Message processing methods, cloud servers, and communication systems
By using smart contracts in a blockchain network to manage node configuration information and encryption keys, the problem of communication interruption in multi-user scenarios of existing end-to-end encryption methods is solved, and secure and reliable multi-user end-to-end communication is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SHENZHEN HUAWEI CLOUD COMPUTING TECHNOLOGIES CO LTD
- Filing Date
- 2023-01-03
- Publication Date
- 2026-07-03
AI Technical Summary
Existing end-to-end encryption methods cannot guarantee message security and reliability when the communication server is hacked or unable to provide services, leading to communication interruption. This is especially true in multi-user scenarios, where current technologies only support communication between two users.
It uses a blockchain network to store and transmit messages, and uses smart contracts to execute node management group configuration information and encryption keys to achieve distributed storage and encryption, ensuring the reliability and security of messages stored in the blockchain, and supporting end-to-end communication for multiple users.
It improves the reliability of message storage and transmission, ensures end-to-end communication security in multi-user scenarios, expands the application scenarios of end-to-end encryption, and supports secure communication among multiple users in a group.
Smart Images

Figure CN116094699B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of communications, and in particular to message processing methods, cloud servers, and communication systems. Background Technology
[0002] End-to-end encryption is a method of encrypting messages transmitted between terminals to ensure message security.
[0003] One end-to-end message processing method is roughly as follows: The sending terminal generates a first key pair according to a key exchange protocol, and the receiving terminal generates a second key pair according to the same protocol. The first key pair includes a first private key and a first public key, and the second key pair includes a second private key and a second public key. The sending terminal generates a communication key based on the first private key and the second public key; after encrypting the message using the communication key, it sends the encrypted message to a communication server, which forwards the encrypted message to the receiving terminal. The receiving terminal generates the communication key based on the second private key and the first public key, and uses the communication key to decrypt the encrypted message.
[0004] If the communication server is hacked, encrypted messages may be corrupted or the communication server may be unable to provide communication services, resulting in communication interruption. Summary of the Invention
[0005] In view of this, this application provides a message processing method that utilizes a blockchain network to store and transmit messages, thereby improving the reliability of message storage and transmission. This application also provides cloud servers, communication systems, computing device clusters, computer-readable storage media, and computer program products capable of executing the above method.
[0006] The first aspect provides a message processing method. The communication system used in this method includes a blockchain network, a first cloud server, and a first terminal. The blockchain network includes multiple smart contract execution nodes. The message processing method includes: after receiving a message from the first terminal, the first cloud server sends a query configuration information request to the smart contract execution nodes based on the message. The query configuration information request includes a smart contract identifier. After the smart contract execution nodes obtain a first group configuration information set based on the smart contract identifier carried in the query configuration information request, the first cloud server receives the first group configuration information set sent by the smart contract execution nodes, obtains the blockchain user identifier of the first terminal, selects the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set, encrypts the message using the first group communication key in the first group configuration information, and sends the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution nodes.
[0007] After the first terminal sends a message, the message is encrypted by the first cloud server and processed by a smart contract before being stored in the blockchain. After the first terminal uploads the message, other terminals in the first group (such as the second terminal) can query and decrypt the messages from the blockchain, thus completing end-to-end communication. Because the smart contract execution nodes are distributed, even if one or more smart contract execution nodes fail, the message still exists in the blockchain, thereby improving the reliability of message storage and transmission.
[0008] In another possible implementation, before the first cloud server receives the message sent by the first terminal, the message processing method of this application further includes: after the first cloud server receives the group creation request sent by the first terminal, it sends the group creation request to the smart contract execution node; after receiving the public key packets of other group users sent by the smart contract execution node, it generates a first group communication key based on the public key packets of all group users in the first group; then it generates first group configuration information based on the blockchain user identifiers of all group users in the first group and the first group communication key; and sends the first group configuration information to the smart contract execution node.
[0009] The group creation request includes the blockchain user identifiers of other group users in the first group. These other group users are those in the first group other than the first terminal. This allows the first group's configuration information to be stored on the blockchain based on the group creation request, and other group users can retrieve this configuration information from the blockchain. The first group's configuration information includes a first group communication key, which each group user can obtain and use to encrypt and decrypt messages, enabling multi-user communication. Existing end-to-end encryption methods only support communication between two users; the message processing method in this application provides end-to-end communication for more users.
[0010] In conjunction with the preceding possible implementation, another possible implementation of the message processing method of this application further includes: after receiving an update group request sent by the first terminal, the first cloud server sends an update group request to the smart contract execution node; after receiving the public key packet of the target user sent by the smart contract execution node, it generates a second group communication key based on the public key packet of the target user and the public key packets of all group users in the first group; then, it generates second group configuration information based on the blockchain user identifier of the target user, the blockchain user identifiers of all group users in the first group, and the second group communication key; and sends the second group configuration information to the smart contract execution node. The update group request includes the blockchain user identifier of the target user.
[0011] For target users who do not belong to the first group, the communication key of the first group can be updated to the communication key of the second group based on the public key package of the target user, and the blockchain user identifier of the target user and the communication key of the second group can be stored on the blockchain.
[0012] In another possible implementation, before the first cloud server receives the message sent by the first terminal, the message processing method of this application further includes: after receiving the first registration request sent by the first terminal, the first cloud server sends the first registration request to the smart contract execution node; after receiving the blockchain user identifier of the first terminal sent by the smart contract execution node, it sends the blockchain user identifier of the first terminal to the first terminal; and the first cloud server receives the second registration request sent by the first terminal; sends the end-to-end user identifier of the first terminal to the first terminal according to the second registration request; stores identity association data; and after obtaining the public key package of the first terminal, sends the identity association data and the public key package of the first terminal to the smart contract execution node. The identity association data includes the correspondence between the end-to-end user identifier of the first terminal and the blockchain user identifier of the first terminal. This provides a method for registering end-to-end users and blockchain users, and also provides a method for binding end-to-end user identifiers and blockchain user identifiers.
[0013] The second aspect provides a message processing method. The communication system used in this method includes a blockchain network, a second cloud server, and a second terminal. The method includes: the second cloud server receiving a query message request sent by the second terminal, and then sending the query message request to a smart contract execution node; receiving a second set of group configuration information sent by the smart contract execution node, and then determining, in the second set of group configuration information, a first group configuration information including the blockchain user identifier of the second terminal, and in the encrypted messages sent by the smart contract execution node, the encrypted message corresponding to the first group configuration information; obtaining the private key of the second terminal, and then decrypting the encrypted message corresponding to the first group configuration information according to the private key of the second terminal; and finally sending the decrypted message to the second terminal.
[0014] After the first terminal uploads a message, other terminals in the first group (such as the second terminal) can query and decrypt the messages in the first group through the second cloud server, thus completing end-to-end communication. Messages are encrypted during end-to-end communication, thus ensuring the security of message transmission. The end-to-end communication method of this application can be applied to multiple users in a group, expanding the application scenarios of end-to-end encryption.
[0015] The third aspect provides a message processing method, which includes: after receiving a message sent by a first terminal, a first cloud server sends a query configuration information request to a smart contract execution node according to the message; after determining the smart contract corresponding to the smart contract identifier carried in the query configuration information request, the smart contract execution node obtains a first group configuration information set according to the smart contract; after receiving the first group configuration information set sent by the smart contract execution node, the first cloud server obtains the blockchain user identifier of the first terminal, and then selects the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set; encrypts the message using the first group communication key in the first group configuration information; then sends the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution node; and the smart contract execution node stores the encrypted message and the blockchain user identifier of the first terminal on the blockchain according to the smart contract.
[0016] After the first terminal sends a message, the message is encrypted by the first cloud server and processed by a smart contract before being stored in the blockchain. Because the smart contract execution nodes are distributed, even if one or more smart contract execution nodes fail, the message still exists in the blockchain, thus improving the reliability of message storage. Other terminals can query the blockchain and receive messages from it, which further improves the reliability of message transmission.
[0017] In one possible implementation, after the smart contract execution node stores the encrypted message and the blockchain user identifier of the first terminal on the blockchain according to the smart contract, the message processing method further includes: after receiving a query message request sent by the second terminal, the second cloud server sends a query message request to the smart contract execution node; the smart contract execution node obtains the second group configuration information set and the encrypted information corresponding to each group configuration information in the second group configuration information set according to the query message request; then the second cloud server receives the second group configuration information set and the encrypted message corresponding to each group configuration information in the second group configuration information set sent by the smart contract execution node, determines the first group configuration information corresponding to the blockchain user identifier of the second terminal in the second group configuration information set, and determines the encrypted message corresponding to the first group configuration information in the encrypted message sent by the smart contract execution node; after obtaining the private key of the second terminal, the second cloud server decrypts the encrypted message corresponding to the first group configuration information according to the private key of the second terminal, and then sends the decrypted message to the second terminal. The second terminal and the first terminal belong to the first group. After the first terminal uploads the message, other terminals in the first group (such as the second terminal) can query and decrypt the messages of the first group, thereby completing end-to-end communication. Messages are encrypted during end-to-end communication, thus ensuring the security of message transmission.
[0018] The steps and beneficial effects of the first cloud server in the third aspect can be found in the relevant records in the first aspect.
[0019] The fourth aspect provides a message processing method. The communication system used in this method includes a blockchain network and terminals. The blockchain network includes multiple smart contract execution nodes. The message processing method includes: after a first terminal sends a query configuration information request to a smart contract execution node, the smart contract execution node determines the smart contract corresponding to the smart contract identifier carried in the query configuration information request; obtaining a first group configuration information set according to the smart contract; after the first terminal receives the first group configuration information set sent by the smart contract execution node, the first terminal obtains its blockchain user identifier; selecting first group configuration information corresponding to the first terminal's blockchain user identifier from the first group configuration information set; encrypting the message using the first group communication key in the first group configuration information; sending the encrypted message and the first terminal's blockchain user identifier to the smart contract execution node; and then the smart contract execution node stores the encrypted message and the first terminal's blockchain user identifier on the blockchain according to the smart contract.
[0020] In this manner, after the first terminal encrypts the message, it can store the encrypted message in the blockchain. After the first terminal uploads the message, other terminals in the first group (such as the second terminal) can query and decrypt the messages of the first group from the blockchain, thus completing end-to-end communication. Because the smart contract execution nodes are distributed, even if one or more smart contract execution nodes fail, the message still exists in the blockchain, thereby improving the reliability of message storage and transmission.
[0021] In one possible implementation, the message processing method further includes: a second terminal sending a query message request to a smart contract execution node, the second terminal and the first terminal belonging to a first group; the smart contract execution node obtaining the second group configuration information set and the encrypted information corresponding to each group configuration information in the second group configuration information set according to the query message request; after receiving the second group configuration information set and the encrypted messages corresponding to each group configuration information in the second group configuration information set sent by the smart contract execution node, the second terminal determines the first group configuration information corresponding to the blockchain user identifier of the second terminal in the second group configuration information set; determines the encrypted message corresponding to the first group configuration information in the encrypted messages sent by the smart contract execution node; and decrypts the encrypted message corresponding to the first group configuration information according to the private key of the second terminal.
[0022] After the first terminal uploads a message, other terminals in the first group (such as the second terminal) can query and decrypt the messages in the first group, thus completing end-to-end communication. Messages are encrypted during end-to-end communication, thus ensuring the security of message transmission. The end-to-end communication method of this application can be applied to multiple users in a group, expanding the application scenarios of end-to-end encryption.
[0023] In another possible implementation, before the first terminal sends a request to query configuration information to the smart contract execution node, the message processing method of this application further includes: the first terminal sending a group creation request to the smart contract execution node; the smart contract execution node obtaining the public key packets of other group users from the blockchain based on the blockchain user identifiers of other group users carried in the group creation request; after receiving the public key packets of other group users sent by the smart contract execution node, the first terminal generating a first group communication key based on the public key packets of all group users in the first group; generating first group configuration information based on the blockchain user identifiers of all group users in the first group and the first group communication key; sending the first group configuration information to the smart contract execution node; and then the smart contract execution node writing the first group configuration information into the blockchain.
[0024] The first group configuration information includes a first group communication key. Each user in the first group can obtain the first group communication key and then use it to encrypt and decrypt messages, thus enabling multi-user communication. Existing end-to-end encryption methods only support communication between two users, while the message processing method in this application can provide end-to-end communication for more users.
[0025] In conjunction with the first possible implementation, another possible implementation further includes the following message processing method: A first terminal sends an update group request to the smart contract execution node. The update group request includes the target user's blockchain user identifier. The smart contract execution node obtains the target user's public key packet based on the target user's blockchain user identifier. After receiving the target user's public key packet from the smart contract execution node, the first terminal generates a second group communication key based on the target user's public key packet and the public key packets of all group users in the first group. Second group configuration information is generated based on the target user's blockchain user identifier, the blockchain user identifiers of all group users in the first group, and the second group communication key. The second group configuration information is sent to the smart contract execution node. Then, the smart contract execution node writes the second group configuration information to the blockchain. The target user does not belong to the first group.
[0026] For target users who do not belong to the first group, the communication key of the first group can be updated to the communication key of the second group based on the public key package of the target user, and the blockchain user identifier of the target user and the communication key of the second group can be stored on the blockchain.
[0027] The fifth aspect provides a cloud server, which includes a receiving module, a processing module, and a sending module; the receiving module is used to receive messages sent by a first terminal; the sending module is used to send a query configuration information request to a smart contract execution node according to the message; the receiving module is also used to receive a first group configuration information set sent by the smart contract execution node; the processing module is used to obtain the blockchain user identifier of the first terminal; select the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set; encrypt the message using the first group communication key in the first group configuration information; the sending module is also used to send the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution node.
[0028] In another possible implementation, the receiving module is further configured to receive a group creation request sent by the first terminal, the group creation request including the blockchain user identifiers of other group users in the first group; the sending module is further configured to send the group creation request to the smart contract execution node; the receiving module is further configured to receive the public key packets of other group users sent by the smart contract execution node; the processing module is further configured to generate a first group communication key based on the public key packets of all group users in the first group; generate first group configuration information based on the blockchain user identifiers of all group users in the first group and the first group communication key; and the sending module is further configured to send the first group configuration information to the smart contract execution node.
[0029] In another possible implementation, the receiving module is further configured to receive an update group request sent by the first terminal, and the sending module is further configured to send the update group request to the smart contract execution node; the receiving module is further configured to receive the public key packet of the target user sent by the smart contract execution node; the processing module is further configured to generate a second group communication key based on the public key packet of the target user and the public key packets of all group users in the first group; generate second group configuration information based on the blockchain user identifier of the target user, the blockchain user identifiers of all group users in the first group, and the second group communication key; and the sending module is further configured to send the second group configuration information to the smart contract execution node.
[0030] In another possible implementation, the receiving module is further configured to receive a first registration request sent by the first terminal; the sending module is further configured to send the first registration request to the smart contract execution node; the receiving module is further configured to receive the blockchain user identifier of the first terminal sent by the smart contract execution node; the sending module is further configured to send the blockchain user identifier of the first terminal to the first terminal; the receiving module is further configured to receive a second registration request sent by the first terminal; the sending module is further configured to send the end-to-end user identifier of the first terminal to the first terminal; the processing module is further configured to store identity association data, which includes the correspondence between the end-to-end user identifier of the first terminal and the blockchain user identifier of the first terminal; obtain the public key package of the first terminal; and the sending module is further configured to send the identity association data and the public key package of the first terminal to the smart contract execution node.
[0031] For the steps, definitions, and beneficial effects of each module in the fifth aspect, please refer to the corresponding descriptions in the first aspect.
[0032] A sixth aspect provides a cloud server comprising a receiving module, a processing module, and a sending module. The receiving module is used to receive a query message request sent by a second terminal, and the sending module is also used to send a query message request to a smart contract execution node. The receiving module is also used to receive a second set of group configuration information sent by the smart contract execution node, and an encrypted message corresponding to each group configuration information in the second set of group configuration information. The processing module is also used to determine a first set of group configuration information including the blockchain user identifier of the second terminal in the second set of group configuration information; determine the encrypted message corresponding to the first set of group configuration information in the encrypted messages sent by the smart contract execution node; obtain the private key of the second terminal; decrypt the encrypted message corresponding to the first set of group configuration information according to the private key of the second terminal; and the sending module is also used to send the decrypted message to the second terminal.
[0033] For the steps, definitions, and beneficial effects of each module in the sixth aspect, please refer to the corresponding descriptions in the second aspect.
[0034] A seventh aspect provides a communication system comprising a first terminal, a first cloud server, and a smart contract execution node; the first terminal is used to send a message to the first cloud server; the first cloud server is used to send a query configuration information request to the smart contract execution node according to the message sent by the first terminal; the smart contract execution node is used to determine the smart contract corresponding to the smart contract identifier carried in the query configuration information request; obtain a first group configuration information set according to the smart contract; the first cloud server is also used to receive the first group configuration information set sent by the smart contract execution node; obtain the blockchain user identifier of the first terminal; select the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set; encrypt the message using the first group communication key in the first group configuration information; send the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution node; the smart contract execution node is also used to store the encrypted message and the blockchain user identifier of the first terminal on the blockchain according to the smart contract.
[0035] In one possible implementation, the communication system further includes a second terminal and a second cloud server. The second terminal is used to send a query message request to the second cloud server. The second cloud server is also used to send a query message request to a smart contract execution node. The smart contract execution node is used to obtain, according to the query message request, a second group configuration information set and encrypted information corresponding to each group configuration information in the second group configuration information set. The second cloud server is also used to receive the second group configuration information set and encrypted messages corresponding to each group configuration information in the second group configuration information set sent by the smart contract execution node; determine the first group configuration information corresponding to the blockchain user identifier of the second terminal in the second group configuration information set; determine the encrypted message corresponding to the first group configuration information in the encrypted messages sent by the smart contract execution node; obtain the private key of the second terminal; decrypt the encrypted message corresponding to the first group configuration information according to the private key of the second terminal; and send the decrypted message to the second terminal.
[0036] In another possible implementation, the first cloud server is further configured to receive a group creation request sent by the first terminal, the group creation request including the blockchain user identifiers of other group users in the first group; send the group creation request to the smart contract execution node; the smart contract execution node is configured to obtain the public key packets of other group users from the blockchain according to the group creation request; the first cloud server is further configured to receive the public key packets of other group users sent by the smart contract execution node; generate a first group communication key based on the public key packets of all group users in the first group; generate first group configuration information based on the blockchain user identifiers of all group users in the first group and the first group communication key; send the first group configuration information to the smart contract execution node; and the smart contract execution node is further configured to write the first group configuration information into the blockchain.
[0037] In another possible implementation, the first cloud server is further configured to receive an update group request sent by the first terminal; send an update group request to the smart contract execution node; the smart contract execution node is further configured to obtain the public key package of the target user based on the target user's blockchain user identifier; the first cloud server is further configured to receive the public key package of the target user sent by the smart contract execution node; generate a second group communication key based on the target user's public key package and the public key packages of all group users in the first group; generate second group configuration information based on the target user's blockchain user identifier, the blockchain user identifiers of all group users in the first group, and the second group communication key; send the second group configuration information to the smart contract execution node; and the smart contract execution node is further configured to write the second group configuration information into the blockchain.
[0038] In another possible implementation, the first cloud server is further configured to receive a first registration request sent by the first terminal; send the first registration request to the smart contract execution node; the smart contract execution node is further configured to generate a blockchain user identifier for the first terminal based on the first registration request; the first cloud server is further configured to receive the blockchain user identifier for the first terminal sent by the smart contract execution node; send the blockchain user identifier for the first terminal to the first terminal; receive a second registration request sent by the first terminal; send the end-to-end user identifier for the first terminal to the first terminal; store identity association data; obtain the public key package of the first terminal; send the identity association data and the public key package of the first terminal to the smart contract execution node; and the smart contract execution node is further configured to write the identity association data and the public key package of the first terminal into the blockchain.
[0039] For the steps executed by each terminal, each cloud server, and each smart contract execution node in the seventh aspect, as well as the explanation of terms and the beneficial effects, please refer to the corresponding descriptions in the third aspect.
[0040] An eighth aspect provides a communication system comprising a blockchain network and a first terminal. The blockchain network includes multiple smart contract execution nodes. The first terminal is configured to send a query configuration information request to the smart contract execution nodes. The smart contract execution nodes are configured to determine the smart contract corresponding to the smart contract identifier carried in the query configuration information request; obtain a first group configuration information set according to the smart contract; the first terminal is further configured to receive the first group configuration information set sent by the smart contract execution nodes; obtain the blockchain user identifier of the first terminal; select the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set; encrypt the message using the first group communication key in the first group configuration information; send the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution nodes; and the smart contract execution nodes are further configured to store the encrypted message and the blockchain user identifier of the first terminal on the blockchain according to the smart contract.
[0041] In one possible implementation, the communication system further includes a second terminal, which is used to send a query message request to the smart contract execution node. The smart contract execution node is also used to obtain, based on the query message request, a second group configuration information set and encrypted information corresponding to each group configuration information in the second group configuration information set. The second terminal is also used to receive the second group configuration information set sent by the smart contract execution node and encrypted messages corresponding to each group configuration information in the second group configuration information set; determine, from the second group configuration information set, the first group configuration information corresponding to the blockchain user identifier of the second terminal; determine, from the encrypted messages sent by the smart contract execution node, the encrypted message corresponding to the first group configuration information; and decrypt the encrypted message corresponding to the first group configuration information using the private key of the second terminal. The second terminal and the first terminal belong to the first group.
[0042] In another possible implementation, the first terminal is further configured to send a group creation request to the smart contract execution node, the group creation request including the blockchain user identifiers of other group users in the first group; the smart contract execution node is further configured to obtain the public key packets of other group users from the blockchain based on the blockchain user identifiers of other group users; the first terminal is further configured to receive the public key packets of other group users sent by the smart contract execution node; generate a first group communication key based on the public key packets of all group users in the first group; generate first group configuration information based on the blockchain user identifiers of all group users in the first group and the first group communication key; send the first group configuration information to the smart contract execution node; and the smart contract execution node is further configured to write the first group configuration information into the blockchain.
[0043] In another possible implementation, the first terminal is further configured to send an update group request to the smart contract execution node, the update group request including the blockchain user identifier of the target user; the smart contract execution node is further configured to obtain the public key package of the target user based on the blockchain user identifier of the target user; the first terminal is further configured to receive the public key package of the target user sent by the smart contract execution node; generate a second group communication key based on the public key package of the target user and the public key packages of all group users in the first group; generate second group configuration information based on the blockchain user identifier of the target user, the blockchain user identifiers of all group users in the first group, and the second group communication key; send the second group configuration information to the smart contract execution node; and the smart contract execution node is further configured to write the second group configuration information into the blockchain.
[0044] For the steps executed by each terminal in the eighth aspect, as well as the steps executed by the smart contract execution node, explanations of terms, and beneficial effects, please refer to the corresponding descriptions in the fourth aspect.
[0045] A ninth aspect provides a computing device cluster including at least one computing device, each computing device including a processor and a memory; the processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the computing device cluster to perform the method as described in the first aspect, the second aspect, or the third aspect.
[0046] A tenth aspect provides a computing device cluster including at least one computing device, each computing device including a processor and a memory; the processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the computing device cluster to perform the method as described in the fourth aspect.
[0047] The eleventh aspect provides a computer-readable storage medium including computer program instructions that, when executed by a cluster of computing devices, perform the methods described in the first, second, third, or fourth aspects.
[0048] The twelfth aspect provides a computer program product containing instructions that, when run by a cluster of computing devices, cause the cluster of computing devices to perform the methods described in the first, second, third, or fourth aspects.
[0049] The thirteenth aspect provides a chip system including at least one processor coupled to a memory for storing computer programs or instructions, and the processor for executing the computer programs or instructions to implement the methods of the first, second, third, or fourth aspects described above. Attached Figure Description
[0050] Figure 1 This is a schematic diagram of an end-to-end communication scenario in an embodiment of this application;
[0051] Figure 2 This is another schematic diagram of an end-to-end communication scenario in the embodiments of this application;
[0052] Figure 3 This is a signaling interaction diagram for sending messages in an embodiment of this application;
[0053] Figure 4 This is a signaling interaction diagram of receiving messages in an embodiment of this application;
[0054] Figure 5 This is a signaling interaction diagram illustrating the use of blockchain to store group configuration information in this application embodiment;
[0055] Figure 6 This is a signaling interaction diagram for updating the group configuration information of the blockchain in this embodiment of the application;
[0056] Figure 7 This is a signaling interaction diagram for user registration in an embodiment of this application;
[0057] Figure 8 This is another schematic diagram of an end-to-end communication scenario in the embodiments of this application;
[0058] Figure 9 This is another schematic diagram of an end-to-end communication scenario in the embodiments of this application;
[0059] Figure 10 This is a signaling interaction diagram for sending messages in an embodiment of this application;
[0060] Figure 11 This is a signaling interaction diagram of receiving messages in an embodiment of this application;
[0061] Figure 12 This is a structural diagram of a cloud server in an embodiment of this application;
[0062] Figure 13 This is a schematic diagram of a communication system in an embodiment of this application;
[0063] Figure 14 This is a structural diagram of a terminal in an embodiment of this application;
[0064] Figure 15 This is another schematic diagram of the communication system in the embodiments of this application;
[0065] Figure 16 This is another structural diagram of the computing device in the embodiments of this application;
[0066] Figure 17This is a structural diagram of a computing device cluster in an embodiment of this application;
[0067] Figure 18 This is another structural diagram of the computing device cluster in the embodiments of this application. Detailed Implementation
[0068] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. The terminology used in the following embodiments is for the purpose of describing specific embodiments only and is not intended to be a limitation of this application. As used in the specification and appended claims of this application, the singular expressions "a," "an," "the," "the," "the," and "this" are intended to also include expressions such as "one or more," unless the context clearly indicates otherwise. It should also be understood that in the embodiments of this application, "one or more" refers to one, two, or more; "and / or" describes the relationship between related objects, indicating that three relationships may exist; for example, A and / or B can represent: A alone, A and B simultaneously, or B alone, where A and B can be singular or plural. The character " / " generally indicates that the preceding and following related objects are in an "or" relationship.
[0069] References to "one embodiment" or "some embodiments" as described in this specification mean that one or more embodiments of this application include a specific feature, structure, or characteristic described in connection with that embodiment. Therefore, the phrases "in one embodiment," "in some embodiments," "in other embodiments," "in still other embodiments," etc., appearing in different parts of this specification do not necessarily refer to the same embodiment, but rather mean "one or more, but not all, embodiments," unless otherwise specifically emphasized. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless otherwise specifically emphasized.
[0070] The "multiple" mentioned in the embodiments of this application refers to two or more. It should be noted that in the description of the embodiments of this application, terms such as "first" and "second" are used only for the purpose of distinguishing descriptions and should not be construed as indicating or implying relative importance, nor should they be construed as indicating or implying order.
[0071] Blockchain technology is a decentralized architecture and computing paradigm that uses a block-chain data structure to verify and store data, uses distributed node consensus algorithms to generate and update data, uses cryptography to ensure the security of data transmission and access, and uses smart contracts composed of automated script code to program and manipulate data.
[0072] The communication method described in this application can be applied to a communication system that includes a terminal and a blockchain network, and the communication system may also include a cloud server. The terminal is also referred to as a terminal device.
[0073] See Figure 1 In one embodiment, the communication system includes terminal 101, terminal 102, terminal 103, the Internet 110, a cloud service system 120, and a blockchain network 130. Terminals 101, 102, and 103 are connected to the Internet 110. The cloud service system 120 is connected to both the Internet 110 and the blockchain network 130. The cloud service system 120 includes multiple cloud servers, and each terminal has a corresponding cloud server. For example, in the cloud server system 120, terminal 101 corresponds to cloud server 121, and terminal 102 corresponds to cloud server 122.
[0074] Each cloud server can be configured with an end-to-end encryption component, which includes one or more of the following modules: communication module, identity management module, key management module, database, encryption / decryption module, and group management module.
[0075] The communication module is used for end-to-end encrypted communication between the terminal and the cloud server, and for communication between the cloud server's end-to-end encrypted component and the blockchain's smart contract execution node.
[0076] The identity management module manages end-to-end user identifiers for one or more terminals. End-to-end user identifiers can be, but are not limited to, accounts for communication programs. When the end-to-end encryption component is shared as a blockchain plugin, it is also responsible for managing user on-chain identities.
[0077] The key management module is used to manage the end-to-end keys of the terminal, including key generation and updates.
[0078] The database is used to store decrypted messages and to provide storage services for other modules, such as storing group structure information in the group management module.
[0079] The encryption / decryption module is used to encrypt and decrypt information.
[0080] The group management module is used to manage groups, including creating groups and adding or deleting group members.
[0081] Blockchain network 130 includes smart contract execution nodes 131, 132, and 133. A smart contract execution node is a blockchain node that has deployed and can execute smart contracts. Each smart contract execution node stores smart contracts, the blockchain ledger, and encrypted messages. A smart contract is a "computer transaction protocol for executing contract terms." All users on the blockchain can see the blockchain-based smart contracts. Smart contracts enable on-chain interaction logic for end-to-end communication; based on end-to-end encrypted business logic, after verifying the user's identity, they automatically return corresponding information according to the business logic.
[0082] It should be understood that the number of terminals, cloud servers, and smart contract execution nodes in the blockchain network 130 in this communication system are not limited to the examples above.
[0083] The following describes the message transmission process between terminal 101 and terminal 102. (See attached document.) Figure 2 In one embodiment, the message transmission method includes:
[0084] Step 201: Terminal 101 sends the message to cloud server 121.
[0085] Step 202: Cloud server 121 encrypts the message. Specifically, the encryption / decryption module in the end-to-end encryption component of cloud server 120 encrypts the message.
[0086] Step 203: Cloud server 121 sends the encrypted message to blockchain network 130.
[0087] Specifically, cloud server 121 sends the encrypted message to any smart contract execution node in blockchain network 130. This smart contract execution node can then broadcast the encrypted message to all smart contract execution nodes in blockchain network 130, and all smart contract execution nodes store the encrypted message.
[0088] Step 204: Terminal 102 sends a query message request to cloud server 122.
[0089] Step 205: Cloud server 122 obtains encrypted messages from blockchain network 130 according to the query message request.
[0090] Step 206: Cloud server 122 decrypts the encrypted message. Specifically, the encryption / decryption module in the end-to-end encryption component of cloud server 122 decrypts the encrypted message.
[0091] Step 207: Cloud server 122 sends the message to terminal 102.
[0092] Because the smart contract execution nodes of blockchain network 130 are distributed nodes, even if one or more smart contract execution nodes fail, other smart contract execution nodes can still execute smart contracts and transmit encrypted messages, thus improving the reliability of message storage and transmission.
[0093] It should be noted that the end-to-end encryption component can be integrated into a software development kit (SDK) for secondary encapsulation and application development; alternatively, it can be used as a standalone optional plugin on the blockchain, verifying the identities of different users before being used by multiple users. When the end-to-end encryption component is used as a software module of a terminal, the terminal can directly communicate with the smart contract execution nodes of the blockchain network. The signaling interaction between the terminal and the smart contract execution nodes during message processing is similar to the signaling interaction between the cloud server and the smart contract execution nodes in this application, and will not be elaborated further here.
[0094] The message processing method of this application is described in detail below. Please refer to [link / reference]. Figure 3 In one embodiment, the message processing method of this application includes:
[0095] Step 301: The first terminal sends the message to the first cloud server.
[0096] In this embodiment, a communication connection is established between the first terminal, the first cloud server, and the blockchain network. This communication connection can be, but is not limited to, a Google Remote Procedure Call (GRPC) connection.
[0097] It should be understood that the first terminal can also send its own blockchain user identifier or end-to-end user identifier, and the first cloud server will perform authentication based on the first terminal's blockchain user identifier or end-to-end user identifier. The first terminal can be any terminal that has both an end-to-end user identifier and a blockchain user identifier.
[0098] Step 302: The first cloud server sends the request to query configuration information to the smart contract execution node based on the message.
[0099] Step 303: The smart contract execution node determines the smart contract corresponding to the blockchain user identifier of the first terminal based on the smart contract identifier carried in the query configuration information request.
[0100] Step 304: The smart contract execution node obtains the first group configuration information set according to the smart contract.
[0101] Specifically, the configuration information query request includes a smart contract identifier. The smart contract execution node determines the smart contract based on the smart contract identifier and obtains the first group of configuration information sets based on the smart contract. After obtaining the first group of configuration information sets, the smart contract execution node sends the first group of configuration information sets to the first terminal.
[0102] Step 305: The first cloud server receives the first set of group configuration information sent by the smart contract execution node.
[0103] Step 306: The first cloud server obtains the blockchain user identifier of the first terminal.
[0104] Optionally, the first cloud server retrieves the blockchain user identifier of the first terminal from locally stored blockchain user identifiers. Alternatively, the terminal sends its first blockchain user identifier along with the message, and the first cloud server receives the blockchain user identifier sent by the first terminal.
[0105] Step 307: The first cloud server selects the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set.
[0106] The first group configuration information set may include all currently stored group configuration information, and each group configuration information includes the group communication key and the blockchain user identifier of the group user.
[0107] Step 308: The first cloud server encrypts the message using the first group communication key in the first group configuration information.
[0108] It should be noted that the encryption and decryption algorithm in this application is an asymmetric encryption algorithm. The first group communication key is generated based on the public key packet of the group users, and the private key for decrypting the message is the private key of the group users.
[0109] Step 309: The first cloud server sends the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution node.
[0110] Step 310: The smart contract execution node stores the encrypted message and the blockchain user identifier of the first terminal on the blockchain according to the smart contract. The encrypted message and the blockchain user identifier of the first terminal can be bound to identify the blockchain user of the first terminal as the sender of the message.
[0111] In this embodiment, the first cloud server can encrypt the message sent by the terminal and then send the encrypted message to the smart contract execution node, which will then store the encrypted message on the blockchain. Since the smart contract execution nodes in the blockchain network are distributed nodes, even if one or more smart contract execution nodes fail, the encrypted message will still be stored in the blockchain, thereby improving the security of the stored message.
[0112] The following describes the process of a terminal receiving messages. Please refer to [link / reference]. Figure 4 In one optional embodiment, the message processing method of this application further includes:
[0113] Step 401: The second terminal sends a query message request to the second cloud server.
[0114] Step 402: The second cloud server sends a query message request to the smart contract execution node.
[0115] In this application, the first terminal and the second terminal belong to the first group. Alternatively, the blockchain users of the first terminal and the blockchain users of the second terminal belong to the first group.
[0116] Step 403: The smart contract execution node obtains the second group configuration information set and the encrypted information corresponding to each group configuration information in the second group configuration information set according to the query message request.
[0117] Specifically, the query message request includes a smart contract identifier. The smart contract execution node determines the smart contract based on the smart contract identifier in the query message request, and obtains the encrypted information corresponding to each group configuration information in the second group configuration information set based on the smart contract. The second group configuration information set may include all group configuration information stored at the current time.
[0118] Step 404: The smart contract execution node sends the encrypted message corresponding to each group configuration information in the second group configuration information set to the second cloud server.
[0119] Step 405: The second cloud server determines the first group configuration information, including the blockchain user identifier of the second terminal, from the second group configuration information set.
[0120] Step 406: The second cloud server determines the encrypted message corresponding to the first group configuration information from the encrypted message sent by the smart contract execution node.
[0121] Step 407: The second cloud server decrypts the encrypted message corresponding to the first group configuration information using the private key of the second terminal. The second cloud server can also store the decrypted message in a local database.
[0122] Step 408: The second cloud server sends the decrypted message to the second terminal. The second terminal displays the decrypted message.
[0123] It should be noted that the first cloud server and the second cloud server can be configured on the same computing device or on different computing devices.
[0124] In this embodiment, after the smart contract execution node stores the encrypted message on the blockchain, the second cloud server can retrieve the encrypted message from the blockchain, decrypt it using the private key of the second terminal, and send the decrypted message to the second terminal, thereby completing the end-to-end message transmission. Since the message is encrypted during the end-to-end communication process, the security of message transmission can be guaranteed.
[0125] Secondly, since the smart contract execution nodes of the blockchain network are distributed nodes, when one or more smart contract execution nodes fail, the encrypted messages are still stored in the blockchain, thereby improving the security of message transmission.
[0126] exist Figure 4 The message processing method shown requires obtaining a group communication key from the blockchain and encrypting the message using the group communication key. This application can generate the group communication key and group configuration information before step 401. The process of generating the group communication key and group configuration information is described below. Figure 5 In another embodiment, the message processing method of this application further includes:
[0127] Step 501: The first terminal sends a group creation request to the first cloud server.
[0128] Step 502: The first cloud server sends a group creation request to the smart contract execution node.
[0129] Step 503: The smart contract execution node obtains the public key packets of other group users from the blockchain according to the group creation request.
[0130] Specifically, the group creation request includes a smart contract identifier and blockchain user identifiers of other group users in the first group. The smart contract execution node determines the smart contract based on the smart contract identifier in the group creation request, and obtains the public key packages of other group users from the blockchain based on the smart contract and the blockchain user identifiers of other group users in the first group. Other group users are group users in the first group other than the first terminal.
[0131] Step 504: The smart contract execution node sends the public key packets of other group users to the first terminal.
[0132] Step 505: The first cloud server generates the first group communication key based on the public key packets of all group users in the first group.
[0133] The first terminal belongs to the first group. The public key packets of all group users in the first group include the public key packet of the first terminal and the public key packets of other group users. The protocol for generating the communication key of the first group based on the public key packets of all group users in the first group can be a message layer security (MLS) protocol or a signal protocol. The signal protocol is also known as a text secure protocol.
[0134] Step 506: The first terminal generates configuration information for the first group based on the blockchain user identifiers of all group users in the first group and the communication key of the first group.
[0135] In one optional embodiment, the configuration information of the first group is shown in Table 1:
[0136]
[0137] Table 1
[0138] It should be understood that the configuration information for the first group, the second group, and other groups in this application is not limited to the examples shown in Table 1, and can be set according to the actual situation. The group user identifier can be, but is not limited to, an end-to-end user identifier.
[0139] Step 507: The first terminal sends the configuration information of the first group to the smart contract execution node.
[0140] Step 508: The smart contract execution node writes the configuration information of the first group into the blockchain.
[0141] Specifically, the smart contract execution node writes the first group configuration information to the blockchain. Writing to the blockchain means that the smart contract execution node sends the first group configuration information to other smart contract execution nodes in the blockchain network, and then all smart contract execution nodes in the blockchain network save the first group configuration information.
[0142] In this embodiment, the first terminal can generate a first group communication key based on the public key packet of all group users in the first group. After encrypting a message using this first group communication key, only the private keys of users in the first group can decrypt the message. The private keys of users who do not belong to the first group cannot decrypt the message, thus ensuring the confidentiality of the transmitted message.
[0143] Secondly, this embodiment provides a method for creating a group and generating group configuration information, based on which messages can be transmitted. Existing end-to-end encryption methods only allow communication between two people, while the message processing method of this application can provide end-to-end communication for more users, expanding the application scenarios of end-to-end encryption.
[0144] After generating the group communication key and group configuration information, other group terminals can send a query configuration information request to the smart contract execution node. Based on the blockchain user identifier carried in the query configuration information request, the terminal's group and group configuration information can be queried in the blockchain.
[0145] Alternatively, the first terminal sends an off-chain notification to the terminal corresponding to the first group via the Internet Protocol (IP) network. After receiving the off-chain notification, other group terminals (such as the second terminal) send a query configuration information request to the smart contract execution node according to the off-chain notification. Based on the blockchain user identifier carried in the query configuration information request, the terminal can query the group it belongs to and the group configuration information in the blockchain.
[0146] This application allows you to add group users after creating a group. The following describes the process of modifying group configuration information after adding group users. Please refer to [link / reference]. Figure 6 In one optional embodiment, the message processing method of this application further includes:
[0147] Step 601: The first terminal sends an update group request to the first cloud server.
[0148] Step 602: The first cloud server sends an update group request to the smart contract execution node.
[0149] Step 603: The smart contract execution node obtains the target user's public key packet based on the update group request.
[0150] Specifically, the update group request includes the target user's blockchain user identifier and smart contract identifier. The smart contract execution node determines the smart contract based on the smart contract identifier in the update group request, and obtains the target user's public key package based on the target user's blockchain user identifier and smart contract identifier in the update group request.
[0151] Step 604: The first cloud server receives the public key packet of the target user sent by the smart contract execution node.
[0152] Step 605: The first cloud server generates a second group communication key based on the public key packet of the target user and the public key packets of all group users in the first group.
[0153] When the public key packets of all group users in the first group are stored in the first terminal, the first terminal can generate the second group communication key based on the public key packet of the target user and the public key packets of all group users in the first group.
[0154] When the public key packets of all group users in the first group are not stored in the first terminal, the first terminal can send a query request for group user keys to the smart contract execution node. The query request for group user keys includes the blockchain user identifier of the group user. After the smart contract execution node obtains the public key packets of all group users in the first group according to the query request for group user keys, it sends the public key packets of all group users in the first group to the first terminal. Then, the first terminal can generate the second group communication key based on the public key packet of the target user and the public key packets of all group users in the first group.
[0155] Step 606: The first cloud server generates the second group configuration information based on the target user's blockchain user identifier, the blockchain user identifiers of all group users in the first group, and the second group communication key.
[0156] It should be understood that the second group configuration information includes the second group communication key, the blockchain user identifier of the target user, and the blockchain user identifiers of all group users in the first group.
[0157] Step 607: The first cloud server sends the second group configuration information to the smart contract execution node.
[0158] Step 608: The smart contract execution node writes the second group configuration information into the blockchain.
[0159] For target users who do not belong to the first group, this embodiment can update the first group communication key to the second group communication key according to the target user's public key packet, and then store the target user's blockchain user identifier and the second group communication key in the blockchain.
[0160] After the second group configuration information is written to the blockchain, the smart contract execution node can retrieve the second group configuration information from the blockchain based on the query message request sent by the target user's terminal. The node then sends the second group configuration information and the encrypted message to the target user's terminal, which decrypts the message using its private key. The process of the target user's terminal querying the message is similar to the process of the second terminal querying the message in steps 401 to 408, and will not be described in detail here.
[0161] This application can authorize all or some users to modify group configuration information. In an optional embodiment, step 607 includes: the first cloud server sending the second group configuration information and the blockchain user identifier of the first terminal to the smart contract execution node; the smart contract execution node determining whether the blockchain user identifier of the first terminal belongs to a preset group administrator user group; if the blockchain user identifier of the first terminal belongs to the preset group administrator user group, step 608 is executed; if the blockchain user identifier of the first terminal does not belong to the preset group administrator user group, step 608 is not executed, and an error message is returned, which is used to notify the user that the modification of group configuration information failed.
[0162] It should be noted that deleting a user from a group in this application is considered as creating a new group. Compared to the original group, the new group does not include the deleted user.
[0163] The message processing method in this application requires the use of a blockchain user identifier and an end-to-end key. Each terminal's end-to-end key includes a public key packet and a private key. The process of a terminal obtaining the blockchain user identifier, end-to-end user identifier, and end-to-end key is described below; please refer to [link / reference]. Figure 7 In another embodiment, the message processing method of this application further includes:
[0164] Step 701: The first terminal sends the first registration request to the first cloud server.
[0165] Step 702: The first cloud server sends the first registration request to the smart contract execution node.
[0166] Step 703: The smart contract execution node generates the blockchain user identifier of the first terminal based on the first registration request.
[0167] Step 704: The first cloud server receives the blockchain user identifier of the first terminal sent by the smart contract execution node.
[0168] Step 705: The first cloud server sends the blockchain user identifier of the first terminal to the first terminal.
[0169] Step 706: The first terminal sends a second registration request to the first cloud server.
[0170] Step 707: The first cloud server generates an end-to-end user identifier for the first terminal based on the second registration request.
[0171] Step 708: The first terminal receives the end-to-end user identifier of the first terminal sent by the first cloud server.
[0172] Step 709: The first cloud server stores identity association data. The identity association data includes the correspondence between the end-to-end user identifier of the first terminal and the blockchain user identifier of the first terminal.
[0173] Step 710: The first cloud server obtains the public key packet of the first terminal.
[0174] In one optional embodiment, the first terminal generates its private key and public key packet according to a key generation algorithm. In another optional embodiment, the first terminal sends a key acquisition request to a key server and receives its private key and public key packet from the key server.
[0175] Step 711: The first cloud server sends the identity association data and the public key package of the first terminal to the smart contract execution node.
[0176] Step 712: The smart contract execution node writes the identity association data and the public key package of the first terminal into the blockchain.
[0177] This embodiment provides a method for registering blockchain users and end-to-end users on the first terminal and obtaining end-to-end keys. Identity association data and the public key package of the first terminal can be stored in the blockchain, so that users can still use the above information to communicate even after changing terminals.
[0178] It should be noted that the operations performed by the smart contract execution node in this application are all based on smart contracts, such as obtaining group configuration information, storing encrypted messages and group configuration information to the blockchain, etc.
[0179] See Figure 8 In another embodiment, the communication system of this application includes terminal 801, terminal 802, terminal 803, Internet 810, and blockchain network 820. Terminals 801, 802, and 803 are connected to Internet 810, and Internet 810 is connected to blockchain network 820. Blockchain network 820 includes smart contract execution nodes 821, 822, and 823. It should be understood that the number of terminals in this communication system and the number of smart contract execution nodes in blockchain network 820 are not limited to the examples above. Each terminal can be configured with an end-to-end encryption component, which is the same as the end-to-end encryption component described above.
[0180] The following describes the message transmission process between terminal 801 and terminal 802. (See attached document.) Figure 9 In one embodiment, the message transmission method includes:
[0181] Step 901: Terminal 801 encrypts the message. Specifically, the encryption / decryption module in the end-to-end encryption component of terminal 801 encrypts the message.
[0182] Step 902: Terminal 801 sends the encrypted message to the smart contract node of blockchain network 820.
[0183] Specifically, terminal 801 sends the encrypted message to any smart contract execution node in the blockchain network 820. This smart contract execution node can then broadcast the encrypted message to all smart contract execution nodes in the blockchain network 820, and all smart contract execution nodes store the encrypted message.
[0184] Step 903: Terminal 802 sends a query message request to the smart contract node of blockchain network 820.
[0185] Step 904: Terminal 802 obtains encrypted messages from blockchain network 820 according to the query message request.
[0186] Step 905: Terminal 802 decrypts the encrypted message. Specifically, the encryption / decryption module in the end-to-end encryption component of terminal 802 decrypts the encrypted message.
[0187] The message processing method of this application does not require a cloud server. The following provides a detailed description of the process by which the terminal and blockchain network execute this message processing method. (See attached document.) Figure 10 In another embodiment, the message processing method of this application includes:
[0188] Step 1001: The first terminal sends a request to the smart contract execution node to query configuration information. The first terminal can be any terminal with a blockchain user identifier.
[0189] Step 1002: The smart contract execution node determines the smart contract corresponding to the smart contract identifier carried in the query configuration information request.
[0190] Step 1003: The smart contract execution node obtains the first group configuration information set according to the smart contract.
[0191] Step 1004: The first terminal receives the first group configuration information set sent by the smart contract execution node.
[0192] Step 1005: The first terminal obtains the blockchain user identifier of the first terminal.
[0193] Step 1006: The first terminal selects the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set.
[0194] Step 1007: The first terminal encrypts the message using the first group communication key in the first group configuration information.
[0195] Step 1008: The first terminal sends the encrypted message and the first terminal's blockchain user identifier to the smart contract execution node.
[0196] Step 1009: The smart contract execution node stores the encrypted message and the blockchain user identifier of the first terminal on the blockchain according to the smart contract.
[0197] In this embodiment, after the first terminal encrypts the message, it can store the encrypted message in the blockchain. After the first terminal uploads the message, other terminals in the first group (such as the second terminal) can query and decrypt the messages of the first group from the blockchain, thereby completing end-to-end communication. Since the smart contract execution nodes are distributed, even if one or more smart contract execution nodes fail, the message still exists in the blockchain, thereby improving the reliability of message storage and transmission.
[0198] In another optional embodiment, prior to step 1001, the message processing method of this application further includes:
[0199] The first terminal sends a group creation request to the smart contract execution node. The group creation request includes the blockchain user identifiers of other group users in the first group. The smart contract execution node obtains the public key packets of other group users from the blockchain based on the blockchain user identifiers of other group users. The first terminal receives the public key packets of other group users sent by the smart contract execution node, generates a first group communication key based on the public key packets of all group users in the first group, generates first group configuration information based on the blockchain user identifiers of all group users in the first group and the first group communication key, and sends the first group configuration information to the smart contract execution node. The smart contract execution node writes the first group configuration information into the blockchain.
[0200] In this embodiment, the first group configuration information includes a first group communication key. Each user in the first group can obtain the first group communication key and then use it to encrypt and decrypt messages, thus enabling multi-user communication. Existing end-to-end encryption methods only support communication between two users, while the message processing method of this application can provide end-to-end communication for more users.
[0201] In conjunction with the preceding embodiment, in another optional embodiment, the message processing method of this application further includes:
[0202] The first terminal sends an update group request to the smart contract execution node. The update group request includes the blockchain user identifier of the target user, who does not belong to the first group. The smart contract execution node obtains the public key package of the target user based on the blockchain user identifier. The first terminal receives the public key package of the target user sent by the smart contract execution node, generates a second group communication key based on the public key package of the target user and the public key packages of all group users in the first group, generates second group configuration information based on the blockchain user identifier of the target user, the blockchain user identifiers of all group users in the first group, and the second group communication key, and sends the second group configuration information to the smart contract execution node. The smart contract execution node writes the second group configuration information into the blockchain.
[0203] In this embodiment, for target users who do not belong to the first group, the communication key of the first group can be updated to the communication key of the second group based on the public key package of the target user, and the blockchain user identifier of the target user and the communication key of the second group can be stored in the blockchain.
[0204] See Figure 11 In an optional embodiment, after step 1009, the message processing method of this application further includes:
[0205] Step 1101: The second terminal sends a query message request to the smart contract execution node. The second terminal and the first terminal belong to the first group.
[0206] Step 1102: The smart contract execution node obtains the second group configuration information set and the encrypted information corresponding to each group configuration information in the second group configuration information set according to the query message request.
[0207] Step 1103: The second terminal receives the second group configuration information set sent by the smart contract execution node and the encrypted message corresponding to each group configuration information in the second group configuration information set.
[0208] Step 1104: The second terminal determines the first group configuration information, including the blockchain user identifier of the second terminal, from the second group configuration information set.
[0209] Step 1105: The second terminal determines the encrypted message corresponding to the first group configuration information from the encrypted message sent by the smart contract execution node.
[0210] Step 1106: The second terminal decrypts the encrypted message corresponding to the configuration information of the first group based on the private key of the second terminal.
[0211] In this embodiment, after the first terminal uploads a message, other terminals in the first group (such as the second terminal) can query and decrypt the messages of the first group through the second cloud server, thereby completing end-to-end communication. The messages are encrypted during the end-to-end communication process, thus ensuring the security of message transmission. The end-to-end communication method of this application can be applied to multiple users in a group, expanding the application scenarios of end-to-end encryption.
[0212] See Figure 12 In one embodiment, the cloud server 1200 of this application includes a receiving module 1201, a processing module 1202, and a sending module 1203;
[0213] The receiving module 1201 is used to receive messages sent by the first terminal;
[0214] The sending module 1203 is used to send a query configuration information request to the smart contract execution node. The query configuration information request includes the blockchain user identifier of the first terminal.
[0215] The receiving module 1201 is used to receive a first set of configuration information sent by the smart contract execution node. The first set of configuration information is obtained by the smart contract execution node based on the smart contract identifier requested in the configuration information query request.
[0216] Processing module 1202 is used to obtain the blockchain user identifier of the first terminal; select the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set; and encrypt the message using the first group communication key in the first group configuration information.
[0217] The sending module 1203 is also used to send encrypted messages and the blockchain user identifier of the first terminal to the smart contract execution node.
[0218] The receiving module 1201, processing module 1202, and transmitting module 1203 can all be implemented in software or in hardware. For example, the implementation of processing module 1202 will be described below. Similarly, the implementation of receiving module 1201 and transmitting module 1203 can refer to the implementation of processing module 1202.
[0219] As an example of a software functional unit, processing module 1202 may include code running on a computing instance. The computing instance may include at least one of a physical host (computing device), a virtual machine, or a container. Further, the aforementioned computing instance may be one or more. For example, processing module 1202 may include code running on multiple hosts / virtual machines / containers. It should be noted that the multiple hosts / virtual machines / containers used to run the code may be distributed in the same region or in different regions. Further, the multiple hosts / virtual machines / containers used to run the code may be distributed in the same availability zone (AZ) or in different AZs, each AZ including one or more geographically proximate data centers. Typically, a region may include multiple AZs.
[0220] Similarly, multiple hosts / virtual machines / containers used to run this code can be distributed within the same Virtual Private Cloud (VPC) or across multiple VPCs. Typically, a VPC is set up within a region. Communication between two VPCs within the same region, as well as between VPCs in different regions, requires a communication gateway to be set up within each VPC to enable interconnection between VPCs.
[0221] As an example of a hardware functional unit, the processing module 1202 may include at least one computing device, such as a server. Alternatively, the processing module 1202 may also be a device implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD). The PLD may be implemented using a complex programmable logical device (CPLD), a field-programmable gate array (FPGA), generic array logic (GAL), or any combination thereof.
[0222] The processing module 1202 includes multiple computing devices that can be distributed within the same region or in different regions. Similarly, the processing module 1202 can be distributed within the same Availability Zone (AZ) or in different AZs. Likewise, the processing module 1202 can be distributed within the same Virtual Private Cloud (VPC) or in multiple VPCs. These multiple computing devices can be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
[0223] It should be noted that, in other embodiments, the processing module 1202 can be used to perform... Figure 3 The embodiments shown to Figure 7 In the message processing method of the illustrated embodiment, any step executed by the first cloud server or the second cloud server can be performed by the receiving module 1201. Figure 3 The embodiments shown to Figure 7 In the message processing method of the illustrated embodiment, any step executed by the first cloud server or the second cloud server can be performed by the sending module 1203. Figure 3 The illustrated embodiments to Figure 7 In the message processing method of the illustrated embodiment, any step executed by the first cloud server or the second cloud server can be specified as needed by the receiving module 1201, the processing module 1202, and the sending module 1203. Different steps in the message processing method can be implemented by the receiving module 1201, the processing module 1202, and the sending module 1203 to realize all the functions of the first cloud server or the second cloud server.
[0224] This application provides a communication system capable of achieving... Figure 3 The embodiments shown to Figure 7 The message processing method of any one of the embodiments shown. See also... Figure 13 In one embodiment, the communication system of this application includes terminal 101, cloud server 121, terminal 102, cloud server 122 and smart contract execution node 131, with terminal 102 and terminal 101 belonging to a first group;
[0225] Terminal 101 is used to send messages to cloud server 121;
[0226] Cloud server 121 is used to send a query configuration information request to smart contract execution node 131 based on the message sent by terminal 101;
[0227] The smart contract execution node 131 is used to determine the smart contract corresponding to the smart contract identifier carried in the query configuration information request; and to obtain the first group of configuration information sets according to the smart contract.
[0228] The cloud server 121 is also used to receive a first group configuration information set sent by the smart contract execution node 131; obtain the blockchain user identifier of the terminal 101; select the first group configuration information corresponding to the blockchain user identifier of the terminal 101 from the first group configuration information set; encrypt the message using the first group communication key in the first group configuration information; and send the encrypted message and the blockchain user identifier of the terminal 101 to the smart contract execution node 131. The smart contract execution node 131 is also used to store the encrypted message and the blockchain user identifier of the terminal 101 on the blockchain according to the smart contract.
[0229] Terminal 101, cloud server 121, and smart contract execution node 131 can all be implemented in software or hardware. For example, the implementation of cloud server 121 will be described below. Similarly, the implementation of terminal 101 and smart contract execution node 131 can refer to the implementation of cloud server 121.
[0230] As an example of a software functional unit, the cloud server 121 may include code running on a computing instance. The computing instance can be at least one of a physical host (computing device), a virtual machine, a container, or other computing devices. Furthermore, the aforementioned computing devices can be one or more. For example, the cloud server 121 may include code running on multiple hosts / virtual machines / containers. It should be noted that the multiple hosts / virtual machines / containers used to run the application can be distributed in the same region or in different regions. The multiple hosts / virtual machines / containers used to run the code can be distributed in the same Availability Zone (AZ) or in different AZs, each AZ including one data center or multiple geographically proximate data centers. Typically, a region may include multiple AZs.
[0231] Similarly, multiple hosts / virtual machines / containers used to run this code can be distributed within the same VPC or across multiple VPCs. Typically, a VPC is set up within a single region. Communication between two VPCs within the same region, and between VPCs in different regions, requires a communication gateway to be set up within each VPC to enable interconnection between VPCs.
[0232] As an example of a hardware functional unit, the cloud server 121 may include at least one computing device, such as a server. Alternatively, the cloud server 121 may also be a device implemented using an ASIC or a PLD. The aforementioned PLD may be implemented using a CPLD, FPGA, GAL, or any combination thereof.
[0233] The computing devices included in cloud server 121 can be distributed within the same region or in different regions. Similarly, the computing devices included in cloud server 121 can be distributed within the same Availability Zone (AZ) or in different AZs. Likewise, the computing devices included in cloud server 121 can be distributed within the same VPC or across multiple VPCs. These computing devices can be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
[0234] It should be understood that cloud server 121 is capable of achieving... Figures 3 to 7 In the illustrated embodiment, the terminal 101 can perform any step executed by the first cloud server. Figures 3 to 7 In the illustrated embodiment, the cloud server 122 can perform any step executed by the first terminal. Figures 3 to 7 In the illustrated embodiment, the terminal 102 can perform any step executed by the second cloud server. Figures 3 to 7 The illustrated embodiment represents any step executed by the second terminal. The smart contract execution node 131 is capable of implementing... Figures 3 to 7 Any step executed by the smart contract execution node in the illustrated embodiment.
[0235] See Figure 14 In another embodiment, the terminal 1400 of this application includes a receiving module 1401, a processing module 1402 and a sending module 1403;
[0236] The sending module 1403 is used to send a query configuration information request to the smart contract execution node. The query configuration information request includes the blockchain user identifier of the first terminal.
[0237] The receiving module 1401 is used to receive a first set of configuration information sent by the smart contract execution node. The first set of configuration information is obtained by the smart contract execution node based on the smart contract identifier requested in the configuration information query request.
[0238] Processing module 1402 is used to obtain the blockchain user identifier of the first terminal; select the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set; and encrypt the message using the first group communication key in the first group configuration information.
[0239] The sending module 1403 is also used to send encrypted messages and the blockchain user identifier of the first terminal to the smart contract execution node.
[0240] The receiving module 1401, processing module 1402, and transmitting module 1403 can all be implemented in software or in hardware. For example, the implementation of processing module 1402 will be described below. Similarly, the implementation of receiving module 1401 and transmitting module 1403 can refer to the implementation of processing module 1402.
[0241] As an example of a software functional unit, processing module 1402 may include code running on a computing instance. The computing instance may include at least one of a physical host (computing device), a virtual machine, or a container. Further, the aforementioned computing instance may be one or more. For example, processing module 1402 may include code running on multiple hosts / virtual machines / containers. It should be noted that the multiple hosts / virtual machines / containers used to run the code may be distributed within the same region or in different regions. Further, the multiple hosts / virtual machines / containers used to run the code may be distributed within the same availability zone (AZ) or in different AZs, each AZ including one or more geographically proximate data centers. Typically, a region may include multiple AZs.
[0242] Similarly, multiple hosts / virtual machines / containers used to run this code can be distributed within the same Virtual Private Cloud (VPC) or across multiple VPCs. Typically, a VPC is set up within a region. Communication between two VPCs within the same region, as well as between VPCs in different regions, requires a communication gateway to be set up within each VPC to enable interconnection between VPCs.
[0243] As an example of a hardware functional unit, the processing module 1402 may include at least one computing device, such as a server. Alternatively, the processing module 1402 may also be a device implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD). The PLD may be implemented using a complex programmable logical device (CPLD), a field-programmable gate array (FPGA), generic array logic (GAL), or any combination thereof.
[0244] The processing module 1402 includes multiple computing devices that can be distributed within the same region or in different regions. Similarly, the processing module 1402 can be distributed within the same Availability Zone (AZ) or in different AZs. Likewise, the processing module 1402 can be distributed within the same Virtual Private Cloud (VPC) or in multiple VPCs. These multiple computing devices can be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
[0245] It should be noted that, in other embodiments, the processing module 1402 can be used to perform... Figure 9 The embodiments shown to Figure 11 In the message processing method of the illustrated embodiment, any step executed by the first terminal or the second terminal can be performed by the receiving module 1401. Figure 9 The embodiments shown to Figure 11 In the message processing method of the illustrated embodiment, any step executed by the first terminal or the second terminal can be performed by the sending module 1403. Figure 9 The embodiments shown to Figure 11 In the message processing method of the illustrated embodiment, any step executed by the first terminal or the second terminal, the steps implemented by the receiving module 1401, the processing module 1402, and the sending module 1403 can be specified as needed. Different steps in the message processing method are implemented by the receiving module 1401, the processing module 1402, and the sending module 1403 respectively to realize all the functions of the first terminal or the second terminal.
[0246] See Figure 15 In another embodiment, the communication system includes a smart contract execution node 821, a terminal 801 and a terminal 802, with terminal 802 and terminal 801 belonging to a first group;
[0247] Terminal 801 is used to send a request to query configuration information to smart contract execution node 821;
[0248] The smart contract execution node 821 is used to determine the smart contract corresponding to the smart contract identifier carried in the query configuration information request; and to obtain the first group of configuration information sets according to the smart contract.
[0249] Terminal 801 is also used to receive a first group configuration information set sent by smart contract execution node 821; obtain the blockchain user identifier of terminal 801; select the first group configuration information corresponding to the blockchain user identifier of terminal 801 from the first group configuration information set; encrypt the message using the first group communication key in the first group configuration information; and send the encrypted message and the blockchain user identifier of terminal 801 to smart contract execution node 821.
[0250] The smart contract execution node 821 is also used to store encrypted messages and the blockchain user identifier of terminal 801 on the blockchain according to the smart contract.
[0251] In an optional embodiment, terminal 802 is configured to send a query message request to smart contract execution node 821; smart contract execution node 821 is further configured to obtain encrypted information corresponding to each group configuration information in the second group configuration information set and the second group configuration information set according to the query message request; terminal 802 is further configured to receive encrypted messages corresponding to each group configuration information in the second group configuration information set and the second group configuration information set sent by smart contract execution node 821; determine the first group configuration information corresponding to the blockchain user identifier of terminal 802 in the second group configuration information set; determine the encrypted message corresponding to the first group configuration information in the encrypted messages sent by smart contract execution node 821; and decrypt the encrypted message corresponding to the first group configuration information according to the private key of terminal 802.
[0252] In another optional embodiment, terminal 801 is further configured to send a group creation request to smart contract execution node 821, the group creation request including the blockchain user identifiers of other group users in the first group; smart contract execution node 821 is further configured to obtain the public key packets of other group users from the blockchain based on the blockchain user identifiers of other group users; terminal 801 is further configured to receive the public key packets of other group users sent by smart contract execution node 821; generate a first group communication key based on the public key packets of all group users in the first group; generate first group configuration information based on the blockchain user identifiers of all group users in the first group and the first group communication key; send the first group configuration information to smart contract execution node 821; smart contract execution node 821 is further configured to write the first group configuration information into the blockchain.
[0253] In another optional embodiment, terminal 801 is further configured to send an update group request to smart contract execution node 821, the update group request including the blockchain user identifier of the target user; smart contract execution node 821 is further configured to obtain the public key package of the target user based on the blockchain user identifier of the target user; terminal 801 is further configured to receive the public key package of the target user sent by smart contract execution node 821; generate a second group communication key based on the public key package of the target user and the public key packages of all group users in the first group; generate second group configuration information based on the blockchain user identifier of the target user, the blockchain user identifiers of all group users in the first group and the second group communication key; send the second group configuration information to smart contract execution node 821; smart contract execution node 821 is further configured to write the second group configuration information into the blockchain.
[0254] It should be understood that terminal 801 can be used to execute Figure 9 The embodiments shown to Figure 11 In the message processing method of the illustrated embodiment, any step executed by the first terminal can be performed by terminal 802. Figure 9 The embodiments shown to Figure 11 In the message processing method of the illustrated embodiment, any step executed by the second terminal can be performed by the smart contract execution node 821. Figure 9 The embodiments shown to Figure 11 Any step executed by the smart contract execution node in the message processing method of the illustrated embodiment.
[0255] This application also provides a computing device 1600. For example... Figure 16 As shown, the computing device 1600 includes a bus 1602, a processor 1604, a memory 1606, and a communication interface 1608. The processor 1604, the memory 1606, and the communication interface 1608 communicate with each other via the bus 1602. The computing device 1600 can be a server or a terminal device. It should be understood that this application does not limit the number of processors and memories in the computing device 1600.
[0256] The 1602 bus can be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus, etc. Buses can be categorized as address buses, data buses, control buses, etc. For ease of representation, Figure 16 The bus 1604 may be represented by a single line, but this does not mean that there is only one bus or one type of bus. The bus 1604 may include a path for transmitting information between various components of the computing device 1600 (e.g., memory 1606, processor 1604, communication interface 1608).
[0257] Processor 1604 may include any one or more processors such as a central processing unit (CPU), a graphics processing unit (GPU), a microprocessor (MP), or a digital signal processor (DSP).
[0258] The memory 1606 may include volatile memory, such as random access memory (RAM). The processor 1604 may also include non-volatile memory, such as read-only memory (ROM), flash memory, hard disk drive (HDD), or solid state drive (SSD).
[0259] The memory 1606 stores executable program code, which the processor 1604 executes to implement the functions of the aforementioned receiving module, processing module, and sending module, thereby realizing the message processing method. In other words, the memory 1606 stores instructions for executing the message processing method.
[0260] Alternatively, the memory 1606 may store executable code, which the processor 1604 executes to implement the functions of the aforementioned first terminal, cloud server, and smart contract execution node, thereby realizing the message processing method. In other words, the memory 1606 stores instructions for executing the message processing method.
[0261] The communication interface 1603 uses transceiver modules, such as, but not limited to, network interface cards and transceivers, to enable communication between the computing device 1600 and other devices or communication networks.
[0262] This application also provides a computing device cluster. The computing device cluster includes at least one computing device. The computing device can be a server, such as a central server, an edge server, or a local server in a local data center. In some embodiments, the computing device can also be a terminal device such as a desktop computer, a laptop computer, or a smartphone.
[0263] like Figure 17As shown, the computing device cluster includes at least one computing device 1600. The memory 1606 of one or more computing devices 1600 in the computing device cluster may store the same instructions for executing message processing methods.
[0264] In some possible implementations, the memory 1606 of one or more computing devices 1600 in the computing device cluster may also store partial instructions for executing message processing methods. In other words, a combination of one or more computing devices 1600 can jointly execute the instructions for executing message processing methods.
[0265] It should be noted that the memory 1606 in different computing devices 1600 within the computing device cluster can store different instructions, each used to execute a portion of the cloud server's functions. That is, the instructions stored in the memory 1606 of different computing devices 1600 can implement the functions of one or more modules among the receiving module, processing module, and sending module.
[0266] In some possible implementations, one or more computing devices in a computing device cluster can be connected via a network. This network can be a wide area network (WAN), a local area network (LAN), or similar. Figure 18 One possible implementation is shown. For example... Figure 18 As shown, two computing devices 1600A and 1600B are connected via a network. Specifically, they are connected to the network through communication interfaces in each computing device. In this possible implementation, the memory 1606 in computing device 1600A stores instructions for performing the functions of the receiving module. Simultaneously, the memory 1606 in computing device 1600B stores instructions for performing the functions of the processing module and the transmitting module.
[0267] This application also provides a computer program product containing instructions. The computer program product may be a software or program product containing instructions, capable of running on a computing device or stored on any usable medium. When the computer program product is run on at least one computing device, it causes the at least one computing device to perform a message processing method.
[0268] This application also provides a computer-readable storage medium. The computer-readable storage medium can be any usable medium that a computer can store, or a data storage device such as a data center containing one or more usable media. The usable medium can be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid-state drive). The computer-readable storage medium includes instructions that instruct a computer to perform a message processing method.
[0269] This application also provides a chip system comprising a processor and a memory coupled together. The memory stores computer programs or instructions, and the processing unit executes the computer programs or instructions stored in the memory to cause a cloud server to perform the steps executed by the receiving module, processing module, or sending module in the above embodiments, or to cause a terminal to perform the steps executed by the receiving module, processing module, or sending module in the above embodiments. Optionally, the memory is an in-chip memory, such as a register or cache. The memory can also be an external memory located within a site, such as a read-only memory or other types of static storage devices capable of storing static information and instructions, such as random access memory. The processor mentioned above can be a general-purpose central processing unit, a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for implementing the above message processing method.
[0270] The above embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit it. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of this application.
Claims
1. A message processing method characterized by, The communication system used in the method includes a blockchain network, a first cloud server, and a first terminal. The blockchain network includes multiple smart contract execution nodes, and the first terminal belongs to a first group. The method includes: The first cloud server receives the message sent by the first terminal; The first cloud server sends a query configuration information request to the smart contract execution node according to the message, and the query configuration information request includes the smart contract identifier; The first cloud server receives a first group configuration information set sent by the smart contract execution node. The first group configuration information set is obtained by the smart contract execution node based on the smart contract identifier carried in the query configuration information request. The first cloud server obtains the blockchain user identifier of the first terminal; The first cloud server selects the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set. The first group configuration information includes the blockchain user identifier of the group user in the first group and the first group communication key. The first group communication key is generated based on the public key package of all group users in the first group. The first cloud server uses the first group communication key in the first group configuration information to encrypt the message; The first cloud server sends the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution node.
2. The method of claim 1, wherein, Before the first cloud server receives the message sent by the first terminal, the method further includes: The first cloud server receives a group creation request sent by the first terminal. The group creation request includes the blockchain user identifiers of other group users in the first group. The other group users are group users in the first group other than the first terminal. The first cloud server sends the group creation request to the smart contract execution node; The first cloud server receives the public key packets of other group users sent by the smart contract execution node; The first cloud server generates a first group communication key based on the public key packets of all group users in the first group; The first cloud server generates first group configuration information based on the blockchain user identifiers of all group users in the first group and the communication key of the first group. The first cloud server sends the first group configuration information to the smart contract execution node.
3. The method according to claim 2, characterized in that, The method further includes: The first cloud server receives an update group request sent by the first terminal. The update group request includes the blockchain user identifier of the target user, and the target user does not belong to the first group. The first cloud server sends the update group request to the smart contract execution node; The first cloud server receives the public key packet of the target user sent by the smart contract execution node; The first cloud server generates a second group communication key based on the public key packet of the target user and the public key packets of all group users in the first group; The first cloud server generates the second group configuration information based on the target user's blockchain user identifier, the blockchain user identifiers of all group users in the first group, and the second group communication key; The first cloud server sends the second group configuration information to the smart contract execution node.
4. The method according to any one of claims 1 to 3, characterized in that, Before the first cloud server receives the message sent by the first terminal, the method further includes: The first cloud server receives the first registration request sent by the first terminal; The first cloud server sends the first registration request to the smart contract execution node; The first cloud server receives the blockchain user identifier of the first terminal sent by the smart contract execution node; The first cloud server sends the blockchain user identifier of the first terminal to the first terminal; The first cloud server receives the second registration request sent by the first terminal; The first cloud server sends the end-to-end user identifier of the first terminal to the first terminal according to the second registration request; The first cloud server stores identity association data, which includes the correspondence between the end-to-end user identifier of the first terminal and the blockchain user identifier of the first terminal. The first cloud server obtains the public key packet from the first terminal; The first cloud server sends the identity association data and the public key packet of the first terminal to the smart contract execution node.
5. A message processing method, characterized in that, The communication system used in the method includes a blockchain network, a second cloud server, and a second terminal. The blockchain network includes multiple smart contract execution nodes. The method includes: The second cloud server receives a query message request sent by the second terminal, and the second terminal and the first terminal belong to the first group; The second cloud server sends the query message request to the smart contract execution node; The second cloud server receives the second group configuration information set and the encrypted message corresponding to each group configuration information in the second group configuration information set sent by the smart contract execution node; The second cloud server determines a first group configuration information, including the blockchain user identifier of the second terminal, in the second group configuration information set. The first group configuration information includes the blockchain user identifier of the group user in the first group and the first group communication key. The first group communication key is generated based on the public key package of all group users in the first group. The second cloud server determines the encrypted message corresponding to the first group configuration information from the encrypted messages sent by the smart contract execution node; The second cloud server obtains the private key of the second terminal; The second cloud server decrypts the encrypted message corresponding to the first group configuration information based on the private key of the second terminal; The second cloud server sends the decrypted message to the second terminal.
6. A message processing method, characterized in that, The communication system used in the method includes a blockchain network, a first cloud server, and a first terminal. The blockchain network includes multiple smart contract execution nodes, and the first terminal belongs to a first group. The method includes: The first cloud server receives the message sent by the first terminal; The first cloud server sends a query configuration information request to the smart contract execution node according to the message, and the query configuration information request includes the smart contract identifier; The smart contract execution node determines the smart contract corresponding to the smart contract identifier carried in the query configuration information request; The smart contract execution node obtains the first group configuration information set according to the smart contract; The first cloud server receives a set of first group configuration information sent by the smart contract execution node; The first cloud server obtains the blockchain user identifier of the first terminal; The first cloud server selects the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set. The first group configuration information includes the blockchain user identifier of the group user in the first group and the first group communication key. The first group communication key is generated based on the public key package of all group users in the first group. The first cloud server uses the first group communication key in the first group configuration information to encrypt the message; The first cloud server sends the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution node; The smart contract execution node stores the encrypted message and the blockchain user identifier of the first terminal in the blockchain according to the smart contract.
7. The method according to claim 6, characterized in that, The communication system also includes a second cloud server and a second terminal, the second terminal belonging to the first group; After the smart contract execution node stores the encrypted message and the blockchain user identifier of the first terminal on the blockchain according to the smart contract, the method further includes: The second cloud server receives the query message request sent by the second terminal; The second cloud server sends the query message request to the smart contract execution node; The smart contract execution node obtains the second group configuration information set and the encrypted information corresponding to each group configuration information in the second group configuration information set according to the query message request; The second cloud server receives the second group configuration information set and the encrypted message corresponding to each group configuration information in the second group configuration information set sent by the smart contract execution node; The second cloud server determines, from the second group configuration information set, the first group configuration information corresponding to the blockchain user identifier of the second terminal; The second cloud server determines the encrypted message corresponding to the first group configuration information from the encrypted messages sent by the smart contract execution node; The second cloud server obtains the private key of the second terminal; The second cloud server decrypts the encrypted message corresponding to the first group configuration information based on the private key of the second terminal; The second cloud server sends the decrypted message to the second terminal.
8. A message processing method, characterized in that, The communication system used in the method includes a blockchain network and a first terminal. The blockchain network includes multiple smart contract execution nodes, and the first terminal belongs to a first group. The method includes: The first terminal sends a request to the smart contract execution node to query configuration information; The smart contract execution node determines the smart contract corresponding to the smart contract identifier carried in the query configuration information request; The smart contract execution node obtains the first group configuration information set according to the smart contract; The first terminal receives a set of first group configuration information sent by the smart contract execution node; The first terminal obtains the blockchain user identifier of the first terminal; The first terminal selects the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set. The first group configuration information includes the blockchain user identifier of the group user in the first group and the first group communication key. The first group communication key is generated based on the public key package of all group users in the first group. The first terminal uses the first group communication key in the first group configuration information to encrypt the message; The first terminal sends the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution node; The smart contract execution node stores the encrypted message and the blockchain user identifier of the first terminal in the blockchain according to the smart contract.
9. The method according to claim 8, characterized in that, The method further includes: The second terminal sends the query message request to the smart contract execution node, and the second terminal belongs to the first group; The smart contract execution node obtains the second group configuration information set and the encrypted information corresponding to each group configuration information in the second group configuration information set according to the query message request; The second terminal receives a second set of group configuration information sent by the smart contract execution node and an encrypted message corresponding to each group configuration information in the second set of group configuration information; The second terminal determines, from the second group configuration information set, the first group configuration information including the blockchain user identifier of the second terminal; The second terminal determines the encrypted message corresponding to the first group configuration information from the encrypted message sent by the smart contract execution node; The second terminal decrypts the encrypted message corresponding to the first group configuration information based on the private key of the second terminal.
10. A cloud server, characterized in that, The cloud server is designated as the first cloud server, and the cloud server includes: The receiving module is used to receive messages sent by a first terminal, which belongs to a first group; The sending module is used to send a query configuration information request to the smart contract execution node according to the message, wherein the query configuration information request includes the smart contract identifier; The receiving module is further configured to receive a first group configuration information set sent by the smart contract execution node, wherein the first group configuration information set is obtained by the smart contract execution node based on the smart contract identifier of the query configuration information request; The processing module is used to obtain the blockchain user identifier of the first terminal; select the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set; and encrypt the message using the first group communication key in the first group configuration information. The first group configuration information includes the blockchain user identifier of the group user in the first group and the first group communication key. The first group communication key is generated based on the public key package of all group users in the first group. The sending module is also used to send the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution node.
11. The cloud server according to claim 10, characterized in that, The receiving module is further configured to receive a group creation request sent by the first terminal. The group creation request includes the blockchain user identifiers of other group users in the first group. The other group users are group users in the first group other than the first terminal. The sending module is also used to send the group creation request to the smart contract execution node; The receiving module is also used to receive the public key packets of other group users sent by the smart contract execution node; The processing module is further configured to generate a first group communication key based on the public key packets of all group users in the first group; The configuration information of the first group is generated based on the blockchain user identifiers of all group users in the first group and the communication key of the first group. The sending module is further configured to send the first group configuration information to the smart contract execution node.
12. The cloud server according to claim 11, characterized in that, The receiving module is further configured to receive an update group request sent by the first terminal, wherein the update group request includes the blockchain user identifier of the target user, and the target user does not belong to the first group; The sending module is also used to send the update group request to the smart contract execution node; The receiving module is also used to receive the public key packet of the target user sent by the smart contract execution node; The processing module is further configured to generate a second group communication key based on the public key packet of the target user and the public key packets of all group users in the first group; The second group configuration information is generated based on the blockchain user identifier of the target user, the blockchain user identifiers of all group users in the first group, and the communication key of the second group. The sending module is also used to send the second group configuration information to the smart contract execution node.
13. The cloud server according to any one of claims 10 to 12, characterized in that, The receiving module is further configured to receive a first registration request sent by the first terminal; The sending module is also used to send the first registration request to the smart contract execution node; The receiving module is also used to receive the blockchain user identifier of the first terminal sent by the smart contract execution node; The sending module is further configured to send the blockchain user identifier of the first terminal to the first terminal; The receiving module is further configured to receive a second registration request sent by the first terminal; The sending module is further configured to send the end-to-end user identifier of the first terminal to the first terminal according to the second registration request; The processing module is also used to store identity association data, which includes the correspondence between the end-to-end user identifier of the first terminal and the blockchain user identifier of the first terminal; and to obtain the public key package of the first terminal. The sending module is further configured to send the identity association data and the public key packet of the first terminal to the smart contract execution node.
14. A cloud server, characterized in that, The cloud server serves as a second cloud server, and the cloud server includes: The receiving module is also used to receive a query message request sent by a second terminal, wherein the second terminal and the first terminal belong to a first group; The sending module is also used to send the query message request to the smart contract execution node; The receiving module is further configured to receive the second group configuration information set sent by the smart contract execution node and the encrypted message corresponding to each group configuration information in the second group configuration information set; The processing module is further configured to: determine, in the second group configuration information set, first group configuration information including the blockchain user identifier of the second terminal; the first group configuration information including the blockchain user identifier of the group users in the first group and a first group communication key; the first group communication key being generated based on the public key package of all group users in the first group; determine, in the encrypted message corresponding to the first group configuration information from the encrypted message sent by the smart contract execution node; obtain the private key of the second terminal; and decrypt the encrypted message corresponding to the first group configuration information based on the private key of the second terminal. The sending module is also used to send the decrypted message to the second terminal.
15. A communication system, characterized in that, The communication system includes a first terminal, a first cloud server, and a smart contract execution node; The first terminal is used to send messages to the first cloud server; The first cloud server is used to send a query configuration information request to the smart contract execution node according to the message sent by the first terminal, and the query configuration information request includes the smart contract identifier; The smart contract execution node is used to determine the smart contract corresponding to the smart contract identifier carried in the query configuration information request; Obtain the first group configuration information set according to the smart contract; The first cloud server is also used to receive a first group configuration information set sent by the smart contract execution node; and to obtain the blockchain user identifier of the first terminal; Select the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set. The first group configuration information includes the blockchain user identifier of the group user in the first group and the first group communication key. The first group communication key is generated based on the public key package of all group users in the first group. Use the first group communication key in the first group configuration information to encrypt the message. Send the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution node. The smart contract execution node is also used to store the encrypted message and the blockchain user identifier of the first terminal in the blockchain according to the smart contract.
16. The communication system according to claim 15, characterized in that, The communication system also includes a second terminal and a second cloud server, the second terminal belonging to the first group; The second terminal is used to send query message requests to the second cloud server; The second cloud server is also used to send the query message request to the smart contract execution node; The smart contract execution node is used to obtain the second group configuration information set and the encrypted information corresponding to each group configuration information in the second group configuration information set according to the query message request; The second cloud server is also used to receive a second set of group configuration information sent by the smart contract execution node and an encrypted message corresponding to each of the group configuration information in the second set of group configuration information; The first group configuration information corresponding to the blockchain user identifier of the second terminal is determined from the second group configuration information set; The encrypted message corresponding to the first group configuration information is determined from the encrypted messages sent by the smart contract execution node; Obtain the private key of the second terminal; The encrypted message corresponding to the first group configuration information is decrypted using the private key of the second terminal; The decrypted message is sent to the second terminal.
17. A communication system, characterized in that, include: The first terminal is used to send a request to the smart contract execution node to query configuration information. The first terminal belongs to the first group. The smart contract execution node is used to determine the smart contract corresponding to the smart contract identifier carried in the query configuration information request; and to obtain the first group configuration information set according to the smart contract. The first terminal is further configured to receive a first group configuration information set sent by the smart contract execution node; obtain the blockchain user identifier of the first terminal; select the first group configuration information corresponding to the blockchain user identifier of the first terminal from the first group configuration information set, wherein the first group configuration information includes the blockchain user identifier of the group users in the first group and a first group communication key, wherein the first group communication key is generated based on the public key package of all group users in the first group; encrypt the message using the first group communication key in the first group configuration information; and send the encrypted message and the blockchain user identifier of the first terminal to the smart contract execution node. The smart contract execution node is also used to store the encrypted message and the blockchain user identifier of the first terminal in the blockchain according to the smart contract.
18. The communication system according to claim 17, characterized in that, The communication system also includes a second terminal; The second terminal is used to send the query message request to the smart contract execution node, and the second terminal belongs to the first group; The smart contract execution node is also used to obtain the second group configuration information set and the encrypted information corresponding to each group configuration information in the second group configuration information set according to the query message request; The second terminal is further configured to receive a second set of group configuration information sent by the smart contract execution node and an encrypted message corresponding to each of the group configuration information in the second set of group configuration information; The first group configuration information corresponding to the blockchain user identifier of the second terminal is determined from the second group configuration information set; The encrypted message corresponding to the first group configuration information is determined from the encrypted messages sent by the smart contract execution node; The encrypted message corresponding to the first group configuration information is decrypted using the private key of the second terminal.
19. A computing device cluster, characterized in that, The system includes at least one computing device, each computing device including a processor and a memory; the processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the cluster of computing devices to perform the method as described in any one of claims 1 to 7.
20. A computing device cluster, characterized in that, The system includes at least one computing device, each computing device including a processor and a memory; the processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the cluster of computing devices to perform the method as described in any one of claims 8 to 9.
21. A computer-readable storage medium, characterized in that, It includes computer program instructions, which, when executed by a cluster of computing devices, perform the method as described in any one of claims 1 to 7.
22. A computer-readable storage medium, characterized in that, Includes computer program instructions, which, when executed by a cluster of computing devices, perform the method as described in any one of claims 8 to 9.
23. A computer program product containing instructions, characterized in that, When the instruction is executed by the computing device cluster, the computing device cluster performs the method as described in any one of claims 1 to 7.
24. A computer program product containing instructions, characterized in that, When the instruction is executed by the computing device cluster, the computing device cluster performs the method as described in any one of claims 8 to 9.