CN114900310A - Method for corresponding ID of terminal equipment to block chain account - Google Patents
Method for corresponding ID of terminal equipment to block chain account Download PDFInfo
- Publication number
- CN114900310A CN114900310A CN202210315848.8A CN202210315848A CN114900310A CN 114900310 A CN114900310 A CN 114900310A CN 202210315848 A CN202210315848 A CN 202210315848A CN 114900310 A CN114900310 A CN 114900310A
- Authority
- CN
- China
- Prior art keywords
- shield
- terminal equipment
- terminal device
- certificate
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000004364 calculation method Methods 0.000 claims abstract description 13
- 238000012795 verification Methods 0.000 claims abstract description 11
- 238000007726 management method Methods 0.000 description 20
- 238000012545 processing Methods 0.000 description 14
- 239000000758 substrate Substances 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 230000003993 interaction Effects 0.000 description 7
- 239000004973 liquid crystal related substance Substances 0.000 description 7
- 239000000463 material Substances 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000002452 interceptive effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure discloses a method for corresponding ID of terminal equipment to a block chain account, which mainly comprises the following steps: (1) the terminal equipment performs hash calculation to obtain an intermediate hash value; (2) generating a first digital signature; (3) the registration management server checks the label; (4) the forwarding CA server checks the label again; (5) the CA server generates a certificate for the terminal equipment; (6) the terminal equipment verifies the certificate, and if the certificate passes the verification, the certificate is stored; by the method, the safety and the credibility of the terminal equipment in the using process in a wide sense are obviously improved, and the method can be used in various IT or DT fields.
Description
Technical Field
The disclosure belongs to the field of information security, and particularly relates to a method for enabling an ID of a terminal device to correspond to a block chain account.
Background
With the continuous development of information technology, the current problem of exposure in information security is also increased. Although products such as U-shield have been widely used in the financial field such as securities and banks to improve security, how to improve security in the wider field of terminal devices is always a problem to be solved urgently.
Disclosure of Invention
In view of this, the present disclosure discloses a method for associating an ID of a terminal device with a blockchain account, including the following steps:
s100, when the terminal equipment judges that no certificate exists in a memory of the terminal equipment, the terminal equipment generates a public key and a private key of the equipment through a public-private key generating algorithm, and carries out hash calculation and obtains an intermediate hash value according to the public key and the ID of the terminal equipment;
s200, the terminal device signs the intermediate hash value by using the private key to obtain a first digital signature;
s300, the terminal device sends the public key, the terminal device ID and the first digital signature to a registration management server for signature verification:
the registration management server decrypts the first digital signature by using a public key of the terminal device to obtain a first hash value;
the registration management server performs hash calculation according to the public key and the ID of the terminal equipment to obtain a second hash value;
if the first hash value is equal to the second hash value, the registration management server passes the verification;
s400, after the signature verification of the registration management server, the registration management server forwards the public key of the terminal device, the ID of the terminal device and the first digital signature to the CA server so that the CA server can verify the validity of the signature again:
the CA server decrypts the first digital signature by using the public key of the terminal equipment to obtain a third hash value;
the CA server performs hash calculation according to the public key and the ID of the terminal equipment to obtain a fourth hash value;
if the third hash value is equal to the fourth hash value, the CA server checks the signature and passes;
s500, the CA server generates a certificate for the terminal equipment, wherein the certificate comprises a second digital signature;
calculating a hash value of the certificate, and then signing the hash value of the certificate by using a private key of a CA server to generate the second digital signature;
and, the CA server returns a certificate;
s600: the terminal equipment verifies the validity of the certificate:
the terminal equipment decrypts the second digital signature by using the public key of the CA server to obtain a fifth hash value;
the terminal equipment performs Hash calculation on the certificate to obtain a sixth Hash value;
and if the fifth hash value is equal to the sixth hash value, the verification is passed, and the terminal equipment stores the certificate in a memory of the terminal equipment.
Preferably, the first and second liquid crystal materials are,
in step S600, the memory includes: a memory local to the terminal device, or a U-shield coupled to the terminal device.
Preferably, the first and second liquid crystal materials are,
the ID of the U shield is used as the ID of the terminal equipment; or,
the unique code of the local memory is used as the ID of the terminal device.
