CN112560113B - Node signature management method, system, electronic equipment and storage medium - Google Patents

Node signature management method, system, electronic equipment and storage medium Download PDF

Info

Publication number
CN112560113B
CN112560113B CN202011552235.3A CN202011552235A CN112560113B CN 112560113 B CN112560113 B CN 112560113B CN 202011552235 A CN202011552235 A CN 202011552235A CN 112560113 B CN112560113 B CN 112560113B
Authority
CN
China
Prior art keywords
signature
node
information
modified
illegal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011552235.3A
Other languages
Chinese (zh)
Other versions
CN112560113A (en
Inventor
徐率率
杨丰玮
杨东皓
王通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gree Electric Appliances Inc of Zhuhai
Zhuhai Lianyun Technology Co Ltd
Original Assignee
Gree Electric Appliances Inc of Zhuhai
Zhuhai Lianyun Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gree Electric Appliances Inc of Zhuhai, Zhuhai Lianyun Technology Co Ltd filed Critical Gree Electric Appliances Inc of Zhuhai
Priority to CN202011552235.3A priority Critical patent/CN112560113B/en
Publication of CN112560113A publication Critical patent/CN112560113A/en
Application granted granted Critical
Publication of CN112560113B publication Critical patent/CN112560113B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a node signature management method, a node signature management system, electronic equipment and a medium. According to the scheme, when signature information of any node is changed, the signature information modified by the node is sent to other nodes, the other nodes judge whether the modified signature is illegal, when the signature is modified illegally, illegal modification information is sent to the node for modifying the signature, finally whether the signature is legal or not is determined according to all illegal modification information received by the node for modifying the signature, when the signature is modified illegally, the signature is modified back to the original signature in time, the signature of each node in the system is guaranteed to be consistent, the illegal modification of the signature of any node in the system is avoided, and the security of the system is improved.

Description

Node signature management method, system, electronic equipment and storage medium
Technical Field
The present invention relates to the field of computer networks, and in particular, to a node signature management method, system, electronic device, and storage medium.
Background
With the rapid development of socioeconomic performance, intelligent society is accelerating, and software is a collection of computer data and instructions organized in a specific order. Generally, software is divided into system software, application software, and middleware interposed therebetween. Software is not intended to be limited to computer programs that can run on a computer, and documents associated with such computer programs are generally considered to be part of the software. The problem of software security is becoming more important, and a critical window period is being forced for how to ensure safe use of software.
The distributed system is a system in which hardware or software components are distributed on different network computers and are communicated and coordinated with each other only through message transmission, and the safe use of software depends on the safety of software signature, so that a signature tamper-proof method needs to be solved.
Disclosure of Invention
In order to solve the problems in the prior art, at least one embodiment of the present invention provides a node signature management method, a system, an electronic device, and a storage medium.
In a first aspect, an embodiment of the present invention provides a node signature management method, which is applied to a distributed system including a plurality of nodes, where the management method includes:
When a first signature of a first node is modified into a second signature, the first node respectively sends the second signature to a second node;
for each second node, when the second signature is illegally modified, the second node transmits illegally modified information to the first node;
Judging whether the first signature is modified to be a second signature or not according to the illegal modification information received by the first node;
When the first signature is modified to be illegal in the second signature, the signature information of the first node is modified to be the first signature.
Based on the above technical solution, the following improvements can be made in the embodiments of the present invention.
With reference to the first aspect, in a first embodiment of the first aspect, the management method further includes:
When the first signature is modified to be the second signature which is not illegal, the first node sends the second signature to the second node again at preset time intervals, judges whether the first signature is modified to be the second signature which is illegal or not according to the received illegal modification information, and accumulates the judging times of the first signature being modified to be the second signature which is not illegal until the judging times are equal to the preset times, and the first node does not send the second signature to the second node.
With reference to the first aspect, in a second embodiment of the first aspect, determining whether the second signature is illegally modified includes:
Acquiring first marking information and a first timestamp in a local third signature of the second node; wherein the first flag information includes: presetting the number of characters in system software information;
Acquiring second marking information and a second timestamp in a second signature;
Comparing the first mark information with the second mark information, and judging whether the first mark information is matched with the second mark information or not;
when the first mark information is not matched with the second mark information, the second signature is illegally modified;
Comparing the first timestamp with the second timestamp when the first tag information matches the second tag information;
when the first timestamp matches the second timestamp, the second signature is a normal modification;
The second signature is illegally modified when the first timestamp does not match the second timestamp.
With reference to the second embodiment of the first aspect, in a third embodiment of the first aspect, the second node sends illegal modification information to the first node, including:
When the first mark information is not matched with the second mark information, the second node sends the third signature to the first node as illegal modification information;
When the first timestamp does not match the second timestamp, the second node sends the first timestamp to the first node as illegitimate modification information.
With reference to the third embodiment of the first aspect, in a fourth embodiment of the first aspect, determining whether the first signature is modified to be illegal by the second signature according to each illegal modification information received by the first node includes:
acquiring the number of third signatures fed back to the first node as a first reference number;
when the duty ratio of the first reference number in the number of all the second nodes is larger than or equal to a first preset duty ratio, the first signature is modified to be a second signature illegitimate;
counting the number of the first time stamps which are the illegal modification information and are the same in each numerical value when the duty ratio of the first reference number in the number of all the second nodes is smaller than a first preset duty ratio, and judging whether the duty ratio of any second reference number in the number of the first time stamps which are the illegal modification information is larger than or equal to a second preset duty ratio or not as a second reference number;
When the ratio of any second reference quantity in the quantity of all the first time stamps which are illegal modification information is larger than or equal to a second preset ratio, the first signature is modified to be illegal;
when the duty ratio of all the second reference numbers in the numbers of all the first time stamps which are the illegal modification information is smaller than a second preset duty ratio, the first signature is modified to be that the second signature is illegal.
With reference to the first aspect or the first, second, third or fourth embodiments of the first aspect, in a fifth embodiment of the first aspect, the management method further includes:
Acquiring the number of preset characters of system software information as marking information;
and adding the marking information in the signature of the node, and adding a time stamp when the signature is created or adding a time stamp when the signature is modified in the signature.
With reference to the fifth embodiment of the first aspect, in a sixth embodiment of the first aspect, the acquiring the number of preset characters of the system software information includes:
Converting system software information into binary information;
the number of all 1 s in the binary information is acquired as the flag information.
In a second aspect, an embodiment of the present invention provides a node signature management system, the system including a distributed system of a plurality of nodes, each of the nodes including:
A first processing unit, configured to send the second signatures to the second nodes when the first signatures are modified to the second signatures, respectively; wherein the second node is any node;
A second processing unit for transmitting illegal modification information to the first node when the second signature is illegal modification; wherein the first node is the node that sent the second signature;
The third processing unit is used for judging whether the first signature is modified into the second signature or not according to the received illegal modification information; and when the first signature is modified to be illegal as the second signature, modifying the signature information to be the first signature.
In a third aspect, an embodiment of the present invention provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
A memory for storing a computer program;
and the processor is used for realizing the node signature management method according to any embodiment of the first aspect when executing the program stored on the memory.
In a fourth aspect, embodiments of the present invention provide a computer readable storage medium storing one or more programs executable by one or more processors to implement the node signature management method according to any one of the embodiments of the first aspect.
Compared with the prior art, the technical scheme of the invention has the following advantages: according to the embodiment of the invention, when signature information of any node is changed, the signature information modified by the node is sent to other nodes, the other nodes judge whether the modified signature is illegal, when the signature is modified illegally, the illegal modification information is sent to the node for modifying the signature, finally, whether the signature modification is legal or not is determined according to all illegal modification information received by the node for modifying the signature, when the signature is modified illegally, the signature is modified back to the original signature in time, the signatures of all nodes in the system are ensured to be consistent, the illegal modification of the signature of any node in the system is avoided, and the security of the system is improved.
Drawings
Fig. 1 is a schematic flow chart of a node signature management method according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a node signature management method according to another embodiment of the present invention;
FIG. 3 is a schematic flow chart of a node signature management method according to another embodiment of the present invention;
Fig. 4 is a schematic flow chart of a node signature management method according to another embodiment of the present invention;
fig. 5 is a schematic structural diagram of a node signature management system according to another embodiment of the present invention;
Fig. 6 is a schematic structural diagram of an electronic device according to another embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 1, an embodiment of the present invention provides a node signature management method applied to a distributed system including a plurality of nodes. Referring to fig. 1, the management method includes the steps of:
S11, when the first signature of the first node is modified to be the second signature, the first node sends the second signature to the second node respectively.
In this embodiment, the distributed system (distributed system) is a software system built on top of a network. It is because of the nature of software that distributed systems have a high degree of cohesiveness and transparency. Data transfer between distributed systems relies on signing data to verify the security of the data, so in each node in the distributed system the signatures remain consistent and the signatures of each node are synchronously changed by the upper system control.
In this embodiment, when the signature in the first node is modified to be the second signature, the first node distributes the modified second signatures to the second nodes, respectively, and in this embodiment, the first node may be any node in the distributed system, the first signature is a signature of the node at the current time of the first node, the second signature is a signature modified by the node, and after the signature of the node is modified, the modified signatures are sent to other nodes.
And S12, aiming at each second node, when the second signature is illegally modified, the second node transmits illegally modified information to the first node.
In this embodiment, when the second node receives the signature modified at the first node, the second node may verify whether the second signature is illegally modified according to the signature of the second node, and in this step, when the second signature is determined to be illegally modified, the second node sends illegally modified information to the first node, where the illegally modified information may be the signature of the second node, that is, the second node sends the signature information of the second node to the first node, the illegally modified information may also be difference information obtained by comparing the signature of the second node with the second signature, and the first node may also determine whether the modification is illegally modified according to the difference information.
S13, judging whether the first signature is modified into the second signature or not according to the illegal modification information received by the first node.
In this embodiment, due to the data transmission problem between the upper system and each node, a certain time difference exists between the signature changes between each node, which may cause that the signature of the first node is modified normally, but misjudgment occurs when the second node judges that the signature of the second node is not changed in time, and the second signature sent to the second node is inconsistent with the local signature, so in this step, the first node judges whether the first signature is modified to be illegal according to the received illegal modification information, and because the time delay of the data transmission is related to the communication environment, in this embodiment, by judging whether the modification of the first node is legal by referring to the illegal modification information fed back by each second node, the error caused by the data transmission delay can be effectively avoided.
In this embodiment, whether the first node modifies the first signature into the second signature according to the number of nodes feeding back the illegal modification information may be determined, for example, if the number of nodes feeding back the illegal modification information is large, the signature modification is illegal may be determined, if the number of nodes feeding back the illegal modification information is small, it may be considered that transmission delay may cause misjudgment of part of the nodes, at this time, the signature modification is determined to be legal, further, in order to avoid misjudgment of the signature modification, after a preset time period, the modified signature may be sent to other nodes again for further determination, if the preset time period passes, the signature modification may be considered that the signature modification is legal, whether the signature modification is legal is not determined to reduce the system load any more, and of course, if some nodes consider that the signature modification is illegal, whether the signature modification is illegal at intervals again, the determination is performed, and if the judgment of how many intervals of the preset time period is illegal may be set according to the importance of system security, and for a system with higher security requirement, if the node is illegal modification is present, the illegal determination may be performed many times, so as to improve the security of the system.
And S14, when the first signature is modified to be illegal, modifying the signature information of the first node to be the first signature.
In this embodiment, when the first signature is modified to be the second signature according to the illegal modification information received by the first node, the signature information of the first node is restored, that is, modified back to the first signature, so as to keep the signatures of all the nodes in the distributed system consistent.
In this embodiment, when signature information of any node is changed, the signature information modified by the node is sent to other nodes, the other nodes determine whether the modified signature is illegal, when the signature is modified illegally, illegal modification information is sent to the node for modifying the signature, finally, whether the signature is legal or not is determined according to all illegal modification information received by the node for modifying the signature, when the signature is modified illegally, the signature is modified back to the original signature in time, the signatures of all nodes in the system are ensured to be consistent, the signature of any node in the system is prevented from being modified illegally, and the security of the system is improved.
In a specific embodiment, the management method further includes: when the first signature is modified to be that the second signature is not illegal, the first node sends the second signature to the second node again at intervals of preset time, judges whether the first signature is modified to be that the second signature is illegal or not according to the received illegal modification information, accumulates the judging times of the first signature being modified to be that the second signature is not illegal, and does not send the second signature to the second node any more until the judging times are equal to the preset times.
In this embodiment, after the first signature is modified to the second signature is determined to be illegal, since whether the first signature is modified to the second signature is determined to be illegal according to the received illegal modification information received by the first node, a certain tolerance exists in the determination process, so as to further improve the system security, if the illegal modification information is fed back by the second node, the second signature may be sent to the second node again after the preset time interval is performed, or the second signature may be sent only to the second node fed back with the illegal modification information, and then whether the first signature is modified to be illegal is determined to be illegal according to the received illegal modification information again. Of course, according to the disclosure of the present embodiment, the judgment may be terminated after no illegal modification information is fed back by the second node, which indicates that the modified second signature in the first node is matched with the signature information local to each second node if no illegal modification information is fed back by the second node, so that the security check is not required.
As shown in fig. 2, the embodiment of the invention provides a node signature management method. Referring to fig. 2, the management method includes the steps of:
s21, acquiring the number of preset characters of the system software information as marking information.
S22, adding marking information in the signature of the node, and adding a time stamp when the signature is created or adding a time stamp when the signature is modified in the signature.
Since the signature of each node is modified by the control of the upper system, that is, the first signature of each node is modified by the second signature sent to each node by the upper system, in this embodiment, the signature of each node is kept consistent, so that an information number and a timestamp are added in each node, where the information number is the number of preset characters in the system software information, and for a normally modified node, the modification is controlled according to the upper system, so that the information number in each node of the normally modified node is consistent, and the timestamp in the signature is consistent, once an illegal intrusion modification signature occurs, if an illegal intruder does not know any of the two identification information, the final verification process can identify the illegal modification.
In this embodiment, the information number, i.e. the first flag information, is the number of preset characters in the system software information, for example, the preset characters may be the number of certain characters in the software code, and may be obtained by traversing the software information, but since the process of identifying the characters of the software information is long, and since the code amount of some software information is very huge, the preset characters may also be all "1" or "0" in the binary information of the software.
In this embodiment, the number of preset characters of the system software information is acquired in S21, as the flag information, including: converting system software information into binary information; the number of all 1 s in the binary information is acquired as the flag information.
In this embodiment, in particular, since 1 in binary information represents a high level and 0 represents a low level in the system, counting the high level occurring in the system is easier than counting the low level, and therefore, in this step, in order to improve data processing efficiency, the number of all 1 s in binary information can be acquired as flag information.
As shown in fig. 3, the embodiment of the invention provides a node signature management method. Referring to fig. 3, compared to the embodiment shown in fig. 1, the management method is different in that it includes the steps of:
S31, acquiring first marking information and a first time stamp in a local third signature of a second node; wherein the first flag information includes: the number of characters is preset in the system software information.
In this embodiment, since the modification of the signature of each node is performed by the control of the upper system, that is, the first signature of each node is modified to be the second signature sent by the upper system to each node, in this embodiment, the signature of each node is kept consistent, so that an information number and a time stamp are added to each node, where the information number is the number of preset characters in the system software information, and for a normally modified node, the modification is controlled according to the upper system, so that the information number in each node of the normally modified node is consistent, and the time stamp in the signature is also consistent, and if an illegal intruder does not know any of the two identification information, the final verification process identifies the illegal modification. Furthermore, in order to avoid that an illegal invader directly inquires the signed information number and the timestamp, certain encryption operation can be carried out on the information number and the timestamp so as to improve the data security.
In this embodiment, the information number, i.e. the first flag information, is the number of preset characters in the system software information, for example, the preset characters may be the number of certain characters in the software code, and may be obtained by traversing the software information, but since the process of identifying the characters of the software information is long, and since the code amount of some software information is very huge, the preset characters may also be all "1" or "0" in the binary information of the software.
S32, acquiring second marking information and a second timestamp in the second signature.
In this embodiment, the first, second and third are only for distinguishing nodes from nodes to which data belong, and are not defined as different data, so the description of the second marking information and the second timestamp in this step may refer to the description in the above steps, and this scheme is not repeated.
In the present embodiment, it is needless to say that if the second signature does not have the second mark information or the second timestamp, the first signature may be directly determined to be modified to be illegal, and the present scheme is not particularly limited.
S33, comparing the first mark information with the second mark information, and judging whether the first mark information is matched with the second mark information.
In this embodiment, the first flag information in the local third signature is compared with the second flag information in the second signature, if the first flag information is inconsistent with the second flag information, it is indicated that the two signatures are inconsistent, and the two signatures are inconsistent only with two requests, where the first is that the second node does not receive a signature change instruction of the upper system yet due to a communication problem, the second node does not change its own signature according to the upper system requirement, resulting in inconsistent information numbers of the two signatures, and the second is that the second signature is modified by an illegal intruder.
S34a, when the first mark information does not match the second mark information, the second mark is illegally modified.
And S34b, when the first mark information is matched with the second mark information, comparing the first timestamp with the second timestamp.
In this embodiment, if the first flag information of the two signatures is matched, it cannot be determined that the modification of the two signatures is legal, for example, if the information number is the number of the preset characters in the corresponding software, if the software on the upper system is not changed, the information number in the modified signature is consistent with the information number in the previous signature, and if the signature is illegally modified, the information number of the illegal signature is less likely to be consistent with the information number of the correct signature, so in this step, if the first flag information is matched with the second flag information, the first timestamp and the second timestamp are compared to realize further determination of the signature.
S35a, when the first timestamp matches the second timestamp, the second signature is modified normally.
S35b, when the first timestamp does not match the second timestamp, the second signature is illegally modified.
In this embodiment, in the further determining process, when the time stamps are also consistent, it is determined that the second signature of the first node is modified normally, otherwise, the second signature is considered as modified illegally.
In this embodiment, whether the modification of the signature is normal is determined according to the marking information and the timestamp of the signature, and when the marking information and the timestamp are matched, the second signature is determined to be normal modification.
In this embodiment, the management method further includes the steps of: when the first flag information does not match the second flag information, the second node transmits the third signature as illegally modified information to the first node.
In this embodiment, when the first flag information and the second flag information do not match, the third signature of the second node is sent to the first node as illegal modification information, so that the first node may determine that the signature of the first node is inconsistent with the signatures of other nodes according to the third signature.
In this embodiment, the management method further includes the steps of: when the first timestamp does not match the second timestamp, the second node sends the first timestamp to the first node as illegitimate modification information.
In this embodiment, when the first mark information and the second mark information of the signature are matched, whether the two signatures are identical is determined by judging whether the timestamps of the signatures are identical, if the timestamps are identical, the first signature is considered to be modified to be legal as the second signature, no other operation is required, if the timestamps are not identical, the modification is considered to be illegal, at this time, the timestamp is directly fed back to the first node as illegal modification information, and the first node knows that the signatures of the first node and the node feeding the timestamp are different in that the timestamps are not identical.
As shown in fig. 4, in this embodiment, according to each illegal modification information received by the first node, it is determined whether the first signature is modified to be illegal as the second signature, and specifically includes the following steps:
s41, acquiring the number of third signatures fed back to the first node as a first reference number.
In this embodiment, when the second node determines that the first signature is modified to be illegally modified, the second node sends its own third signature to the first node, in this step, the number of the third signatures fed back to the first node is obtained, and when the number of the third signatures sent to the first node is larger or reaches a preset value, the modification can be directly considered as illegally modified, in general, if the modification is illegally performed, most nodes feed back the third signature to the first node, and if the misjudgment caused by the communication quality is performed, the number of the nodes with misjudgment is not larger, so in this step, the number of the third signatures fed back to the first node is obtained as the first reference number to determine whether the first node modifies the first signature to be illegally performed by the second signature.
And S42a, when the duty ratio of the first reference quantity in the quantity of all the second nodes is larger than or equal to a first preset duty ratio, the first signature is modified to be illegal.
And S42b, counting the number of first time stamps which are illegal modification information and are the same in each numerical value when the duty ratio of the first reference number in the number of all the second nodes is smaller than a first preset duty ratio, and judging whether the duty ratio of any second reference number in the number of the first time stamps which are illegal modification information is larger than or equal to a second preset duty ratio or not as the second reference number.
In this embodiment, when the ratio of the first reference number to the number of all the second nodes exceeds the first preset ratio, it is explained that the number of the second nodes for which the first signature is determined to be modified illegally is large, and at this time, the reason for the communication channel may be ignored, and the modification is directly considered as being modified illegally.
In this embodiment, when the duty ratio of the first reference number in the number of all the second nodes is smaller than the first preset duty ratio, counting the time stamps fed back to the first node, counting the time stamps with the same time value to obtain corresponding numbers, respectively serving as the second reference number, and judging whether the signature modification is illegal or not according to the second reference number.
S43a, when the duty ratio of any second reference number in the number of all the first time stamps which are illegal modification information is greater than or equal to the second preset duty ratio, the first signature is modified to be illegal.
S43b, when the duty ratio of all the second reference numbers in the numbers of all the first time stamps which are illegal modification information is smaller than the second preset duty ratio, the first signature is modified to be that the second signature is illegal.
In this embodiment, if there is any second reference number whose duty ratio in all the timestamps is greater than or equal to the second preset duty ratio, it is indicated that there are more second nodes that determine that the first signature is modified illegally by the second node, and the feedback timestamps are identical, and since the information numbers will be determined before the timestamps are determined, the information numbers of the nodes feeding back the timestamps are identical, and when the two are identical, and the number is greater, the signatures of the nodes can be considered to be normal signatures, and the node whose signature is a normal signature determines that the first node is modified illegally by the second node, so that the proving strength is greater, and it can be determined that the first signature is modified illegally by the second node.
In this embodiment, according to the number ratio of the illegal modification information fed back to the first node under the condition of no use, whether the modification is illegal is judged, so as to further improve the security of the system.
As shown in fig. 5, an embodiment of the present invention provides a node signature management system, which includes a distributed system of a plurality of nodes. Referring to fig. 5, the nodes each include: a first processing unit 11, a second processing unit 12 and a third processing unit 13.
In the present embodiment, the first processing unit 11 is configured to send the second signatures to the second nodes when the first signatures are modified to the second signatures, respectively; wherein the second node is any node.
In the present embodiment, the second processing unit 12 is configured to send illegal modification information to the first node when the second signature is illegal modification; wherein the first node is the node that sent the second signature.
In this embodiment, the third processing unit 13 is configured to determine whether the first signature is modified to be the second signature illegally according to the received illegitimate modification information; when the first signature is modified to be illegal, the signature information is modified to be the first signature.
In this embodiment, the node further includes: and the fourth processing unit is used for sending the second signature to the second node again every preset time interval when the first signature is modified to be the second signature which is not illegal, judging whether the first signature is modified to be the second signature which is illegal according to the received illegal modification information, accumulating the judging times of the first signature being modified to be the second signature which is not illegal until the judging times are equal to the preset times, and not sending the second signature to the second node by the first node.
In this embodiment, the second processing unit 12 is further configured to obtain first marking information and a first timestamp in a third signature of the second node locally; acquiring second marking information and a second timestamp in a second signature; comparing the first mark information with the second mark information, and judging whether the first mark information is matched with the second mark information or not; when the first mark information is not matched with the second mark information, the second signature is illegally modified; when the first mark information is matched with the second mark information, comparing the first time stamp with the second time stamp; when the first timestamp matches the second timestamp, the second signature is a normal modification; when the first timestamp does not match the second timestamp, the second signature is illegally modified; wherein the first flag information includes: the number of characters is preset in the system software information.
In the present embodiment, the second processing unit 12 is further configured to send the third signature as illegitimate modification information to the first node when the first flag information and the second flag information do not match; when the first timestamp does not match the second timestamp, the first timestamp is sent to the first node as illegitimate modification information.
In this embodiment, the third processing unit 13 is specifically configured to obtain, as the first reference number, the number of third signatures fed back to the first node; when the duty ratio of the first reference quantity in the quantity of all the second nodes is larger than or equal to a first preset duty ratio, the first signature is modified to be illegal; when the duty ratio of the first reference quantity in the quantity of all the second nodes is smaller than a first preset duty ratio, counting the quantity of first time stamps which are illegal modification information and are the same in each numerical value, and judging whether any second reference quantity is larger than or equal to the second preset duty ratio in the quantity of the first time stamps which are illegal modification information or not as the second reference quantity; when the duty ratio of any second reference quantity in the quantity of all the first time stamps which are illegal modification information is larger than or equal to a second preset duty ratio, the first signature is modified to be illegal; when the duty ratio of all the second reference numbers in the numbers of all the first time stamps which are illegal modification information is smaller than the second preset duty ratio, the first signature is modified to be that the second signature is illegal.
In this embodiment, the node further includes: a fifth processing unit for acquiring the number of preset characters of the system software information as the marking information; the signature is added with marking information, and the signature is added with a time stamp when the signature is created or a time stamp when the signature is modified.
In this embodiment, the fifth processing unit is specifically configured to convert the system software information into binary information; the number of all 1 s in the binary information is acquired as the flag information.
As shown in fig. 6, an embodiment of the present invention provides an electronic device, including: processor 1110, communication interface 1120, memory 1130, and communication bus 1140, wherein processor 1110, communication interface 1120, memory 1130 perform communication with each other through communication bus 1140;
a memory 1130 for storing a computer program;
processor 1110, configured to execute a program stored in memory 1130, implements the following session activation method:
when the first signature of the first node is modified to be the second signature, the first node respectively sends the second signature to the second node;
For each second node, when the second signature is illegally modified, the second node transmits illegally modified information to the first node;
Judging whether the first signature is modified into the second signature or not according to each illegal modification information received by the first node;
when the first signature is modified to be illegal, the signature information of the first node is modified to be the first signature.
According to the electronic device provided by the embodiment of the invention, when signature information of any node is changed by executing a program stored in the memory 1130, the processor 1110 sends the signature information modified by the node to other nodes, the other nodes judge whether the modified signature is illegal, when the signature is modified illegally, the illegal modification information is sent to the node for modifying the signature, finally, whether the signature is legal or not is determined according to all illegal modification information received by the node for modifying the signature, when the signature is modified illegally, the signature is modified back to the original signature in time, the signatures of all nodes in the system are ensured to be consistent, the illegal modification of the signature of any node in the system is avoided, and the security of the system is improved.
The communication bus 1140 mentioned above may be a peripheral component interconnect standard (PeripheralComponentInterconnect, PCI) bus or an extended industry standard architecture (ExtendedIndustryStandardArchitecture, EISA) bus, etc. The communication bus 1140 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface 1120 is used for communication between the electronic device and other devices described above.
The memory 1130 may include Random Access Memory (RAM) or non-volatile memory (non-volatilememory), such as at least one disk memory. Optionally, the memory 1130 may also be at least one storage device located remotely from the processor 1110.
The processor 1110 may be a general-purpose processor, including a Central Processing Unit (CPU), a network processor (NetworkProcessor NP), and the like; but also digital signal processors (DigitalSignalProcessing, DSP for short), application specific integrated circuits (ApplicationSpecificIntegratedCircuit, ASIC for short), field-programmable gate arrays (Field-ProgrammableGateArray, FPGA for short), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
Embodiments of the present invention provide a computer readable storage medium storing one or more programs executable by one or more processors to implement the node signature management method of any of the above embodiments.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present invention are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.) means from one website, computer, server, or data center. Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc., that contain an integration of one or more available media. Usable media may be magnetic media (e.g., floppy disk, hard disk, magnetic tape), optical media (e.g., DVD), or semiconductor media (e.g., solid state disk SolidStateDisk (SSD)), among others.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (7)

1. A node signature management method, applied to a distributed system including a plurality of nodes, comprising:
When a first signature of a first node is modified into a second signature, the first node respectively sends the second signature to a second node;
for each second node, when the second signature is illegally modified, the second node transmits illegally modified information to the first node;
Judging whether the first signature is modified to be a second signature or not according to the illegal modification information received by the first node;
When the first signature is modified to be a second signature illegitimate, the signature information of the first node is modified to be a first signature;
wherein determining whether the second signature is illegally modified comprises:
Acquiring first marking information and a first timestamp in a local third signature of the second node; wherein the first flag information includes: presetting the number of characters in system software information;
Acquiring second marking information and a second timestamp in a second signature;
Comparing the first mark information with the second mark information, and judging whether the first mark information is matched with the second mark information or not;
when the first mark information is not matched with the second mark information, the second signature is illegally modified;
Comparing the first timestamp with the second timestamp when the first tag information matches the second tag information;
when the first timestamp matches the second timestamp, the second signature is a normal modification;
when the first timestamp does not match the second timestamp, the second signature is illegally modified;
wherein the second node transmits illegal modification information to the first node, comprising:
When the first mark information is not matched with the second mark information, the second node sends the third signature to the first node as illegal modification information;
When the first timestamp is not matched with the second timestamp, the second node sends the first timestamp to the first node as illegal modification information;
Wherein, according to each illegal modification information received by the first node, judging whether the first signature is modified to be illegal as the second signature, including:
acquiring the number of third signatures fed back to the first node as a first reference number;
when the duty ratio of the first reference number in the number of all the second nodes is larger than or equal to a first preset duty ratio, the first signature is modified to be a second signature illegitimate;
counting the number of the first time stamps which are the illegal modification information and are the same in each numerical value when the duty ratio of the first reference number in the number of all the second nodes is smaller than a first preset duty ratio, and judging whether the duty ratio of any second reference number in the number of the first time stamps which are the illegal modification information is larger than or equal to a second preset duty ratio or not as a second reference number;
When the ratio of any second reference quantity in the quantity of all the first time stamps which are illegal modification information is larger than or equal to a second preset ratio, the first signature is modified to be illegal;
when the duty ratio of all the second reference numbers in the numbers of all the first time stamps which are the illegal modification information is smaller than a second preset duty ratio, the first signature is modified to be that the second signature is illegal.
2. The method of managing according to claim 1, characterized in that the method of managing further comprises:
When the first signature is modified to be the second signature which is not illegal, the first node sends the second signature to the second node again at preset time intervals, judges whether the first signature is modified to be the second signature which is illegal or not according to the received illegal modification information, and accumulates the judging times of the first signature being modified to be the second signature which is not illegal until the judging times are equal to the preset times, and the first node does not send the second signature to the second node.
3. The management method according to any one of claims 1 to 2, characterized in that the management method further comprises:
Acquiring the number of preset characters of system software information as marking information;
and adding the marking information in the signature of the node, and adding a time stamp when the signature is created or adding a time stamp when the signature is modified in the signature.
4. A management method according to claim 3, wherein the acquiring the number of preset characters of the system software information as the flag information includes:
Converting system software information into binary information;
the number of all 1 s in the binary information is acquired as the flag information.
5. A node signature management system, the system comprising a distributed system of a plurality of nodes, each of the nodes comprising:
a first processing unit, configured to, when a first signature of a first node is modified to a second signature, send the second signature to a second node respectively; the first node is any node in a distributed system, and the second node is other nodes different from the first node;
a second processing unit, configured to, when the second signature in the second node is illegally modified, send illegally modified information to the first node; wherein the first node is the node that sent the second signature;
The third processing unit is used for judging whether the first signature is modified into the second signature or not according to the received illegal modification information; when the first signature is modified to be illegal, modifying the signature information to be the first signature;
The second processing unit is further configured to determine whether the second signature is illegally modified, including: acquiring first marking information and a first timestamp in a local third signature of the second node; wherein the first flag information includes: presetting the number of characters in system software information; acquiring second marking information and a second timestamp in a second signature; comparing the first mark information with the second mark information, and judging whether the first mark information is matched with the second mark information or not; when the first mark information is not matched with the second mark information, the second signature is illegally modified; comparing the first timestamp with the second timestamp when the first tag information matches the second tag information; when the first timestamp matches the second timestamp, the second signature is a normal modification; when the first timestamp does not match the second timestamp, the second signature is illegally modified;
the second processing unit is further configured to send, when the first flag information does not match the second flag information, the third signature to the first node as illegally modified information by the second node; when the first timestamp is not matched with the second timestamp, the second node sends the first timestamp to the first node as illegal modification information;
The third processing unit is further configured to obtain, as a first reference number, a number of third signatures fed back to the first node; when the duty ratio of the first reference number in the number of all the second nodes is larger than or equal to a first preset duty ratio, the first signature is modified to be a second signature illegitimate; counting the number of the first time stamps which are the illegal modification information and are the same in each numerical value when the duty ratio of the first reference number in the number of all the second nodes is smaller than a first preset duty ratio, and judging whether the duty ratio of any second reference number in the number of the first time stamps which are the illegal modification information is larger than or equal to a second preset duty ratio or not as a second reference number; when the ratio of any second reference quantity in the quantity of all the first time stamps which are illegal modification information is larger than or equal to a second preset ratio, the first signature is modified to be illegal; when the duty ratio of all the second reference numbers in the numbers of all the first time stamps which are the illegal modification information is smaller than a second preset duty ratio, the first signature is modified to be that the second signature is illegal.
6. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
A memory for storing a computer program;
A processor for implementing the node signature management method according to any one of claims 1 to 4 when executing a program stored in a memory.
7. A computer-readable storage medium storing one or more programs executable by one or more processors to implement the node signature management method of any of claims 1-4.
CN202011552235.3A 2020-12-24 2020-12-24 Node signature management method, system, electronic equipment and storage medium Active CN112560113B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011552235.3A CN112560113B (en) 2020-12-24 2020-12-24 Node signature management method, system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011552235.3A CN112560113B (en) 2020-12-24 2020-12-24 Node signature management method, system, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112560113A CN112560113A (en) 2021-03-26
CN112560113B true CN112560113B (en) 2024-06-07

Family

ID=75033625

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011552235.3A Active CN112560113B (en) 2020-12-24 2020-12-24 Node signature management method, system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112560113B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6421779B1 (en) * 1997-11-14 2002-07-16 Fujitsu Limited Electronic data storage apparatus, system and method
JP2003016266A (en) * 2000-05-17 2003-01-17 Dainippon Printing Co Ltd Procedure system and storage medium therefor
US9507621B1 (en) * 2014-08-26 2016-11-29 Amazon Technologies, Inc. Signature-based detection of kernel data structure modification
CN106385319A (en) * 2016-09-29 2017-02-08 江苏通付盾科技有限公司 Verification method for information in block chain network and verification system thereof
CN106790261A (en) * 2017-02-03 2017-05-31 上海云熵网络科技有限公司 Distributed file system and the method for certification communication between its interior joint
CN108573016A (en) * 2017-12-25 2018-09-25 北京金山云网络技术有限公司 A kind of data consistent check method, apparatus, equipment and storage medium
CN109150536A (en) * 2017-06-27 2019-01-04 中思博安科技(北京)有限公司 The execution method of allograph method and system and intelligent contract
CN109522988A (en) * 2018-11-20 2019-03-26 王建新 Product false proof electronic tag and electronic labeling information update method and system
CN110309672A (en) * 2019-07-01 2019-10-08 北京理工大学 A kind of controlled data management method of the secret protection based on block chain
CN111181945A (en) * 2019-12-24 2020-05-19 达闼科技成都有限公司 Digital identity management method and device, storage medium and electronic equipment
US10659233B1 (en) * 2019-03-15 2020-05-19 Alibaba Group Holding Limited Authentication based on a recovered public key
CN112073173A (en) * 2020-09-07 2020-12-11 中国人民解放军战略支援部队信息工程大学 Illegal signer determination system facing block chain PKI
CN112104701A (en) * 2020-08-13 2020-12-18 北京新盛云佳科技有限公司 Cross-link communication method, device, network node and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3791546B1 (en) * 2018-05-10 2022-10-12 Telecom Italia S.p.A. Protecting signaling messages in hop-by-hop network communication link

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6421779B1 (en) * 1997-11-14 2002-07-16 Fujitsu Limited Electronic data storage apparatus, system and method
JP2003016266A (en) * 2000-05-17 2003-01-17 Dainippon Printing Co Ltd Procedure system and storage medium therefor
US9507621B1 (en) * 2014-08-26 2016-11-29 Amazon Technologies, Inc. Signature-based detection of kernel data structure modification
CN106385319A (en) * 2016-09-29 2017-02-08 江苏通付盾科技有限公司 Verification method for information in block chain network and verification system thereof
CN106790261A (en) * 2017-02-03 2017-05-31 上海云熵网络科技有限公司 Distributed file system and the method for certification communication between its interior joint
CN109150536A (en) * 2017-06-27 2019-01-04 中思博安科技(北京)有限公司 The execution method of allograph method and system and intelligent contract
CN108573016A (en) * 2017-12-25 2018-09-25 北京金山云网络技术有限公司 A kind of data consistent check method, apparatus, equipment and storage medium
CN109522988A (en) * 2018-11-20 2019-03-26 王建新 Product false proof electronic tag and electronic labeling information update method and system
US10659233B1 (en) * 2019-03-15 2020-05-19 Alibaba Group Holding Limited Authentication based on a recovered public key
CN110309672A (en) * 2019-07-01 2019-10-08 北京理工大学 A kind of controlled data management method of the secret protection based on block chain
CN111181945A (en) * 2019-12-24 2020-05-19 达闼科技成都有限公司 Digital identity management method and device, storage medium and electronic equipment
CN112104701A (en) * 2020-08-13 2020-12-18 北京新盛云佳科技有限公司 Cross-link communication method, device, network node and storage medium
CN112073173A (en) * 2020-09-07 2020-12-11 中国人民解放军战略支援部队信息工程大学 Illegal signer determination system facing block chain PKI

Also Published As

Publication number Publication date
CN112560113A (en) 2021-03-26

Similar Documents

Publication Publication Date Title
CN111523890B (en) Block chain-based data processing method, device, storage medium and equipment
CN111400777B (en) Network storage system, user authentication method, device and equipment
CN110247897B (en) System login method, device, gateway and computer readable storage medium
CN111104675A (en) Method and device for detecting system security vulnerability
CN111371889B (en) Message processing method and device, internet of things system and storage medium
CN111339141A (en) Data transmission method, block link node equipment and medium
CN110838971B (en) Message sending method and device, electronic equipment and storage medium
CN112818056A (en) Log security sharing method, system and device of block chain
CN110995522B (en) Information processing method and device
CN112184436A (en) Data synchronization method, electronic device and readable storage medium
CN112037055B (en) Transaction processing method, device, electronic equipment and readable storage medium
CN112363997B (en) Data version management method, device and storage medium
CN112560113B (en) Node signature management method, system, electronic equipment and storage medium
CN108965108B (en) Message pushing method and related equipment
CN111400027A (en) Distributed task processing method, device and system
CN115858320A (en) Operation log recording method, apparatus, medium and product
CN109067726B (en) Identification method and device for station building system, electronic equipment and storage medium
CN112202863B (en) Data synchronization method and device, electronic equipment and readable storage medium
CN112000713A (en) Data processing method, device, equipment and medium
CN114048457A (en) Multi-platform user relationship creation method, device, system and storage medium
CN113205302A (en) Data interaction method, device, equipment and storage medium
US20090313326A1 (en) Device management using event
CN114491653A (en) Data content tamper-proof system, method and device
CN112015494A (en) Third-party API tool calling method, system and device
CN111163088B (en) Message processing method, system and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant