CN109872155A

CN109872155A - Data processing method and device

Info

Publication number: CN109872155A
Application number: CN201910132899.5A
Authority: CN
Inventors: 安瑞; 谢翔; 傅志敬; 孙立林; 谢红军
Original assignee: Matrix Technology (shenzhen) Co Ltd
Current assignee: Matrix Technology (shenzhen) Co Ltd
Priority date: 2019-02-22
Filing date: 2019-02-22
Publication date: 2019-06-11

Abstract

The embodiment of the present application provides a kind of data processing method and device, client preserves the first private key component, and server preserves the second private key component, and method includes: response transaction data processing request, authentication request is initiated, carries out bidirectional identification verifying with server；After being verified, call the first MPC node for defaulting in client using the first private key component as input, and the 2nd MPC node for defaulting in server carries out preset functional operation according to preset rules using the second private key component as input, trading signature is obtained, transaction data processing is carried out.Due to the program by first will transaction private key split, then by after fractionation the first private key component and the second private key component be retained separately；When in use, and the MPC node of calling two sides is utilized respectively above-mentioned private key component and participates in operation jointly to generate trading signature, to solve key using unsafe technical problem, and meets user for the control of transaction private key.

Description

Data processing method and device

Technical field

This application involves Internet technical field, in particular to a kind of data processing method and device.

Background technique

When carrying out transaction data processing, it is often necessary to generate corresponding trading signature as transaction certificate, further according to this Trading signature completes corresponding transaction data processing.For example, being called in the corresponding user account according to the trading signature of user Funds data carrys out payment transaction order etc..

Currently, the processing method of existing transaction data, user is needed to save by used client oneself mostly, Manage complete key (such as transaction private key)；When carrying out transaction data processing, then obtains and use the complete key raw At trading signature, to complete the processing of corresponding transaction data.

The above method is when it is implemented, due to needing user to save alone, managing complete transaction private key, or general completely Complete transaction private key escrow is to third party, and the specifically used and complete key in transaction data treatment process.Base In this data processing method, if some part in data processing, key used by a user leaked or It steals, then the transaction data processing of the user will face higher security risk.For example, if third party passes through certain channel Or mode steals certain transaction private key used by a user in transaction data treatment process, it is possible to directly private using the transaction Key voluntarily generates the trading signature of the user, the funds data in account to call the user, causes the economic damage of the user It loses.Therefore, existing method uses unsafe technical problem when it is implemented, often there is key.

In view of the above-mentioned problems, currently no effective solution has been proposed.

Summary of the invention

The embodiment of the present application provides a kind of data processing method and device, to solve the processed of existing transaction data Due to needing to use complete private key in journey, private key is caused to use unsafe technical problem.

The embodiment of the present application provides a kind of data processing method, and the data processing method is applied to client, described Client preserves the first private key component, which comprises

Response transaction data processing request initiates authentication request；

The authentication request is responded, carries out bidirectional identification verifying with server, wherein the server preserves the Two private key components, wherein the first private key component and the second private key component are according to client transaction generated Private key generates；

In the case where bidirectional identification is verified, call the first MPC node for defaulting in client private with described first Key component is as input data, and defaults in the 2nd MPC node of server using the second private key component as input data, Preset functional operation is carried out according to preset rules, obtains operation result as trading signature；

According to the trading signature, transaction data processing is carried out.

In one embodiment, the authentication request is responded, carries out bidirectional identification verifying with server, comprising:

It responds the authentication request, generates the first public key and the first private key, wherein first public key and described the The matching of one private key；

First public key is sent to server, and receives the second public key, wherein the server is for responding the body Part checking request, generates the second public key and the second private key；

Receive encryption data and the first signed data, wherein the encryption data is the server according to described first The data that the first random number is encrypted in public key, first signed data are the server according to described the Two private keys carry out the data that signature is handled to the encryption data；

According to second public key, the encryption data, first signed data, the first operation is carried out, to determine clothes Business body part verifies whether to pass through, and in the case where determining that server authentication passes through, according to second public key to institute It states encryption data to be decrypted, obtains first random number；

Signature processing is carried out to first random number according to first private key, obtains the second signed data, and to institute It states server and sends second signed data；

Receive the identification information of the server feedback, wherein the server be used for according to first public key, First random number, second signed data carry out the second operation, to determine that client identity verifies whether to pass through, and In the case where determining that the client identity is verified, Xiang Suoshu client sends confirmation instruction information.

In one embodiment, in response transaction data processing request, before initiating authentication request, the method is also Include:

Response key generates request, generates transaction private key and transaction public key, wherein the transaction private key and the transaction are public Key matching；

According to the transaction private key, the first private key component, the second private key component are generated；

The first private key component is stored in client local, the second private key component is sent to server, In, the server is for saving the second private key component.

In one embodiment, the second private key component is sent to server, comprising:

Obtain transmission public key, wherein the transmission public key is server generation, and the server is preserved and the transmission The transmission private key of public key match；

The second private key component is encrypted according to the transmission public key, obtains encrypted second private key point Amount；

The encrypted second private key component is sent to the server.

In one embodiment, according to the transaction private key, after generating the first private key component, the second private key component, institute State method further include:

According to the transaction private key, the first spare private key component, the second spare private key component are generated；

Described first spare private key component is stored in client local, the described second spare private key component is sent to clothes Business device.

In one embodiment, the method also includes:

Response updates request；Call the first MPC node for defaulting in client using the first private key component as input Data, and default in the 2nd MPC node of server using the second private key component as input data, according to preset rules into Row third operation generates updated first private key component and updated second private key component；

It obtains and saves the updated first private key component, wherein the updated second private key component saves In the server.

In one embodiment, after obtaining and saving the updated first private key component, the method also includes:

Response key checking request calls the first MPC node for defaulting in client with updated first private key Component is as input data, and defaults in the 2nd MPC node of server using the updated second private key component as defeated Enter data, carries out the 4th operation according to preset rules, generate updated transaction public key；

According to the transaction public key and the updated transaction public key, determine the updated first private key component, Whether the updated second private key component meets the requirements.

Response key checking request generates the second random number, and second random number is sent to server；

Call the first MPC node for defaulting in client using the updated first private key component as input data, With default in the 2nd MPC node of server using the updated second private key component as input data, according to default rule Signature processing then is carried out to second random number, obtains third signed data；

According to the transaction public key and the third signed data, the updated first private key component, described is determined Whether updated second private key component meets the requirements.

In one embodiment, the method also includes:

In the case where the first private key component is lost, calls and default in the first MPC node of client with described the One spare private key component is input data, and defaults in the 2nd MPC node of server with the described second spare private key component and be Input data carries out the 5th operation according to preset rules, generates third private key component and the 4th private key component；

It obtains, and is stored in client local for the third private key component as the first private key component, wherein described the Four private key components are stored in the server as the second private key component.

In one embodiment, the server preserves the second private key component, which comprises

Response identity checking request carries out bidirectional identification verifying with client, wherein the client preserves the first private Key component；

In the case where bidirectional identification is verified, call the 2nd MPC node for defaulting in server private with described second Key component is as input data, and defaults in the first MPC node of client using the first private key component as input data, Preset functional operation is carried out according to preset rules, obtains operation result as trading signature.

The embodiment of the present application also provides a kind of data processing method, the data processing method is applied to include server In the system of client, the client preserves the first private key component, and the server preserves the second private key component, In, the first private key component and the second private key component are generated according to client transaction private key generated, described Method includes:

The client end response response transaction data processing request initiates authentication request；

The client and the server respond the authentication request, carry out bidirectional identification verifying；

According to the trading signature, transaction data processing is carried out.

The embodiment of the present application also provides a kind of data processing equipments, comprising:

Initiation module is used for response transaction data processing request, initiates authentication request, wherein the data processing fills The first private key component is preserved in setting；

Authentication module carries out bidirectional identification verifying with server, wherein described for responding the authentication request Server preserves the second private key component, wherein the first private key component and the second private key component are according to the client Transaction private key generated is held to generate；

Calling module, for calling the first MPC node for defaulting in client in the case where bidirectional identification is verified Using the first private key component as input data, and the 2nd MPC node of server is defaulted in the second private key component As input data, preset functional operation is carried out according to preset rules, obtains operation result as trading signature；

Processing module, for carrying out transaction data processing according to the trading signature.

The embodiment of the present application also provides a kind of computer readable storage mediums, are stored thereon with computer instruction, described Instruction, which is performed, realizes response transaction data processing request, initiates authentication request；The authentication request is responded, with Server carries out bidirectional identification verifying, wherein the server preserves the second private key component；It is verified in bidirectional identification In the case of, call the first MPC node for defaulting in client using the first private key component as input data, and default in clothes 2nd MPC node of business device carries out preset function fortune using the second private key component as input data, according to preset rules It calculates, obtains operation result as trading signature；According to the trading signature, transaction data processing is carried out, wherein described first is private Key component and the second private key component are generated according to client transaction private key generated.

The embodiment of the present application also provides a kind of data processing method, the data processing method is applied to client, institute The method of stating includes:

The authentication request is responded, carries out authentication with first server, second server, wherein described the One server is for saving the first private key component, and the second server is for saving the second private key component, wherein described first Private key component and the second private key component are generated according to client transaction private key generated；

In the case where authentication passes through, call the first MPC node for defaulting in first server private with described first Key component is as input data, and defaults in the 2nd MPC node of second server using the second private key component as input Data carry out preset functional operation according to preset rules, obtain operation result as trading signature；

According to the trading signature, transaction data processing is carried out.

In one embodiment, before response transaction data processing request, the method also includes:

The transaction public key is stored in client local, the first private key component is sent to first server, it will The second private key component is sent to second server.

In one embodiment, the first private key component is sent to first server, comprising:

Obtain the first transmission public key, wherein the first transmission public key is first server generation, the first server Preserve the first transmission private key with the first transmission public key match；

The first private key component is encrypted according to the first transmission public key, it is private to obtain encrypted first Key component；

The encrypted first private key component is sent to the first server.

In one embodiment, the authentication request is responded, identity is carried out with first server, second server and tests Card, comprising:

The authentication request is responded, generates the first random number, and first random number is respectively sent to first Server and second server；

Receive the first signed data, wherein first signed data is the first MPC node for defaulting in first server Using the first private key component as input data, and the 2nd MPC node of second server is defaulted in second private key Component carries out signature processing as input data, according to preset rules, obtained data；

According to first signed data and the transaction public key, determine whether authentication passes through.

Respond the authentication request, Xiang Suoshu first server, and/or, it is public that the second server sends verifying Key acquisition request；

Receive verification public key, wherein the verification public key is to default in the first MPC node of first server with described the One private key component as input data, and default in the 2nd MPC node of second server using the second private key component as Input data carries out operation, obtained data according to preset rules；

According to the verification public key and the transaction public key, determine whether authentication passes through.

In one embodiment, the method also includes:

Response updates request, call default in the first MPC node of first server using the first private key component as Input data, and the 2nd MPC node of second server is defaulted in using the second private key component as input data, according to pre- If rule carries out functional operation, updated first private key component and updated second private key component are generated；Wherein, it is described more The first private key component after new is stored in first server, and the updated second private key component is stored in second server.

In one embodiment, request is updated in response, calls the first MPC node for defaulting in first server with described First private key component is as input data, and defaults in the 2nd MPC node of second server and made with the second private key component For input data, functional operation is carried out according to preset rules, generates updated first private key component and updated second private After key component, the method also includes:

Response key checking request generates the second random number；And second random number is respectively sent to first service Device and second server；

Receive the second signed data, wherein second signed data is the first MPC node for defaulting in first server Using the updated first private key component as input data, and the 2nd MPC node of second server is defaulted in described Updated second private key component carries out signature processing to second random number as input data, according to preset rules, obtains The data arrived；

According to the transaction public key and second signed data, the updated first private key component, described is determined Whether updated second private key component meets the requirements.

Response key checking request calls the first MPC node for defaulting in first server with described updated first Private key component is as input data, and defaults in the 2nd MPC node of second server with updated second private key point Amount is used as input data, carries out operation according to preset rules, generates updated transaction public key；

The embodiment of the present application also provides a kind of data processing method, the data processing method is applied to first service Device, the first server preserve the first private key component, which comprises

Response identity checking request carries out authentication with the first client, second server, wherein second visitor Preserve the second private key component in family end, wherein the first private key component and the second private key component are according to the client Transaction private key generated generates；

In the case where authentication passes through, call the first MPC node for defaulting in first server private with described first Key component is as input data, and defaults in the 2nd MPC node of second server using the second private key component as input Data carry out preset functional operation according to preset rules, obtain operation result as trading signature.

The embodiment of the present application also provides a kind of data processing method, the data processing method is applied to include the first clothes It is engaged in the system of device, second server and client, the first server preserves the first private key component, the second service Device preserves the second private key component, wherein the first private key component and the second private key component are according to the client institute The transaction private key of generation generates, which comprises

The client, the first server, the second server respond the authentication request, carry out identity Verifying；

In the case where authentication passes through, the first MPC node of first server is defaulted in first private key point Amount is used as input data, and defaults in the 2nd MPC node of second server using the second private key component as input data, Preset functional operation is carried out according to preset rules, obtains operation result as trading signature, and the trading signature is fed back To client；

The client carries out transaction data processing according to the trading signature.

Initiation module is used for response transaction data processing request, initiates authentication request；

Authentication module carries out identity with first server, second server and tests for responding the authentication request Card, wherein the first server is for saving the first private key component, and the second server is for saving the second private key point Amount, wherein the first private key component and the second private key component are generated according to client transaction private key generated；

Calling module, for calling the first MPC node for defaulting in first server in the case where authentication passes through Using the first private key component as input data, and the 2nd MPC node of second server is defaulted in second private key Component carries out preset functional operation as input data, according to preset rules, obtains operation result as trading signature；

In the embodiment of the present application, since the program is by advance separately protecting the first private key component and the second private key component It is stored in client and server two sides；When user needs to carry out transaction data processing, client is defaulted in further through calling First MPC node and the first private key component for defaulting in the 2nd MPC node of server and being saved respectively with each end and second private Key component carries out preset functional operation, Lai Shengcheng trading signature according to preset rules, so that handing over as input jointly Be not in complete private key in the treatment process of easy data, thus solve in the treatment process of existing transaction data due to It needs to cause key using unsafe technical problem using to integrity key, reached the place for reducing the transaction data of user Security risk during reason, improves the safety of transaction data processing, while meeting user to complete transaction private key The technical effect of demand for control.

Detailed description of the invention

In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The some embodiments recorded in application, for those of ordinary skill in the art, in the premise of not making the creative labor property Under, it is also possible to obtain other drawings based on these drawings.

Fig. 1 is the process flow diagram of the data processing method provided according to the application embodiment；

Fig. 2 is one embodiment schematic diagram of the data processing method provided according to the application embodiment；

Fig. 3 is one embodiment schematic diagram of the data processing method provided according to the application embodiment；

Fig. 4 is one embodiment schematic diagram of the data processing method provided according to the application embodiment；

Fig. 5 is one embodiment schematic diagram of the data processing method provided according to the application embodiment；

Fig. 6 is one embodiment schematic diagram of the data processing method provided according to the application embodiment；

Fig. 7 is one embodiment schematic diagram of the data processing method provided according to the application embodiment；

Fig. 8 is the composite structural diagram of the data processing equipment provided according to the application embodiment；

Fig. 9 is the electronic equipment composed structure schematic diagram based on data processing method provided by the embodiments of the present application；

Figure 10 is the process flow diagram of another data processing method provided according to the application embodiment；

Figure 11 is one embodiment schematic diagram of the data processing method provided according to the application embodiment；

Figure 12 is one embodiment schematic diagram of the data processing method provided according to the application embodiment；

Figure 13 is one embodiment schematic diagram of the data processing method provided according to the application embodiment；

Figure 14 is one embodiment schematic diagram of the data processing method provided according to the application embodiment；

Figure 15 is one embodiment schematic diagram of the data processing method provided according to the application embodiment.

Specific embodiment

In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with the application reality The attached drawing in example is applied, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described implementation Example is merely a part but not all of the embodiments of the present application.Based on the embodiment in the application, this field is common The application protection all should belong in technical staff's every other embodiment obtained without making creative work Range.

In view of existing transaction data processing method, specific data processing is being carried out, when generating corresponding trading signature, Often it will appear and using complete key, such as complete transaction private key, this safety that can be handled to the transaction data of user Property brings larger hidden danger.For example, can use if third party has stolen the transaction private key in transaction data treatment process The private key generates the trading signature of user, and then can call the funds data in the user account, to cause the warp of user Ji loss.In addition, existing transaction data processing method, it is also necessary to which user takes care of alone complete private key, is equivalent to and allows user It goes alone to undertake all security risks, it is also not friendly enough for a user.To sum up, existing method is when it is implemented, often deposit Unsafe technical problem is used in key.

For the basic reason for generating above-mentioned technical problem, complete private key can be split as two by the application consideration Point, it is taken care of respectively by Platform Server with user client, so as to share consumer's risk；Meanwhile it needing to carry out When transaction data processing generates trading signature, multi-party computations are based on, preset MPC in invoking server, client is passed through Private key component of the node respectively to take care of participates in operation according to preset rules as input jointly, to generate trading signature, so that Be not in complete private key in entire calculating process, and make the process for generating trading signature safer and more reliable.To solve Due to needing to use integrity key in the treatment process of existing transaction data of having determined, key is caused to use unsafe technology Problem has reached the security risk in the treatment process for reducing the transaction data of user, has improved the safety of transaction data processing Property, while meeting user to the technical effect of the demand for control of complete transaction private key.

Based on above-mentioned thinking thinking, the embodiment of the present application provides a kind of data processing method.Referring specifically to shown in Fig. 1 According to the application embodiment provide data processing method process flow diagram.Data processing provided by the embodiments of the present application Method can be applied to client-side, when it is implemented, may comprise steps of.

S11: response transaction data processing request initiates authentication request.

In the present embodiment, above-mentioned client (can be denoted as Client) specifically can be understood as a kind of applied to user one Side can be realized the headend equipment of the functions such as data transmission, data operation.Specifically, above-mentioned client for example can be desk-top Computer, laptop, smart phone, digital assistants, intelligent wearable device, shopping guide's terminal, there is network to visit at tablet computer Ask the television set etc. of function.Alternatively, the client may be the software application that can be run in above-mentioned electronic equipment.Example Such as, it can be certain APP etc. run on mobile phone.

In the present embodiment, above-mentioned client can specifically pass through wired or wireless mode and business platform (such as net Network transaction platform, safeguard protection platform etc.) provided by Coupled processors, to carry out data interaction between each other, and number According to operation.

In the present embodiment, above-mentioned service implement body can be understood as a kind of positioned at business platform side, provide for user The rear end equipment of cipher key management services (Key Management Service), can be denoted as KMS, or referred to as trusteeship service Device.The server can be an electronic equipment with data operation, store function and network interaction function；It can also be with To run in the electronic equipment, the software program of support is provided for data processing, storage and network interaction.In the present embodiment In, the quantity of not specific Limited service device.It is emphasized that above-mentioned server is specially a server.

In the present embodiment, for generating required trading signature in transaction data treatment process, originally by client Individually take care of complete transaction private key can have been split into advance two parts, it may be assumed that the first private key component (sk1 can be denoted as) and Second private key component (can be denoted as sk2).The i.e. described first private key component and the second private key component are according to the client Transaction private key generated generates.And existing transaction data processing method, often occur and using complete transaction private key Generate the trading signature of corresponding user.In this case, third party once steals to obtain the complete transaction private key, energy It is readily generated the trading signature of user, and then calls the funds data in the account of the user by the trading signature.

But in the present embodiment, since complete private key has first been split into two private key components, and with above-mentioned two private Key component substitutes complete private key and participates in specific data processing.It therefore, is not in complete in entire data handling procedure Transaction private key, only will appear the first private key component and the second private key component.In this case, if third party steals wherein One private key component is often the trading signature that can not directly generate user, so as to improve the transaction data processing of user Safety.Meanwhile although in order to which the safety of transaction data processing will not be used directly in normal transaction data treatment process To transaction private key, client is completely traded private key under can saving in private key component generating process, to be able to satisfy user To the demand for control of complete transaction private key.In this way under certain emergency cases, for example, the second private key point that server is taken care of When something goes wrong, the complete transaction private key that user can also temporarily be saved using client carries out transaction data processing to amount. Meanwhile and due to also preserving complete transaction private key while preserving the first private key component on the client, so that user For transaction data processing have higher control, thus be able to satisfy do not have in the case of different user it is diversified using need It asks.

It further, can be by the first private key component and the second private key component point after having obtained above-mentioned two private key component It opens, and is stored in client, server two sides respectively.Use can be shared by the relatively high Platform Server of safety in this way The risk of private key is taken care of alone at family, while can also be reduced since two private key component keepings are at one, and that is stolen simultaneously is several Rate, so as to further increase the safety that the transaction data of user is handled.

In the present embodiment, above-mentioned transaction data processing request specifically can be understood as user by client initiate into The request instruction of row transaction data processing.For example, user clicks the key of payment confirmation, Ke Yili by the payment software of mobile phone Solution is that user has initiated a kind of transaction data processing request.Certainly, above-mentioned cited transaction data processing request is one kind It schematically illustrates.When it is implemented, as the case may be and processing requirement, above-mentioned transaction data processing request can also include Other forms or content.In this regard, this specification is not construed as limiting.

In one embodiment, it is based on above-mentioned consideration, when it is implemented, can be refering to shown in Fig. 2 according to the application reality One embodiment schematic diagram for the data processing method that the mode of applying provides is initiated identity and is tested in response transaction data processing request Before card request, complete transaction private key originally first can be split into two parts in the following way, and be stored in visitor respectively Family end and server two sides.

S1: response key generates request, generates transaction private key and transaction public key, wherein the transaction private key and the friendship Easy public key match；

S2: according to the transaction private key, the first private key component, the second private key component are generated；

S3: being stored in client local for the first private key component, the second private key component be sent to server, Wherein, the server is for saving the second private key component.

In the present embodiment, when it is implemented, client, which can receive user, issues key generation request, and it is close to respond this Key generates request, generates the transaction private key (can be denoted as sk) being mutually matched and transaction public key (can be denoted as pk).Wherein, above-mentioned Transaction private key and transaction public key are complete keys.

In the present embodiment, after client generates above-mentioned transaction private key, transaction private key first can be split into two Part.Specifically, it is above-mentioned according to the transaction private key, the first private key component, the second private key component are generated, may include: client End by secret sharing (i.e. key is shared, a method of distribution saves, Restore Secret key), with private key of trading As input, two corresponding key components are generated, it may be assumed that the first private key component and the second private key component.Certainly, it needs to illustrate Be, above-mentioned cited the first private key of generation component, the second private key component mode be that one kind schematically illustrates.Specific implementation When, as the case may be and confidentiality requirement, the private key that can also will be traded using other suitable modes split into two parts.It is right This, this specification is not construed as limiting.

It in the present embodiment, can be by the first private key after client generates the first private key component and the second private key component Component is stored in client local, is managed and is used with client.Meanwhile the second private key component is sent to server, It is managed by server and is used.So as to reduce the risk that user individually takes care of.

In one embodiment, in order to protect the second private key component not stolen by third party during being sent to server It takes, protects the data of user to pacify and go, it is above-mentioned that the second private key component is sent to server, when it is implemented, may include The following contents:

S1: obtain transmission public key, wherein the transmission public key be server generate, the server preserve with it is described Transmit the transmission private key of public key match；

S2: being encrypted the second private key component according to the transmission public key, and it is private to obtain encrypted second Key component；

S3: the encrypted second private key component is sent to the server.

In the present embodiment, client can first be sent to server before sending the second private key component to server Transmit public key acquisition request.Server can first respond above-mentioned transmission public key after receiving above-mentioned transmission public key acquisition request Acquisition request, generate be mutually matched it is public and private right, it may be assumed that transmission public key (pk_s can be denoted as) and transmit private key (can remember For sk_s).And transmission public key therein is sent to client, it is stored in corresponding transmission private key.Client can obtain in this way Take the matched transmission public key of the transmission private key saved with server.

In the present embodiment, client can be encrypted the second private key component first with above-mentioned transmission public key, Obtain encrypted second private key component (ciphertext t can be denoted as, be a kind of encryption data)；Again by encrypted second private key point Amount is sent to server.What it is due to transmission is encrypted second private key component, in the case where no matched transmission private key, Even if third party has stolen encrypted second private key component in transmission process, can not also decrypt to obtain the second private key component, So as to protect the data safety in the second private key component processes of transmission.

In the present embodiment, server can use saved biography after receiving encrypted second private key component Above-mentioned encrypted second private key component is decrypted in defeated private key, obtains the second private key component, and private by above-mentioned second Key component is stored in server.Server, can also be to client feedback, to indicate to obtain after decryption obtains the second private key component The second private key component is taken.

In the present embodiment, after server generates transmission public key and transmission private key, public key will can not also directly be transmitted It the modes such as is sent to client, and by client by inquiry, such as tables look-up, obtain above-mentioned transmission public key.Such as client What obtains above-mentioned transmission public key, and this specification is not construed as limiting.

In one embodiment, it is public can also to save lower transaction while preservation management the first private key component for client Key.But under normal conditions, which will not be used directly to participate in the processing of particular transactions data, and can be used for participating in The processing such as verifying that subsequent private key updates.

In one embodiment, it is private can also to save lower transaction while preservation management the first private key component for client Key.But saving lower transaction private key will not be used directly to participate in relevant data processing.It is of course also possible to by above-mentioned transaction private key It destroys etc..

In one embodiment, when it is implemented, client, server can be using in the storage modes of act set forth below Any one save the first private key component for being responsible for keeping, the second private key component: by hardware store, by using helping Word storage is remembered, by using password encryption storage etc..Certainly, it should be noted that above-mentioned cited storage mode is In order to which this specification embodiment is better described.When it is implemented, as the case may be and security requirements, it can also be used He stores private key component by suitable storage mode.In this regard, this specification is not construed as limiting.

In the present embodiment, in order to further increase the Information Security in transaction data treatment process, client is being connect After the transaction data processing request for receiving user's sending, authentication request can be first initiated between clients and servers, To recall the private key component that both sides respectively take care of and carry out specifically after the identity of verifying client and server to be errorless Transaction data processing.So as to find identity client of problems or server in time, letting out for private key component is avoided Leakage.

S13: responding the authentication request, carries out bidirectional identification verifying with server, wherein the server saves There is the second private key component.

In the present embodiment, above-mentioned authentication request specifically can be understood as a kind of for client and server both sides The authentication request of progress, i.e., a kind of two-way authentication request.

In the present embodiment, the above-mentioned response authentication request carries out bidirectional identification verifying with server, specifically may be used Above-mentioned authentication request can be responded to be interpreted as client and server, carries out authentication respectively between each other, it may be assumed that can To be first whether legal by the identity of client validation server then whether legal by the identity of server authentication client.When So, be also possible to first it is whether legal by the identity of server authentication client, then by client validation server identity whether It is legal etc..To complete above-mentioned bidirectional identification verifying (or two-way authentication).

In one embodiment, whether legal by the identity of client validation server with elder generation, then by server authentication visitor For whether the identity at family end is legal, the above-mentioned response authentication request carries out bidirectional identification verifying with server, specifically When implementation, it can illustrate refering to one embodiment of the data processing method shown in Fig. 3 provided according to the application embodiment Figure, including the following contents:

S1: responding the authentication request, generates the first public key and the first private key, wherein first public key and institute State the matching of the first private key；

S2: first public key is sent to server, and receives the second public key, wherein the server is for responding institute Authentication request is stated, the second public key and the second private key are generated；

S3: encryption data and the first signed data are received, wherein the encryption data is the server according to described the The data that the first random number is encrypted in one public key, first signed data are the server according to Second private key carries out the data that signature is handled to the encryption data；

S4: to determine whether server authentication passes through, and according to first operation result, server is determined In the case that authentication passes through, the encryption data is decrypted according to second public key, obtains described first Random number；

S5: carrying out signature processing to first random number according to first private key, obtains the second signed data, and to The server sends second signed data；

S6: the identification information of the server feedback is received, wherein the server is used for public according to described first Key, first random number, second signed data carry out the second operation, to determine that client identity verifies whether to pass through, And in the case where determining that the client identity is verified, Xiang Suoshu client sends confirmation instruction information.

In the present embodiment, it when it is implemented, client can respond above-mentioned authentication request, generates and is mutually matched First public key (pk_c can be denoted as) and the first private key (sk_c)；Meanwhile server is generated also responsive to above-mentioned authentication request The second public key (pk_s can be denoted as) and the second private key (sk_s can be denoted as) being mutually matched.

In the present embodiment, when it is implemented, the first public key can be sent to server by client, while service is received The second public key that device is sent.Opposite, the second public key can be sent to client by server, while receive client transmission First public key.

In the present embodiment, when it is implemented, server is after receiving the first public key, the first random number can first be generated (can be denoted as m) recycles the first public key that above-mentioned first random number is encrypted, and obtaining corresponding encryption data (can To be denoted as cxt).Further, server can use the second private key and carry out signature processing to above-mentioned encryption data, obtain corresponding First signed data (can be denoted as sig).Above-mentioned encryption data and the first signed data are sent to client again, so as to client End, which can receive, obtains above-mentioned encryption data and the first signed data.

In the present embodiment, specifically, for example, server can in the following way carry out at encryption the first random number Reason: Enc (pk_c, m) → cxt.Wherein, Enc specifically can be used to indicate that cryptographic calculation.Server can be right in the following way Encryption data carries out signature processing: Sign (sk_s, m) → sig.Wherein, Sign specifically can be used to indicate that signature operation.

In the present embodiment, client, can be first according to after receiving above-mentioned encryption data and the first signed data Two public keys, encryption data and the first signed data, whether the identity for carrying out authentication server is legal, i.e. determination is carrying out data friendship Whether mutual server is trusted Platform Server.If the identity of authentication server is legal, it is determined that server identity It is verified.If the identity of authentication server is illegal, it is determined that server authentication does not pass through.

In the present embodiment, when it is implemented, client can be according to the second public key, encryption data, described First signed data carries out the first operation, obtains the first operation result；Further according to the first operation result, server identity is determined It verifies whether to pass through.

In the present embodiment, specifically, for example, client can carry out the first operation: Verify in the following way (pk_s,cxt,sig)→y.Wherein, Verify can specifically indicate verifying operation, and y can specifically indicate the first operation result. If the numerical value of the first operation result is 1, it can determine that server authentication passes through.If the numerical value of the first operation result It is not 1, for example, 0, then can determines that server authentication does not pass through.

In the present embodiment, client is in the case where determining the unacceptable situation of server authentication, it can be determined that the service There are problems for the identity of device, and carrying out transaction data processing with the server, there are high risks, at this moment can stop subsequent number According to processing, and the prompt information suspicious to the user feedback server identity.The data with the server can also be suspended simultaneously Interaction, the information data for avoiding client from taking care of are compromised or steal.

In the present embodiment, client is in the case where determining that server authentication passes through, it can be determined that judges the clothes There is no problem for the identity of business device, at this moment can be first decrypted according to the second public key to above-mentioned encryption data, obtain first Random number.

In the present embodiment, specifically, for example, client can be decrypted in the following way: Dec (sk_c, cxt)→m.Wherein, Dec can specifically indicate decryption operation.

In the present embodiment, client is obtaining above-mentioned first random number, may further be using the first private key to first Random number carries out signature processing, obtains corresponding second signed data (can be denoted as sig_m)；And by above-mentioned second signed data It is sent to server, so that server can be verified according to identity of second signed data to client.

In the present embodiment, specifically, for example, client can carry out signature processing: Sign (sk_ in the following way c,m)→sig_m.Wherein, Sign specifically can be used to indicate that signature operation.

In the present embodiment, server is after receiving above-mentioned second signed data, can according to the first public key, first with Machine number and the second signed data, it is whether legal come the identity of verifying client, that is, determine the client for carrying out data interaction It whether is that institute user holds the client device used.If the identity for verifying client is legal, it is determined that client identity is tested Card passes through.If the identity of client is illegal, it is determined that client identity verifying does not pass through.

In the present embodiment, when it is implemented, server can be according to first public key, the first random number, the second label Name data, carry out the second operation, obtain the second operation result；Further according to the second operation result, determine that client identity verifying is It is no to pass through.

In the present embodiment, specifically, for example, server can carry out the second operation: Verify in the following way (pk_c,m,sig_m)→Y.Wherein, Y can specifically indicate the second operation result.If the numerical value of the second operation result is 1, It can determine that client identity is verified.If the numerical value of the second operation result is not 1, for example, 0, then it can determine client End authentication does not pass through.

In the present embodiment, server is in the case where determining the unacceptable situation of client identity verifying, it can be determined that the client There are problems for the identity at end, and carrying out transaction data processing with the client, there are high risks, at this moment can stop subsequent number According to processing.Can also suspend data interaction with the client simultaneously, the information data for avoiding server from taking care of be compromised or It steals.

In the present embodiment, server is in the case where determining that client identity is verified, it can be determined that judges the visitor There is no problem for the identity at family end, at this moment can determine that bidirectional identification is verified, i.e., the identity of client and server is all to close Method, the processing of subsequent data can be carried out.Server can be generated after determining that client identity is verified, and to Client feedback confirmation instruction information can carry out subsequent data processing to be verified to client instruction bidirectional identification. In turn, in the case where server determines that client identity is verified, client can receive the identity of server feedback Confirmation message determines that bidirectional identification is verified.

It is verified by above-mentioned bidirectional identification, it can be found that and avoiding having stolen server by third party or client is protected The information data of pipe initiates the situation of transaction data processing, further improves the safety of the transaction data processing of user.

S15: it in the case where bidirectional identification is verified, calls and defaults in the first MPC node of client with described the One private key component is as input data, and defaults in the 2nd MPC node of server using the second private key component as input Data carry out preset functional operation according to preset rules, obtain operation result as trading signature.

In the present embodiment, above-mentioned first MPC node, the 2nd MPC node specifically can be understood as being respectively arranged in advance Operation node in client, server.It wherein, can be according to based on MPC between above-mentioned first MPC node, the 2nd MPC node The preset rules of the generations such as agreement carry out data interaction between each other, and participate in preset functional operation jointly.It requires supplementation with It is that above-mentioned first MPC node is specifically set to client-side, with client associate, the letter that client is taken care of can be transferred Cease data.Above-mentioned 2nd MPC node is specifically set to server-side, is associated with server, can transfer the keeping of server institute Information data.

In the present embodiment, above-mentioned preset rules can specifically be understood to a kind of according to MPC (Secure Multi- Party Computation, multi-party computations) generations such as agreement, for characterizing the first MPC node, the 2nd MPC node The rule set of data processing method.When it is implemented, the first MPC node and the 2nd MPC node can be according to above-mentioned preset rules Carry out specific data interaction and functional operation.Wherein, above-mentioned MPC agreement is interpreted as a kind of based on cryptography, by distinguishing in many ways One's own information data is inputted, the common safety for participating in operation calculates agreement.

In the present embodiment, above-mentioned trading signature (being referred to as public key digital signature or Electronic Signature etc.) specifically can be with One kind is not understood as based on public key cryptography, for proving the digital signature of user identity.Specifically, above-mentioned trading signature can To be one section corresponding with user identity, and it is not easy the character string forged.It, can basis when carrying out the processing of specific transaction data Above-mentioned trading signature, verifies the identity of user, and the funds data in user account is called to carry out specific transaction data processing.

In the present embodiment, above-mentioned function specifically can be understood as a kind of based on above-mentioned preset rules, hand over for generating The operation function easily signed.

In the present embodiment, when it is implemented, in the case where bidirectional identification is verified, client can call first MPC node is using the first private key component that client is taken care of as input data；Meanwhile it being saved together with the 2nd MPC of server calls Point is using the second private key component that server is taken care of as input data；It is input to according to preset rules for generating trading signature Operation function in, with common participation be directed to the operation function preset functional operation, obtain corresponding operation result；In turn Specific trading signature can be determined according to above-mentioned operation result.

By the above-mentioned means, client and server is made to carry out data interaction, and generate the operation of trading signature Always without there is complete transaction private key in journey, avoiding complete transaction private key may be compromised during processing or steal Take caused transaction risk.Meanwhile also smoothly, accurately generated transaction label for subsequent specific transaction data processing Name.

S17: according to the trading signature, transaction data processing is carried out.

It in the present embodiment, can be with response transaction data processing request, with above-mentioned transaction after obtaining above-mentioned trading signature Signature is used as identity documents, carries out specific transaction data processing.

For example, the funds data in the account of user can be called to pay a bill to prop up according to trading signature as identity documents It is single.Purchase order of the user etc. can also be generated according to trading signature.Certainly, it should be noted that cited by above-mentioned Transaction data processing mode is that one kind schematically illustrates.When it is implemented, according to specific application scenarios and use demand, also Other kinds of transaction data processing can be carried out according to above-mentioned trading signature.In this regard, this specification is not construed as limiting.

In the embodiment of the present application, it compared to existing method, due to being split by the private key that will trade in advance, and splits and obtains The first private key component and the second private key component be retained separately in client and server two sides；It needs to carry out number of deals in user When according to processing, further through call the first MPC node for defaulting in client and default in the 2nd MPC node of server respectively with Each end saved the first private key component and the second private key component carry out preset function according to preset rules as input jointly Operation, Lai Shengcheng trading signature, so that in the treatment process of transaction data be not in complete private key, to solve Due to needing to use integrity key in the treatment process of existing transaction data, the key is caused to ask using unsafe technology Topic has reached the security risk in the treatment process for reducing the transaction data of user, has improved the safety of transaction data processing, Meet user to the technical effect of the demand for control of complete transaction private key.

In one embodiment, it is contemplated that taken care of respectively in client due to the first private key component and the second private key component and Server two sides, if the private key component that wherein side is taken care of is lost, for example, client has lost first oneself taken care of Private key component, at this moment relying solely on the private key component taken care of the other side is that can not generate trading signature, completes corresponding transaction Data processing can bring inconvenience in this way to the transaction use of user.In order to enable taken care of in client or server loss In the case where private key component, the transaction data processing of user is not influenced, while the transaction data processing for guaranteeing user is safe, The usage experience of user is further increased, when it is implemented, the first private key component and second can generated in the manner described above After private key component, can regenerate the private key component being mutually matched in a pair (can be denoted as sk1_ as the first backup private key component B) and the second backup private key component (can be denoted as sk2_b) is stored in client and server two sides respectively.In this way in client Or in the case that the first private key component for taking care of of server or the second private key component are lost, two sides can be called in time spare The first backup private key component and the second backup private key component generate a pair of new private key component being mutually matched, recycle new Private key component participates in operation, obtains corresponding trading signature, to carry out the processing of transaction data required by user.

In the present embodiment, described after generating the first private key component, the second private key component according to the transaction private key Method is when it is implemented, can also include the following contents: according to the transaction private key, generating the first spare private key component, second Spare private key component；Described first spare private key component is stored in client local, the described second spare private key component is sent out It send to server.

In the present embodiment, if the second private that the first private key component or server that client is saved are saved Key component is lost, and at this moment has received the processing request of Client-initiated transaction data again, can be refering to shown in Fig. 4 according to this Apply for one embodiment schematic diagram for the data processing method that embodiment provides.Client transfers institute by the first MPC node First spare private key component of storage passes through the second spare private key component of the 2nd MPC node calling stored together with server, According to preset rules, the common MPC that participates in is calculated, i.e. the 5th operation (a kind of MPC calculating based on preset rules), to obtain a pair New private key component, can be denoted as: third private key component and the 4th private key component.It then, can be by third private key component and Four private key components are stored in client and server with the first private key component and the second private key component before replacing, simultaneously respectively It destroys and lost another matched private key component of private key component.In turn, client can be called and default in client First MPC node defaults in the 2nd MPC of server together with server calls using the third private key component as input data Node carries out preset functional operation using the 4th private key component as input data, according to preset rules, obtains operation knot Fruit is as trading signature.

It in one embodiment, in order to further improve the security, can also at regular intervals or response user Update instruction, the first private key component and the second private key component take care of to client and server are updated.

In the present embodiment, when it is implemented, the method specifically can also include the following contents: response updates request； It calls the first MPC node for defaulting in client using the first private key component as input data, and defaults in server 2nd MPC node is using the second private key component as input data, and according to preset rules progress third operation, (one kind is based on pre- If the MPC of rule is calculated), generate updated first private key component (sk1 ' can be denoted as) and updated second private key component (sk2 ' can be denoted as)；It obtains and saves the updated first private key component, wherein updated second private key point Amount is stored in the server.

In the present embodiment, above-mentioned update requests specifically to can be client and server according to preset time interval certainly The update request of the dynamic private key component generated is also possible to respond the more new command update generated of user or business platform Request.For the specific generating mode of above-mentioned update request, this specification is not construed as limiting.

In one embodiment, request is updated in response, generates corresponding new private key component, i.e., updated first is private After key component and updated second private key component, in order to guarantee that updated private key component is correct, effective private key point Simultaneously response key checking request can be generated, to above-mentioned updated first private key component and updated second private key point in amount Amount is compared, verifies, with determination updated first private key component generated and updated second private key component whether It meets the requirements, i.e., whether can generate accurate user's signature.Determining updated first private key component generated and more In the case that the second private key component after new is met the requirements, recycle updated first private key component replacement original first private Key component, is stored in client；Original second private key component is replaced using updated second private key component, is stored in service Device, to complete the update to private key component.Determining updated first private key component generated and updated second In the case that private key component is unsatisfactory for requirement, it can recalculate and generate updated first private key component and updated second Private key component, then verified.

It in one embodiment, when it is implemented, can be in such a way that public key compares, to determine that updated first is private Whether key component and updated second private key component meet the requirements.Specifically, can be refering to shown in fig. 5 according to the application reality One embodiment schematic diagram for the data processing method that the mode of applying provides is obtaining and is saving updated first private key point After amount, the method can also include the following contents: client end response key authentication request, calling default in the first of client MPC node is using the updated first private key component as input data, and defaults in the 2nd MPC node of server with institute Updated second private key component is stated as input data, carrying out the 4th operation according to preset rules, (one kind is based on preset rules MPC calculate), generate updated transaction public key (pk ' can be denoted as)；According to the transaction public key and the updated friendship Easy public key, determines whether the updated first private key component, the updated second private key component meet the requirements.Its In, above-mentioned transaction public key specifically can be to be matched with the transaction private key for generating the first private key component and the second private key component, And it is stored in the transaction public key of client.

In the present embodiment, above-mentioned according to the transaction public key and the updated transaction public key, determine the update Whether the first private key component, the updated second private key component afterwards meets the requirements, when it is implemented, may include: ratio Whether the difference value of the transaction public key and the updated transaction public key is less than preset discrepancy threshold, if the friendship The difference value of easy public key and the updated transaction public key is less than or equal to preset discrepancy threshold, then can determine the update The first private key component, the updated second private key component afterwards is met the requirements, and is updated successfully, that is, is verified.If institute The difference value for stating transaction public key and the updated transaction public key is greater than preset discrepancy threshold, then can determine the update The first private key component, the updated second private key component afterwards is unsatisfactory for requiring, and updates failure, that is, verifies and do not pass through.

It in one embodiment, when it is implemented, can also be by way of signature verification, to determine updated first Whether private key component and updated second private key component meet the requirements.Specifically, can be refering to shown in fig. 6 according to the application One embodiment schematic diagram for the data processing method that embodiment provides, is obtaining and is saving updated first private key After component, the method can also include the following contents: response key checking request, and generating the second random number (can be denoted as M '), and second random number is sent to server；It calls after defaulting in the first MPC node of client with the update The first private key component as input data, and default in the 2nd MPC node of server with updated second private key Component carries out signature processing to second random number as input data, according to preset rules, and obtaining third signed data (can To be denoted as sig ')；According to the transaction public key and the third signed data, determine the updated first private key component, Whether the updated second private key component meets the requirements.

In the present embodiment, above-mentioned according to the transaction public key and the third signed data, it determines described updated Whether the first private key component, the updated second private key component meet the requirements, when it is implemented, may include: client Institute can be determined if be proved to be successful by carrying out verification processing to above-mentioned third signed data using the transaction public key saved State updated first private key component, the updated second private key component is met the requirements, thus judgement be updated successfully.If It verifies unsuccessful, then can determine that the updated first private key component, the updated second private key component are unsatisfactory for It is required that judge to update failure.

In the present embodiment, you need to add is that, be applied to second server side data processing method with it is above-mentioned Data processing method applied to first server side is similar.When it is implemented, being referred to be applied to first server one The data processing method of side executes, and details are not described herein.

It can be seen from the above description that data processing method provided by the embodiments of the present application, by advance by first Private key component and the second private key component are retained separately in client and server two sides；It needs to carry out transaction data processing in user When, the first MPC node of client is defaulted in further through calling and defaults in the 2nd MPC node of server respectively with each end institute The the first private key component and the second private key component saved carries out preset functional operation according to preset rules as input jointly, To generate trading signature, so that be not in complete private key in the treatment process of transaction data, to solve existing Since needs use integrity key in the treatment process of some transaction data, key is caused to use unsafe technical problem, Reach the security risk in the treatment process for reducing the transaction data of user, improves the skill of the safety of transaction data processing Art effect, while meeting user to the demand for control of transaction private key；Also by the way that before generating trading signature, elder generation is according to visitor The first public key that family end and server generate respectively, the first private key, the second public key, the second private key are tested with carrying out bidirectional identification Card regenerates trading signature, further reduced the processing of the transaction data of user in the case where bidirectional identification is verified Security risk in the process has ensured the account safety of user；Also by the update request of response user, calling defaults in client The first MPC node at end and the first private key component for defaulting in the 2nd MPC node of server and being saved respectively with each end and the Two private key components carry out operation as input, generate updated first private key component, updated second private key component, to divide It is other that original first private key component, the second private key component are updated, it further reduced the processing of the transaction data of user Security risk in the process.

Present invention also provides another data processing method, this method specifically can be applied to server-side, wherein Above-mentioned server can preserve the second private key component, wherein the first private key component and the second private key component according to The client transaction private key generated generates.Refering to the data processing shown in Fig. 7 provided according to the application embodiment One embodiment schematic diagram of method.When it is implemented, may comprise steps of.

S71: response identity checking request carries out bidirectional identification verifying with client, wherein the client preserves the One private key component；

S73: it in the case where bidirectional identification is verified, calls and defaults in the 2nd MPC node of server with described the Two private key components are as input data, and default in the first MPC node of client using the first private key component as input Data carry out preset functional operation according to preset rules, obtain operation result as trading signature.

Present invention also provides another data processing method, this method specifically can be applied to include server and client In the system at end, wherein the client can specifically preserve the first private key component, and the service implement body can be preserved Second private key component, wherein the first private key component and the second private key component are according to client friendship generated Easy private key generates.This method is when it is implemented, may include the following contents:

In the case where bidirectional identification is verified, call the first MPC node for defaulting in client private with described first Key component is as input data, and defaults in the 2nd MPC node of server using the second private key component as input data, Preset functional operation is carried out according to preset rules, obtains operation result as trading signature；According to the trading signature, carry out Transaction data processing.

In the present embodiment, it should be noted that in above-mentioned treatment process, due to using the default rule based on MPC agreement Then realize that the generation to private key component, use, recovery etc. manage, so that user oneself is not needed keeping or handed over using complete Easy private key, need trading signature carry out transaction data processing when, can with server simultaneously use private key component as Input, to generate required trading signature.Not only guaranteed that user held private key in this way, but also has introduced more reliable Platform Server The risk for undertaking leakage transaction private key together with user, that is, reduce the risk of user's alone bear.It is equivalent to user visitor The account (such as stored value card of user) at family end and server coordinated management user, has both shared risk, has also ensured user To the control of the funds data in account.

It can be seen from the above description that data processing method provided by the embodiments of the present application, by advance by first Private key component and the second private key component are retained separately in client and server two sides；It needs to carry out transaction data processing in user When, the first MPC node of client is defaulted in further through calling and defaults in the 2nd MPC node of server respectively with each end institute The the first private key component and the second private key component saved carries out preset functional operation according to preset rules as input jointly, To generate trading signature, so that be not in complete private key in the treatment process of transaction data, to solve existing Since needs use integrity key in the treatment process of some transaction data, key is caused to use unsafe technical problem, Reach the security risk in the treatment process for reducing the transaction data of user, improves the skill of the safety of transaction data processing Art effect meets user to the demand for control of complete transaction private key.

Based on the same inventive concept, a kind of data processing equipment is additionally provided in the embodiment of the present invention, such as following implementation Described in example.Since the principle that data processing equipment solves the problems, such as is similar to data processing method, the reality of data processing equipment The implementation that may refer to data processing method is applied, overlaps will not be repeated.It is used below, term " unit " or " mould The combination of the software and/or hardware of predetermined function may be implemented in block ".Although device described in following embodiment is preferably with soft Part is realized, but the realization of the combination of hardware or software and hardware is also that may and be contemplated.Referring to Fig. 8, being this Apply for a kind of composite structural diagram for the data processing equipment that embodiment provides, which can specifically include: initiation module 801, Authentication module 802, calling module 803 and processing module 804, are below specifically described the structure.

Initiation module 801 specifically can be used for response transaction data processing request, initiate authentication request, wherein institute It states and preserves the first private key component in data processing equipment；

Authentication module 802 specifically can be used for responding the authentication request, carries out bidirectional identification with server and tests Card, wherein the server preserves the second private key component, wherein the first private key component and the second private key component It is generated according to client transaction private key generated；

Calling module 803 specifically can be used in the case where bidirectional identification is verified, and calling defaults in client First MPC node is using the first private key component as input data, and defaults in the 2nd MPC node of server with described Two private key components carry out preset functional operation as input data, according to preset rules, obtain operation result as transaction label Name；

Processing module 804 specifically can be used for carrying out transaction data processing according to the trading signature.

In one embodiment, in order to respond the authentication request, bidirectional identification verifying is carried out with server, The authentication module 802 can specifically include following structural unit:

First generation unit specifically can be used for responding the authentication request, generate the first public key and the first private key, Wherein, first public key and first private key matching；

First Transmit-Receive Unit specifically can be used for sending first public key to server, and receive the second public key, In, the server generates the second public key and the second private key for responding the authentication request；

Second Transmit-Receive Unit specifically can be used for receiving encryption data and the first signed data, wherein the encryption data For the data that the server is encrypted the first random number according to first public key, first number of signature The data that signature is handled are carried out to the encryption data according to second private key according to for the server；

The first arithmetic element of root specifically can be used for according to second public key, the encryption data, first number of signature According to the first operation of progress to determine whether server authentication passes through, and is determining the case where server authentication passes through Under, the encryption data is decrypted according to second public key, obtains first random number；

First signature processing unit, specifically can be used for signing to first random number according to first private key Processing obtains the second signed data, and sends second signed data to the server；

Third Transmit-Receive Unit specifically can be used for receiving the identification information of the server feedback, wherein the clothes Device be engaged in for the second operation being carried out, with determination according to first public key, first random number, second signed data Client identity verifies whether to pass through, and in the case where determining that the client identity is verified, Xiang Suoshu client hair Send confirmation instruction information.

In one embodiment, described device further includes generation module, for generating the first private key component and the second private key Component, wherein the generation module can specifically include following structural unit:

Second generation unit specifically can be used for response key and generate request, generate transaction private key and transaction public key, In, the transaction private key and the transaction public key match；

Third generation unit specifically can be used for generating the first private key component, the second private key point according to the transaction private key Amount；

4th Transmit-Receive Unit specifically can be used for for the first private key component being stored in client local, by described the Two private key components are sent to server, wherein the server is for saving the second private key component.

In one embodiment, in order to which the second private key component is safely sent to server, the described 4th Transmit-Receive Unit according to following procedure when it is implemented, can execute: obtain transmission public key, wherein the transmission public key is service Device generates, and the server preserves the transmission private key with the transmission public key match；According to the transmission public key to described Two private key components are encrypted, and obtain encrypted second private key component；The encrypted second private key component is sent out It send to the server.

In one embodiment, described device further includes spare private key component generation module, when it is implemented, can be used for According to the transaction private key, the first spare private key component, the second spare private key component are generated；By the described first spare private key component It is stored in client local, the described second spare private key component is sent to server.

In one embodiment, described device can also include update module, be protected for updating client and server The private key component of pipe.Wherein, the update module is when it is implemented, may include following structural unit:

Third arithmetic element specifically can be used for responding update request；Call default in the first MPC node of client with The first private key component is as input data, and defaults in the 2nd MPC node of server and made with the second private key component For input data, third operation is carried out according to preset rules, generates updated first private key component and updated second private Key component；

Acquiring unit specifically can be used for obtaining and saving the updated first private key component, wherein the update The second private key component afterwards is stored in the server.

In one embodiment, described device can also include authentication module, specifically can be used for response key verifying and ask It asks, calls the first MPC node for defaulting in client using the updated first private key component as input data, and is default In server the 2nd MPC node using the updated second private key component as input data, carried out according to preset rules 4th operation generates updated transaction public key；According to the transaction public key and the updated transaction public key, determine described in Whether updated first private key component, the updated second private key component meet the requirements.

In one embodiment, described device can also include another authentication module, specifically can be used for response key Checking request generates the second random number, and second random number is sent to server；Calling defaults in the first of client MPC node is using the updated first private key component as input data, and defaults in the 2nd MPC node of server with institute Updated second private key component is stated as input data, signature processing is carried out to second random number according to preset rules, Obtain third signed data；According to the transaction public key and the third signed data, updated first private key is determined Whether component, the updated second private key component meet the requirements.

In one embodiment, described device can also include specifically spare processing module, specifically can be used for described In the case that first private key component is lost, call the first MPC node for defaulting in client with the described first spare private key component For input data, and the 2nd MPC node of server is defaulted in using the described second spare private key component as input data, according to pre- If rule carries out the 5th operation, third private key component and the 4th private key component are generated；It obtains, and the third private key component is made Client local is stored in for the first private key component, wherein the 4th private key component is stored in institute as the second private key component State server.

All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.

It should be noted that system, device, module or unit that above embodiment illustrates, it specifically can be by computer Chip or entity are realized, or are realized by the product with certain function.For convenience of description, in the present specification, it retouches It is divided into various units when stating apparatus above with function to describe respectively.It certainly, when implementing the application can be the function of each unit It realizes in the same or multiple software and or hardware.

In addition, in the present specification, such as adjective as first and second can be only used for an element or move Make to distinguish with another element or movement, without requiring or implying any actual this relationship or sequence.Permit in environment Perhaps in the case where, it should not be interpreted as limited to one in only element, component or step referring to element or component or step (s) It is a, and can be the one or more etc. in element, component or step.

It can be seen from the above description that data processing equipment provided by the embodiments of the present application, by advance by first Private key component and the second private key component are retained separately in client and server two sides；It needs to carry out transaction data processing in user When, call the first MPC node for defaulting in client and the 2nd MPC node for defaulting in server to distinguish further through calling module The the first private key component and the second private key component saved using each end carries out preset letter according to preset rules as input jointly Number operation, Lai Shengcheng trading signature, then specific transaction data processing is carried out according to above-mentioned trading signature by processing module, Make to be not in complete private key in the treatment process of transaction data in this way, to solve the place of existing transaction data Due to needing to use integrity key during reason, cause key using unsafe technical problem, having reached reduces user's Security risk in the treatment process of transaction data improves the technical effect of the safety of transaction data processing, meets simultaneously Demand for control of the user to complete transaction private key.

The embodiment of the present application also provides a kind of electronic equipment, can specifically be implemented refering to shown in Fig. 9 based on the application The electronic equipment composed structure schematic diagram that example provides, the electronic equipment can specifically include input equipment 91, processor 92, deposit Reservoir 93.Wherein, the input equipment 91 specifically can be used for receiving transaction data processing request.The processor 92 specifically may be used To be used for response transaction data processing request, authentication request is initiated；The authentication request is responded, is carried out with server Bidirectional identification verifying, wherein the server preserves the second private key component；In the case where bidirectional identification is verified, adjust It uses the first MPC node for defaulting in client using the first private key component as input data, and defaults in the of server Two MPC nodes carry out preset functional operation using the second private key component as input data, according to preset rules, are transported Result is calculated as trading signature, wherein the first private key component and the second private key component are given birth to according to the client At transaction private key generate；According to the trading signature, transaction data processing is carried out.The memory 93 specifically can be used for depositing The corresponding instruction repertorie that storage processor 92 is based on.

In the present embodiment, the input equipment, which specifically can be, carries out information exchange between user and computer system One of main device.The input equipment may include keyboard, mouse, camera, scanner, light pen, writing input board, voice Input unit etc.；Input equipment is used to initial data be input in computer with the programs for handling these numbers.The input is set Standby can also obtain receives the data that other modules, unit, equipment transmit.The processor can be by any side appropriate Formula is realized.For example, processor can take such as microprocessor or processor and storage that can be executed by (micro-) processor Computer-readable medium, logic gate, the switch, specific integrated circuit of computer readable program code (such as software or firmware) (Application Specific Integrated Circuit, ASIC), programmable logic controller (PLC) and insertion microcontroller Form etc..The storage implement body can be in modern information technologies for protecting stored memory device.The storage Device may include many levels, in digital display circuit, as long as can save binary data can be memory；In integrated electricity The circuit with store function of Lu Zhong, a not no physical form are also memory, such as RAM, FIFO；In systems, have There is the storage equipment of physical form to be also memory, such as memory bar, TF card.

In the present embodiment, the function and effect of electronic equipment specific implementation, can compare with other embodiment It explains, details are not described herein.

The embodiment of the present application also provides a kind of computer storage medium based on data processing method, the computer is deposited Storage media is stored with computer program instructions, is performed realization: response transaction data processing in the computer program instructions Authentication request is initiated in request；The authentication request is responded, carries out bidirectional identification verifying with server, wherein described Server preserves the second private key component；In the case where bidirectional identification is verified, the first MPC for defaulting in client is called Node is using the first private key component as input data, and defaults in the 2nd MPC node of server with second private key Component carries out preset functional operation as input data, according to preset rules, obtains operation result as trading signature, In, the first private key component and the second private key component are generated according to client transaction private key generated；According to The trading signature carries out transaction data processing.

In the present embodiment, above-mentioned storage medium includes but is not limited to random access memory (RandomAccess Memory, RAM), read-only memory (Read-Only Memory, ROM), caching (Cache), hard disk (Hard Disk Drive, HDD) or storage card (Memory Card).The memory can be used for storing computer program instructions.Network is logical Letter unit can be according to standard setting as defined in communication protocol, for carrying out the interface of network connection communication.

In the present embodiment, the function and effect of the program instruction specific implementation of computer storage medium storage, can To compare explanation with other embodiment, details are not described herein.

Private key component security risk that may be present is saved in order to be further reduced client, the embodiment of the present application also provides Another data processing method, specifically can another data to be provided shown in 0 according to the application embodiment refering to fig. 1 The process flow diagram of processing method.It can specifically include the following contents.

S101: response transaction data processing request initiates authentication request；

S103: responding the authentication request, carries out authentication with first server, second server, wherein institute State first server for save the first private key component, the second server for preservation the second private key component, wherein it is described First private key component and the second private key component are generated according to client transaction private key generated；

S105: it in the case where authentication passes through, calls and defaults in the first MPC node of first server with described the One private key component as input data, and default in the 2nd MPC node of second server using the second private key component as Input data carries out preset functional operation according to preset rules, obtains operation result as trading signature；

S107: according to the trading signature, transaction data processing is carried out.

In the present embodiment, by introducing the opposite more structurally sound first server of client and second server in system The first private key component and the second private key component for generating trading signature are saved respectively, to reduce by client voluntarily The part private key component of preservation is easy the risk for being compromised or stealing, in the treatment process for further decreasing the transaction data of user Security risk, reach improve transaction data processing safety technical effect.

In one embodiment, when it is implemented, also needing first to generate the first private key component for generating trading signature The second private key component, and by above-mentioned first private key component and the second private key component be stored in respectively first server and second clothes Business device two sides.Specifically, the place of another data processing method provided shown in 1 according to the application embodiment refering to fig. 1 Flow chart is managed, before response transaction data processing request, the method can also include the following contents:

S3: being stored in client local for the transaction public key, the first private key component be sent to first server, The second private key component is sent to second server.

In the present embodiment, it when it is implemented, client can acquire and according to the dependent instruction that user inputs, generates simultaneously It responds above-mentioned key and generates request, locally generating transaction private key (can be denoted as sk) and transaction public key in client (can be denoted as pk).For example, client can be locally generated above-mentioned transaction private key and public key of trading in the above manner: keyGen () → (sk,pk).In turn, client the first private key component can be generated in such a way that key is shared according to above-mentioned transaction private key (can To be denoted as sk1) and the second private key component (sk2 can be denoted as).For example, client can generate the first private key in the following way Component and the second private key component: secrect sharing (sk) → (sk1, sk2).Transaction public key can be stored in by client Client is local, and by the first private key component and the second private key component be respectively sent to first server (KMS1 can be denoted as) and Second server (can be denoted as KMS2), save the first private key component by first server, and it is private to save second by second server Key component.Client oneself can not need to save any private key component in this way, be stolen or let out without undertaking private key component The risk of dew, and private key component is separately taken care of by the higher first server of reliability, second server, so as to will be private The risk that key component is stolen or reveals.

In one embodiment, above-mentioned first private key component and the second private key component are sent to first service in client When device and second server, to avoid private key component from being stolen or reveal during transmission, can first to private key component into After the corresponding encryption of row, then sent.Specifically, in conjunction with shown in Figure 11, it is above-mentioned to send the first private key component May include the following contents to first server:

S1: the first transmission public key (pk_s1 can be denoted as) is obtained, wherein the first transmission public key is first server It generates, the first server preserves the first transmission private key (can be denoted as sk_s1) with the first transmission public key match；

S2: the first private key component is encrypted according to the first transmission public key, obtains encrypted the One private key component (can be denoted as t1)；

S3: the encrypted first private key component is sent to the first server.

In the present embodiment, client can in the following way carry out the first private key component using the first transmission public key Encryption: Enc (pk_s1, sk1) → t1.

In the present embodiment, by the above-mentioned means, the available encrypted first private key component of first server.First Server can use the first saved transmission private key to above-mentioned encryption after obtaining above-mentioned encrypted first private key component The first private key component afterwards is decrypted, and obtains and saves the first private key component in first server.For example, first server can To be decrypted to obtain the first private key component: Dec (sk_s1, t1) → sk1 in the following way.

In one embodiment, it is referred to the above-mentioned mode that the first private key component is sent to first server, The second private key component is sent to second server in the following manner:

S1: the second transmission public key (pk_s2 can be denoted as) is obtained, wherein the second transmission public key is second server It generates, the second server preserves the second transmission private key (can be denoted as sk_s2) with the second transmission public key match；

S2: the second private key component is encrypted according to the second transmission public key, obtains encrypted the Two private key components (can be denoted as t2)；

S3: the encrypted second private key component is sent to the second server.

In the present embodiment, client can in the following way carry out the second private key component using the second transmission public key Encryption: Enc (pk_s2, sk2) → t2.

In the present embodiment, by the above-mentioned means, the available encrypted second private key component of second server.Second Server can use the second saved transmission private key to above-mentioned encryption after obtaining above-mentioned encrypted second private key component The second private key component afterwards is decrypted, and obtains and saves the second private key component in second server.For example, second server can To be decrypted to obtain the first private key component: Dec (sk_s2, t2) → sk2 in the following way.

In one embodiment, in order to further increase the safety that transaction data is handled, when it is implemented, pre- calling Set on first server the first MPC node and default in the 2nd MPC node of second server respectively with respectively save the It, can also be first to the first service for data processing of participating in business before one private key component and the second private key component generate trading signature Device, second server and client carry out authentication, and in the case where authentication passes through, regeneration is at transaction data The trading signature of reason.

In one embodiment, can with refering to fig. 1 shown in 2 according to the application embodiment provide another data at The process flow diagram of reason method, the above-mentioned response authentication request carry out identity with first server, second server and test Card, when it is implemented, may include the following contents:

S1: responding the authentication request, generates the first random number, and first random number is respectively sent to the One server and second server；

S2: the first signed data is received, wherein first signed data is the first MPC for defaulting in first server Node is using the first private key component as input data, and defaults in the 2nd MPC node of second server with described second Private key component carries out signature processing as input data, according to preset rules, obtained data；

S3: according to first signed data and the transaction public key, determine whether authentication passes through.

Specifically, the processing of another data processing method provided shown in 2 according to the application embodiment refering to fig. 1 Flow chart can complete authentication by way of signature verification.Client (can be denoted as client) can first generate one A random number (being denoted as m1, i.e. the first random number)；First random number, which is respectively sent to first server, again (can be denoted as ) and second server (KMS2 can be denoted as) KMS1.First server and second server are receiving above-mentioned first random number Afterwards, the first private key component and the second private key component that can be respectively saved respectively by the first MPC node and the 2nd MPC node As input, carry out signature to the first random number jointly according to preset rules and handle to obtain the first signed data (to be denoted as sig1').Client is sent to by first server or second server the first obtained signed data that will sign jointly.Client End can use saved transaction public key and verify to the first signed data after receiving the first signed data, according to Verification result determines whether the identity of first server, second server and client is verified.The case where being verified Under, just meeting triggering following step carries out corresponding transaction data processing to generate corresponding trading signature.

It is another number that can also be provided shown in 3 according to the application embodiment refering to fig. 1 at one in embodiment According to the process flow diagram of processing method, the above-mentioned response authentication request carries out body with first server, second server Part verifying, when it is implemented, may include the following contents:

S1: responding the authentication request, Xiang Suoshu first server, and/or, the second server sends verifying Public key acquisition request；

S2: verification public key is received, wherein the verification public key is to default in the first MPC node of first server with institute The first private key component is stated as input data, and defaults in the 2nd MPC node of second server with the second private key component As input data, operation, obtained data are carried out according to preset rules；

S3: according to the verification public key and the transaction public key, determine whether authentication passes through.

Specifically, refering to fig. 1 shown in 3 authentication can also be completed in such a way that public key compares.Client can be to Any one server in first server and second server, or sent to two servers be directed to authentication simultaneously Verification public key acquisition request.Any one server receives above-mentioned verification public key and obtains in first server and second server After taking request, above-mentioned verification public key acquisition request can be responded, with another server communication, and then correspondence can be passed through respectively MPC node participate in common operation according to preset rules using the private key component that respectively saves as input, generating verification public key (can To be denoted as pk1 '), then above-mentioned verification public key is sent to client.After client receives above-mentioned verification public key again, it can incite somebody to action The verification public key is compared with the transaction public key oneself saved.If the two is identical or difference value is relatively small, It is proved to be successful, and then can determine that first server, second server and client identity are verified, can carry out subsequent The generation of trading signature.

In one embodiment, in order to meet the needs of user updates private key component, the method is when it is implemented, may be used also To include the following contents:

Response updates request, call default in the first MPC node of first server using the first private key component as Input data, and the 2nd MPC node of second server is defaulted in using the second private key component as input data, according to pre- If rule carries out functional operation, updated first private key component (sk1 ' can be denoted as) and updated second private key point are generated It measures (sk2 ' can be denoted as)；Wherein, the updated first private key component is stored in first server, and described updated Two private key components are stored in second server.

In one embodiment, pass through the first MPC node and the 2nd MPC section respectively in first server and second server It, can be first to update generated after point generates corresponding updated first private key component and updated second private key component The first private key component and updated second private key component afterwards is to above-mentioned updated first private key component and updated Two private key components are compared, verify, with determination updated first private key component generated and updated second private key Whether component meets the requirements, i.e., whether can generate accurate user's signature.Determining updated first private key generated In the case that component and updated second private key component are met the requirements, recycle updated first private key component replacement original The first private key component, be stored in first server；Original second private key point is replaced using updated second private key component Amount, is stored in second server, to complete the update to private key component.

In one embodiment, can with refering to fig. 1 shown in 4 according to the application embodiment provide another data at The process flow diagram of reason method verifies updated first private key component generated and update by way of signature verification Whether the second private key component afterwards meets the requirements.Specifically, updating request in response, calling defaults in the first of first server MPC node is using the first private key component as input data, and defaults in the 2nd MPC node of second server with described Two private key components carry out functional operation as input data, according to preset rules, generate updated first private key component and more After the second private key component after new, the method can also include the following contents:

S1: response key checking request generates the second random number (can be denoted as m2 ')；And second random number is divided First server and second server are not sent to it；

S2: it receives the second signed data (sig2 ' can be denoted as), wherein second signed data is to default in first First MPC node of server is using the updated first private key component as input data, and defaults in second server The 2nd MPC node using the updated second private key component as input data, according to preset rules to described second with Machine number carries out signature processing, obtained data；

S3: according to the transaction public key and second signed data, the updated first private key component, institute are determined State whether updated second private key component meets the requirements.

In the present embodiment, client can use saved transaction public key and carry out to the second acquired signed data Verification processing determines whether the updated first private key component, updated second private key component are full according to verification result Foot requires.In the case where determining that the updated first private key component, updated second private key component are met the requirements, then First private key component and the second private key component are saved by first server and second server respectively.

In one embodiment, can with refering to fig. 1 shown in 5 according to the application embodiment provide another data at The process flow diagram of reason method determines updated first private key component generated and update in such a way that public key compares Whether the second private key component afterwards meets the requirements.Specifically, updating request in response, calling defaults in the first of first server MPC node is using the first private key component as input data, and defaults in the 2nd MPC node of second server with described Two private key components carry out functional operation as input data, according to preset rules, generate updated first private key component and more After the second private key component after new, the method can also include the following contents:

S1: response key checking request is called and defaults in the first MPC node of first server with described updated the One private key component is as input data, and defaults in the 2nd MPC node of second server with updated second private key Component carries out operation as input data, according to preset rules, generates updated transaction public key (can be denoted as pk2 ')；

S2: according to the transaction public key and the updated transaction public key, updated first private key point is determined Whether amount, the updated second private key component meet the requirements.

In the present embodiment, client can use what oneself was saved after obtaining above-mentioned updated transaction public key Transaction public key is compared with updated transaction public key, if updated transaction public key and the transaction public key phase saved Together or difference value is relatively small, then can determine that updated first private key component, updated second private key component meet It is required that.

Therefore since the first private key component and the second private key component by being retained separately in reliable by the program in advance The higher first server of property and second server two sides；It is pre- further through calling when user needs to carry out transaction data processing It is saved respectively with each end set on the first MPC node of first server with the 2nd MPC node for defaulting in second server First private key component and the second private key component carry out preset functional operation, Lai Shengcheng according to preset rules as input jointly Trading signature, so that be not in complete private key in the treatment process of transaction data, client does not need voluntarily yet Private key component is saved, to solve in the treatment process of existing transaction data due to needing to use integrity key, is caused Key uses unsafe technical problem, has reached the safety wind in the treatment process for further decreasing the transaction data of user Danger improves the technical effect of the safety of transaction data processing.

The embodiment of the present application also provides a kind of data processing method, the data processing method specifically can be applied to One server, wherein the first server preserves the first private key component, the method when it is implemented, may include with Lower content:

S1: response identity checking request carries out authentication with the first client, second server, wherein described second Client preserves the second private key component, wherein the first private key component and the second private key component are according to the client Transaction private key generated is held to generate；

S2: in the case where authentication passes through, call the first MPC node for defaulting in first server with described first Private key component is as input data, and defaults in the 2nd MPC node of second server using the second private key component as defeated Enter data, carries out preset functional operation according to preset rules, obtain operation result as trading signature.

In the present embodiment, it should be noted that it is referred to the above-mentioned data processing method applied to first server, The second private key component is saved using second server, and generates trading signature jointly with first server, to complete corresponding number According to processing.In this regard, this specification repeats no more.

The embodiment of the present application also provides a kind of data processing method, the data processing method specifically can be applied to wrap In the system for including first server, second server and client, wherein the first server preserves the first private key point Amount, the second server preserve the second private key component, and the method is when it is implemented, may include the following contents:

S1: the client end response response transaction data processing request initiates authentication request；

S2: the client, the first server, the second server respond the authentication request, carry out Authentication；

S3: in the case where authentication passes through, the first MPC node of first server is defaulted in first private key Component is as input data, and defaults in the 2nd MPC node of second server using the second private key component as input number According to carrying out preset functional operation according to preset rules, obtain operation result as trading signature, and the trading signature is anti- It feeds client；

S4: the client carries out transaction data processing according to the trading signature.

Correspondingly, can specifically include following construction module the embodiment of the present application also provides a kind of data processing equipment:

Initiation module specifically can be used for response transaction data processing request, initiate authentication request；

Authentication module specifically can be used for responding the authentication request, carry out with first server, second server Authentication, wherein for the first server for saving the first private key component, the second server is private for saving second Key component, wherein the first private key component and the second private key component are according to client transaction private key generated It generates；

Calling module specifically can be used in the case where authentication passes through, and calls and defaults in the of first server One MPC node is using the first private key component as input data, and defaults in the 2nd MPC node of second server with described Second private key component carries out preset functional operation as input data, according to preset rules, obtains operation result as transaction Signature；

Processing module specifically can be used for carrying out transaction data processing according to the trading signature.

Although mentioning different specific embodiments in teachings herein, the application is not limited to be industry Situation described in standard or embodiment etc., certain professional standards or the implementation base described using customized mode or embodiment On plinth embodiment modified slightly also may be implemented above-described embodiment it is identical, it is equivalent or it is close or deformation after it is anticipated that Implementation result.It, still can be with using these modifications or the embodiment of deformed data acquisition, processing, output, judgment mode etc. Belong within the scope of the optional embodiment of the application.

Although this application provides the method operating procedure as described in embodiment or flow chart, based on conventional or noninvasive The means for the property made may include more or less operating procedure.The step of enumerating in embodiment sequence is only numerous steps One of execution sequence mode, does not represent and unique executes sequence.It, can when device or client production in practice executes To execute or parallel execute (such as at parallel processor or multithreading according to embodiment or method shown in the drawings sequence The environment of reason, even distributed data processing environment).The terms "include", "comprise" or its any other variant are intended to contain Lid non-exclusive inclusion, so that process, method, product or equipment including a series of elements are not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, product or equipment Intrinsic element.In the absence of more restrictions, be not precluded include the process, method of the element, product or There is also other identical or equivalent elements in person's equipment.

Device that above-described embodiment illustrates or module etc. can specifically realize by computer chip or entity, or by having There is the product of certain function to realize.For convenience of description, it is divided into various modules when description apparatus above with function to retouch respectively It states.Certainly, the function of each module can be realized in the same or multiple software and or hardware when implementing the application, The module for realizing same function can be realized by the combination of multiple submodule etc..Installation practice described above is only Schematically, for example, the division of the module, only a kind of logical function partition, can there is other draw in actual implementation The mode of dividing, such as multiple module or components can be combined or can be integrated into another system, or some features can be ignored, Or it does not execute.

It is also known in the art that other than realizing controller in a manner of pure computer readable program code, it is complete Entirely can by by method and step carry out programming in logic come so that controller with logic gate, switch, specific integrated circuit, programmable Logic controller realizes identical function with the form for being embedded in microcontroller etc..Therefore this controller is considered one kind Hardware component, and the structure that the device for realizing various functions that its inside includes can also be considered as in hardware component.Or Person even, can will be considered as realizing the device of various functions either the software module of implementation method can be hardware again Structure in component.

The application can describe in the general context of computer-executable instructions executed by a computer, such as program Module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, programs, objects, group Part, data structure, class etc..The application can also be practiced in a distributed computing environment, in these distributed computing environments, By executing task by the connected remote processing devices of communication network.In a distributed computing environment, program module can To be located in the local and remote computer storage media including storage equipment.

As seen through the above description of the embodiments, those skilled in the art can be understood that the application can It realizes by means of software and necessary general hardware platform.Based on this understanding, the technical solution essence of the application On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment (can be personal computer, mobile terminal, server or the network equipment etc.) executes each embodiment of the application or implementation Method described in certain parts of example.

Each embodiment in this specification is described in a progressive manner, the same or similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.The application can be used for crowd In mostly general or special purpose computing system environments or configuration.Such as: personal computer, server computer, handheld device or Portable device, laptop device, multicomputer system, microprocessor-based system, set top box, programmable electronics set Standby, network PC, minicomputer, mainframe computer, distributed computing environment including any of the above system or equipment etc..

Although depicting the application by embodiment, it will be appreciated by the skilled addressee that the application there are many deformation and Variation is without departing from spirit herein, it is desirable to which appended embodiment includes these deformations and changes without departing from the application.

Claims

1. a kind of data processing method, the data processing method is applied to client, which is characterized in that the client saves There is the first private key component, which comprises

The authentication request is responded, carries out bidirectional identification verifying with server, wherein the server preserves the second private Key component, wherein the first private key component and the second private key component are according to client transaction private key generated It generates；

In the case where bidirectional identification is verified, call the first MPC node for defaulting in client with first private key point Amount is used as input data, and defaults in the 2nd MPC node of server using the second private key component as input data, according to Preset rules carry out preset functional operation, obtain operation result as trading signature；

According to the trading signature, transaction data processing is carried out.

2. being carried out with server double the method according to claim 1, wherein responding the authentication request To authentication, comprising:

The authentication request is responded, the first public key and the first private key are generated, wherein first public key and first private Key matching；

First public key is sent to server, and receives the second public key, wherein the server is tested for responding the identity Card request, generates the second public key and the second private key；

Receive encryption data and the first signed data, wherein the encryption data is the server according to first public key To the data that the first random number is encrypted, first signed data is that the server is private according to described second Key carries out the data that signature is handled to the encryption data；

According to second public key, the encryption data, first signed data, the first operation is carried out, to determine server Whether authentication passes through, and in the case where determining that server authentication passes through, and is added according to second public key to described Ciphertext data is decrypted, and obtains first random number；

Signature processing is carried out to first random number according to first private key, obtains the second signed data, and to the clothes Business device sends second signed data；

Receive the identification information of the server feedback, wherein the server is used for according to first public key, described First random number, second signed data carry out the second operation, to determine that client identity verifies whether to pass through, and true In the case that the fixed client identity is verified, Xiang Suoshu client sends confirmation instruction information.

3. the method according to claim 1, wherein initiating authentication in response transaction data processing request Before request, the method also includes:

Response key generates request, generates transaction private key and transaction public key, wherein the transaction private key and the transaction public key Match；

The first private key component is stored in client local, the second private key component is sent to server, wherein institute Server is stated for saving the second private key component.

4. according to the method described in claim 3, it is characterized in that, the second private key component is sent to server, comprising:

Obtain transmission public key, wherein the transmission public key is server generation, and the server is preserved and the transmission public key Matched transmission private key；

The second private key component is encrypted according to the transmission public key, obtains encrypted second private key component；

The encrypted second private key component is sent to the server.

5. according to the method described in claim 3, it is characterized in that, according to the transaction private key, generate the first private key component, After second private key component, the method also includes:

Described first spare private key component is stored in client local, the described second spare private key component is sent to service Device.

6. according to the method described in claim 3, it is characterized in that, the method also includes:

Response updates request, calls the first MPC node for defaulting in client using the first private key component as input data, With default in the 2nd MPC node of server using the second private key component as input data, carry out the according to preset rules Three operations generate updated first private key component and updated second private key component；

It obtains and saves the updated first private key component, wherein the updated second private key component is stored in institute State server.

7. according to the method described in claim 6, it is characterized in that, obtaining and saving the updated first private key component Afterwards, the method also includes:

Response key checking request calls the first MPC node for defaulting in client with the updated first private key component As input data, and the 2nd MPC node of server is defaulted in using the updated second private key component as input number According to, according to preset rules carry out the 4th operation, generate updated transaction public key；

According to the transaction public key and the updated transaction public key, the updated first private key component, described is determined Whether updated second private key component meets the requirements.

8. according to the method described in claim 6, it is characterized in that, obtaining and saving the updated first private key component Afterwards, the method also includes:

Call the first MPC node for defaulting in client using the updated first private key component as input data, and pre- The 2nd MPC node set on server is using the updated second private key component as input data, according to preset rules pair Second random number carries out signature processing, obtains third signed data；

According to the transaction public key and the third signed data, the updated first private key component, the update are determined Whether the second private key component afterwards meets the requirements.

9. according to the method described in claim 5, it is characterized in that, the method also includes:

In the case where the first private key component is lost, call the first MPC node for defaulting in client standby with described first It is input data with private key component, and defaults in the 2nd MPC node of server with the described second spare private key component as input Data carry out the 5th operation according to preset rules, generate third private key component and the 4th private key component；

It obtains, and is stored in client local for the third private key component as the first private key component, wherein the described 4th is private Key component is stored in the server as the second private key component.

10. a kind of data processing method, the data processing method is applied to server, which is characterized in that the server is protected There is the second private key component, which comprises

Response identity checking request carries out bidirectional identification verifying with client, wherein the client preserves the first private key point Amount, wherein the first private key component and the second private key component are generated according to client transaction private key generated；

In the case where bidirectional identification is verified, call the 2nd MPC node for defaulting in server with second private key point Amount is used as input data, and defaults in the first MPC node of client using the first private key component as input data, according to Preset rules carry out preset functional operation, obtain operation result as trading signature.

11. a kind of data processing method, the data processing method is applied in the system including server and client side, special Sign is that the client preserves the first private key component, and the server preserves the second private key component, wherein described One private key component and the second private key component generated according to client transaction private key generated the described method includes:

In the case where bidirectional identification is verified, the first MPC node for defaulting in client is made with the first private key component For input data, and the 2nd MPC node of server is defaulted in using the second private key component as input data, according to default Rule carries out preset functional operation, obtains operation result as trading signature；

12. a kind of data processing equipment characterized by comprising

Initiation module is used for response transaction data processing request, authentication request is initiated, wherein in the data processing equipment Preserve the first private key component；

Authentication module carries out bidirectional identification verifying with server, wherein the service for responding the authentication request Device preserves the second private key component, wherein the first private key component and the second private key component are generated according to transaction private key；

Calling module, for calling the first MPC node for defaulting in client with institute in the case where bidirectional identification is verified The first private key component is stated as input data, and default in the 2nd MPC node of server using the second private key component as Input data carries out preset functional operation according to preset rules, obtains operation result as trading signature；

13. a kind of computer readable storage medium, is stored thereon with computer instruction, which is characterized in that described instruction is performed The step of Shi Shixian any one of claims 1 to 9 the method.

14. a kind of data processing method, the data processing method is applied to client, which is characterized in that the described method includes:

The authentication request is responded, carries out authentication with first server, second server, wherein first clothes Device be engaged in for saving the first private key component, the second server is for saving the second private key component, the first private key component It is generated with the second private key component according to client transaction private key generated；

In the case where authentication passes through, call the first MPC node for defaulting in first server with first private key point Amount is used as input data, and defaults in the 2nd MPC node of second server using the second private key component as input data, Preset functional operation is carried out according to preset rules, obtains operation result as trading signature；

According to the trading signature, transaction data processing is carried out.

15. according to the method for claim 14, which is characterized in that before response transaction data processing request, the side Method further include:

The transaction public key is stored in client local, the first private key component is sent to first server, it will be described Second private key component is sent to second server.

16. according to the method for claim 15, which is characterized in that the first private key component is sent to first service Device, comprising:

Obtain the first transmission public key, wherein the first transmission public key is first server generation, and the first server saves There is the first transmission private key with the first transmission public key match；

The first private key component is encrypted according to the first transmission public key, obtains encrypted first private key point Amount；

The encrypted first private key component is sent to the first server.

17. according to the method for claim 15, which is characterized in that respond the authentication request, with first server, Second server carries out authentication, comprising:

The authentication request is responded, generates the first random number, and first random number is respectively sent to first service Device and second server；

Receive the first signed data, wherein first signed data is to default in the first MPC node of first server with institute The first private key component is stated as input data, and defaults in the 2nd MPC node of second server with the second private key component As input data, signature processing is carried out according to preset rules, obtained data；

18. according to the method for claim 15, which is characterized in that respond the authentication request, with first server, Second server carries out authentication, comprising:

Respond the authentication request, Xiang Suoshu first server, and/or, the second server sends verification public key and obtains Take request；

Receive verification public key, wherein the verification public key is to default in the first MPC node of first server with first private Key component is as input data, and defaults in the 2nd MPC node of second server using the second private key component as input Data carry out operation, obtained data according to preset rules；

19. according to the method for claim 14, which is characterized in that the method also includes:

Response updates request, calls the first MPC node for defaulting in first server using the first private key component as input Data, and the 2nd MPC node of second server is defaulted in using the second private key component as input data, according to default rule Functional operation is then carried out, updated first private key component and updated second private key component are generated；Wherein, after the update The first private key component be stored in first server, the updated second private key component is stored in second server.

20. according to the method for claim 19, which is characterized in that update request in response, calling defaults in first service First MPC node of device is using the first private key component as input data, and defaults in the 2nd MPC node of second server Using the second private key component as input data, functional operation is carried out according to preset rules, generates updated first private key After component and updated second private key component, the method also includes:

Response key checking request generates the second random number；And by second random number be respectively sent to first server and Second server；

Receive the second signed data, wherein second signed data is to default in the first MPC node of first server with institute Updated first private key component is stated as input data, and defaults in the 2nd MPC node of second server with the update The second private key component afterwards carries out signature processing to second random number as input data, according to preset rules, obtains Data；

According to the transaction public key and second signed data, the updated first private key component, the update are determined Whether the second private key component afterwards meets the requirements.

21. according to the method for claim 19, which is characterized in that update request in response, calling defaults in first service First MPC node of device is using the first private key component as input data, and defaults in the 2nd MPC node of second server Using the second private key component as input data, functional operation is carried out according to preset rules, generates updated first private key After component and updated second private key component, the method also includes:

Response key checking request calls the first MPC node for defaulting in first server with updated first private key Component is as input data, and defaults in the 2nd MPC node of second server and made with the updated second private key component For input data, operation is carried out according to preset rules, generates updated transaction public key；

22. a kind of data processing method, the data processing method is applied to first server, which is characterized in that described first Server preserves the first private key component, which comprises

Response identity checking request carries out authentication with the first client, second server, wherein the second server Preserve the second private key component, wherein the first private key component and the second private key component are given birth to according to the client At transaction private key generate；

In the case where authentication passes through, call the first MPC node for defaulting in first server with first private key point Amount is used as input data, and defaults in the 2nd MPC node of second server using the second private key component as input data, Preset functional operation is carried out according to preset rules, obtains operation result as trading signature.

23. a kind of data processing method, the data processing method is applied to include first server, second server and client In the system at end, which is characterized in that the first server preserves the first private key component, and the second server preserves Two private key components, wherein the first private key component and the second private key component are according to client transaction generated Private key generates, which comprises

The client, the first server, the second server respond the authentication request, carry out identity and test Card；

In the case where authentication passes through, the first MPC node for defaulting in first server is made with the first private key component For input data, and default in the 2nd MPC node of second server using the second private key component as input data, according to Preset rules carry out preset functional operation, obtain operation result as trading signature, and the trading signature is fed back to visitor Family end；

24. a kind of data processing equipment characterized by comprising

Authentication module carries out authentication with first server, second server for responding the authentication request, In, the first server is used to save the second private key component for saving the first private key component, the second server, In, the first private key component and the second private key component are generated according to transaction private key；

Calling module, for calling the first MPC node for defaulting in first server with institute in the case where authentication passes through The first private key component is stated as input data, and defaults in the 2nd MPC node of second server with the second private key component As input data, preset functional operation is carried out according to preset rules, obtains operation result as trading signature；