Preferably, the first and second liquid crystal materials are,
and by utilizing the private key, the terminal equipment signs the intermediate hash value by calling the service in the U shield to obtain a first digital signature.
Preferably, the first and second liquid crystal materials are,
in step S200, a service in the U shield calls a key generation interface in the U shield, so that the U shield generates a public key and a private key by using a public and private key generation algorithm.
By the method, the safety and the credibility of the terminal equipment in the using process in a wide sense are obviously improved, and the method can be used in various IT or DT fields.
Drawings
FIG. 1 is a schematic flow chart diagram of one embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a shield in an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art understand the technical solutions disclosed in the present disclosure, the technical solutions of various embodiments will be described below with reference to the embodiments and the accompanying drawings fig. 1 to 2, where the described embodiments are some embodiments of the present disclosure, but not all embodiments. The terms "first," "second," and the like as used in this disclosure are used for distinguishing between different objects and not for describing a particular order. Furthermore, "include" and "have," as well as any variations thereof, are intended to cover and not to exclude inclusions. For example, a process, method, system, or article or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may alternatively include other steps or elements not expressly listed or inherent to such process, method, system, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the disclosure. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It will be appreciated by those skilled in the art that the embodiments described herein may be combined with other embodiments.
In one embodiment, the present disclosure discloses a method for associating an ID of a terminal device with a blockchain account, comprising the steps of:
s100, when the terminal equipment judges that no certificate exists in a memory of the terminal equipment, the terminal equipment generates a public key and a private key of the equipment through a public-private key generating algorithm, and carries out hash calculation and obtains an intermediate hash value according to the public key and the ID of the terminal equipment;
s200, the terminal device signs the intermediate hash value by using the private key to obtain a first digital signature;
s300, the terminal device sends the public key, the terminal device ID and the first digital signature to a registration management server for signature verification:
the registration management server decrypts the first digital signature by using a public key of the terminal equipment to obtain a first hash value;
the registration management server performs hash calculation according to the public key and the ID of the terminal equipment to obtain a second hash value;
if the first hash value is equal to the second hash value, the registration management server passes the verification;
s400, after the signature verification of the registration management server, the registration management server forwards the public key of the terminal device, the ID of the terminal device and the first digital signature to the CA server so that the CA server can verify the validity of the signature again:
the CA server decrypts the first digital signature by using the public key of the terminal equipment to obtain a third hash value;
the CA server performs hash calculation according to the public key and the ID of the terminal equipment to obtain a fourth hash value;
if the third hash value is equal to the fourth hash value, the CA server checks the signature to pass;
s500, the CA server generates a certificate for the terminal equipment, wherein the certificate comprises a second digital signature;
calculating a hash value of the certificate, and then signing the hash value of the certificate by using a private key of a CA server to generate the second digital signature;
and, the CA server returns a certificate;
s600: the terminal equipment verifies the validity of the certificate:
the terminal equipment decrypts the second digital signature by using the public key of the CA server to obtain a fifth hash value;
the terminal equipment performs Hash calculation on the certificate to obtain a sixth Hash value;
and if the fifth hash value is equal to the sixth hash value, the verification is passed, and the terminal equipment stores the certificate in a memory of the terminal equipment.
Therefore, through the embodiment, the method for corresponding the ID of the terminal device to the blockchain account is realized, so that the safety degree and the credibility of the related device are improved through the blockchain technology. This means that any trace of operation and use of the device, which can subsequently be further verified via the blockchain, is used. In addition, the certificate is stored, so that the method can be used for various occasions of secure interaction. Considering that the terminal device is associated with a chain, the present embodiment implements a safe and reliable processing method for a blockchain-based terminal device.
Further, if sensitive information such as a certificate is stored in a memory of the terminal device, particularly a storage device whose security degree has reached a certain level, for example, the storage device stores the information in the U shield to obtain a blockchain U shield, when the terminal device can be called by any external system or external interface, for example, when the external interface is a corresponding interface of various Web services, the terminal device can be used for various Web services through the trusted and secure operation of the memory, so that the security of the terminal device is greatly improved, and the ID of the terminal device is effectively controlled.
In a preferred embodiment of the method of the invention,
in step S600, the memory includes: a memory local to the terminal device, or a U-shield coupled to the terminal device.
Preferably, the first and second liquid crystal materials are,
the ID of the U shield is used as the ID of the terminal equipment; or,
the unique code of the local memory serves as the ID of the terminal device.
It should be noted that, besides the unique code of the local storage can be used as the ID of the terminal device, the unique codes of other components of the terminal device can also be used as the ID of the terminal device, for example, the MAC address of the network card.
Preferably, the first and second liquid crystal materials are,
and by utilizing the private key, the terminal equipment signs the intermediate hash value by calling the service in the U shield to obtain a first digital signature.
Preferably, the first and second liquid crystal materials are,
in step S200, a service in the U shield calls a key generation interface in the U shield, so that the U shield generates a public key and a private key by generating a public-private key algorithm (for example, an SM2 algorithm, it can be understood that the SM2 algorithm may be replaced by an SM3, an SM4, or another algorithm as needed).
In another embodiment of the present invention, the substrate is,
the U-shield may also be implemented as a shield based on a block chain, such as a shield of a bluetooth or audio interface, in addition to the USB interface.
In another embodiment of the present invention, the substrate is,
the block chain based shield can also be implemented as a software digital shield other than a hardware entity shield,
when it is a software digital shield, the digital shield includes at least one or more interfaces to interact with systems or interfaces outside the digital shield.
It can be understood that the hardware entity shield can be various products with hardware interfaces, such as a hardware entity shield in the form of a USB disk, a card-type certificate with a USB interface, or a hardware entity shield with a bluetooth interface or an audio interface. However, it should be further noted that the software digital shield can be digital files in various formats, and the interface thereof is implemented by a digital interface for reading and writing files or other suitable API technologies, so that the interaction between the software digital shield and a system or an interface other than the digital shield is realized by accessing such digital files. Obviously, a hardware entity shield generally has higher security than a software digital shield, but this does not prevent the present disclosure from adopting existing digital encryption technology or monitoring technology or other digital security technology to improve the security of the software digital shield.
In one embodiment, the present disclosure discloses a shield based on a block chain, which is a terminal device of the present disclosure, and includes:
generating a key interface, which is used for being called by a first interface outside the shield, for example, being called by some interface of an external application system, and generating a corresponding public key and a private key according to the ID of the shield and a first algorithm and storing the public key and the private key in a key storage unit of the shield;
more preferably, the shield is a U shield, and the first interface is a U shield service interface, including: interfaces provided by services corresponding to various services such as a U shield Service of a bank, a U shield Service of government affair online office and the like; and the first algorithm may be the SM2 algorithm or other cryptographic algorithms (e.g., SM3, SM4) or any other algorithm, etc.;
when the shield is registered to the blockchain, the shield is regarded as a terminal device, and no matter whether the digital shield is virtualized to be a terminal device or the hardware entity shield is regarded as a terminal device, the ID of the terminal device can be corresponding to the blockchain account by using the above embodiment.
Thus, by the above embodiments, the present disclosure realizes a shield based on a block chain, which is a product of a terminal device type, and facilitates associating or corresponding the device with the block chain. This means that the shield can further verify the usage of the relevant terminal device in the informatization application system or even in any digital world via the block chain.
More preferably, the shield itself has a key storage unit, which is further capable of storing the identities of those users operating the shield, so that the shield can further store the public and private user keys generated from the user name and some suitable algorithm (including but not limited to the first algorithm). It can be appreciated that this enables the shield to further associate users and be used in a variety of situations where secure interaction is to be made with a user; the shield as a terminal device may be associated with the chain even further associating the respective user identity and causing the user identity to be associated with the chain.
The embodiment realizes a safe and reliable block chain-based shield which can be called by the outside. It can be understood that, for example, when the corresponding interface of each Web Service is called as the first interface, the shield can be used for each Web Service, thereby greatly improving the security of using each Web Service.
In another embodiment of the present invention, the substrate is,
the shield further comprises an intermediate hash value calculation unit and a first signature unit;
the intermediate hash value calculating unit is used for calculating an intermediate hash value according to the ID of the terminal equipment and the public key of the terminal equipment;
and the first signature unit is used for generating a first digital signature for the intermediate hash value according to the private key of the terminal equipment.
For the above embodiment, it is given how to further utilize the hash technique of the blockchain to implement the first digital signature on the shield, so as to make the shield a more blockchain-specific product, and further make the terminal device coupled with or including the shield a blockchain-specific terminal device. When a terminal device is coupled with the shield, the shield can be a hardware entity shield, and is used as a memory of the terminal device and can be used for IO operation by the terminal device; when the terminal device comprises the shield, the shield can be a software digital shield, is used as a memory of the terminal device, and can perform IO operation according to a file operation mode. For the software digital shield, it is a virtual terminal device, and the ID of the terminal device can be implemented by creating a digital ID based on a specific file through some mapping relationship, for example, generating the digital ID according to the creation time of the file to serve as the ID of the virtual terminal device. That is, even a terminal device in software, digital form, can possess the ID of the terminal device as well.
Further, as mentioned above, the intermediate hash value calculating unit may calculate, according to the ID of the terminal device and the public key thereof, the following: an intermediate hash value for the user; and the number of the first and second groups,
the first signature unit is further configured to generate, for the intermediate hash value of the user according to the private key of the user: a digital signature on the user.
In another embodiment of the present invention, the substrate is,
the shield further comprises a first sending unit;
the first sending unit sends at least a public key of the terminal device and the first digital signature to the registration management server via the first interface.
It can be understood that this embodiment implements sending the relevant signature to the registration management server through the first sending unit and the first interface, which is, for example, a U shield service interface. Thus, the shield interfaces the registration management server through the first interface to which it interfaces, which may be interfaces to various Web services and even various applications, meaning that the shield can be widely used for various services and/or applications. The registration management server may be a server independent from the blockchain, or may be a registration management server of the blockchain.
Further, the first sending unit also sends the public key of the user and the digital signature thereof to the registration management server via the first interface.
In another embodiment of the present invention, the substrate is,
the shield also includes a certificate store unit,
and after the first interface passes the first digital signature or the digital signature related to the user by using the public key verification of the CA server, the storage unit stores the certificate of the terminal equipment or the certificate related to the user. Among them, it can be understood that: with regard to the certificate of the user, it may generate the certificate of the user in a similar manner following the generation process of the certificate of the terminal device described above.
For this embodiment, it is disclosed how the block chain based shield described above as a new shield generates and stores the relevant certificate.
In another embodiment of the present invention, the substrate is,
the shield comprises a national secret security chip module, and the national secret security chip comprises a key generation function, an encryption function and/or a signature function.
It can be understood that when the national secret security chip module is utilized, the shield based on the block chain can be realized more quickly through various existing national secret security chip modules with higher integration level.
In another embodiment of the present invention, the substrate is,
the shield further comprises a second sending unit;
when the shield is coupled to a data processing system external to the terminal device via the terminal device, at least the ID of the terminal device, the operation of the terminal device on the data processing system, even the user name, the operation of the user on the data processing system via the terminal device, and time information (e.g. a time stamp) stored by the shield are sent to the block chain for uplink via a first interface (e.g. the aforementioned U shield service interface is used as the first interface) by the second sending unit at a certain time or a certain time period.
For this embodiment, it is disclosed how the terminal device interacts with the blockchain via the second sending unit when the shield is used for secure interaction with a certain data processing system, for example, how to uplink information about the terminal device ID and its operation on the data processing system, even the user.
In another embodiment of the present invention, the substrate is,
the second sending unit also sends the user's operation on the shield to the blockchain for uplink.
It can be appreciated that this embodiment shows that the shield is capable of linking user operations to the shield, such as: assuming that the shield includes an "ok" or "ok" button, this operation on the shield itself is also issued to the blockchain to chain up when the user presses the ok button once at a certain time.
In another embodiment of the present invention, the substrate is,
the shield further comprises a second hash value calculation unit and a second signature unit;
the second hash value calculation unit is at least used for calculating according to the user name stored by the shield, the operation of the user on the data processing system, the time information and the user public key: a second hash value for the user;
the second signature unit is configured to process the second hash value about the user according to the user private key to generate: a second digital signature about the user;
the second sending unit also sends the second digital signature for the user to block chain uplink.
For the above embodiment, it is given how to further use the hash technique of the blockchain to implement the second digital signature on the shield about the user, so as to associate the shield with the user, and make the relevant shield, the terminal device, a product with more blockchain characteristics and implement: an uplink of a second digital signature for the user.
In another embodiment, referring to fig. 2, the blockchain-based shield of the present disclosure is a federation chain hardware U shield based on a cryptographic algorithm, including:
the system comprises an MCU main control chip module, a Universal Serial Bus (USB), a state secret security chip module, a Bluetooth module, a screen display module, keys and a battery module;
the MCU main control chip module is used as a main control unit and is used for connecting the national password security chip module, the Bluetooth module, the screen, the keys and the Universal Serial Bus (USB), analyzing data sent by a channel (for example, through the Universal Serial Bus (USB), Bluetooth and the like) and handing the data to a special module for processing;
the system comprises a national secret security chip module, a secret key generation and management module and a secret key encryption module, wherein the national secret security chip module comprises a corresponding processing unit and a corresponding storage unit and is at least used for realizing a data storage function, a secret key generation and management function and an encryption function;
the USB or Bluetooth module is used for receiving/sending interactive data of an external system or an external interface of the shield and the U shield;
the screen display module is used for matching with the MCU main control chip module and the national password security chip module to display operation information (such as information of accounts, transaction amounts and the like) from a user;
the key is used for matching with the MCU main control chip module and the national password security chip module to implement user interaction functions (such as functions of turning on and off, confirming, canceling, turning up and down pages, inputting PIN codes and the like);
and the battery module is used for supplying power to the U shield.
It can be appreciated that this embodiment discloses a way of implementing the blockchain-based shield by way of example of a specific hardware U shield.
Further, in another embodiment,
when the block chain-based shield of the present disclosure is implemented as a digital shield, in addition to the content related to the digital shield, the data processing capability of the digital shield may utilize the processing capability of its own CPU or other processor, such as a device or equipment where the digital shield is located, or a computer, a data processing system, or a cloud server, or may also utilize the processing capability of its own external system that invokes the digital shield; the storage capacity required by the digital shield can utilize the storage capacity of a device or equipment or a computer or a data processing system or a cloud server where the digital shield is located, or can also utilize the storage capacity of an external system calling the digital shield; as for the interactive interface required by the digital shield, the interface can be realized by using I/O reading and writing for accessing the digital file; if it is necessary to display such an interactive process, it can be implemented by using any display device capable of receiving necessary information streams or data streams (e.g., mutual operation information) generated in the interaction of the digital shield and the external system (or the external interface), and when the display is not necessary, the information streams or data streams generated in the interaction can be saved as a file of a certain format (e.g., log file of operation).
Those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts, modules and units described are not necessarily required to practice the invention.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present disclosure, it should be understood that the disclosed shield can be implemented as a corresponding functional unit, processor or even system, wherein parts of the system can be located in one place or distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment. In addition, each functional unit may be integrated into one processing unit, or each unit may exist alone, or two or more units may be integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a smartphone, a personal digital assistant, a wearable device, a laptop, a tablet computer) to perform all or part of the steps of the method according to the embodiments of the present disclosure. The storage medium includes various media capable of storing program codes, such as a USB disk, a Read-only Memory (R0M), a Random Access Memory (RAM), a mobile hard disk, a magnetic disk, or an optical disk, and is not limited to different interfaces or transmission methods, such as USB, bluetooth, or audio.
As described above, the above embodiments are only used to illustrate the technical solutions of the present disclosure, and not to limit the same; although the present disclosure has been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present disclosure.
Claims (4)
1. A method for corresponding an ID of a terminal device to a blockchain account comprises the following steps:
(1) the terminal equipment performs hash calculation to obtain an intermediate hash value;
(2) generating a first digital signature;
(3) the registration management server checks the label;
(4) the forwarding CA server checks the label again;
(5) the CA server generates a certificate for the terminal equipment;
(6) and the terminal equipment verifies the certificate, and if the certificate passes the verification, the certificate is stored.
2. The method of claim 1, wherein, preferably,
when saving, the memory comprises: a memory local to the terminal device, or a U-shield coupled to the terminal device.
3. The method of claim 2, wherein,
the ID of the U shield is used as the ID of the terminal equipment; or,
the unique code of the local memory serves as the ID of the terminal device.
4. The method of claim 1, wherein,
and by utilizing the private key, the terminal equipment signs the intermediate hash value by calling the service in the U shield to obtain a first digital signature.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110337063 | 2021-03-29 | ||
| CN2021103370636 | 2021-03-29 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114900310A true CN114900310A (en) | 2022-08-12 |
Family
ID=82716295
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210315848.8A Pending CN114900310A (en) | 2021-03-29 | 2022-03-28 | Method for corresponding ID of terminal equipment to block chain account |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114900310A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115348114A (en) * | 2022-10-19 | 2022-11-15 | 浙江浩普智能科技有限公司 | Intelligent power plant data safety transmission method and system, electronic equipment and medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101777978A (en) * | 2008-11-24 | 2010-07-14 | 华为终端有限公司 | Method and system based on wireless terminal for applying digital certificate and wireless terminal |
| CN111859348A (en) * | 2020-07-31 | 2020-10-30 | 上海微位网络科技有限公司 | Identity authentication method and device based on user identification module and block chain technology |
-
2022
- 2022-03-28 CN CN202210315848.8A patent/CN114900310A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101777978A (en) * | 2008-11-24 | 2010-07-14 | 华为终端有限公司 | Method and system based on wireless terminal for applying digital certificate and wireless terminal |
| CN111859348A (en) * | 2020-07-31 | 2020-10-30 | 上海微位网络科技有限公司 | Identity authentication method and device based on user identification module and block chain technology |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115348114A (en) * | 2022-10-19 | 2022-11-15 | 浙江浩普智能科技有限公司 | Intelligent power plant data safety transmission method and system, electronic equipment and medium |
| CN115348114B (en) * | 2022-10-19 | 2023-02-28 | 浙江浩普智能科技有限公司 | Intelligent power plant data safety transmission method and system, electronic equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111080295B (en) | Electronic contract processing method and device based on blockchain | |
| WO2020073513A1 (en) | Blockchain-based user authentication method and terminal device | |
| CN109583219A (en) | A kind of data signature, encryption and preservation method, apparatus and equipment | |
| CN112232814B (en) | Encryption and decryption methods of payment key, payment authentication method and terminal equipment | |
| JP2002091299A (en) | System and method for digital signature, mediation method and system for digital signature, information terminal, and recording medium | |
| EP3701668A1 (en) | Methods for recording and sharing a digital identity of a user using distributed ledgers | |
| CN111931158A (en) | Bidirectional authentication method, terminal and server | |
| CN109660534B (en) | Multi-merchant-based security authentication method and device, electronic equipment and storage medium | |
| US10158490B2 (en) | Double authentication system for electronically signed documents | |
| US7793097B2 (en) | Extension of X.509 certificates to simultaneously support multiple cryptographic algorithms | |
| CN111641605B (en) | Electronic signature method and system based on dynamic password | |
| KR102329221B1 (en) | Blockchain-based user authentication model | |
| Chen | A secure and traceable E-DRM system based on mobile device | |
| CN110569672A (en) | efficient credible electronic signature system and method based on mobile equipment | |
| CN115085934A (en) | Contract management method based on block chain and combined key and related equipment | |
| CN113434882A (en) | Communication protection method and device of application program, computer equipment and storage medium | |
| CN111062059B (en) | Method and device for service processing | |
| CN116226289A (en) | Electronic certificate management method, device, equipment and storage medium based on blockchain | |
| CN114900310A (en) | Method for corresponding ID of terminal equipment to block chain account | |
| CN112131591A (en) | Encryption method, device, equipment and medium for compressing ciphertext of information | |
| CN101777980B (en) | Method for protection of digital certificate extension information | |
| CN114358932A (en) | Authentication processing method and device | |
| CN114900309A (en) | Method for corresponding user identity identification of information application system to block chain account | |
| CN114900307A (en) | Shield based on block chain and credible monitoring system thereof | |
| CN116132069B (en) | Method for realizing interconnection and intercommunication of multi-CA digital certificate and multi-electronic signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |