[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114301612A - Information processing method, communication apparatus, and encryption apparatus - Google Patents

Information processing method, communication apparatus, and encryption apparatus Download PDF

Info

Publication number
CN114301612A
CN114301612A CN202011000507.9A CN202011000507A CN114301612A CN 114301612 A CN114301612 A CN 114301612A CN 202011000507 A CN202011000507 A CN 202011000507A CN 114301612 A CN114301612 A CN 114301612A
Authority
CN
China
Prior art keywords
information
encryption
communication device
encrypted
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011000507.9A
Other languages
Chinese (zh)
Other versions
CN114301612B (en
Inventor
粟栗
阎军智
陈美玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, Research Institute of China Mobile Communication Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202011000507.9A priority Critical patent/CN114301612B/en
Publication of CN114301612A publication Critical patent/CN114301612A/en
Application granted granted Critical
Publication of CN114301612B publication Critical patent/CN114301612B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供一种信息处理方法、通信设备和加密设备。其中,信息处理方法包括:将第一通信设备支持的加密设备的加密设备信息发送至区块链;接收第二通信设备发送的第一数据,所述第一数据是基于第一通信设备支持的加密设备信息计算得到的;对接收到的第一数据进行处理。本发明的方案能够避免PKG信息的伪造以及恶意的PKG攻击。

Figure 202011000507

The present invention provides an information processing method, a communication device and an encryption device. The information processing method includes: sending encrypted device information of an encrypted device supported by the first communication device to the blockchain; receiving first data sent by the second communication device, the first data being based on the support of the first communication device The encrypted device information is calculated; and the received first data is processed. The scheme of the present invention can avoid forgery of PKG information and malicious PKG attack.

Figure 202011000507

Description

信息处理方法、通信设备和加密设备Information processing method, communication device and encryption device

技术领域technical field

本发明涉及通信技术领域,特别是指一种信息处理方法、通信设备和加密设备。The present invention relates to the technical field of communication, and in particular, to an information processing method, a communication device and an encryption device.

背景技术Background technique

基于身份标识的密码系统(Identity-Based Cryptograph,简称IBC)是一种非对称的公钥密码体系。在基于身份的密码系统中,每个实体具有一个身份标识,该标识可以是任何有意义的字符串,实体的身份标识本身就用作实体的公开密钥。由于标识本身就是实体的公钥,这类系统就不再依赖证书和证书管理系统,从而极大地简化了管理密码系统的复杂性。Identity-Based Cryptograph (IBC) is an asymmetric public key cryptography system. In an identity-based cryptosystem, each entity has an identity, which can be any meaningful string, and the entity's identity itself is used as the entity's public key. Since the identity itself is the entity's public key, such systems no longer rely on certificates and certificate management systems, greatly simplifying the complexity of managing cryptographic systems.

基于IBC技术的密码系统基本结构如下图所示。私钥生成器(PKG,Private KeyGenerator)是IBC的核心部分,主要功能是在IBC系统初始化时,产生主密钥(Master Key)和公开参数(Public Params),并公开发布公开参数,此外,根据用户ID(如IMSI、邮箱地址、手机号等公开信息),为用户生成相应的私钥。可以分为基于身份的加密算法(IBE,Identity Based Encryption),和基于身份的签名算法(IBS,Identity BasedSignature)。The basic structure of the cryptosystem based on IBC technology is shown in the following figure. The private key generator (PKG, Private KeyGenerator) is the core part of IBC. Its main function is to generate the master key (Master Key) and public parameters (Public Params) when the IBC system is initialized, and to publish the public parameters publicly. User ID (such as IMSI, email address, mobile phone number and other public information) to generate the corresponding private key for the user. It can be divided into identity-based encryption algorithm (IBE, Identity Based Encryption), and identity-based signature algorithm (IBS, Identity Based Signature).

相比于传统PKI(公钥基础设施)系统,IBC系统的用户可以很容易地获取通信对方的公钥(直接由ID确定),不需要使用专门的数字证书来绑定身份信息和公钥,无需证书请求和证书传递过程,能够有效减少数据交互过程中传递证书所带来的通信开销,简化了认证中证书管理机制和流程。Compared with the traditional PKI (Public Key Infrastructure) system, the user of the IBC system can easily obtain the public key of the communicating party (determined directly by the ID), without using a special digital certificate to bind the identity information and public key, There is no need for certificate request and certificate delivery process, which can effectively reduce the communication overhead caused by certificate delivery in the process of data interaction, and simplify the certificate management mechanism and process during authentication.

用户在使用IBC技术时,需要首先从PKG获取IBC系统的公开参数,而随着技术的发展,网络接入的IBC系统可能有多套。如果IBC系统的公开参数无保护措施,那么攻击者有可能发布虚假的公开参数冒用其他合法的IBC系统;使得用户使用虚假的公开参数和接收者的身份加密数据,由于公开参数由攻击者发布,那么攻击者可以解密用户的加密数据,并且可以仿冒接收者进行签名。When using the IBC technology, users need to obtain the public parameters of the IBC system from the PKG first. With the development of the technology, there may be multiple sets of IBC systems connected to the network. If the public parameters of the IBC system are unprotected, the attacker may publish false public parameters to use other legitimate IBC systems; making users encrypt data with false public parameters and the identity of the receiver, since the public parameters are published by the attacker , then the attacker can decrypt the user's encrypted data, and can impersonate the receiver to sign.

为了防止攻击者可能篡改或发布虚假的PKG的公开参数,PKG需要对系统的公开参数加以保护,以确保公开参数的完整性和有效性。目前,较为可行的方式是采用PKI技术对PKG的公开参数进行签名保护,签名信息与公开参数一起存放作为公开参数的一部分,用户在使用公开参数时首先验证公开参数的有效性,以防止攻击者对公开参数的篡改。但采用该方案,不仅需要在用户终端预置可信的数字证书,而且在进行身份验证时需要验签PKI的签名(目前较多采用1024或2048位的RSA算法),产生了较大的计算负荷、增加了消息传递的负担。同时,IBC的用户也存在另一种需求,即不希望自己在大量的PKG上进行注册。In order to prevent attackers from tampering or publishing false PKG public parameters, PKG needs to protect the public parameters of the system to ensure the integrity and validity of the public parameters. At present, a more feasible way is to use PKI technology to sign the public parameters of PKG, and store the signature information together with the public parameters as part of the public parameters. When users use the public parameters, they first verify the validity of the public parameters to prevent attackers. Tampering with public parameters. However, using this scheme not only needs to preset a trusted digital certificate on the user terminal, but also needs to verify the signature of the PKI during identity verification (currently, 1024 or 2048-bit RSA algorithm is mostly used), resulting in a large calculation. load, increasing the burden of message delivery. At the same time, IBC users also have another requirement, that is, they do not want to register themselves on a large number of PKGs.

发明内容SUMMARY OF THE INVENTION

本发明提供了一种信息处理方法、通信设备和加密设备。能够基于区块链对PKG进行安全保护,避免了PKG信息的伪造以及恶意的PKG攻击。The present invention provides an information processing method, a communication device and an encryption device. It can protect PKG based on the blockchain, avoiding the forgery of PKG information and malicious PKG attacks.

为解决上述技术问题,本发明的技术方案如下:For solving the above-mentioned technical problems, the technical scheme of the present invention is as follows:

一种信息处理方法,应用于第一通信设备,包括:An information processing method, applied to a first communication device, comprising:

将第一通信设备支持的加密设备的加密设备信息发送至区块链;sending the encrypted device information of the encrypted device supported by the first communication device to the blockchain;

接收第二通信设备发送的第一数据,所述第一数据是基于第一通信设备支持的加密设备信息计算得到的;receiving first data sent by the second communication device, where the first data is calculated based on encrypted device information supported by the first communication device;

对接收到的第一数据进行处理。The received first data is processed.

可选地,将第一通信设备支持的加密设备的加密设备信息发送至区块链包括:Optionally, sending the encrypted device information of the encrypted device supported by the first communication device to the blockchain includes:

将第一通信设备支持的加密设备信息发送给区块链的验证节点;Send the encrypted device information supported by the first communication device to the verification node of the blockchain;

通过所述验证节点验证第一通信设备的用户标识,并向所述区块链查询第一通信设备支持的加密设备信息与区块链中存储的加密设备信息的一致性,如果通过验证,将第一通信设备的支持的加密设备的加密设备信记录到区块链中。The user identity of the first communication device is verified by the verification node, and the blockchain is queried for the consistency between the encrypted device information supported by the first communication device and the encrypted device information stored in the blockchain. The encryption device information of the supported encryption devices of the first communication device is recorded in the blockchain.

可选地,所述加密设备信息包括第一通信设备的用户标识、加密设备的用户标识及公开参数。Optionally, the encryption device information includes a user identifier of the first communication device, a user identifier of the encryption device, and public parameters.

可选地,所述根据第一通信设备支持的加密设备信息计算得到的第一数据,包括如下至少一项:Optionally, the first data calculated according to the encrypted device information supported by the first communication device includes at least one of the following:

根据第一通信设备的用户标识以及公开参数计算得到的加密消息,其中所述加密消息中包括第一通信设备的用户标识、公开参数和密文;An encrypted message calculated according to the user identity and public parameters of the first communication device, wherein the encrypted message includes the user identity, public parameters and ciphertext of the first communication device;

基于第二通信设备的私钥和公开参数计算得到的签名消息,所述签名消息中包括第二通信设备的用户标识、消息原文、签名以及加密设备的用户标识和公开参数。The signed message calculated based on the private key and public parameters of the second communication device, the signed message includes the user identification of the second communication device, the original message, the signature, and the user identification and public parameters of the encryption device.

可选地,对接收到的第一数据进行处理包括以下至少一项:Optionally, processing the received first data includes at least one of the following:

当第一通信设备接收到加密消息时,利用第一通信设备的私钥对加密消息进行解密;When the first communication device receives the encrypted message, decrypt the encrypted message by using the private key of the first communication device;

当第一通信设备接收到签名消息时,利用第二通信设备的用户标识和公开参数验证签名消息。When the first communication device receives the signed message, the signed message is verified using the user identification and public parameters of the second communication device.

可选地,所述加密设备为基于身份标识的密码系统中的私钥生成器。Optionally, the encryption device is a private key generator in an identity-based cryptographic system.

可选地,所述加密设备信息还包括加密设备的统一资源定位符URL消息。Optionally, the encrypted device information further includes a uniform resource locator URL message of the encrypted device.

一种信息处理方法,应用于第二通信设备,所述方法包括:An information processing method, applied to a second communication device, the method comprising:

向区块链查询第一通信设备支持的加密设备的加密设备信息;Query the encrypted device information of the encrypted device supported by the first communication device from the blockchain;

基于第一通信设备支持的加密设备信息计算需要发送的第一数据;Calculate the first data to be sent based on the encrypted device information supported by the first communication device;

将第一数据发送给第一通信设备。The first data is sent to the first communication device.

可选地,所述加密设备信息包括第一通信设备的用户标识、加密设备的用户标识及公开参数。Optionally, the encryption device information includes a user identifier of the first communication device, a user identifier of the encryption device, and public parameters.

可选地,基于第一通信设备支持的加密设备信息计算需要发送的第一数据包括如下至少一项:Optionally, calculating the first data to be sent based on the encrypted device information supported by the first communication device includes at least one of the following:

根据第一通信设备的用户标识和公开参数计算得到加密消息,其中所述加密消息包括第一通信设备的用户标识、公开参数和密文;The encrypted message is calculated and obtained according to the user identification and public parameters of the first communication device, wherein the encrypted message includes the user identification, public parameters and ciphertext of the first communication device;

获取第二通信设备的私钥,基于第二通信设备的私钥和公开参数计算签名信息,所述签名信息中包括第二通信设备的用户标识、消息原文、签名、加密设备的用户标识和公开参数。Obtain the private key of the second communication device, and calculate signature information based on the private key of the second communication device and the public parameters, where the signature information includes the user ID of the second communication device, the original message, the signature, the user ID of the encryption device and the disclosure parameter.

可选地,将第一数据发送给第一通信设备包括以下至少一项:Optionally, sending the first data to the first communication device includes at least one of the following:

将加密消息发送给第一通信设备;sending the encrypted message to the first communication device;

将签名信息发送给第一通信设备。The signature information is sent to the first communication device.

可选地,将加密消息发送给第一通信设备包括:Optionally, sending the encrypted message to the first communication device includes:

将加密消息发送给一安全网关;sending the encrypted message to a security gateway;

安全网关验证加密消息中携带的加密设备信息与区块链上第一通信设备支持的加密设备的加密设备信息是否一致,如果一致,将加密消息发送给第一通信设备;否则删除加密消息。The security gateway verifies whether the encrypted device information carried in the encrypted message is consistent with the encrypted device information of the encrypted device supported by the first communication device on the blockchain, and if so, sends the encrypted message to the first communication device; otherwise, deletes the encrypted message.

可选地,所述加密设备为基于身份标识的密码系统中的私钥生成器。Optionally, the encryption device is a private key generator in an identity-based cryptographic system.

可选地,所述加密设备信息还包括加密设备的URL消息。Optionally, the encrypted device information further includes a URL message of the encrypted device.

一种加密设备信息上报方法,应用于加密设备,包括:A method for reporting encrypted device information, applied to an encrypted device, comprising:

生成至少一个公开参数;generate at least one public parameter;

将加密设备的用户标识和所述至少一个公开参数发送给区块链的验证节点,sending the user identification of the encryption device and the at least one public parameter to the verification node of the blockchain,

将区块链的验证节点验证通过的用户标识和至少一个公开参数记录到区块链。Record the user ID and at least one public parameter verified by the verification node of the blockchain to the blockchain.

可选地,所述的方法还包括:Optionally, the method further includes:

加密设备发布公开参数更新请求;The encryption device issues a public parameter update request;

使用加密设备的私钥,对待更新的公开参数进行签名以生成签名信息;Use the private key of the encryption device to sign the public parameters to be updated to generate signature information;

将签名信息发送给区块链的验证节点;Send the signature information to the verification node of the blockchain;

区块链的验证节点向区块链查询加密设备的公开参数,使用加密设备的用户标识以及公开参数验证签名信息,验证通过后,将待更新的公开参数上传至区块链。The verification node of the blockchain queries the blockchain for the public parameters of the encryption device, and uses the user ID of the encryption device and the public parameters to verify the signature information. After the verification is passed, the public parameters to be updated are uploaded to the blockchain.

可选地,所述加密设备为基于身份标识的密码系统中的私钥生成器。Optionally, the encryption device is a private key generator in an identity-based cryptographic system.

一种第一通信设备,包括:A first communication device, comprising:

第一发送模块,将第一通信设备支持的加密设备的加密设备信息发送至区块链;The first sending module sends the encrypted device information of the encrypted device supported by the first communication device to the blockchain;

接收模块,接收第二通信设备发送的第一数据,所述第一数据是基于第一通信设备支持的加密设备信息计算得到的;a receiving module that receives first data sent by the second communication device, where the first data is calculated based on encrypted device information supported by the first communication device;

处理模块,对接收到的第一数据进行处理。The processing module processes the received first data.

一种第二通信设备,包括:A second communication device, comprising:

查询模块,向区块链查询第一通信设备支持的加密设备的加密设备信息;a query module, which queries the blockchain for encrypted device information of the encrypted device supported by the first communication device;

计算模块,基于第一通信设备支持的加密设备信息计算需要发送的第一数据;a calculation module, which calculates the first data to be sent based on the encrypted device information supported by the first communication device;

第二发送模块,将第一数据发送给第一通信设备。The second sending module sends the first data to the first communication device.

一种加密设备,包括:An encryption device comprising:

生成模块,生成至少一个公开参数;Generate a module that generates at least one public parameter;

第三发送模块,将加密设备的用户标识和所述至少一个公开参数发送给区块链的验证节点,The third sending module sends the user identification of the encryption device and the at least one public parameter to the verification node of the blockchain,

记录模块,将区块链的验证节点验证通过的用户标识和至少一个公开参数记录到区块链。The recording module records the user ID and at least one public parameter verified by the verification node of the blockchain to the blockchain.

本发明的实施例还提供一种通信设备,包括:处理器、存储有计算机程序的存储器,所述计算机程序被处理器运行时,执行如上所述的方法。An embodiment of the present invention also provides a communication device, comprising: a processor and a memory storing a computer program, the computer program executing the above method when the processor is run.

本发明的实施例还提供一种计算机可读存储介质,存储指令,当所述指令在计算机上运行时,使得计算机执行如上所述的方法。Embodiments of the present invention also provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the above-described method.

本发明的上述方案至少包括以下有益效果:The above-mentioned scheme of the present invention at least includes the following beneficial effects:

本发明的上述方案,在IBC体系中,合法的PKG需要在区块链上登记并注册其公开参数;在发送方尝试进行消息发送时,可以通过上链查询,确认其身份、公开参数的有效性,然后再发送机密数据。通过区块链登记PKG信息,避免了PKG信息的伪造。此外,消息的接收方基于区块链声明其支持的PKG信息,可以避免被恶意的PKG攻击。In the above solution of the present invention, in the IBC system, a legal PKG needs to register and register its public parameters on the blockchain; when the sender tries to send a message, it can check the identity and the validity of the public parameters through the on-chain query. sex before sending confidential data. Registering PKG information through the blockchain avoids the forgery of PKG information. In addition, the receiver of the message declares the PKG information it supports based on the blockchain, which can avoid malicious PKG attacks.

附图说明Description of drawings

图1是本发明的实施例的信息处理方法的流程示意图;1 is a schematic flowchart of an information processing method according to an embodiment of the present invention;

图2是本发明的实施例的PKG身份保护系统的示意图;Fig. 2 is the schematic diagram of the PKG identity protection system of the embodiment of the present invention;

图3是本发明实施例的用户支持的PKG信息的示意图;3 is a schematic diagram of PKG information supported by a user according to an embodiment of the present invention;

图4是本发明的实施例的信息处理方法的另一流程示意图;4 is another schematic flow chart of the information processing method according to the embodiment of the present invention;

图5是本发明的实施例的加密设备信息上报方法的流程示意图;5 is a schematic flowchart of a method for reporting encrypted device information according to an embodiment of the present invention;

图6是本发明实施例的PKG上报的PKG信息的示意图;6 is a schematic diagram of PKG information reported by PKG according to an embodiment of the present invention;

图7为本发明实施例的第一通信设备示意图;FIG. 7 is a schematic diagram of a first communication device according to an embodiment of the present invention;

图8为本发明实施例的第二通信设备示意图;FIG. 8 is a schematic diagram of a second communication device according to an embodiment of the present invention;

图9为本发明实施例的加密设备示意图。FIG. 9 is a schematic diagram of an encryption device according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that the present disclosure will be more thoroughly understood, and will fully convey the scope of the present disclosure to those skilled in the art.

如图1所示,本发明的实施例提供一种信息处理方法,应用于第一通信设备,包括:As shown in FIG. 1, an embodiment of the present invention provides an information processing method, applied to a first communication device, including:

步骤110,将第一通信设备支持的加密设备的加密设备信息发送至区块链;Step 110, sending the encrypted device information of the encrypted device supported by the first communication device to the blockchain;

步骤120,接收第二通信设备发送的第一数据,所述第一数据是基于第一通信设备支持的加密设备信息计算得到的;Step 120: Receive first data sent by the second communication device, where the first data is calculated based on encrypted device information supported by the first communication device;

步骤130,对接收到的第一数据进行处理。Step 130: Process the received first data.

本发明的上述方案,第一通信设备为IBC系统中信息的发送方,第二通信设备为信息的接收方,加密设备为IBC系统中的PKG。In the above solution of the present invention, the first communication device is the sender of the information in the IBC system, the second communication device is the receiver of the information, and the encryption device is the PKG in the IBC system.

图2示出了一种去中心化的PKG身份保护系统,该系统由若干PKG、IBC私钥用户、IBC依赖方、验证节点组成,执行PKG信息发布、用户支持的PKG信息发布、IBC加密过程、IBC签名过程、PKG信息更新等过程。Figure 2 shows a decentralized PKG identity protection system, which consists of several PKG, IBC private key users, IBC relying parties, and verification nodes, and performs PKG information release, user-supported PKG information release, and IBC encryption processes , IBC signature process, PKG information update and other processes.

首先对图2所示系统的系统架构进行说明。First, the system architecture of the system shown in FIG. 2 will be described.

区块链:存储PKG及其公开参数信息、IBC依赖方及其信任的PKG信息。Blockchain: Store PKG and its public parameter information, IBC relying party and its trusted PKG information.

PKG:IBC系统中的私钥生成器,生成公开参数,并且将公开参数发送给验证节点,将验证节点验证通过后的信息记录到区块链中。PKG: The private key generator in the IBC system generates public parameters, sends the public parameters to the verification node, and records the information after the verification node has passed the verification in the blockchain.

IBC依赖方:信任并使用某个PKG的参与方,依赖方无需拥有私钥;例如,在加密模型中的加密方(消息发送方),签名模型中的验证方(消息接收方)。IBC Relying Party: A party that trusts and uses a PKG, and the relying party does not need to have a private key; for example, the encrypting party (message sender) in the encryption model, the verifier (message receiver) in the signature model.

IBC私钥用户:需要在PKG注册并申请私钥的参与方;例如,在加密模型中的解密方(消息接收方),签名模型中的签名方(消息发送方);IBC private key user: a participant who needs to register in PKG and apply for a private key; for example, the decryptor (message receiver) in the encryption model, and the signer (message sender) in the signature model;

区块链验证节点:接收PKG提交的PKG信息,以及PKG更新信息,并对这些信息进行验证;接收IBC私钥用户或IBC依赖方提交的信任的PKG及其公开参数,并对这些信息进行验证。Blockchain verification node: Receive PKG information submitted by PKG and PKG update information, and verify these information; receive trusted PKG and its public parameters submitted by IBC private key users or IBC relying parties, and verify these information .

本发明的一可选的实施例中,步骤110包括:In an optional embodiment of the present invention, step 110 includes:

将第一通信设备支持的加密设备信息发送给区块链的验证节点;Send the encrypted device information supported by the first communication device to the verification node of the blockchain;

通过所述验证节点验证第一通信设备的用户标识,并向所述区块链查询第一通信设备支持的加密设备信息与区块链中存储的加密设备信息的一致性,如果通过验证,将第一通信设备的支持的加密设备的加密设备信记录到区块链中。The user identity of the first communication device is verified by the verification node, and the blockchain is queried for the consistency between the encrypted device information supported by the first communication device and the encrypted device information stored in the blockchain. The encryption device information of the supported encryption devices of the first communication device is recorded in the blockchain.

在该实施例中,IBC私钥用户或依赖方发布其支持的PKG信息。该过程主要用于IBC私钥用户或IBC依赖方发布自己信任的PKG,由于可能存在多个PKG,那么IBC私钥用户或依赖方(例如终端用户或运营商网元)可能仅信任部分PKG,那么这些用户或网元就可以将信任的PKG信息发布到区块链中,当其他用户或网元向这些节点发送IBC消息时,就需要使用接收方信任的PKG公开参数计算IBC消息。In this embodiment, the IBC private key user or relying party publishes the PKG information it supports. This process is mainly used for IBC private key users or IBC relying parties to publish their own trusted PKGs. Since there may be multiple PKGs, IBC private key users or relying parties (such as end users or operator network elements) may only trust some PKGs. Then these users or network elements can publish the trusted PKG information to the blockchain. When other users or network elements send IBC messages to these nodes, they need to use the PKG public parameters trusted by the receiver to calculate the IBC message.

用户将自身信任的PKG信息发送给验证节点。验证节点验证用户的身份信息,并向区块链查询用户支持的PKG的公开参数信息,验证用户提交的公开参数与区块链中信息的一致性,验证通过后,用户信息及其信任的PKG信息将被记录到区块链中。The user sends the PKG information he trusts to the verification node. The verification node verifies the user's identity information, and queries the blockchain for the public parameter information of the PKG supported by the user, and verifies the consistency of the public parameters submitted by the user with the information in the blockchain. After the verification is passed, the user information and its trusted PKG Information will be recorded into the blockchain.

本发明的一可选的实施例中,所述加密设备信息包括第一通信设备的用户标识、加密设备的用户标识及公开参数。In an optional embodiment of the present invention, the encryption device information includes a user identifier of the first communication device, a user identifier of the encryption device, and public parameters.

在本实施例中,用户信任的PKG包括[用户ID、用户支持的PKG及公开参数信息列表]。如图3所示,用户声明的可支持PKG信息使用区块格式表示。区块分为区块头和区块体,区块头使用当前通用技术,区块体中包含若干条记录,是用户声明的可支持PKG信息,主要包括用户ID、PKG的身份信息、公开参数信息,还可以包含PKG的URL等信息。每个用户可以将自己支持的PKG及公开参数放到区块链。In this embodiment, the PKG trusted by the user includes [user ID, PKG supported by the user, and public parameter information list]. As shown in Figure 3, the supportable PKG information declared by the user is expressed in block format. A block is divided into a block header and a block body. The block header uses the current general technology. The block body contains several records, which are supported PKG information declared by the user, mainly including user ID, PKG identity information, and public parameter information. It can also contain information such as the URL of the PKG. Each user can put their own supported PKG and public parameters on the blockchain.

本发明的一可选的实施例中,所述根据第一通信设备支持的加密设备信息计算得到的数据,包括如下至少一项:In an optional embodiment of the present invention, the data calculated according to the encrypted device information supported by the first communication device includes at least one of the following:

根据第一通信设备的用户标识以及公开参数计算得到的加密消息,其中所述加密消息中包括第一通信设备的用户标识、公开参数和密文;An encrypted message calculated according to the user identity and public parameters of the first communication device, wherein the encrypted message includes the user identity, public parameters and ciphertext of the first communication device;

基于第二通信设备的私钥和公开参数计算得到的签名消息,所述签名消息中包括第二通信设备的用户标识、消息原文、签名以及加密设备的用户标识和公开参数。The signed message calculated based on the private key and public parameters of the second communication device, the signed message includes the user identification of the second communication device, the original message, the signature, and the user identification and public parameters of the encryption device.

本发明的一可选的实施例中,步骤130包括以下至少一项:In an optional embodiment of the present invention, step 130 includes at least one of the following:

当第一通信设备接收到加密消息时,利用第一通信设备的私钥对加密消息进行解密;When the first communication device receives the encrypted message, decrypt the encrypted message by using the private key of the first communication device;

当第一通信设备接收到签名消息时,利用第二通信设备的用户标识和公开参数验证签名消息。When the first communication device receives the signed message, the signed message is verified using the user identification and public parameters of the second communication device.

在IBC系统中,信息传输过程主要分为两种,即IBC加密过程和IBC前面签名过程。In the IBC system, the information transmission process is mainly divided into two types, namely the IBC encryption process and the IBC front signature process.

在IBC加密过程中,例如移动用户(IBC依赖方)向运营商网元(IBC私钥用户)发送加密报文。IBC依赖方需要向IBC私钥用户发送加密消息时,依赖方首先向区块链查询IBC私钥用户所信任的PKG以及公开参数;IBC依赖方利用IBC私钥用户的身份信息,以及公开参数计算加密报文,报文中包含IBC私钥用户的身份信息、公开参数、密文等;IBC依赖方将加密报文发送至IBC私钥用户;私钥用户接受到加密报文之后,利用私钥解密报文。In the IBC encryption process, for example, the mobile user (IBC relying party) sends an encrypted message to the operator's network element (IBC private key user). When the IBC relying party needs to send an encrypted message to the IBC private key user, the relying party first queries the blockchain for the PKG and public parameters trusted by the IBC private key user; the IBC relying party uses the IBC private key user's identity information and public parameters to calculate Encrypted message, the message contains the identity information, public parameters, ciphertext, etc. of the IBC private key user; the IBC relying party sends the encrypted message to the IBC private key user; after receiving the encrypted message, the private key user uses the private key Decrypt the message.

具体的,基于区块链的IBC系统的加密流程如下:Specifically, the encryption process of the blockchain-based IBC system is as follows:

(1)可信的PKG生成主密钥(Master Key)和公开参数(Public Params),并公开发布格式为[PKG_ID,Public Params]的信息到区块链;如[PKG_IoT1,Public Params_IoT1]、[PKG_IoT1,Public Params_IoT2]。(1) A trusted PKG generates a master key (Master Key) and public parameters (Public Params), and publicly publishes information in the format [PKG_ID, Public Params] to the blockchain; such as [PKG_IoT1, Public Params_IoT1], [ PKG_IoT1, Public Params_IoT2].

(2)接收方用户声明自己支持的区块链、公开参数信息,并将其发布到区块链,例如:[Bob_ID,PKG_IoT1,Public Params_IoT2]。(2) The recipient user declares the blockchain they support, public parameter information, and publishes it to the blockchain, for example: [Bob_ID, PKG_IoT1, Public Params_IoT2].

(3)当发送方用户需要给接收方用户发送加密消息时,从区块链中查询接收方用户的ID和支持的Public Params,计算出接收方用户的公钥PubKeyBob=F(IDBob,PKG_IoT1,Public Params_IoT2),然后进行加密操作得到密文Cipher;其中,计算公钥的函数F是公开的算法。(3) When the sender user needs to send an encrypted message to the receiver user, query the receiver user's ID and supported Public Params from the blockchain, and calculate the receiver user's public key PubKeyBob=F(IDBob, PKG_IoT1, Public Params_IoT2), and then perform an encryption operation to obtain the ciphertext Cipher; wherein, the function F for calculating the public key is a public algorithm.

(4)发送方用户将消息[IDBob,Public Params_IoT2,Cipher]发送给接收方用户。接收方用户接收到密文后,使用私钥进行解密;如果未注册,则从PKG_IoT1申请得到与其ID相对应的私钥(由Master Key和ID计算得出)。(4) The sender user sends the message [IDBob, Public Params_IoT2, Cipher] to the receiver user. After receiving the ciphertext, the recipient user uses the private key to decrypt it; if it is not registered, the private key corresponding to its ID (calculated by Master Key and ID) is obtained from PKG_IoT1.

(5)为了避免对接收方的DoS攻击,还可以设置安全网关,在步骤(4)中,发送方用户将消息[IDBob,Public Params_IoT2,Cipher]发送给安全网关,安全网关对消息的有效性进行验证:从区块链上查询验证,若接收方用户已在区块链声明支持[PKG_IoT1,PublicParams_IoT2],则将信息转发给接收方用户;否则丢弃信息。(5) In order to avoid DoS attacks on the receiver, a security gateway can also be set up. In step (4), the sender user sends the message [IDBob, Public Params_IoT2, Cipher] to the security gateway. The validity of the message by the security gateway Verify: Query and verify from the blockchain. If the recipient user has declared support [PKG_IoT1, PublicParams_IoT2] on the blockchain, the information will be forwarded to the recipient user; otherwise, the information will be discarded.

在ICB签名过程中,例如,移动用户(IBC私钥用户)向运营商网元(IBC依赖方)发送签名报文。当IBC私钥用户需要对消息进行签名,并由IBC依赖方进行验证时,IBC私钥用户向区块链查询IBC依赖方所支持的PKG及公开参数,根据支持的PKG及其公开参数申请私钥;IBC私钥用户使用申请到的私钥和公开参数计算签名,并将签名消息发送给依赖方,其中签名消息包括IBC私钥用户的身份标识、签名消息原文、签名、PKG标识、PKG公开参数等内容;IBC依赖方接收到签名消息之后,利用IBC私钥用户身份信息以及PKG公开参数等信息验证签名。In the ICB signing process, for example, the mobile user (IBC private key user) sends a signed message to the operator's network element (IBC relying party). When the IBC private key user needs to sign the message and the IBC relying party verifies it, the IBC private key user queries the blockchain for the PKG and public parameters supported by the IBC relying party, and applies for private key according to the supported PKG and its public parameters. The IBC private key user uses the applied private key and public parameters to calculate the signature, and sends the signed message to the relying party, where the signed message includes the IBC private key user's identity, the original text of the signed message, the signature, the PKG logo, and the PKG public. Parameters and other content; after the IBC relying party receives the signed message, it uses the IBC private key user identity information and PKG public parameters and other information to verify the signature.

具体的,基于区块链的IBC系统的签名流程如下:Specifically, the signature process of the blockchain-based IBC system is as follows:

(1)接收方用户声明自己支持的区块链、公开参数信息,并将其发布到区块链中,例如:[Bob_ID,PKG_IoT1,Public Params_IoT2];(1) The recipient user declares the blockchain they support, public parameter information, and publishes it in the blockchain, for example: [Bob_ID, PKG_IoT1, Public Params_IoT2];

(2)当发送方用户需要对消息M进行签名,并由接收方用户进行验证时,向区块链查询接收方用户支持的PKG及其公开参数,根据支持的PKG及其公开参数申请私钥;(2) When the sender user needs to sign the message M and verify it by the receiver user, query the blockchain for the PKG and its public parameters supported by the receiver user, and apply for a private key according to the supported PKG and its public parameters ;

(3)发送方用户使用申请到的私钥SkAlice,和PKG的公开参数Public Params_IoT2计算签名:SigAlice=F(M,SkAlice,Public Params),其中F是公开算法;(3) The sender user uses the applied private key SkAlice and the public parameter Public Params_IoT2 of PKG to calculate the signature: SigAlice=F(M, SkAlice, Public Params), where F is the public algorithm;

(4)发送方用户将消息[Alice_ID,M,SigAlice,Public Params_IoT2]发送给接收方用户;(4) The sender user sends the message [Alice_ID, M, SigAlice, Public Params_IoT2] to the receiver user;

(5)接收方用户接收到发送方用户发送的签名消息后,使用发送方用户的ID以及公开参数验证签名,得出验证结果。(5) After receiving the signed message sent by the sender user, the receiver user verifies the signature using the sender user's ID and public parameters to obtain the verification result.

本发明的一可选的实施例中,所述加密设备为基于身份标识的密码系统中的私钥生成器。In an optional embodiment of the present invention, the encryption device is a private key generator in an identity-based cryptographic system.

本发明的一可选的实施例中,所述加密设备信息还包括加密设备的统一资源定位符URL消息。In an optional embodiment of the present invention, the encryption device information further includes a uniform resource locator URL message of the encryption device.

本发明的上述方案,在IBC体系中,合法的PKG需要在区块链上登记并注册其公开参数;在发送方尝试进行消息发送时,可以通过上链查询,确认其身份、公开参数的有效性,然后再发送机密数据。通过区块链登记PKG信息,避免了PKG信息的伪造。此外,消息的接收方基于区块链声明其支持的PKG信息,可以避免被恶意的PKG攻击。In the above solution of the present invention, in the IBC system, a legal PKG needs to register and register its public parameters on the blockchain; when the sender tries to send a message, it can check the identity and the validity of the public parameters through the on-chain query. sex before sending confidential data. Registering PKG information through the blockchain avoids the forgery of PKG information. In addition, the receiver of the message declares the PKG information it supports based on the blockchain, which can avoid malicious PKG attacks.

如图4所示,本发明的实施例提供一种信息处理方法,应用于第二通信设备,所述方法包括:As shown in FIG. 4 , an embodiment of the present invention provides an information processing method, which is applied to a second communication device, and the method includes:

步骤410,向区块链查询第一通信设备支持的加密设备的加密设备信息;Step 410, query the block chain for the encryption device information of the encryption device supported by the first communication device;

步骤420,基于第一通信设备支持的加密设备信息计算需要发送的第一数据;Step 420, calculating the first data to be sent based on the encrypted device information supported by the first communication device;

步骤430,将第一数据发送给第一通信设备。Step 430: Send the first data to the first communication device.

本发明的一可选的实施例中,所述加密设备信息包括第一通信设备的用户标识、加密设备的用户标识及公开参数。In an optional embodiment of the present invention, the encryption device information includes a user identifier of the first communication device, a user identifier of the encryption device, and public parameters.

本发明的一可选的实施例中,步骤420包括如下至少一项:In an optional embodiment of the present invention, step 420 includes at least one of the following:

根据第一通信设备的用户标识和公开参数计算得到加密消息,其中所述加密消息包括第一通信设备的用户标识、公开参数和密文;The encrypted message is calculated and obtained according to the user identification and public parameters of the first communication device, wherein the encrypted message includes the user identification, public parameters and ciphertext of the first communication device;

获取第二通信设备的私钥,基于第二通信设备的私钥和公开参数计算签名信息,所述签名信息中包括第二通信设备的用户标识、消息原文、签名、加密设备的用户标识和公开参数。Obtain the private key of the second communication device, and calculate signature information based on the private key of the second communication device and the public parameters, where the signature information includes the user ID of the second communication device, the original message, the signature, the user ID of the encryption device and the disclosure parameter.

本发明的一可选的实施例中,步骤430包括以下至少一项:In an optional embodiment of the present invention, step 430 includes at least one of the following:

将加密消息发送给第一通信设备;sending the encrypted message to the first communication device;

将签名信息发送给第一通信设备。The signature information is sent to the first communication device.

本发明的一可选的实施例中,将加密消息发送给第一通信设备包括:In an optional embodiment of the present invention, sending the encrypted message to the first communication device includes:

将加密消息发送给一安全网关;sending the encrypted message to a security gateway;

安全网关验证加密消息中携带的加密设备信息与区块链上第一通信设备支持的加密设备的加密设备信息是否一致,如果一致,将加密消息发送给第一通信设备;否则删除加密消息。The security gateway verifies whether the encrypted device information carried in the encrypted message is consistent with the encrypted device information of the encrypted device supported by the first communication device on the blockchain, and if so, sends the encrypted message to the first communication device; otherwise, deletes the encrypted message.

在本实施例中,为了避免对接收方的DoS攻击,还可以设置安全网关,发送方用户将消息[IDBob,Public Params_IoT2,Cipher]发送给安全网关,安全网关对消息的有效性进行验证:从区块链上查询验证,若接收方用户已在区块链声明支持[PKG_IoT1,PublicParams_IoT2],则将信息转发给接收方用户;否则丢弃信息。In this embodiment, in order to avoid DoS attacks on the receiver, a security gateway can also be set, and the sender user sends the message [IDBob, Public Params_IoT2, Cipher] to the security gateway, and the security gateway verifies the validity of the message: from Query verification on the blockchain, if the recipient user has declared support [PKG_IoT1, PublicParams_IoT2] on the blockchain, the information will be forwarded to the recipient user; otherwise, the information will be discarded.

本发明的一可选的实施例中,所述加密设备为基于身份标识的密码系统中的私钥生成器。In an optional embodiment of the present invention, the encryption device is a private key generator in an identity-based cryptographic system.

本发明的一可选的实施例中,所述加密设备信息还包括加密设备的URL消息。In an optional embodiment of the present invention, the encrypted device information further includes a URL message of the encrypted device.

本发明的上述方案,在IBC体系中,合法的PKG需要在区块链上登记并注册其公开参数;在发送方尝试进行消息发送时,可以通过上链查询,确认其身份、公开参数的有效性,然后再发送机密数据。通过区块链登记PKG信息,避免了PKG信息的伪造。此外,消息的接收方基于区块链声明其支持的PKG信息,可以避免被恶意的PKG攻击。In the above solution of the present invention, in the IBC system, a legal PKG needs to register and register its public parameters on the blockchain; when the sender tries to send a message, it can check the identity and the validity of the public parameters through the on-chain query. sex before sending confidential data. Registering PKG information through the blockchain avoids the forgery of PKG information. In addition, the receiver of the message declares the PKG information it supports based on the blockchain, which can avoid malicious PKG attacks.

如图5所示,一种加密设备信息上报方法,应用于加密设备,包括:As shown in Figure 5, a method for reporting encrypted device information, applied to an encrypted device, includes:

步骤510,生成至少一个公开参数;Step 510, generating at least one public parameter;

步骤520,将加密设备的用户标识和所述至少一个公开参数发送给区块链的验证节点,Step 520, sending the user identification of the encryption device and the at least one public parameter to the verification node of the blockchain,

步骤530,将区块链的验证节点验证通过的用户标识和至少一个公开参数记录到区块链。Step 530: Record the user ID and at least one public parameter that are verified by the verification node of the blockchain into the blockchain.

本发明的一可选的实施例中,所述加密设备信息上报方法还包括:In an optional embodiment of the present invention, the method for reporting encrypted device information further includes:

加密设备发布公开参数更新请求;The encryption device issues a public parameter update request;

使用加密设备的私钥,对待更新的公开参数进行签名以生成签名信息;Use the private key of the encryption device to sign the public parameters to be updated to generate signature information;

将签名信息发送给区块链的验证节点;Send the signature information to the verification node of the blockchain;

区块链的验证节点向区块链查询加密设备的公开参数,使用加密设备的用户标识以及公开参数验证签名信息,验证通过后,将待更新的公开参数上传至区块链。The verification node of the blockchain queries the blockchain for the public parameters of the encryption device, and uses the user ID of the encryption device and the public parameters to verify the signature information. After the verification is passed, the public parameters to be updated are uploaded to the blockchain.

在IBC系统中,PKG信息发布流程具体如下:In the IBC system, the PKG information release process is as follows:

(1)PKG生成公开参数,一个PKG可以生成多套公开参数;(1) PKG generates public parameters, and one PKG can generate multiple sets of public parameters;

(2)PKG将自身信息(包括PKG的名称,URL等),公开参数信息发送给验证节点;(2) PKG sends its own information (including PKG name, URL, etc.) and public parameter information to the verification node;

(3)验证节点验证PKG提交的信息,验证通过后,这些信息将被记录到区块链中。(3) The verification node verifies the information submitted by PKG. After the verification is passed, the information will be recorded in the blockchain.

当PKG需要更新公开参数等信息时,PKG执行PKG信息更新过程,具体如下:When PKG needs to update public parameters and other information, PKG executes the PKG information update process, as follows:

(1)当PKG需要更新信息时,例如生成新的公开参数[PKG_IoT1,Public Params_IoT3],那么PKG产生公开信息发布请求,使用原有的IBC私钥,对新的公开参数进行签名;(1) When PKG needs to update information, such as generating new public parameters [PKG_IoT1, Public Params_IoT3], then PKG generates a public information release request, and uses the original IBC private key to sign the new public parameters;

(2)PKG将签名发送给验证节点;(2) PKG sends the signature to the verification node;

(3)验证节点向区块链查询PKG的公开参数信息,使用其ID以及公开参数验证签名正确性,通过验证后,新的公开参数将记录到区块链中。(3) The verification node queries the blockchain for the public parameter information of PKG, and uses its ID and public parameters to verify the correctness of the signature. After verification, the new public parameters will be recorded in the blockchain.

如图6所示,PKG信息使用区块格式表示。区块分为区块头和区块体,区块头使用当前通用技术,区块体中包含若干条记录,,主要包括PKG的身份信息和公开参数信息。每个PKG将自己的公开参数放到区块链。可选地,用户支持的PKG信息和PKG自己公开的信息可以记录在于相同的区块链中,也可以记录在不同的区块链中,在此不做限定。As shown in FIG. 6, PKG information is represented using a block format. The block is divided into a block header and a block body. The block header uses the current general technology, and the block body contains several records, mainly including the identity information and public parameter information of the PKG. Each PKG puts its own public parameters on the blockchain. Optionally, the PKG information supported by the user and the information disclosed by the PKG itself may be recorded in the same blockchain, or may be recorded in different blockchains, which is not limited here.

本发明的一可选的实施例中,所述加密设备为基于身份标识的密码系统中的私钥生成器。In an optional embodiment of the present invention, the encryption device is a private key generator in an identity-based cryptographic system.

本发明的上述方案,在IBC体系中,合法的PKG需要在区块链上登记并注册其公开参数;在发送方尝试进行消息发送时,可以通过上链查询,确认其身份、公开参数的有效性,然后再发送机密数据。通过区块链登记PKG信息,避免了PKG信息的伪造。此外,消息的接收方基于区块链声明其支持的PKG信息,可以避免被恶意的PKG攻击。In the above solution of the present invention, in the IBC system, a legal PKG needs to register and register its public parameters on the blockchain; when the sender tries to send a message, it can check the identity and the validity of the public parameters through the on-chain query. sex before sending confidential data. Registering PKG information through the blockchain avoids the forgery of PKG information. In addition, the receiver of the message declares the PKG information it supports based on the blockchain, which can avoid malicious PKG attacks.

如图7所示,本发明的实施例提供一种第一通信设备70,包括:As shown in FIG. 7, an embodiment of the present invention provides a first communication device 70, including:

第一发送模块710,将第一通信设备支持的加密设备的加密设备信息发送至区块链;The first sending module 710 sends the encrypted device information of the encrypted device supported by the first communication device to the blockchain;

接收模块720,接收第二通信设备发送的第一数据,所述第一数据是基于第一通信设备支持的加密设备信息计算得到的;A receiving module 720, receiving first data sent by the second communication device, where the first data is calculated based on encrypted device information supported by the first communication device;

处理模块730,对接收到的第一数据进行处理。The processing module 730 processes the received first data.

在本公开的实施例中,所示第一发送模块710具体用于:In the embodiment of the present disclosure, the illustrated first sending module 710 is specifically used for:

将第一通信设备支持的加密设备信息发送给区块链的验证节点;Send the encrypted device information supported by the first communication device to the verification node of the blockchain;

通过所述验证节点验证第一通信设备的用户标识,并向所述区块链查询第一通信设备支持的加密设备信息与区块链中存储的加密设备信息的一致性,如果通过验证,将第一通信设备的支持的加密设备的加密设备信记录到区块链中。The user identity of the first communication device is verified by the verification node, and the blockchain is queried for the consistency between the encrypted device information supported by the first communication device and the encrypted device information stored in the blockchain. The encryption device information of the supported encryption devices of the first communication device is recorded in the blockchain.

在本公开的实施例中,所述加密设备信息包括第一通信设备的用户标识、加密设备的用户标识及公开参数。In an embodiment of the present disclosure, the encrypted device information includes a user identifier of the first communication device, a user identifier of the encrypted device, and public parameters.

在本公开的实施例中,所述根据第一通信设备支持的加密设备信息计算得到的第一数据,包括如下至少一项:In the embodiment of the present disclosure, the first data calculated according to the encrypted device information supported by the first communication device includes at least one of the following:

根据第一通信设备的用户标识以及公开参数计算得到的加密消息,其中所述加密消息中包括第一通信设备的用户标识、公开参数和密文;An encrypted message calculated according to the user identity and public parameters of the first communication device, wherein the encrypted message includes the user identity, public parameters and ciphertext of the first communication device;

基于第二通信设备的私钥和公开参数计算得到的签名消息,所述签名消息中包括第二通信设备的用户标识、消息原文、签名以及加密设备的用户标识和公开参数。The signed message calculated based on the private key and public parameters of the second communication device, the signed message includes the user identification of the second communication device, the original message, the signature, and the user identification and public parameters of the encryption device.

在本公开的实施例中,所述处理模块730具体用于:In this embodiment of the present disclosure, the processing module 730 is specifically configured to:

当第一通信设备接收到加密消息时,利用第一通信设备的私钥对加密消息进行解密;When the first communication device receives the encrypted message, decrypt the encrypted message by using the private key of the first communication device;

当第一通信设备接收到签名消息时,利用第二通信设备的用户标识和公开参数验证签名消息。When the first communication device receives the signed message, the signed message is verified using the user identification and public parameters of the second communication device.

在本公开的实施例中,所述加密设备为基于身份标识的密码系统中的私钥生成器。In the embodiment of the present disclosure, the encryption device is a private key generator in an identity-based cryptographic system.

在本公开的实施例中,所述加密设备信息还包括加密设备的统一资源定位符URL消息。In an embodiment of the present disclosure, the encrypted device information further includes a Uniform Resource Locator URL message of the encrypted device.

本发明的上述方案,在IBC体系中,合法的PKG需要在区块链上登记并注册其公开参数;在发送方尝试进行消息发送时,可以通过上链查询,确认其身份、公开参数的有效性,然后再发送机密数据。通过区块链登记PKG信息,避免了PKG信息的伪造。此外,消息的接收方基于区块链声明其支持的PKG信息,可以避免被恶意的PKG攻击。In the above solution of the present invention, in the IBC system, a legal PKG needs to register and register its public parameters on the blockchain; when the sender tries to send a message, it can check the identity and the validity of the public parameters through the on-chain query. sex before sending confidential data. Registering PKG information through the blockchain avoids the forgery of PKG information. In addition, the receiver of the message declares the PKG information it supports based on the blockchain, which can avoid malicious PKG attacks.

如图8所示,本发明的实施例提供一种第二通信设备80,包括:As shown in FIG. 8, an embodiment of the present invention provides a second communication device 80, including:

查询模块810,向区块链查询第一通信设备支持的加密设备的加密设备信息;The query module 810 queries the blockchain for encryption device information of the encryption device supported by the first communication device;

计算模块820,基于第一通信设备支持的加密设备信息计算需要发送的第一数据;A calculation module 820, calculating the first data to be sent based on the encrypted device information supported by the first communication device;

第二发送模块830,将第一数据发送给第一通信设备。The second sending module 830 sends the first data to the first communication device.

在本公开的实施例中,所述加密设备信息包括第一通信设备的用户标识、加密设备的用户标识及公开参数。In an embodiment of the present disclosure, the encrypted device information includes a user identifier of the first communication device, a user identifier of the encrypted device, and public parameters.

在本公开的实施例中,所述计算模块820具体用于:In the embodiment of the present disclosure, the computing module 820 is specifically used for:

根据第一通信设备的用户标识和公开参数计算得到加密消息,其中所述加密消息包括第一通信设备的用户标识、公开参数和密文;The encrypted message is calculated and obtained according to the user identification and public parameters of the first communication device, wherein the encrypted message includes the user identification, public parameters and ciphertext of the first communication device;

获取第二通信设备的私钥,基于第二通信设备的私钥和公开参数计算签名信息,所述签名信息中包括第二通信设备的用户标识、消息原文、签名、加密设备的用户标识和公开参数。Obtain the private key of the second communication device, and calculate signature information based on the private key of the second communication device and the public parameters, where the signature information includes the user ID of the second communication device, the original message, the signature, the user ID of the encryption device and the disclosure parameter.

在本公开的实施例中,所述第二发送模块830具体用于:In this embodiment of the present disclosure, the second sending module 830 is specifically configured to:

将加密消息发送给第一通信设备;或者sending the encrypted message to the first communication device; or

将签名信息发送给第一通信设备。The signature information is sent to the first communication device.

在本公开的实施例中,将加密消息发送给第一通信设备包括:In an embodiment of the present disclosure, sending the encrypted message to the first communication device includes:

将加密消息发送给一安全网关;sending the encrypted message to a security gateway;

安全网关验证加密消息中携带的加密设备信息与区块链上第一通信设备支持的加密设备的加密设备信息是否一致,如果一致,将加密消息发送给第一通信设备;否则删除加密消息。The security gateway verifies whether the encrypted device information carried in the encrypted message is consistent with the encrypted device information of the encrypted device supported by the first communication device on the blockchain, and if so, sends the encrypted message to the first communication device; otherwise, deletes the encrypted message.

在本公开的实施例中,所述加密设备为基于身份标识的密码系统中的私钥生成器。In the embodiment of the present disclosure, the encryption device is a private key generator in an identity-based cryptographic system.

在本公开的实施例中,所述加密设备信息还包括加密设备的URL消息。In an embodiment of the present disclosure, the encrypted device information further includes a URL message of the encrypted device.

本发明的上述方案,在IBC体系中,合法的PKG需要在区块链上登记并注册其公开参数;在发送方尝试进行消息发送时,可以通过上链查询,确认其身份、公开参数的有效性,然后再发送机密数据。通过区块链登记PKG信息,避免了PKG信息的伪造。此外,消息的接收方基于区块链声明其支持的PKG信息,可以避免被恶意的PKG攻击。In the above solution of the present invention, in the IBC system, a legal PKG needs to register and register its public parameters on the blockchain; when the sender tries to send a message, it can check the identity and the validity of the public parameters through the on-chain query. sex before sending confidential data. Registering PKG information through the blockchain avoids the forgery of PKG information. In addition, the receiver of the message declares the PKG information it supports based on the blockchain, which can avoid malicious PKG attacks.

如图9所示,本发明的实施例提供一种加密设备,包括:As shown in FIG. 9, an embodiment of the present invention provides an encryption device, including:

生成模块910,生成至少一个公开参数;generating module 910, generating at least one public parameter;

第三发送模块920,将加密设备的用户标识和所述至少一个公开参数发送给区块链的验证节点,The third sending module 920 sends the user identification of the encryption device and the at least one public parameter to the verification node of the blockchain,

记录模块930,将区块链的验证节点验证通过的用户标识和至少一个公开参数记录到区块链。The recording module 930 records the user ID and at least one public parameter passed by the verification node of the blockchain to the blockchain.

在本公开的实施例中,当加密设备发布公开参数更新请求时,所述生成模块910使用加密设备的私钥,对待更新的公开参数进行签名以生成签名信息;所述第三发送模块920将签名信息发送给区块链的验证节点;区块链的验证节点向区块链查询加密设备的公开参数,使用加密设备的用户标识以及公开参数验证签名信息,验证通过后,所述记录模块930将待更新的公开参数上传至区块链。In an embodiment of the present disclosure, when an encryption device issues a public parameter update request, the generating module 910 uses the private key of the encryption device to sign the public parameters to be updated to generate signature information; the third sending module 920 sends The signature information is sent to the verification node of the blockchain; the verification node of the blockchain queries the blockchain for the public parameters of the encryption device, and uses the user ID of the encryption device and the public parameters to verify the signature information. After the verification is passed, the recording module 930 Upload the public parameters to be updated to the blockchain.

在本公开的实施例中,所述加密设备为基于身份标识的密码系统中的私钥生成器。In the embodiment of the present disclosure, the encryption device is a private key generator in an identity-based cryptographic system.

本发明的上述方案,在IBC体系中,合法的PKG需要在区块链上登记并注册其公开参数;在发送方尝试进行消息发送时,可以通过上链查询,确认其身份、公开参数的有效性,然后再发送机密数据。通过区块链登记PKG信息,避免了PKG信息的伪造。此外,消息的接收方基于区块链声明其支持的PKG信息,可以避免被恶意的PKG攻击。In the above solution of the present invention, in the IBC system, a legal PKG needs to register and register its public parameters on the blockchain; when the sender tries to send a message, it can check the identity and the validity of the public parameters through the on-chain query. sex before sending confidential data. Registering PKG information through the blockchain avoids the forgery of PKG information. In addition, the receiver of the message declares the PKG information it supports based on the blockchain, which can avoid malicious PKG attacks.

本发明的实施例还提供一种通信设备,包括:处理器、存储有计算机程序的存储器,所述计算机程序被处理器运行时,执行如上所述的方法。上述方法实施例中的所有实现方式均适用于该实施例中,也能达到相同的技术效果。An embodiment of the present invention also provides a communication device, comprising: a processor and a memory storing a computer program, the computer program executing the above method when the processor is run. All implementation manners in the foregoing method embodiment are applicable to this embodiment, and the same technical effect can also be achieved.

本发明的实施例还提供一种计算机可读存储介质,包括指令,当所述指令在计算机上运行时,使得计算机执行如上所述的方法。上述方法实施例中的所有实现方式均适用于该实施例中,也能达到相同的技术效果。Embodiments of the present invention also provide a computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method as described above. All implementation manners in the foregoing method embodiment are applicable to this embodiment, and the same technical effect can also be achieved.

本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Those of ordinary skill in the art can realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of the present invention.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working process of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which will not be repeated here.

在本发明所提供的实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.

所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。The functions, if implemented in the form of software functional units and sold or used as independent products, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present invention can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes: a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk and other mediums that can store program codes.

此外,需要指出的是,在本发明的装置和方法中,显然,各部件或各步骤是可以分解和/或重新组合的。这些分解和/或重新组合应视为本发明的等效方案。并且,执行上述系列处理的步骤可以自然地按照说明的顺序按时间顺序执行,但是并不需要一定按照时间顺序执行,某些步骤可以并行或彼此独立地执行。对本领域的普通技术人员而言,能够理解本发明的方法和装置的全部或者任何步骤或者部件,可以在任何计算装置(包括处理器、存储介质等)或者计算装置的网络中,以硬件、固件、软件或者它们的组合加以实现,这是本领域普通技术人员在阅读了本发明的说明的情况下运用他们的基本编程技能就能实现的。In addition, it should be pointed out that, in the apparatus and method of the present invention, obviously, each component or each step can be decomposed and/or recombined. These disaggregations and/or recombinations should be considered as equivalents of the present invention. Also, the steps of performing the above-mentioned series of processes can naturally be performed in chronological order in the order described, but need not necessarily be performed in chronological order, and some steps can be performed in parallel or independently of each other. Those of ordinary skill in the art can understand that all or any steps or components of the method and device of the present invention can be implemented in any computing device (including a processor, storage medium, etc.) or a network of computing devices in hardware, firmware, etc. , software or a combination thereof, which can be realized by those of ordinary skill in the art using their basic programming skills after reading the description of the present invention.

因此,本发明的目的还可以通过在任何计算装置上运行一个程序或者一组程序来实现。所述计算装置可以是公知的通用装置。因此,本发明的目的也可以仅仅通过提供包含实现所述方法或者装置的程序代码的程序产品来实现。也就是说,这样的程序产品也构成本发明,并且存储有这样的程序产品的存储介质也构成本发明。显然,所述存储介质可以是任何公知的存储介质或者将来所开发出来的任何存储介质。还需要指出的是,在本发明的装置和方法中,显然,各部件或各步骤是可以分解和/或重新组合的。这些分解和/或重新组合应视为本发明的等效方案。并且,执行上述系列处理的步骤可以自然地按照说明的顺序按时间顺序执行,但是并不需要一定按照时间顺序执行。某些步骤可以并行或彼此独立地执行。Accordingly, the objects of the present invention can also be achieved by running a program or set of programs on any computing device. The computing device may be a known general purpose device. Therefore, the object of the present invention can also be achieved only by providing a program product containing program code for implementing the method or apparatus. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. Obviously, the storage medium can be any known storage medium or any storage medium developed in the future. It should also be pointed out that, in the device and method of the present invention, obviously, each component or each step can be decomposed and/or recombined. These disaggregations and/or recombinations should be considered as equivalents of the present invention. Also, the steps of executing the above-described series of processes can naturally be executed in chronological order in the order described, but need not necessarily be executed in chronological order. Certain steps may be performed in parallel or independently of each other.

以上所述是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明所述原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above are the preferred embodiments of the present invention. It should be pointed out that for those skilled in the art, without departing from the principles of the present invention, several improvements and modifications can be made. It should be regarded as the protection scope of the present invention.

Claims (22)

1. An information processing method applied to a first communication device, comprising:
sending encryption equipment information of encryption equipment supported by the first communication equipment to the block chain;
receiving first data sent by second communication equipment, wherein the first data is obtained by calculation based on encryption equipment information supported by the first communication equipment;
and processing the received first data.
2. The method of claim 1, wherein sending encryption device information for encryption devices supported by the first communication device to the blockchain comprises:
sending the encrypted device information supported by the first communication device to a verification node of the blockchain;
and verifying the user identification of the first communication equipment through the verification node, inquiring the block chain about the consistency of the encryption equipment information supported by the first communication equipment and the encryption equipment information stored in the block chain, and recording the encryption equipment information of the encryption equipment supported by the first communication equipment into the block chain if the verification is passed.
3. The method of claim 2, wherein the encrypted device information comprises a user identification of the first communication device, a user identification of the encrypted device, and a public parameter.
4. The method according to claim 3, wherein the first data calculated according to the encryption device information supported by the first communication device comprises at least one of:
the method comprises the steps that an encrypted message is obtained through calculation according to a user identifier and a public parameter of first communication equipment, wherein the encrypted message comprises the user identifier, the public parameter and a ciphertext of the first communication equipment;
and calculating a signature message based on a private key and public parameters of the second communication equipment, wherein the signature message comprises a user identifier, a message original text, a signature of the second communication equipment and a user identifier and public parameters of the encryption equipment.
5. The method of claim 4, wherein processing the received first data comprises at least one of:
when the first communication device receives the encrypted message, decrypting the encrypted message by using a private key of the first communication device;
when the first communication device receives the signed message, the signed message is verified using the user identification and the public parameters of the second communication device.
6. The method of any one of claims 1-4, wherein the encryption device is a private key generator in an identity-based cryptographic system.
7. The method of claim 3, wherein the encrypted device information further comprises a Uniform Resource Locator (URL) message for the encrypted device.
8. An information processing method applied to a second communication device, the method comprising:
inquiring the encryption device information of the encryption device supported by the first communication device from the block chain;
calculating first data to be transmitted based on encrypted device information supported by the first communication device;
the first data is transmitted to the first communication device.
9. The method of claim 8,
the encryption device information includes a user identifier of the first communication device, a user identifier of the encryption device, and a public parameter.
10. The method of claim 9, wherein calculating the first data to be transmitted based on the encryption device information supported by the first communication device comprises at least one of:
calculating to obtain an encrypted message according to the user identifier and the public parameter of the first communication device, wherein the encrypted message comprises the user identifier, the public parameter and the ciphertext of the first communication device;
and acquiring a private key of the second communication equipment, and calculating signature information based on the private key and the public parameters of the second communication equipment, wherein the signature information comprises a user identifier of the second communication equipment, a message original text, a signature, a user identifier of the encryption equipment and the public parameters.
11. The method of claim 10, wherein transmitting the first data to the first communication device comprises at least one of:
sending the encrypted message to the first communication device;
the signature information is sent to the first communication device.
12. The method of claim 11, wherein sending the encrypted message to the first communication device comprises:
sending the encrypted message to a secure gateway;
the security gateway verifies whether the encryption equipment information carried in the encryption message is consistent with the encryption equipment information of the encryption equipment supported by the first communication equipment in the block chain, and if so, the encryption message is sent to the first communication equipment; otherwise, the encrypted message is deleted.
13. The method of any one of claims 8-12, wherein the encryption device is a private key generator in an identity-based cryptographic system.
14. The method of claim 9, wherein the encrypted device information further comprises a URL message of the encrypted device.
15. A method for reporting information of encrypted equipment is applied to the encrypted equipment and comprises the following steps:
generating at least one public parameter;
sending the user identification of the cryptographic device and the at least one public parameter to an authentication node of the blockchain,
and recording the user identification and at least one public parameter which are verified by the verification node of the block chain to the block chain.
16. The method of claim 15, further comprising:
the encryption equipment issues a public parameter updating request;
signing the public parameter to be updated by using a private key of the encryption equipment to generate signature information;
sending the signature information to a verification node of the block chain;
and the verification node of the block chain inquires the public parameter of the encryption equipment from the block chain, verifies the signature information by using the user identifier of the encryption equipment and the public parameter, and uploads the public parameter to be updated to the block chain after the verification is passed.
17. The method of claim 15 or 16, wherein the encryption device is a private key generator in an identity based cryptographic system.
18. A first communications device, comprising:
the first sending module is used for sending the encryption equipment information of the encryption equipment supported by the first communication equipment to the block chain;
the receiving module is used for receiving first data sent by second communication equipment, and the first data is obtained by calculation based on encryption equipment information supported by the first communication equipment;
and the processing module is used for processing the received first data.
19. A second communications device, comprising:
the query module is used for querying the encryption equipment information of the encryption equipment supported by the first communication equipment from the block chain;
the computing module is used for computing first data to be sent based on the encrypted equipment information supported by the first communication equipment;
and the second sending module is used for sending the first data to the first communication equipment.
20. An encryption device, comprising:
a generation module that generates at least one public parameter;
a third sending module that sends the user identification of the encryption device and the at least one public parameter to a verification node of the blockchain,
and the recording module is used for recording the user identification and at least one public parameter which are verified by the verification node of the block chain to the block chain.
21. A communication device, comprising: a processor, a memory storing a computer program which, when executed by the processor, performs the method of any of claims 1 to 7 or the method of any of claims 8 to 14 or the method of any of claims 15 to 17.
22. A computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the method of any one of claims 1 to 7 or the method of any one of claims 8 to 14 or the method of any one of claims 15 to 17.
CN202011000507.9A 2020-09-22 2020-09-22 Information processing method, communication device and encryption device Active CN114301612B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011000507.9A CN114301612B (en) 2020-09-22 2020-09-22 Information processing method, communication device and encryption device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011000507.9A CN114301612B (en) 2020-09-22 2020-09-22 Information processing method, communication device and encryption device

Publications (2)

Publication Number Publication Date
CN114301612A true CN114301612A (en) 2022-04-08
CN114301612B CN114301612B (en) 2024-11-15

Family

ID=80963850

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011000507.9A Active CN114301612B (en) 2020-09-22 2020-09-22 Information processing method, communication device and encryption device

Country Status (1)

Country Link
CN (1) CN114301612B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023224591A1 (en) * 2022-05-16 2023-11-23 Karadağ Yazilim Ti̇c. Lt. Şti̇. An encrypted communication method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107395349A (en) * 2017-08-16 2017-11-24 深圳国微技术有限公司 A kind of block chain network cryptographic key distribution method based on self-certified public key system
CN107769922A (en) * 2017-10-31 2018-03-06 捷德(中国)信息科技有限公司 Block chain safety management system and method
CN108449325A (en) * 2018-02-27 2018-08-24 中国地质大学(武汉) A block chain authentication method, device and storage device based on identity password
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A secure and private storage and sharing method of data files based on blockchain
US20190179806A1 (en) * 2017-12-11 2019-06-13 Celo Labs Inc. Decentralized database associating public keys and communications addresses

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107395349A (en) * 2017-08-16 2017-11-24 深圳国微技术有限公司 A kind of block chain network cryptographic key distribution method based on self-certified public key system
CN107769922A (en) * 2017-10-31 2018-03-06 捷德(中国)信息科技有限公司 Block chain safety management system and method
US20190179806A1 (en) * 2017-12-11 2019-06-13 Celo Labs Inc. Decentralized database associating public keys and communications addresses
CN108449325A (en) * 2018-02-27 2018-08-24 中国地质大学(武汉) A block chain authentication method, device and storage device based on identity password
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A secure and private storage and sharing method of data files based on blockchain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023224591A1 (en) * 2022-05-16 2023-11-23 Karadağ Yazilim Ti̇c. Lt. Şti̇. An encrypted communication method

Also Published As

Publication number Publication date
CN114301612B (en) 2024-11-15

Similar Documents

Publication Publication Date Title
US11108565B2 (en) Secure communications providing forward secrecy
US8009829B2 (en) Method and system for deploying advanced cryptographic algorithms
JP5204090B2 (en) Communication network, e-mail registration server, network device, method, and computer program
CA2772136C (en) System and method for providing credentials
CN104270249B (en) It is a kind of from the label decryption method without certificate environment to identity-based environment
CN108650227A (en) Handshake method based on datagram secure transfer protocol and system
CN104811450A (en) Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing
Igoe et al. X. 509v3 certificates for secure shell authentication
CN106941404B (en) Key protection method and device
CN115801223B (en) CA certificate-based identification key system and PKI system compatible method
CN116684093B (en) Identity authentication and key exchange method and system
CN112118113A (en) Multi-party cooperative group signature method, device, system and medium based on SM2 algorithm
CN116318654A (en) SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution
CN113382002A (en) Data request method, request response method, data communication system, and storage medium
CN107104888B (en) A Secure Instant Messaging Method
CN102739660B (en) Key exchange method for single sign on system
CN114301612B (en) Information processing method, communication device and encryption device
CN109412815B (en) Method and system for realizing cross-domain secure communication
CN117201000A (en) Mass data secure communication method, equipment and medium based on temporary key agreement
CN114386086A (en) Blacklist data sharing method and obtaining method
JP5193924B2 (en) Cryptographic communication system, administrator device, and program
KR101042834B1 (en) Self-Authentication Signature Encryption Method for Mobile Environment
CN107172016B (en) Safety trust processing method and device
Rösler et al. Interoperability between messaging services secure–implementation of encryption
Téllez et al. Security in mobile payment systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant