CN111147517A - Secure communication method, device and terminal equipment - Google Patents
Secure communication method, device and terminal equipment Download PDFInfo
- Publication number
- CN111147517A CN111147517A CN201911422541.2A CN201911422541A CN111147517A CN 111147517 A CN111147517 A CN 111147517A CN 201911422541 A CN201911422541 A CN 201911422541A CN 111147517 A CN111147517 A CN 111147517A
- Authority
- CN
- China
- Prior art keywords
- computer
- public key
- digital certificate
- service
- validity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a safe communication method, a device and terminal equipment, which can ensure the safety and reliability of communication. The safety communication method comprises the following steps: obtaining a first digital certificate and a first public key of a first computer from a predetermined node of a blockchain to verify the validity of the first computer, wherein the first digital certificate is generated according to a first private key encryption and is configured to be decrypted by the first public key; and determining whether to start a second service and establish communication connection with the first computer according to the legality of the first computer so as to accept the call of the first computer to the second service.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device and terminal equipment for safe communication among different computers in a computer cluster.
Background
Computer clustering refers to a group of independent computers connected together through a network to assist in completing computing work. Most computer services operate as clusters of computers. Common computer clusters include Web service clusters, database clusters, cloud services, blockchain services, and the like. The networks in the computer cluster are all based on TCP/IP technology, and the computers establish a link through an IP address and a TCP port to communicate with each other. The TCP/IP network is an open network, and can establish communication with a corresponding computer only by knowing external IP/port information.
Taking the current mainstream Web service cluster as an example, the cluster generally comprises a Web server, a service server and a database server, and the servers are interacted through network communication. As shown in fig. 1. In a Web service cluster, each server is only responsible for a part of the whole service, and service interfaces of some core services, especially core database servers, can only be called by computers of related services, and the core service servers must be prevented from being called by other malicious servers, so that service faults are caused.
In order to ensure the service security between servers in a cluster, there are several methods at present: (1) and (5) operation and maintenance management. And manually stopping all service services, updating service configuration and security certificates and restarting all services by an operation and maintenance engineer in charge of the operation and maintenance computer cluster. The mode of management by operation and maintenance personnel has the following disadvantages: the operation and maintenance personnel are one of the risk points for the system to take precautions; the possibility of manual misoperation of operation and maintenance personnel also brings some uncertain risks to business safety; after the safety risk is found, operation and maintenance personnel operate and update, so that the delay time is very long, and the risk is more open than that of automatic update; a configuration update will result in a restart of all relevant traffic. (2) And the center configures a server management mode. All computers periodically update the latest business configuration and security credentials from the central configuration server. When the service configuration or the safety certificate is updated, all computers automatically obtain new configuration and safety certificates, so that the communication safety of the computers is ensured based on the new configuration and the new safety certificates. The management mode of the central configuration server has the following defects: and converging the certificate risk of the whole computer cluster to a central configuration server. If the central configuration server is attacked maliciously or isolated by the network, the security problem of the whole computer cluster is caused. The certificate synchronized by each computer in the computer cluster cannot guarantee whether the certificate is tampered. (3) Based on the way of a CA (certificate authority) server. The method is similar to the management mode of a central configuration server, but only the servers related to the service, which can not meet the requirement of service safety, can communicate with each other without departing from the actual service.
Therefore, there is a need to improve the communication method of different computers in the computer cluster in the prior art, so as to ensure the communication security and reliability.
Disclosure of Invention
The invention aims to provide a safe communication method, a device and terminal equipment so as to ensure the safety and reliability of communication.
The purpose of the invention is realized by adopting the following technical scheme:
a first aspect of the present invention provides a secure communication method, including: obtaining a first digital certificate and a first public key of a first computer from a predetermined node of a blockchain to verify the validity of the first computer, wherein the first digital certificate is generated according to a first private key encryption and is configured to be decrypted by the first public key; and determining whether to start a second service and establish communication connection with the first computer according to the legality of the first computer so as to accept the call of the first computer to the second service.
Therefore, according to the provided safe communication method, the latest certificate change can be acquired in real time through the block chain characteristic; each network node participating in communication in the computer cluster acquires a unique and credible communication certificate; all public key certificates are acquired through a chain, and a certificate file does not need to be loaded in a local program; based on the two-way verification of the certificate, the safety and the reliability of both communication parties are ensured.
Optionally, the method further comprises: and determining whether to establish communication connection with the first computer according to the validity of the first computer so as to call the first service of the first computer.
Whether the communication connection is established with the first computer or not to call the first service of the first computer is determined according to the legality of the first computer, so that the safety and the reliability of calling the first service of the first computer can be guaranteed, and other malicious services are prevented from being called, and further, a service fault is caused.
Optionally, the method further comprises: and broadcasting the digital certificate and the public key changed by the current computer to a preset node in the block chain.
The digital certificate and the public key after the current computer is changed can be updated in time by broadcasting the digital certificate and the public key to the preset node in the block chain.
Optionally, the method further comprises: when the first computer verifies that the data is illegal, the block height of the predetermined node is detected to verify whether the predetermined node synchronizes with the latest block.
Whether the currently synchronized block is up to date can be verified by detecting the block height of the predetermined node to verify whether the predetermined node synchronizes the up to date block when the first computer verifies that it is not legal, and simultaneously verifying whether the current block is valid.
Optionally, the method further comprises: and obtaining the updated first digital certificate and the first public key of the first computer from the predetermined node so as to verify the validity of the first computer.
By obtaining the updated first digital certificate and the first public key of the first computer from the predetermined node to verify the validity of the first computer, the latest block information can be synchronized to avoid validity verification failure.
A second aspect of the present invention provides a secure communication method, including: obtaining a first digital certificate and a first public key of a first computer from a blockchain to which the first computer and a second computer belong to verify the validity of the first computer, wherein the first digital certificate is generated according to a first private key encryption and is configured to be decrypted by the first public key; and determining whether to start the second service according to the validity of the first computer, and determining whether to establish communication connection with the first computer.
The first digital certificate and the first public key of the first computer are obtained from the block chain to which the first computer and the second computer belong to verify the legality of the first computer, so that whether to start the second service and whether to establish communication connection with the first computer to accept the call of the first computer to the second service is determined, the communication safety and reliability can be ensured, and the second service of the current computer is prevented from being called by other malicious services, so that business faults are caused.
A third aspect of the present invention provides a secure communications apparatus comprising: a first verification module, configured to obtain a first digital certificate and a first public key of a first computer from a predetermined node of a blockchain to verify validity of the first computer, wherein the first digital certificate is generated according to a first private key encryption and configured to be decrypted by the first public key; and the first decision module is used for determining whether to start a second service and establish communication connection with the first computer according to the legality of the first computer so as to receive the call of the first computer to the second service.
The first digital certificate and the first public key of the first computer are obtained from the preset node of the block chain to verify the validity of the first computer, so that whether to start the second service and whether to establish communication connection with the first computer to accept the call of the first computer to the second service are determined, the communication safety and reliability can be ensured, and the second service of the current computer is prevented from being called by other malicious services, so that the service fault is caused.
A fourth aspect of the present invention provides a secure communications apparatus, comprising: a third verification module, configured to obtain a first digital certificate and a first public key of a first computer from a blockchain to which the first computer and a second computer belong to verify validity of the first computer, where the first digital certificate is generated according to a first private key encryption and configured to be decrypted by the first public key; and the third decision module is used for determining whether to start the second service according to the legality of the first computer and determining whether to establish communication connection with the first computer.
The first digital certificate and the first public key of the first computer are obtained from the block chain to which the first computer and the second computer belong to verify the legality of the first computer, so that whether to start the second service and whether to establish communication connection with the first computer to accept the call of the first computer to the second service is determined, the communication safety and reliability can be ensured, and the second service of the current computer is prevented from being called by other malicious services, so that business faults are caused.
A fifth aspect of the present invention provides a terminal device, comprising: a processor;
and a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the method provided by the first or second aspect of the invention.
A sixth aspect of the present invention provides a method for secure communication between different computers in a computer cluster, comprising: the second computer obtains a first digital certificate and a first public key of the first computer from a blockchain to which the first computer and the second computer belong to verify the legality of the first computer, wherein the first digital certificate is generated according to a first private key encryption and is configured to be decrypted by the first public key; the second computer determines whether to start the second service according to the validity of the first computer and determines whether to establish communication connection with the first computer; the first computer obtaining a second digital certificate and a second public key of the second computer from the blockchain to verify the validity of the second computer, wherein the second digital certificate is generated according to the encryption of the second private key and is configured to be decrypted by the second public key; and the first computer determines whether to establish communication connection with the second computer according to the legality of the second computer so as to call the second service.
The first digital certificate and the first public key of the first computer are obtained from the block chain to which the first computer and the second computer belong to verify the legality of the first computer, so that whether to start the second service and whether to establish communication connection with the first computer to accept the call of the first computer to the second service is determined, the communication safety and reliability can be ensured, and the second service of the current computer is prevented from being called by other malicious counting services, so that business faults are caused.
Drawings
The invention is further illustrated with reference to the following figures and examples.
FIG. 1 is a schematic diagram of a Web service cluster;
FIG. 2 is a diagram illustrating a secure communication method according to a first embodiment of the present invention;
FIG. 3 is a diagram illustrating an embodiment of a secure communication method according to a first embodiment of the present invention;
FIG. 4 is a diagram illustrating another embodiment of a secure communication method according to the first embodiment of the present invention;
FIG. 5 is a diagram illustrating another embodiment of a secure communication method according to the first embodiment of the present invention;
FIG. 6 is a diagram illustrating another embodiment of a secure communication method according to the first embodiment of the present invention;
FIG. 7 is a diagram illustrating a secure communication method according to a second embodiment of the present invention;
FIG. 8 is a schematic diagram of a secure communications device according to a third embodiment of the present invention;
FIG. 9 is a schematic diagram of a secure communications apparatus according to a fourth embodiment of the present invention;
FIG. 10 illustrates a method for secure communication between different computers in a computer cluster according to five embodiments of the present invention;
fig. 11 is a schematic diagram of a terminal device according to a sixth embodiment of the present invention;
fig. 12 is a schematic diagram of a secure communication method according to an embodiment of the present invention.
Detailed Description
The present invention will be further described with reference to the accompanying drawings and the detailed description, and it should be noted that any combination of the embodiments or technical features described below can be used to form a new embodiment without conflict.
The block chain has the characteristics of data consistency, non-tamper property and the like. The invention realizes the safe communication of the service among different computers in the computer cluster by applying the block chain technology, and in essence, the invention stores the digital certificate of the two-way communication on the block chain by utilizing the block chain characteristic, thereby realizing the mutual trust among a plurality of sites, different regions or computer clusters and realizing the safe communication. Each node in the computer cluster synchronizes to the latest block in real time, meanwhile, the validity of the block can be verified, and the data in the block can be guaranteed not to be tampered. Each participant in a computer cluster can obtain a unique, trusted, consistent-data digital certificate and public key. If a process is bad, the digital certificate can be updated to the chain in time, and each server in the computer cluster acquires the latest digital certificate through the synchronization block. For example, when process a needs to communicate with process B, process a needs to get the process B digital certificate and public key from the latest block, and process B needs to get the process a digital certificate and public key from the latest block. Two communication parties establish bidirectional authentication, so that the communication safety and reliability are ensured.
In a first embodiment of the present invention, a method of secure communication is provided. As shown in fig. 2, the secure communication method according to the first embodiment of the present invention includes the following steps:
s110, a first digital certificate and a first public key of a first computer are obtained from a predetermined node of a blockchain so as to verify the validity of the first computer. Wherein the first digital certificate is generated from a first private key encryption and configured to be decrypted by the first public key. Wherein the predetermined node may be a seed node or other synchronization node.
S120, determining whether to start a second service and whether to establish communication connection with the first computer to receive the call of the first computer to the second service according to the validity of the first computer.
According to the secure communication method provided by the embodiment of the invention, the latest certificate change can be acquired in real time through the block chain characteristic; each network node participating in communication in the computer cluster acquires a unique and credible communication certificate; all public key certificates are acquired through a chain, and a certificate file does not need to be loaded in a local program; based on the two-way verification of the certificate, the safety and the reliability of both communication parties are ensured.
In one embodiment, as shown in fig. 3, the secure communication method according to the first embodiment of the present invention may further include the following steps:
s130, determining whether to establish communication connection with the first computer according to the legality of the first computer so as to call the first service of the first computer.
In a specific embodiment, as shown in fig. 4, the secure communication method according to the first embodiment of the present invention may further include the following steps:
s140, broadcasting the digital certificate and the public key changed by the current computer to a preset node in the block chain.
In one embodiment, as shown in fig. 5, the secure communication method according to the first embodiment of the present invention may further include the following steps:
s150, when the first computer is not verified to be legal, detecting the block height of the predetermined node to verify whether the predetermined node synchronizes with the latest block.
In a specific embodiment, as shown in fig. 6, the secure communication method according to the first embodiment of the present invention may further include the following steps:
s160, obtaining the updated first digital certificate and the first public key of the first computer from the predetermined node to verify the validity of the first computer.
In a second embodiment of the present invention, a further method of secure communication is provided. As shown in fig. 7, the secure communication method according to the second embodiment of the present invention includes the following steps:
s210, obtaining a first digital certificate and a first public key of a first computer from a block chain to which the first computer and a second computer belong so as to verify the validity of the first computer. Wherein the first digital certificate is generated from a first private key encryption and configured to be decrypted by the first public key.
S220, determining whether to start the second service according to the validity of the first computer, and determining whether to establish communication connection with the first computer.
In a third embodiment of the present invention, a secure communications apparatus is provided. As shown in fig. 8, the apparatus includes:
a first verification module 110, configured to obtain a first digital certificate and a first public key of a first computer from a predetermined node of a blockchain to verify validity of the first computer, wherein the first digital certificate is generated according to a first private key encryption and configured to be decrypted by the first public key;
a first decision module 120, configured to determine whether to start a second service and establish a communication connection with the first computer according to the validity of the first computer to receive a call from the first computer to the second service.
In a specific implementation manner, the secure communication apparatus according to the third embodiment of the present invention may further include at least one of the following modules:
and the second decision module is used for determining whether to establish communication connection with the first computer according to the legality of the first computer so as to call the first service of the first computer.
And the broadcasting module is used for broadcasting the digital certificate and the public key which are changed by the current computer to a preset node in the block chain.
And the detection module is used for detecting the block height of the predetermined node to verify whether the predetermined node synchronizes with the latest block when the first computer verifies that the first computer is illegal.
And the second verification module is used for obtaining the updated first digital certificate and the first public key of the first computer from the predetermined node so as to verify the validity of the first computer.
In a fourth embodiment of the present invention, a further secure communications device is provided. As shown in fig. 9, the apparatus includes:
a third verifying module 210, configured to obtain a first digital certificate and a first public key of a first computer from a blockchain to which the first computer and a second computer belong to verify validity of the first computer, where the first digital certificate is generated according to a first private key encryption and configured to be decrypted by the first public key.
A third decision module 220, configured to determine whether to start the second service according to the validity of the first computer, and determine whether to establish a communication connection with the first computer.
In a fifth embodiment of the present invention, a method for secure communication between different computers in a computer cluster is provided. As shown in fig. 10, the method comprises the steps of:
s310, the second computer obtains the first digital certificate and the first public key of the first computer from the block chain to which the first computer and the second computer belong so as to verify the validity of the first computer. Wherein the first digital certificate is generated from a first private key encryption and configured to be decrypted by the first public key;
s320, the second computer determines whether to start the second service according to the legality of the first computer and determines whether to establish communication connection with the first computer;
s330, the first computer acquires the second digital certificate and the second public key of the second computer from the blockchain to verify the validity of the second computer. Wherein the second digital certificate is generated from the second private key encryption and configured to be decrypted by the second public key;
s340, the first computer determines whether to establish communication connection with the second computer according to the legality of the second computer so as to call the second service.
Referring to fig. 12, it is assumed that the certificate management scheme based on the blockchain is describable and can be administered in real time, and certificate changes and service changes are completed at any time. The secure communication method of the embodiment of the present invention can be described in detail as follows:
(1) public key certificate information is generated based on X509 with a program.
(2) The public key certificate information is packaged into the latest block by an intelligent contract. The latest tile is broadcast to the synchronization nodes using a p2p network.
(3) Each synchronization node, when synchronizing the block in real time, ensures the validity of the block according to the block verification algorithm. When synchronizing to a malicious block, the synchronization node verifies invalidity and discards the block. And the block is synchronized again to other nodes until the block is valid.
(4) Each synchronization node detects the block height of the synchronization node in real time and whether the block height is consistent with other nodes. If not, the latest blocks are synchronized in real time, and the height of the blocks among the nodes is ensured to be consistent.
(5) If service a is to communicate with service B, TLS mutual authentication is required:
(5.1) when the service B is started, firstly, generating a corresponding digital certificate in a program according to a private key of the service B, simultaneously synchronizing the block information of the certificate chain in real time, and acquiring the public key certificate of the service A through the certificate chain so as to start the service.
And (5.2) when the service A calls the service B, synchronizing the certificate chain block information in real time, taking the public key certificate of the service B through the certificate chain, and generating a corresponding digital certificate according to the private key of the service A.
And (5.3) carrying out TLS bidirectional authentication on the service A and the service B to confirm whether a trusted link can be established. The safety and reliability of communication are ensured.
(5.4) if one of the two services has a certificate of badness. The bi-directional TLS authentication is invalid and the inter-service communication fails.
(6) If one of the services is malicious during the communication process. And updating the public key certificate on the certificate chain in real time, and packaging a new block. And the service synchronizes to a new block in real time through the synchronization node to obtain the latest public key certificate, and when the next communication is carried out, the failure of the two-way verification of the service communication is avoided.
(7) Both service parties need to synchronize the latest block information in real time through a certificate chain to obtain the latest public key certificate, so that the consistency of each service certificate is ensured in real time. A secure channel of two-way trust is established when communicating.
In a sixth embodiment of the present invention, a terminal device is provided. As shown in fig. 11, the terminal device 6 includes: a processor 60, a memory 61 and a computer program 62 stored in said memory 61 and executable on said processor 60. The processor 60 implements the steps of the above-described embodiments of the secure communication method when executing the computer program 62. Alternatively, the processor 60 implements the functions of the modules/units in the above-described device embodiments when executing the computer program 62.
Illustratively, the computer program 62 may be partitioned into one or more modules/units that are stored in the memory 61 and executed by the processor 60 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 62 in the secure communicator/terminal device 6. For example, the computer program 62 may be divided into a first verification module and a first decision module, and each module has the following specific functions:
the first verification module is used for obtaining a first digital certificate and a first public key of a first computer from a predetermined node of a blockchain so as to verify the validity of the first computer, wherein the first digital certificate is generated according to a first private key in an encryption mode and is configured to be decrypted by the first public key; the first decision module is used for determining whether to start a second service and establish communication connection with the first computer according to the legality of the first computer so as to receive the call of the first computer to the second service.
The terminal device 6 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The terminal 6 device may include, but is not limited to, a processor 60, a memory 61. Those skilled in the art will appreciate that fig. 11 is merely an example of the terminal device 6, and does not constitute a limitation of the terminal device 6, and may include more or less components than those shown, or combine some components, or different components, for example, the terminal device 6 may further include an input-output device, a network access device, a bus, etc.
The processor 60 may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 61 may be an internal storage unit of the terminal device 6, such as a hard disk or a memory of the terminal device 6. The memory 61 may also be an external storage device of the terminal device 6, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) card, a flash memory card (FlashCard) and the like provided on the terminal device. Further, the memory 61 may also include both an internal storage unit and an external storage device of the terminal device 6. The memory 61 is used for storing the computer program and other programs and data required by the terminal device. The memory 61 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The present invention has been described in terms of its practical and advantageous aspects, such as its performance, efficiency, progress, and novelty, which are determined by the requirements of the patent laws, functional improvements and operational requirements, and it is understood that the above description and drawings are merely exemplary embodiments of the invention and are not intended to limit the invention thereto.
Claims (10)
1. A secure communication method, comprising:
obtaining a first digital certificate and a first public key of a first computer from a predetermined node of a blockchain to verify the validity of the first computer, wherein the first digital certificate is generated according to a first private key encryption and is configured to be decrypted by the first public key;
and determining whether to start a second service and establish communication connection with the first computer according to the legality of the first computer so as to accept the call of the first computer to the second service.
2. The secure communication method according to claim 1, further comprising:
and determining whether to establish communication connection with the first computer according to the validity of the first computer so as to call the first service of the first computer.
3. The secure communication method according to claim 1 or 2, further comprising:
and broadcasting the digital certificate and the public key changed by the current computer to a preset node in the block chain.
4. The secure communication method according to claim 1 or 2, further comprising:
when the first computer verifies that the data is illegal, the block height of the predetermined node is detected to verify whether the predetermined node synchronizes with the latest block.
5. The secure communication method according to claim 4, further comprising:
and obtaining the updated first digital certificate and the first public key of the first computer from the predetermined node so as to verify the validity of the first computer.
6. A secure communication method, comprising:
obtaining a first digital certificate and a first public key of a first computer from a blockchain to which the first computer and a second computer belong to verify the validity of the first computer, wherein the first digital certificate is generated according to a first private key encryption and is configured to be decrypted by the first public key;
and determining whether to start the second service according to the validity of the first computer, and determining whether to establish communication connection with the first computer.
7. A secure communications device, comprising:
a first verification module, configured to obtain a first digital certificate and a first public key of a first computer from a predetermined node of a blockchain to verify validity of the first computer, wherein the first digital certificate is generated according to a first private key encryption and configured to be decrypted by the first public key;
and the first decision module is used for determining whether to start a second service and establish communication connection with the first computer according to the legality of the first computer so as to receive the call of the first computer to the second service.
8. A secure communications device, comprising:
a third verification module, configured to obtain a first digital certificate and a first public key of a first computer from a blockchain to which the first computer and a second computer belong to verify validity of the first computer, where the first digital certificate is generated according to a first private key encryption and configured to be decrypted by the first public key;
and the third decision module is used for determining whether to start the second service according to the legality of the first computer and determining whether to establish communication connection with the first computer.
9. A terminal device, comprising:
a processor;
and a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the method of any one of claims 1 to 5 or claim 6.
10. A method for secure communication between different computers in a computer cluster, comprising:
the second computer obtains a first digital certificate and a first public key of the first computer from a blockchain to which the first computer and the second computer belong to verify the legality of the first computer, wherein the first digital certificate is generated according to a first private key encryption and is configured to be decrypted by the first public key;
the second computer determines whether to start the second service according to the validity of the first computer and determines whether to establish communication connection with the first computer;
the first computer obtaining a second digital certificate and a second public key of the second computer from the blockchain to verify the validity of the second computer, wherein the second digital certificate is generated according to the encryption of the second private key and is configured to be decrypted by the second public key;
and the first computer determines whether to establish communication connection with the second computer according to the legality of the second computer so as to call the second service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911422541.2A CN111147517A (en) | 2019-12-31 | 2019-12-31 | Secure communication method, device and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911422541.2A CN111147517A (en) | 2019-12-31 | 2019-12-31 | Secure communication method, device and terminal equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111147517A true CN111147517A (en) | 2020-05-12 |
Family
ID=70522984
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911422541.2A Pending CN111147517A (en) | 2019-12-31 | 2019-12-31 | Secure communication method, device and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111147517A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107493273A (en) * | 2017-08-02 | 2017-12-19 | 深圳市易成自动驾驶技术有限公司 | Identity identifying method, system and computer-readable recording medium |
| CN107566337A (en) * | 2017-07-26 | 2018-01-09 | 阿里巴巴集团控股有限公司 | Communication means and device between a kind of block chain node |
| CN107592293A (en) * | 2017-07-26 | 2018-01-16 | 阿里巴巴集团控股有限公司 | The means of communication, digital certificate management method, device and electronic equipment between block chain node |
| CN109218319A (en) * | 2018-09-21 | 2019-01-15 | 四川长虹电器股份有限公司 | A kind of identity authorization system and authentication method based on block chain |
| US20190207762A1 (en) * | 2017-05-26 | 2019-07-04 | Cloudminds (Shenzhen) Robotics Systems Co., Ltd. | Communication method, apparatus and system, electronic device, and computer readable storage medium |
| CN110609872A (en) * | 2019-09-20 | 2019-12-24 | 北京海益同展信息科技有限公司 | Method and apparatus for synchronizing node data |
-
2019
- 2019-12-31 CN CN201911422541.2A patent/CN111147517A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190207762A1 (en) * | 2017-05-26 | 2019-07-04 | Cloudminds (Shenzhen) Robotics Systems Co., Ltd. | Communication method, apparatus and system, electronic device, and computer readable storage medium |
| CN107566337A (en) * | 2017-07-26 | 2018-01-09 | 阿里巴巴集团控股有限公司 | Communication means and device between a kind of block chain node |
| CN107592293A (en) * | 2017-07-26 | 2018-01-16 | 阿里巴巴集团控股有限公司 | The means of communication, digital certificate management method, device and electronic equipment between block chain node |
| CN107493273A (en) * | 2017-08-02 | 2017-12-19 | 深圳市易成自动驾驶技术有限公司 | Identity identifying method, system and computer-readable recording medium |
| CN109218319A (en) * | 2018-09-21 | 2019-01-15 | 四川长虹电器股份有限公司 | A kind of identity authorization system and authentication method based on block chain |
| CN110609872A (en) * | 2019-09-20 | 2019-12-24 | 北京海益同展信息科技有限公司 | Method and apparatus for synchronizing node data |
Non-Patent Citations (1)
| Title |
|---|
| 张小毅、黄文胜、张敏: "《Linux***管理与配置》", 31 March 2012 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110535872B (en) | Method and apparatus for processing data requests in a blockchain network | |
| CN107888562B (en) | Data verification and transceiving method, node and system for parallel link access to interconnection chain | |
| CN110532735B (en) | Firmware upgrading method | |
| US11849052B2 (en) | Certificate in blockchain network, storage medium, and computer device | |
| WO2022095244A1 (en) | Cross-chain transaction method, system and apparatus, device, and storage medium | |
| CN106549933B (en) | Data transmission system and method of block chain | |
| CN110268679B (en) | Block chain-based authentication method and system | |
| CN110059089B (en) | Data synchronization method and device, storage medium and electronic equipment | |
| CN110784495B (en) | Block chain-based discovery and configuration information management method for big data cluster system | |
| US9325697B2 (en) | Provisioning and managing certificates for accessing secure services in network | |
| CN112686668A (en) | Alliance chain cross-chain system and method | |
| KR20160057828A (en) | Method and apparatus for managing an application of a terminal remotely in a wireless communication system | |
| EP3598333B1 (en) | Electronic device update management | |
| CN110730081B (en) | Block chain network-based certificate revocation method, related equipment and medium | |
| CN113328997A (en) | Alliance chain cross-chain system and method | |
| CN113055176B (en) | Terminal authentication method and system, terminal device, P2P verification platform and medium | |
| CN112527912A (en) | Data processing method and device based on block chain network and computer equipment | |
| CN111275555A (en) | Block chain transaction processing method, transaction node and block chain system | |
| CN110417567B (en) | Configuration method and device of Internet of things equipment | |
| CN112131041A (en) | Method, apparatus and computer program product for managing data placement | |
| CN111177265A (en) | Block chain domain division method | |
| CN112702337A (en) | Authorization processing method and device for block node data and computer equipment | |
| CN111147517A (en) | Secure communication method, device and terminal equipment | |
| CN113867690B (en) | Generation method and device of random number in block chain and block chain link point | |
| CN111698227B (en) | Information synchronization management method, device, computer system and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200512 |
|
| RJ01 | Rejection of invention patent application after publication |