of message transmission. At the same time, there is another need for users of IBC to not want to register themselves on a large number of PKGs.
Disclosure of Invention
The invention provides an information processing method, a communication device and an encryption device. The PKG can be safely protected based on the block chain, and the counterfeiting of PKG information and malicious PKG attack are avoided.
In order to solve the technical problems, the technical scheme of the invention is as follows:
an information processing method applied to a first communication device includes:
sending encryption equipment information of encryption equipment supported by the first communication equipment to the block chain;
receiving first data sent by second communication equipment, wherein the first data is obtained by calculation based on encryption equipment information supported by the first communication equipment;
and processing the received first data.
Optionally, the sending the encryption device information of the encryption device supported by the first communication device to the blockchain comprises:
sending the encrypted device information supported by the first communication device to a verification node of the blockchain;
and verifying the user identification of the first communication equipment through the verification node, inquiring the block chain about the consistency of the encryption equipment information supported by the first communication equipment and the encryption equipment information stored in the block chain, and recording the encryption equipment information of the encryption equipment supported by the first communication equipment into the block chain if the verification is passed.
Optionally, the encryption device information includes a user identifier of the first communication device, a user identifier of the encryption device, and a public parameter.
Optionally, the first data calculated according to the encrypted device information supported by the first communication device includes at least one of:
the method comprises the steps that an encrypted message is obtained through calculation according to a user identifier and a public parameter of first communication equipment, wherein the encrypted message comprises the user identifier, the public parameter and a ciphertext of the first communication equipment;
and calculating a signature message based on a private key and public parameters of the second communication equipment, wherein the signature message comprises a user identifier, a message original text, a signature of the second communication equipment and a user identifier and public parameters of the encryption equipment.
Optionally, processing the received first data includes at least one of:
when the first communication device receives the encrypted message, decrypting the encrypted message by using a private key of the first communication device;
when the first communication device receives the signed message, the signed message is verified using the user identification and the public parameters of the second communication device.
Optionally, the encryption device is a private key generator in a password system based on identity.
Optionally, the encryption device information further includes a uniform resource locator, URL, message of the encryption device.
An information processing method applied to a second communication device, the method comprising:
inquiring the encryption device information of the encryption device supported by the first communication device from the block chain;
calculating first data to be transmitted based on encrypted device information supported by the first communication device;
the first data is transmitted to the first communication device.
Optionally, the encryption device information includes a user identifier of the first communication device, a user identifier of the encryption device, and a public parameter.
Optionally, calculating the first data to be transmitted based on the encryption device information supported by the first communication device includes at least one of:
calculating to obtain an encrypted message according to the user identifier and the public parameter of the first communication device, wherein the encrypted message comprises the user identifier, the public parameter and the ciphertext of the first communication device;
and acquiring a private key of the second communication equipment, and calculating signature information based on the private key and the public parameters of the second communication equipment, wherein the signature information comprises a user identifier of the second communication equipment, a message original text, a signature, a user identifier of the encryption equipment and the public parameters.
Optionally, the sending the first data to the first communication device comprises at least one of:
sending the encrypted message to the first communication device;
the signature information is sent to the first communication device.
Optionally, sending the encrypted message to the first communication device comprises:
sending the encrypted message to a secure gateway;
the security gateway verifies whether the encryption equipment information carried in the encryption message is consistent with the encryption equipment information of the encryption equipment supported by the first communication equipment in the block chain, and if so, the encryption message is sent to the first communication equipment; otherwise, the encrypted message is deleted.
Optionally, the encryption device is a private key generator in a password system based on identity.
Optionally, the encryption device information further includes a URL message of the encryption device.
An information reporting method of an encryption device is applied to the encryption device and comprises the following steps:
generating at least one public parameter;
sending the user identification of the cryptographic device and the at least one public parameter to an authentication node of the blockchain,
and recording the user identification and at least one public parameter which are verified by the verification node of the block chain to the block chain.
Optionally, the method further comprises:
the encryption equipment issues a public parameter updating request;
signing the public parameter to be updated by using a private key of the encryption equipment to generate signature information;
sending the signature information to a verification node of the block chain;
and the verification node of the block chain inquires the public parameter of the encryption equipment from the block chain, verifies the signature information by using the user identifier of the encryption equipment and the public parameter, and uploads the public parameter to be updated to the block chain after the verification is passed.
Optionally, the encryption device is a private key generator in a password system based on identity.
A first communications device, comprising:
the first sending module is used for sending the encryption equipment information of the encryption equipment supported by the first communication equipment to the block chain;
the receiving module is used for receiving first data sent by second communication equipment, and the first data is obtained by calculation based on encryption equipment information supported by the first communication equipment;
and the processing module is used for processing the received first data.
A second communication device, comprising:
the query module is used for querying the encryption equipment information of the encryption equipment supported by the first communication equipment from the block chain;
the computing module is used for computing first data to be sent based on the encrypted equipment information supported by the first communication equipment;
and the second sending module is used for sending the first data to the first communication equipment.
An encryption device comprising:
a generation module that generates at least one public parameter;
a third sending module that sends the user identification of the encryption device and the at least one public parameter to a verification node of the blockchain,
and the recording module is used for recording the user identification and at least one public parameter which are verified by the verification node of the block chain to the block chain.
An embodiment of the present invention further provides a communication device, including: a processor, a memory storing a computer program which, when executed by the processor, performs the method as described above.
Embodiments of the present invention also provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the method as described above.
The scheme of the invention at least comprises the following beneficial effects:
according to the scheme, in the IBC system, legal PKG needs to be registered on a block chain and public parameters of the PKG are registered; when the sender attempts to send a message, the identity and the validity of the public parameters can be confirmed through uplink inquiry, and then confidential data is sent. By registering the PKG information through the block chain, the forgery of the PKG information is avoided. In addition, the receiver of the message declares the supported PKG information based on the block chain, and the malicious PKG attack can be avoided.
Drawings
FIG. 1 is a schematic flow diagram of an information processing method of an embodiment of the present invention;
FIG. 2 is a schematic diagram of a PKG identity protection system of an embodiment of the present invention;
FIG. 3 is a schematic diagram of user supported PKG information in accordance with an embodiment of the present invention;
FIG. 4 is another flow chart diagram of an information processing method of an embodiment of the invention;
fig. 5 is a schematic flow chart of an encrypted device information reporting method according to an embodiment of the present invention;
fig. 6 is a schematic diagram of PKG information reported by a PKG according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a first communication device according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a second communication device according to an embodiment of the present invention;
fig. 9 is a schematic diagram of an encryption device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, an embodiment of the present invention provides an information processing method applied to a first communication device, including:
step 110, sending the encryption device information of the encryption device supported by the first communication device to the block chain;
step 120, receiving first data sent by a second communication device, wherein the first data is calculated based on encrypted device information supported by the first communication device;
step 130, processing the received first data.
In the above scheme of the present invention, the first communication device is a sender of information in the IBC system, the second communication device is a receiver of information, and the encryption device is a PKG in the IBC system.
Fig. 2 shows a decentralized PKG identity protection system, which is composed of several PKGs, IBC private key users, IBC relying parties, and verification nodes, and executes PKG information publishing, user-supported PKG information publishing, IBC encryption process, IBC signature process, PKG information update, and the like.
First, a system architecture of the system shown in fig. 2 will be described.
Block chains: storing PKG and its public parameter information, IBC dependent party and its trusted PKG information.
PKG: and the private key generator in the IBC system generates public parameters, sends the public parameters to the verification node, and records the information after the verification of the verification node is passed into the block chain.
IBC relying party: trusting and using the participant of a certain PKG, the relying party does not need to possess a private key; for example, an encryptor (message sender) in the encryption model, and a verifier (message receiver) in the signature model.
IBC private Key user: a participant who needs to register in the PKG and apply for a private key; for example, a decryptor (message receiver) in the encryption model, a signer (message sender) in the signature model;
block chain verification node: receiving PKG information submitted by a PKG and PKG updating information, and verifying the information; and receiving the trusted PKG and the public parameters thereof submitted by the IBC private key user or the IBC dependent party, and verifying the information.
In an alternative embodiment of the present invention, step 110 comprises:
sending the encrypted device information supported by the first communication device to a verification node of the blockchain;
and verifying the user identification of the first communication equipment through the verification node, inquiring the block chain about the consistency of the encryption equipment information supported by the first communication equipment and the encryption equipment information stored in the block chain, and recording the encryption equipment information of the encryption equipment supported by the first communication equipment into the block chain if the verification is passed.
In this embodiment, the IBC private key user or relying party publishes the PKG information that it supports. The process is mainly used for issuing the PKGs trusted by the IBC private key users or IBC dependent parties, because a plurality of PKGs may exist, the IBC private key users or dependent parties (such as end users or operator network elements) may trust only part of the PKGs, and then the users or the network elements can issue the trusted PKG information to the block chain, and when other users or network elements send IBC messages to the nodes, the IBC messages need to be calculated by using the PKG public parameters trusted by the receiving party.
And the user sends the self-trusted PKG information to the verification node. And the verification node verifies the identity information of the user, inquires public parameter information of the PKG supported by the user from the block chain, verifies the consistency of the public parameter submitted by the user and the information in the block chain, and records the user information and the trusted PKG information thereof into the block chain after the verification is passed.
In an optional embodiment of the present invention, the encrypted device information includes a user identifier of the first communication device, a user identifier of the encrypted device, and a public parameter.
In this embodiment, the PKG trusted by the user includes [ user ID, PKG supported by the user, and public parameter information list ]. As shown in fig. 3, the user declared supportable PKG information is represented using a block format. The block is divided into a block head and a block body, the block head uses the current general technology, the block body comprises a plurality of records which are the supported PKG information declared by the user, and the supported PKG information mainly comprises the user ID, the identity information of the PKG, the public parameter information, and the information such as the URL of the PKG. Each user can put its own supported PKGs and public parameters into the blockchain.
In an optional embodiment of the present invention, the data calculated according to the encrypted device information supported by the first communication device includes at least one of the following:
the method comprises the steps that an encrypted message is obtained through calculation according to a user identifier and a public parameter of first communication equipment, wherein the encrypted message comprises the user identifier, the public parameter and a ciphertext of the first communication equipment;
and calculating a signature message based on a private key and public parameters of the second communication equipment, wherein the signature message comprises a user identifier, a message original text, a signature of the second communication equipment and a user identifier and public parameters of the encryption equipment.
In an alternative embodiment of the present invention, step 130 comprises at least one of:
when the first communication device receives the encrypted message, decrypting the encrypted message by using a private key of the first communication device;
when the first communication device receives the signed message, the signed message is verified using the user identification and the public parameters of the second communication device.
In the IBC system, the information transmission process is mainly divided into two types, i.e., an IBC encryption process and an IBC preceding signature process.
In the IBC encryption process, for example, a mobile user (IBC dependent party) sends an encrypted message to an operator network element (IBC private key user). When an IBC relying party needs to send an encrypted message to an IBC private key user, the relying party firstly inquires a PKG (public key generator) and a public parameter trusted by the IBC private key user from a block chain; the IBC relying party calculates an encrypted message by using the identity information of the IBC private key user and the public parameters, wherein the message comprises the identity information, the public parameters, the ciphertext and the like of the IBC private key user; the IBC dependent party sends the encrypted message to an IBC private key user; and after the private key user receives the encrypted message, decrypting the message by using the private key.
Specifically, the encryption flow of the block chain-based IBC system is as follows:
(1) the credible PKG generates a Master Key (Master Key) and a Public parameter (Public Params), and pubically releases information with a format of [ PKG _ ID, Public Params ] to the block chain; such as [ PKG _ IoT1, Public Params _ IoT1], [ PKG _ IoT1, Public Params _ IoT2 ].
(2) The receiving user declares the self-supported block chain and the public parameter information and issues the information to the block chain, for example: [ Bob _ ID, PKG _ IoT1, Public Params _ IoT2 ].
(3) When a sending party user needs to send an encrypted message to a receiving party user, inquiring ID and supported Public Params of the receiving party user from a block chain, calculating a Public key pubKeyBob of the receiving party user to be F (IDBob, PKG _ IoT1 and Public Params _ IoT2), and then carrying out encryption operation to obtain a ciphertext Cipher; wherein the function F to calculate the public key is a public algorithm.
(4) The sending user sends a message [ IDBob, Public Params _ IoT2, Cipher ] to the receiving user. After receiving the ciphertext, the receiving party user uses the private key to decrypt; if not, a private Key (calculated from Master Key and ID) corresponding to its ID is applied from PKG _ IoT 1.
(5) In order to avoid DoS attacks on the receiver, a security gateway may be further configured, in step (4), the sending user sends a message [ IDBob, Public Params _ IoT2, Cipher ] to the security gateway, and the security gateway verifies the validity of the message: querying for verification from the blockchain, if the recipient user has declared support in the blockchain [ PKG _ IoT1, Public Params _ IoT2], forwarding the information to the recipient user; otherwise the information is discarded.
In the ICB signing process, for example, a mobile user (IBC private key user) sends a signature message to an operator network element (IBC relying party). When an IBC private key user needs to sign a message and is verified by an IBC relying party, the IBC private key user inquires a PKG and a public parameter supported by the IBC relying party from a block chain and applies for a private key according to the supported PKG and the public parameter; the IBC private key user calculates a signature by using the applied private key and the public parameters and sends a signature message to a relying party, wherein the signature message comprises the identity of the IBC private key user, the original text of the signature message, the signature, the PKG identification, the PKG public parameters and the like; and after receiving the signature message, the IBC relying party verifies the signature by utilizing the user identity information of the IBC private key, the public parameters of the PKG and other information.
Specifically, the signature flow of the block chain-based IBC system is as follows:
(1) the receiving user declares the self-supported block chain and the public parameter information and issues the information into the block chain, for example: [ Bob _ ID, PKG _ IoT1, Public Params _ IoT2 ];
(2) when a sender user needs to sign the message M and a receiver user verifies the message M, inquiring the PKG supported by the receiver user and the public parameters thereof from the block chain, and applying for a private key according to the supported PKG and the public parameters thereof;
(3) the sending user calculates a signature using the applied private key SkAlice and the Public parameter Public Params _ IoT2 of the PKG: SigAlice ═ F (M, SkAlice, Public Params), where F is the Public algorithm;
(4) the sending user sends a message [ Alice _ ID, M, SigAlice, Public Params _ IoT2] to the receiving user;
(5) and after receiving the signature message sent by the sender user, the receiver user verifies the signature by using the ID and the public parameters of the sender user to obtain a verification result.
In an optional embodiment of the present invention, the encryption device is a private key generator in a password system based on identity.
In an optional embodiment of the present invention, the encryption device information further includes a uniform resource locator URL message of the encryption device.
According to the scheme, in the IBC system, legal PKG needs to be registered on a block chain and public parameters of the PKG are registered; when the sender attempts to send a message, the identity and the validity of the public parameters can be confirmed through uplink inquiry, and then confidential data is sent. By registering the PKG information through the block chain, the forgery of the PKG information is avoided. In addition, the receiver of the message declares the supported PKG information based on the block chain, and the malicious PKG attack can be avoided.
As shown in fig. 4, an embodiment of the present invention provides an information processing method applied to a second communication device, where the method includes:
step 410, inquiring the encryption device information of the encryption device supported by the first communication device from the block chain;
step 420, calculating first data to be transmitted based on the encryption device information supported by the first communication device;
step 430, the first data is sent to the first communication device.
In an optional embodiment of the present invention, the encrypted device information includes a user identifier of the first communication device, a user identifier of the encrypted device, and a public parameter.
In an alternative embodiment of the present invention, step 420 comprises at least one of:
calculating to obtain an encrypted message according to the user identifier and the public parameter of the first communication device, wherein the encrypted message comprises the user identifier, the public parameter and the ciphertext of the first communication device;
and acquiring a private key of the second communication equipment, and calculating signature information based on the private key and the public parameters of the second communication equipment, wherein the signature information comprises a user identifier of the second communication equipment, a message original text, a signature, a user identifier of the encryption equipment and the public parameters.
In an alternative embodiment of the present invention, step 430 comprises at least one of:
sending the encrypted message to the first communication device;
the signature information is sent to the first communication device.
In an alternative embodiment of the present invention, sending the encrypted message to the first communication device comprises:
sending the encrypted message to a secure gateway;
the security gateway verifies whether the encryption equipment information carried in the encryption message is consistent with the encryption equipment information of the encryption equipment supported by the first communication equipment in the block chain, and if so, the encryption message is sent to the first communication equipment; otherwise, the encrypted message is deleted.
In this embodiment, in order to avoid DoS attack on the receiving party, a security gateway may be further configured, where the sending user sends a message [ IDBob, Public Params _ IoT2, Cipher ] to the security gateway, and the security gateway verifies the validity of the message: querying for verification from the blockchain, if the recipient user has declared support in the blockchain [ PKG _ IoT1, Public Params _ IoT2], forwarding the information to the recipient user; otherwise the information is discarded.
In an optional embodiment of the present invention, the encryption device is a private key generator in a password system based on identity.
In an optional embodiment of the present invention, the encrypted device information further includes a URL message of the encrypted device.
According to the scheme, in the IBC system, legal PKG needs to be registered on a block chain and public parameters of the PKG are registered; when the sender attempts to send a message, the identity and the validity of the public parameters can be confirmed through uplink inquiry, and then confidential data is sent. By registering the PKG information through the block chain, the forgery of the PKG information is avoided. In addition, the receiver of the message declares the supported PKG information based on the block chain, and the malicious PKG attack can be avoided.
As shown in fig. 5, a method for reporting information of an encryption device, applied to an encryption device, includes:
step 510, generating at least one public parameter;
step 520, sending the user identification of the encryption device and the at least one public parameter to a verification node of the blockchain,
and step 530, recording the user identifier and at least one public parameter which are verified by the verification node of the block chain into the block chain.
In an optional embodiment of the present invention, the method for reporting information of an encrypted device further includes:
the encryption equipment issues a public parameter updating request;
signing the public parameter to be updated by using a private key of the encryption equipment to generate signature information;
sending the signature information to a verification node of the block chain;
and the verification node of the block chain inquires the public parameter of the encryption equipment from the block chain, verifies the signature information by using the user identifier of the encryption equipment and the public parameter, and uploads the public parameter to be updated to the block chain after the verification is passed.
In the IBC system, the PKG information publishing process is specifically as follows:
(1) the PKG generates the public parameters, and one PKG can generate a plurality of sets of public parameters;
(2) the PKG sends self information (including the name, URL and the like of the PKG) and public parameter information to the verification node;
(3) the verification node verifies the information submitted by the PKG, and after the verification is passed, the information is recorded into the blockchain.
When the PKG needs to update information such as the public parameters, the PKG executes a PKG information update process, which is specifically as follows:
(1) when the PKG needs to update information, for example, new Public parameters [ PKG _ IoT1, Public Params _ IoT3] are generated, the PKG generates a Public information publishing request and signs the new Public parameters by using the original IBC private key;
(2) the PKG sends the signature to the verification node;
(3) and the verification node inquires public parameter information of the PKG from the block chain, verifies the correctness of the signature by using the ID and the public parameter of the PKG, and records the new public parameter into the block chain after verification.
As shown in fig. 6, the PKG information is represented using a block format. The block is divided into a block header and a block body, wherein the block header uses the current general technology, and the block body comprises a plurality of records, mainly comprising identity information and public parameter information of the PKG. Each PKG puts its own public parameters into the blockchain. Alternatively, the PKG information supported by the user and the information disclosed by the PKG itself may be recorded in the same block chain, or may be recorded in different block chains, which is not limited herein.
In an optional embodiment of the present invention, the encryption device is a private key generator in a password system based on identity.
According to the scheme, in the IBC system, legal PKG needs to be registered on a block chain and public parameters of the PKG are registered; when the sender attempts to send a message, the identity and the validity of the public parameters can be confirmed through uplink inquiry, and then confidential data is sent. By registering the PKG information through the block chain, the forgery of the PKG information is avoided. In addition, the receiver of the message declares the supported PKG information based on the block chain, and the malicious PKG attack can be avoided.
As shown in fig. 7, an embodiment of the present invention provides a first communication device 70 including:
a first sending module 710 that sends the encrypted device information of the encrypted device supported by the first communication device to the blockchain;
a receiving module 720, configured to receive first data sent by a second communication device, where the first data is calculated based on encrypted device information supported by a first communication device;
the processing module 730 processes the received first data.
In an embodiment of the present disclosure, the first sending module 710 is specifically configured to:
sending the encrypted device information supported by the first communication device to a verification node of the blockchain;
and verifying the user identification of the first communication equipment through the verification node, inquiring the block chain about the consistency of the encryption equipment information supported by the first communication equipment and the encryption equipment information stored in the block chain, and recording the encryption equipment information of the encryption equipment supported by the first communication equipment into the block chain if the verification is passed.
In an embodiment of the present disclosure, the encryption device information includes a user identifier of the first communication device, a user identifier of the encryption device, and a public parameter.
In an embodiment of the present disclosure, the first data calculated according to the encrypted device information supported by the first communication device includes at least one of:
the method comprises the steps that an encrypted message is obtained through calculation according to a user identifier and a public parameter of first communication equipment, wherein the encrypted message comprises the user identifier, the public parameter and a ciphertext of the first communication equipment;
and calculating a signature message based on a private key and public parameters of the second communication equipment, wherein the signature message comprises a user identifier, a message original text, a signature of the second communication equipment and a user identifier and public parameters of the encryption equipment.
In an embodiment of the present disclosure, the processing module 730 is specifically configured to:
when the first communication device receives the encrypted message, decrypting the encrypted message by using a private key of the first communication device;
when the first communication device receives the signed message, the signed message is verified using the user identification and the public parameters of the second communication device.
In an embodiment of the present disclosure, the encryption device is a private key generator in an identity-based cryptographic system.
In an embodiment of the present disclosure, the encryption device information further includes a uniform resource locator, URL, message of the encryption device.
According to the scheme, in the IBC system, legal PKG needs to be registered on a block chain and public parameters of the PKG are registered; when the sender attempts to send a message, the identity and the validity of the public parameters can be confirmed through uplink inquiry, and then confidential data is sent. By registering the PKG information through the block chain, the forgery of the PKG information is avoided. In addition, the receiver of the message declares the supported PKG information based on the block chain, and the malicious PKG attack can be avoided.
As shown in fig. 8, an embodiment of the present invention provides a second communication device 80 including:
an inquiry module 810 that inquires of a blockchain about encryption device information of an encryption device supported by a first communication device;
a calculation module 820 for calculating first data to be transmitted based on the encrypted device information supported by the first communication device;
the second sending module 830 sends the first data to the first communication device.
In an embodiment of the present disclosure, the encryption device information includes a user identifier of the first communication device, a user identifier of the encryption device, and a public parameter.
In an embodiment of the disclosure, the calculating module 820 is specifically configured to:
calculating to obtain an encrypted message according to the user identifier and the public parameter of the first communication device, wherein the encrypted message comprises the user identifier, the public parameter and the ciphertext of the first communication device;
and acquiring a private key of the second communication equipment, and calculating signature information based on the private key and the public parameters of the second communication equipment, wherein the signature information comprises a user identifier of the second communication equipment, a message original text, a signature, a user identifier of the encryption equipment and the public parameters.
In an embodiment of the present disclosure, the second sending module 830 is specifically configured to:
sending the encrypted message to the first communication device; or
The signature information is sent to the first communication device.
In an embodiment of the present disclosure, transmitting the encrypted message to the first communication device includes:
sending the encrypted message to a secure gateway;
the security gateway verifies whether the encryption equipment information carried in the encryption message is consistent with the encryption equipment information of the encryption equipment supported by the first communication equipment in the block chain, and if so, the encryption message is sent to the first communication equipment; otherwise, the encrypted message is deleted.
In an embodiment of the present disclosure, the encryption device is a private key generator in an identity-based cryptographic system.
In an embodiment of the present disclosure, the encryption device information further includes a URL message of the encryption device.
According to the scheme, in the IBC system, legal PKG needs to be registered on a block chain and public parameters of the PKG are registered; when the sender attempts to send a message, the identity and the validity of the public parameters can be confirmed through uplink inquiry, and then confidential data is sent. By registering the PKG information through the block chain, the forgery of the PKG information is avoided. In addition, the receiver of the message declares the supported PKG information based on the block chain, and the malicious PKG attack can be avoided.
As shown in fig. 9, an embodiment of the present invention provides an encryption device including:
a generating module 910 that generates at least one public parameter;
a third sending module 920, configured to send the user identifier of the encryption device and the at least one public parameter to the verification node of the blockchain,
the recording module 930 records the user identifier and the at least one public parameter, which are verified by the verification node of the blockchain, to the blockchain.
In the embodiment of the present disclosure, when the encryption device issues a public parameter update request, the generating module 910 signs the public parameter to be updated by using a private key of the encryption device to generate signature information; the third sending module 920 sends the signature information to a verification node of the block chain; the verification node of the blockchain queries the public parameter of the encryption device from the blockchain, verifies the signature information using the user identifier of the encryption device and the public parameter, and after the verification is passed, the recording module 930 uploads the public parameter to be updated to the blockchain.
In an embodiment of the present disclosure, the encryption device is a private key generator in an identity-based cryptographic system.
According to the scheme, in the IBC system, legal PKG needs to be registered on a block chain and public parameters of the PKG are registered; when the sender attempts to send a message, the identity and the validity of the public parameters can be confirmed through uplink inquiry, and then confidential data is sent. By registering the PKG information through the block chain, the forgery of the PKG information is avoided. In addition, the receiver of the message declares the supported PKG information based on the block chain, and the malicious PKG attack can be avoided.
An embodiment of the present invention further provides a communication device, including: a processor, a memory storing a computer program which, when executed by the processor, performs the method as described above. All the implementation manners in the above method embodiment are applicable to this embodiment, and the same technical effect can be achieved.
Embodiments of the present invention also provide a computer-readable storage medium comprising instructions which, when executed on a computer, cause the computer to perform the method as described above. All the implementation manners in the above method embodiment are applicable to this embodiment, and the same technical effect can be achieved.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
Furthermore, it is to be noted that in the device and method of the invention, it is obvious that the individual components or steps can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of performing the series of processes described above may naturally be performed chronologically in the order described, but need not necessarily be performed chronologically, and some steps may be performed in parallel or independently of each other. It will be understood by those skilled in the art that all or any of the steps or elements of the method and apparatus of the present invention may be implemented in any computing device (including processors, storage media, etc.) or network of computing devices, in hardware, firmware, software, or any combination thereof, which can be implemented by those skilled in the art using their basic programming skills after reading the description of the present invention.
Thus, the objects of the invention may also be achieved by running a program or a set of programs on any computing device. The computing device may be a general purpose device as is well known. The object of the invention is thus also achieved solely by providing a program product comprising program code for implementing the method or the apparatus. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. It is to be understood that the storage medium may be any known storage medium or any storage medium developed in the future. It is further noted that in the apparatus and method of the present invention, it is apparent that each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of executing the series of processes described above may naturally be executed chronologically in the order described, but need not necessarily be executed chronologically. Some steps may be performed in parallel or independently of each other.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (22)

1. An information processing method applied to a first communication device, comprising:
sending encryption equipment information of encryption equipment supported by the first communication equipment to the block chain;
receiving first data sent by second communication equipment, wherein the first data is obtained by calculation based on encryption equipment information supported by the first communication equipment;
and processing the received first data.
2. The method of claim 1, wherein sending encryption device information for encryption devices supported by the first communication device to the blockchain comprises:
sending the encrypted device information supported by the first communication device to a verification node of the blockchain;
and verifying the user identification of the first communication equipment through the verification node, inquiring the block chain about the consistency of the encryption equipment information supported by the first communication equipment and the encryption equipment information stored in the block chain, and recording the encryption equipment information of the encryption equipment supported by the first communication equipment into the block chain if the verification is passed.
3. The method of claim 2, wherein the encrypted device information comprises a user identification of the first communication device, a user identification of the encrypted device, and a public parameter.
4. The method according to claim 3, wherein the first data calculated according to the encryption device information supported by the first communication device comprises at least one of:
the method comprises the steps that an encrypted message is obtained through calculation according to a user identifier and a public parameter of first communication equipment, wherein the encrypted message comprises the user identifier, the public parameter and a ciphertext of the first communication equipment;
and calculating a signature message based on a private key and public parameters of the second communication equipment, wherein the signature message comprises a user identifier, a message original text, a signature of the second communication equipment and a user identifier and public parameters of the encryption equipment.
5. The method of claim 4, wherein processing the received first data comprises at least one of:
when the first communication device receives the encrypted message, decrypting the encrypted message by using a private key of the first communication device;
when the first communication device receives the signed message, the signed message is verified using the user identification and the public parameters of the second communication device.
6. The method of any one of claims 1-4, wherein the encryption device is a private key generator in an identity-based cryptographic system.
7. The method of claim 3, wherein the encrypted device information further comprises a Uniform Resource Locator (URL) message for the encrypted device.
8. An information processing method applied to a second communication device, the method comprising:
inquiring the encryption device information of the encryption device supported by the first communication device from the block chain;
calculating first data to be transmitted based on encrypted device information supported by the first communication device;
the first data is transmitted to the first communication device.
9. The method of claim 8,
the encryption device information includes a user identifier of the first communication device, a user identifier of the encryption device, and a public parameter.
10. The method of claim 9, wherein calculating the first data to be transmitted based on the encryption device information supported by the first communication device comprises at least one of:
calculating to obtain an encrypted message according to the user identifier and the public parameter of the first communication device, wherein the encrypted message comprises the user identifier, the public parameter and the ciphertext of the first communication device;
and acquiring a private key of the second communication equipment, and calculating signature information based on the private key and the public parameters of the second communication equipment, wherein the signature information comprises a user identifier of the second communication equipment, a message original text, a signature, a user identifier of the encryption equipment and the public parameters.
11. The method of claim 10, wherein transmitting the first data to the first communication device comprises at least one of:
sending the encrypted message to the first communication device;
the signature information is sent to the first communication device.
12. The method of claim 11, wherein sending the encrypted message to the first communication device comprises:
sending the encrypted message to a secure gateway;
the security gateway verifies whether the encryption equipment information carried in the encryption message is consistent with the encryption equipment information of the encryption equipment supported by the first communication equipment in the block chain, and if so, the encryption message is sent to the first communication equipment; otherwise, the encrypted message is deleted.
13. The method of any one of claims 8-12, wherein the encryption device is a private key generator in an identity-based cryptographic system.
14. The method of claim 9, wherein the encrypted device information further comprises a URL message of the encrypted device.
15. A method for reporting information of encrypted equipment is applied to the encrypted equipment and comprises the following steps:
generating at least one public parameter;
sending the user identification of the cryptographic device and the at least one public parameter to an authentication node of the blockchain,
and recording the user identification and at least one public parameter which are verified by the verification node of the block chain to the block chain.
16. The method of claim 15, further comprising:
the encryption equipment issues a public parameter updating request;
signing the public parameter to be updated by using a private key of the encryption equipment to generate signature information;
sending the signature information to a verification node of the block chain;
and the verification node of the block chain inquires the public parameter of the encryption equipment from the block chain, verifies the signature information by using the user identifier of the encryption equipment and the public parameter, and uploads the public parameter to be updated to the block chain after the verification is passed.
17. The method of claim 15 or 16, wherein the encryption device is a private key generator in an identity based cryptographic system.
18. A first communications device, comprising:
the first sending module is used for sending the encryption equipment information of the encryption equipment supported by the first communication equipment to the block chain;
the receiving module is used for receiving first data sent by second communication equipment, and the first data is obtained by calculation based on encryption equipment information supported by the first communication equipment;
and the processing module is used for processing the received first data.
19. A second communications device, comprising:
the query module is used for querying the encryption equipment information of the encryption equipment supported by the first communication equipment from the block chain;
the computing module is used for computing first data to be sent based on the encrypted equipment information supported by the first communication equipment;
and the second sending module is used for sending the first data to the first communication equipment.
20. An encryption device, comprising:
a generation module that generates at least one public parameter;
a third sending module that sends the user identification of the encryption device and the at least one public parameter to a verification node of the blockchain,
and the recording module is used for recording the user identification and at least one public parameter which are verified by the verification node of the block chain to the block chain.
21. A communication device, comprising: a processor, a memory storing a computer program which, when executed by the processor, performs the method of any of claims 1 to 7 or the method of any of claims 8 to 14 or the method of any of claims 15 to 17.
22. A computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the method of any one of claims 1 to 7 or the method of any one of claims 8 to 14 or the method of any one of claims 15 to 17.
CN202011000507.9A 2020-09-22 Information processing method, communication device, and encryption device Active CN114301612B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011000507.9A CN114301612B (en) 2020-09-22 Information processing method, communication device, and encryption device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011000507.9A CN114301612B (en) 2020-09-22 Information processing method, communication device, and encryption device

Publications (2)

Publication Number Publication Date
CN114301612A true CN114301612A (en) 2022-04-08
CN114301612B CN114301612B (en) 2024-11-15

Family

ID=

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023224591A1 (en) * 2022-05-16 2023-11-23 Karadağ Yazilim Ti̇c. Lt. Şti̇. An encrypted communication method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107395349A (en) * 2017-08-16 2017-11-24 深圳国微技术有限公司 A kind of block chain network cryptographic key distribution method based on self-certified public key system
CN107769922A (en) * 2017-10-31 2018-03-06 捷德(中国)信息科技有限公司 Block chain safety management system and method
CN108449325A (en) * 2018-02-27 2018-08-24 中国地质大学(武汉) A kind of block chain authentication method, equipment and the storage device of ID-based cryptosystem
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain
US20190179806A1 (en) * 2017-12-11 2019-06-13 Celo Labs Inc. Decentralized database associating public keys and communications addresses

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107395349A (en) * 2017-08-16 2017-11-24 深圳国微技术有限公司 A kind of block chain network cryptographic key distribution method based on self-certified public key system
CN107769922A (en) * 2017-10-31 2018-03-06 捷德(中国)信息科技有限公司 Block chain safety management system and method
US20190179806A1 (en) * 2017-12-11 2019-06-13 Celo Labs Inc. Decentralized database associating public keys and communications addresses
CN108449325A (en) * 2018-02-27 2018-08-24 中国地质大学(武汉) A kind of block chain authentication method, equipment and the storage device of ID-based cryptosystem
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023224591A1 (en) * 2022-05-16 2023-11-23 Karadağ Yazilim Ti̇c. Lt. Şti̇. An encrypted communication method

Similar Documents

Publication Publication Date Title
Wang et al. Blockchain-based anonymous authentication with key management for smart grid edge computing infrastructure
Horn et al. Authentication protocols for mobile network environment value-added services
CN107483212B (en) Method for generating digital signature by cooperation of two parties
JP5204090B2 (en) Communication network, e-mail registration server, network device, method, and computer program
CA2772136C (en) System and method for providing credentials
CN111797427B (en) Blockchain user identity supervision method and system giving consideration to privacy protection
CN109743171B (en) Key series method for solving multi-party digital signature, timestamp and encryption
CN109614802B (en) Anti-quantum-computation signature method and signature system
Memon et al. Design and implementation to authentication over a GSM system using certificate-less public key cryptography (CL-PKC)
CN109600228A (en) The signature method and sealing system of anti-quantum calculation based on public keys pond
CN101931536B (en) Method for encrypting and authenticating efficient data without authentication center
CN116684093B (en) Identity authentication and key exchange method and system
WO2010025638A1 (en) Method, equipment and system of peer to peer live broadcast stream transfer
Rongyu et al. A PK-SIM card based end-to-end security framework for SMS
CN108833373A (en) The instant messaging and anonymous access method of facing relation secret protection social networks
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
CN115801223A (en) CA certificate-based identification key system and PKI system compatible method
Zhang et al. NDN-MPS: supporting multiparty authentication over named data networking
GB2543359A (en) Methods and apparatus for secure communication
Zhang et al. Certificateless hybrid signcryption by a novel protocol applied to internet of things
Sun et al. Ridra: A rigorous decentralized randomized authentication in VANETs
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN109412815B (en) Method and system for realizing cross-domain secure communication
CN115174277B (en) Data communication and file exchange method based on block chain
CN114301612B (en) Information processing method, communication device, and encryption device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant