CN108650252B - Data sharing system and method for protecting privacy safely and fairly - Google Patents
Data sharing system and method for protecting privacy safely and fairly Download PDFInfo
- Publication number
- CN108650252B CN108650252B CN201810398885.3A CN201810398885A CN108650252B CN 108650252 B CN108650252 B CN 108650252B CN 201810398885 A CN201810398885 A CN 201810398885A CN 108650252 B CN108650252 B CN 108650252B
- Authority
- CN
- China
- Prior art keywords
- information
- index
- chain
- transaction
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Abstract
The invention discloses a safe and fair privacy protection data sharing system and method, which comprises the following steps: the data exchange center is built and operated by an independent third party and is used for building a basic communication architecture, realizing connection and communication hiding among member mechanisms, finishing member mechanism authentication and access management, formulating information specifications and exchange and transaction rules and maintaining transaction order; the member mechanism is a mechanism participating in data sharing and is used for maintaining externally shared information, responding to an information query request initiated by an external member mechanism and initiating query by the member mechanism to acquire data of the external member mechanism; the public recording area is an information recording area and is used for realizing the recording function that information cannot be tampered and deleted according to the time sequence, and the data exchange center and the member mechanism can be accessed and written in and are used for behavior recording, evidence storage and post verification in the data sharing process.
Description
Technical Field
The invention relates to the technical field of data sharing, in particular to a data sharing system and a data sharing method for safely and fairly protecting privacy.
Background
The data has the characteristics of no ownership uniqueness, no difference in viewing, namely ownership and copying and the like, so that the data sharing and exchanging process is greatly different from the traditional commodity. The direct sharing exchange of both sides of data has the problems that who shares data first and who is lost, the quality of information shared by the other side is difficult to judge in advance, the quality is not high after sharing, and goods cannot be returned, and if a third-party intermediary mode is adopted, the intermediary can easily hold both sides of data, and the intermediary is not trusted by both sides. Currently, it is very difficult to implement multi-party data sharing, and the data islanding problem is serious, so a safer and fairer sharing system is needed to enhance data flow.
Disclosure of Invention
Aiming at the defects existing in the problems, the invention provides a safe and fair privacy-protecting data sharing system and method.
To achieve the above object, the present invention provides a data sharing system for protecting privacy safely and fairly, comprising:
the data exchange center is built and operated by an independent third party and is used for building a basic communication architecture, realizing connection and communication hiding among member mechanisms, finishing member mechanism authentication and access management, formulating information specifications and exchange and transaction rules and maintaining transaction order;
the member mechanism is a mechanism participating in data sharing and is used for maintaining externally shared information, responding to an information query request initiated by an external member mechanism and initiating query by the member mechanism to acquire data of the external member mechanism;
the public recording area is an information recording area and is used for realizing the recording function that information cannot be tampered and deleted according to the time sequence, and the data exchange center and the member mechanism can be accessed and written in and are used for behavior recording, evidence storage and post verification in the data sharing process.
The invention also provides a safe and fair privacy protection data sharing method, which comprises the following steps: information registration and information inquiry;
the information registration includes:
step 11, the member institution selects the information to be shared, calculates the encryption index of the added random value of the main body identification, and encrypts the HASH value and the used public and private key pair by the shared information;
step 12, publicly releasing the shared information in the step 11, and writing the shared information into a public index chain;
step 13, after the shared information is registered in the index chain, calculating a main body identification encryption index which does not contain a random value, and sending the main body identification encryption index and the related information on the public index chain to a data exchange center by using a member authority certificate signature to prove that the shared information is registered in the public index chain;
step 14, after receiving the index registration packet sent by the member mechanism, the data exchange center verifies and compares the index registration packet with the information on the index chain, and confirms that the information on the index chain is registered by the member mechanism;
step 15, the data exchange center extracts the main body identification encryption index which does not contain the random value to form a member mechanism registration index library;
the information query comprises:
step 21, the member mechanism calculates a main body identification encryption index which does not contain a random value, and sends the main body identification encryption index to a data exchange center for inquiring;
step 22, the data exchange center inquires whether the member organization index library registered has the record of the encryption index, and if not, the data exchange center returns the information without the corresponding index;
step 23, if there is a record, the data exchange center extracts the transaction information from the transaction chain corresponding to the index, and extracts the evaluation information from the corresponding evaluation chain;
step 24, the data exchange center returns the extracted information to the requesting member institution, and the extracted information comprises records and corresponding transaction information and evaluation information of the records;
step 25, requesting the member organization to select the records to be acquired according to the transaction and the evaluation, using a self certificate or an effective private key to index and sign the information to be acquired, and generating a request random value A to be sent as an information acquisition request; the data exchange center forwards the request to the member organization providing the information corresponding to the record;
step 26, after receiving the information acquisition request, the member institution providing the information verifies the request information, confirms the identity of the member institution requesting the information, generates a key K1 according to the request random a, wherein the key K1 comprises a body identifier and a random value a, generates a response random value S as a key K2, synthesizes an encryption key K1+ K2, encrypts the content of the provided shared information by using K, encrypts a part of the encryption key K2 by using the public key of the member institution requesting the information, and returns the encrypted part of the encryption key K2 to the member institution requesting the information;
step 27, requesting the member authority to decrypt K2 by using its own private key, generating a key K1, where the key K1 includes a subject identifier and a random value a, and finally synthesizing an encryption key K1+ K2, and then decrypting the shared information content;
step 28, after obtaining the information, requesting the member organization to extract corresponding record contents from the public index chain, the transaction chain and the evaluation chain, comparing the record contents with the obtained contents, and confirming that the information is registered on the chain and the contents are consistent;
step 29, providing member organization to write the transaction content into the public transaction chain;
step 210, requesting member institution to write the evaluation of this transaction into common evaluation chain.
As a further improvement of the present invention, before the information registration, the method further comprises: member authentication;
the member authentication includes:
the member organization applies for joining, and the data exchange center checks and confirms the real identity of the member;
after the verification is passed, the member institution generates a public and private key pair and a digital certificate request, the digital certificate request is sent to the data exchange center, the data exchange center uses a self-signed certificate to sign a digital certificate for the member institution, and the digital certificate is used as a network identity of the member institution.
As a further development of the invention, in step 12:
step 121, if the member organization adopts real-name shared information, the information in step 11 is signed by using an identity certificate of the member organization, if the member adopts anonymous shared information, a new public and private key pair is generated, and the information in step 11 is signed by using a new private key;
step 122, the information generated in step 11 and step 121 is sent to the common recording area, and the index chain is written by the nodes in competition or in turn.
As a further development of the invention, in step 14:
the index registration packet includes: the system comprises a main body identification index, an index chain block number, an index chain record number, an index chain corresponding bite signature and an authority certificate signature.
As a further development of the invention, in step 25:
the information request includes: the host identifies the HASH value, the random information, the requesting member authority public key information, and the requesting member authority signature.
As a further development of the invention, in step 29:
the content written in the transaction chain is: the encryption index corresponding to the index chain, the index chain block number and record number, the transaction time, the HASH value of the request packet, the HASH value of the response packet, the requesting member authority public key, and the providing member authority's signature.
As a further refinement of the present invention, in step 210:
the content written in the evaluation chain is: an encryption index corresponding to the transaction chain, a transaction chain block number and record number, the evaluator content, the evaluator public key, and the evaluator signature.
Compared with the prior art, the invention has the beneficial effects that:
the data sharing system of the invention independently provides a public recording area to highlight the function; the data exchange center is connected with all members in the member mechanism, and highlights the leading role of intermediate exchange; the invention can solve the problem of exchange trust by writing in the content of the chain, and the invention adds the authentication of the two parties to the index in the interactive protocol, thereby avoiding that the exchange center can randomly obtain information according to the index.
Drawings
FIG. 1 is a block diagram of a secure, fair privacy preserving data sharing system according to one embodiment of the present invention;
FIG. 2 is a flow chart illustrating an information registration process of a secure and fair privacy preserving data sharing method according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating information acquisition of a secure and fair privacy preserving data sharing method according to an embodiment of the present invention;
FIG. 4 is an index chain disclosed in one embodiment of the present invention;
FIG. 5 is a transaction chain disclosed in one embodiment of the present invention;
FIG. 6 is an evaluation chain disclosed in one embodiment of the present invention.
In the figure:
1. a data switching center; 2. a member institution; 3. a common recording area.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The invention is described in further detail below with reference to the attached drawing figures:
as shown in fig. 1, the present invention provides a secure and fair privacy-protecting data sharing system, which includes:
the data exchange center 1 is constructed and operated by an independent third party, and mainly has the functions of building a basic communication framework, realizing connection and identity hiding among member mechanisms, finishing member mechanism authentication and access management, formulating information specifications and exchange and transaction rules, and maintaining transaction order;
the member mechanism 2 is a mechanism participating in data sharing, is used for maintaining externally shared information, responds to an information query request initiated by an external member mechanism, and initiates a query by itself to acquire data of the external member mechanism;
and the public recording area 3 is an information recording area and is used for realizing the recording function that information cannot be tampered and deleted according to the time sequence, and the data exchange center and the member mechanism can be accessed and written in and is used for behavior recording, evidence storage and post verification in the data sharing process.
The invention also provides a safe and fair privacy protection data sharing method, which comprises the following steps: information registration and information inquiry;
as shown in fig. 2, the information registration includes:
firstly, a member organization selects information to be shared, calculates an encryption index of a main body identifier for adding a random value, and shares an information encryption HASH value and a used public and private key pair;
publicly releasing the shared information in the step one, and writing the shared information into a public index chain;
after the shared information is registered in the index chain, calculating a main body identification encryption index which does not contain a random value, and sending the main body identification encryption index and the related information on the index chain to a data exchange center by using a member authority certificate signature to prove that the shared information is registered in the public index chain;
after receiving the index registration packet sent by the member mechanism, the data exchange center verifies and compares the index registration packet with the information on the index chain, and confirms that the information on the index chain is registered by the member mechanism;
the data exchange center extracts the main body identification encryption index which does not contain the random value to form a member mechanism registration index library;
as shown in fig. 3, the information query includes:
firstly, a member mechanism calculates a main body identification encryption index which does not contain a random value, and sends the main body identification encryption index to a data exchange center for inquiring;
the data exchange center inquires whether the registered member organization index library has the record of the encryption index, if not, the data exchange center returns the information without the corresponding index;
thirdly, if the records exist, the data exchange center extracts the transaction information from the transaction chain corresponding to the index and extracts the evaluation information from the corresponding evaluation chain;
fourthly, the data exchange center returns the extracted information (records and corresponding transaction information and evaluation information) to the requesting member institution;
requesting member mechanism to select the record to be acquired according to transaction and evaluation, using self certificate or effective private key to sign the information index to be acquired, and generating request random value A to be sent as the information acquisition request; the data exchange center forwards the request to the member organization providing the information corresponding to the record;
after receiving the information acquisition request, the member mechanism providing the information verifies the request information, confirms the identity of the member mechanism requesting, generates a key K1 (HASH (body identifier + random value A) according to the request random A, generates a response random value S as a key K2, synthesizes an encryption key K1+ K2, encrypts the content of the provided shared information by using K, uses a public key encryption key K2 of the member mechanism requesting, and returns the encrypted content of the shared information to the member mechanism requesting;
seventhly, requesting the member mechanism to decrypt K2 by using a private key of the member mechanism, synthesizing an encryption key K according to rules, and then decrypting shared information content;
after obtaining the information, requesting member mechanisms to extract corresponding recorded contents from a public index chain, a transaction chain and an evaluation chain, comparing the recorded contents with the obtained contents, and confirming that the information is registered on the chain and the contents are consistent;
ninthly, providing the member mechanism to write the transaction content into a public transaction chain;
the evaluation of this transaction by the requesting member institution is written into the common evaluation chain in the r.
Specifically, the method comprises the following steps:
the invention provides a method for sharing data with safety and fairness privacy protection, which comprises the following specific processes:
first, member authentication
Before a member participates in information sharing, a switching center must carry out strict identity authentication on the participating member, and the specific steps are as follows:
1. the member organization applies for joining, and the central audit confirms the real identity of the member (on-line audit or off-line audit).
2. After the verification is passed, the member organization generates a public and private key pair and a digital certificate request, the certificate request is sent to the exchange center, the exchange center uses a self-signed certificate of the exchange center to sign and send a digital certificate for the member, and the digital certificate is used as a network identity of the member.
Encryption of index records
The index refers to the identification of the identity of the subject to which the data content belongs, the encryption index refers to that the index is encrypted or converted through a certain algorithm, so that a third party cannot know the identity of the subject according to the encryption index, and the HASH algorithm (such as the SHA256 algorithm) of the one-way HASH is adopted in the invention.
Before data sharing, member organizations need to write the data encryption index which can be shared into a common record in advance.
The public record library adopts a chain structure of a block chain technology for recording, each member is used as a node of the block chain, blocks are recorded in a competition or in turn to form an index chain which cannot be tampered, and the mechanism writes shared information into the public index chain in the following steps:
1. the member selects data Info which can be shared externally.
2. Selecting a main body identification ID (such as a name + an identity card number), generating a random value S, calculating a HASH-ID of the main body identification added with the random value as SHA256(ID + S), and calculating an HSAH value HASH content of specific information of shared data as SHA256 (Info).
3. And if the member adopts real-name shared information, signing the information in the step 2 by using an identity certificate of the member of the organization, and if the member adopts anonymous shared information, generating a new public and private key pair and signing the information in the step 2 by using a new private key.
4. And sending the information generated in the step 2 and the step 3 to a common recording area, and writing an index chain by nodes which compete or rotate. The general content of the formed common record index chain is shown in fig. 4.
5. Each member can obtain the content of the whole index chain for backup.
Third, shared index center registration
After writing the encrypted index into the public record chain, the member needs to register the index with the center, and the specific steps are as follows:
1. calculating a body identification ID (such as name + ID card) HASH value shid-SHA 256(ID) without containing a random value, and extracting a corresponding block number bn and a record number rn in a record in a public index chain
2. And (4) signing the information obtained in the step (1) by using a private key corresponding to the index chain mark public key to obtain signature information sign 1.
3. Signing the information in the step 1 and the step 2 by using the authority identity certificate to obtain signature information sign 2.
4. Combining the information obtained in the steps 1, 2 and 3 to form an index registration packet and sending the index registration packet to a switching center; the index registration packet comprises a subject identification index hashid, an index chain block number bn, an index chain record number rn, a bite signature sign1 corresponding to the index chain, and an agency certificate signature sign 2.
5. And the switching center receives the index registration packet, extracts a public key in the index chain according to the block number and the record number, verifies the correctness of the sign1, verifies that the corresponding record in the index chain is issued by the organization, verifies the sign2 by using the certificate of the organization, and confirms that the registration packet is registered by the organization.
6. And after the verification of the registration package is finished, the hashed is extracted and stored in an index library issued by the organization.
Fourth, information inquiry
When a member needs to query some main information, it should first search whether there is a corresponding index in the switching center, and the steps are as follows:
1. the member acquires an identity information ID (such as a name and an identity card) of the subject, and performs HSAH processing to obtain an identity information ciphertext (SHA 256 (ID)); such as:
f058e02e8e723e1ab3831d1a92c796f6825b2c339b7a5a8e49fc63c22ab05fe8。
2. and sending the ciphertext index value hash to the switching center.
3. The exchange center searches in an index base issued by the organization to inquire whether the organization provides the index record, if so, the transaction times of the record are extracted from the transaction chain of the public record, and the evaluation times and the content of the record are extracted from the evaluation chain. The ranges are as follows:
| mechanism | Number of transactions | Number of evaluations | Evaluating content |
| Mechanism 1 | 12 | 6 | … |
| |
11 | 4 | … |
| … |
Note: the organization name is determined whether the name is a real name based on whether the real name is true when the organization provides the index entry.
Fifthly, information acquisition
When a member inquires that an organization in the switching center can provide certain main body information, and decides to acquire the information provided by a certain organization according to the contents of transaction evaluation, information evaluation and the like, the switching center connects a requesting party with the service of the providing organization, and the requesting party can apply for the organization to acquire the main body information. The acquisition process comprises the following steps:
1. the requester uses the identity certificate or the public and private key pair which is indexed on the public index chain to construct an information acquisition request and sends the information acquisition request to a providing organization:
the information request includes: the method comprises the steps that a HASH value HASH of a subject identifier, random information A, public key information Pi of a request member institution and a signature Si of the request member institution are obtained;
2. and the data provider receives the request, extracts the public key information Pi and verifies the signature Si, verifies whether the identity certificate or the public key of the requester appears in the public index record, and confirms that the requester is a legal member in the system.
3. The data provider extracts the detailed information Info of the main body from the own database, generates a random value S when the public index records, and forms an encryption key of the encrypted data, and the rule is as follows: the user index original text ID + the random information A sent by the inquiring party are subjected to HASH processing, and all or part of contents subjected to HASH processing and the random information S generated by the data providing party are combined into a real encryption key, namely the encryption key K is SHA256 (name + ID card + random information A) + the random information S.
4. The data provider encrypts the main body detailed information Info by using a data encryption key K to form an information encryption result K (Info), then encrypts Pi (K2) by using a public key of a requester by using a random information S as a key K2, finally signs the data by using a private key So of the own, generates a response packet and sends the response packet to the requester. If the requestor is able to decrypt the detailed information, it means that it is verified that the requestor does understand the true meaning of the encryption index.
The information response includes: the HASH value of the subject identification ID, the partial key Pi (K2) encrypted by the requester public key, the detailed information K (info) encrypted by the data key K, the block number bn + record number rn in the public index chain, and the signature of the provider private key So on to the information response;
5. after receiving the response packet, the requester firstly verifies the signature of the response packet by using the provider public key Po, confirms that the response packet is sent by the provider, decrypts Pi (K2) by using its own private key Si to obtain a key K2, then calculates another part of the key K1 ═ SHA256 (name + id + random information a) by using the index text of the user and the random information a, forms a true data encryption key K ═ K1+ K2, and decrypts K (Info) by using the data key K, or the detailed information Info of the main body.
6. The requester obtains the record information on the chain according to the index chain record number in the corresponding packet, and performs information comparison: a. and after HASH processing is carried out on the name, the ID card and the random information S, comparing the name, the ID card and the random information S with the HASH-id in the record, and if the name, the ID card and the random information S are consistent, indicating that the organization really knows the user and has been issued and registered in advance. b. And comparing the detailed information Info after HASH with hashcontent in the index record, wherein if the detailed information Info is consistent with the hashcontent in the index record, the information is the detailed information declared by the provider, and otherwise, the information is false information or tampered information.
Sixthly, recording transaction behaviors
After the information acquisition process is finished, the provider must write the transaction into a public record as a deposit certificate for settlement, complaint and verification.
The transaction record is recorded by adopting a chain structure of a block chain technology, each member is used as a node of the block chain, blocks are recorded in a competition or in turn to form a non-falsifiable transaction chain, and the written content comprises the following steps:
encryption index hash-id corresponding to index chain
Index chain block number and record number
Transaction time
HASH value of request packet
HASH value of response packet
Requester public key
Signature of provider
The content of the formed public record transaction chain is shown in fig. 5.
Each node can obtain the content of the whole index chain for backup.
Seventh, evaluation of trade
After the transaction record is generated, the information request mechanism can evaluate the transaction record, the evaluation information record is also recorded by adopting a chain structure of a block chain technology, each member is used as a node of the block chain, blocks are recorded in a competition or in turn to form an evaluation chain which cannot be tampered, and the written content comprises:
encryption index hash-id corresponding to transaction chain
Transaction chain block number and record number
Evaluating content
Evaluator public key (consistent with requester public key in transaction chain record)
Evaluator signature (private key signature corresponding to requester public key in transaction chain record)
The contents of the formed evaluation chain are shown in fig. 6.
Each node can acquire the content of the whole evaluation chain for storage and backup.
The data sharing system of the invention independently provides a public recording area to highlight the function; the data exchange center is connected with all members in the member mechanism, and highlights the leading role of intermediate exchange; the invention adds random value in the interactive protocol to recalculate the encryption index to verify whether the two parties really understand the meaning of the encryption index, and avoids the exchange center obtaining information randomly according to the index.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (7)
1. A sharing method of a data sharing system based on security and equitable privacy protection, the data sharing system comprising:
the data exchange center is built and operated by an independent third party and is used for building a basic communication architecture, realizing connection and communication hiding among member mechanisms, finishing member mechanism authentication and access management, formulating information specifications and exchange and transaction rules and maintaining transaction order;
the member mechanism is a mechanism participating in data sharing and is used for maintaining externally shared information, responding to an information query request initiated by an external member mechanism and initiating query by the member mechanism to acquire data of the external member mechanism;
the public recording area is an information recording area and is used for realizing the recording function that information cannot be tampered and deleted according to the time sequence, and the data exchange center and the member mechanism can be accessed and written in and are used for behavior recording, evidence storage and post verification in the data sharing process;
the sharing method comprises the following steps: information registration and information inquiry;
the information registration includes:
step 11, the member institution selects the information to be shared, calculates the encryption index of the added random value of the main body identification, and encrypts the HASH value and the used public and private key pair by the shared information;
step 12, publicly releasing the shared information in the step 11, and writing the shared information into a public index chain;
step 13, after the shared information is registered in the index chain, calculating a main body identification encryption index which does not contain a random value, and sending the main body identification encryption index and the related information on the public index chain to a data exchange center by using a member authority certificate signature to prove that the shared information is registered in the public index chain;
step 14, after receiving the index registration packet sent by the member mechanism, the data exchange center verifies and compares the index registration packet with the information on the index chain, and confirms that the information on the index chain is registered by the member mechanism;
step 15, the data exchange center extracts the main body identification encryption index which does not contain the random value to form a member mechanism registration index library;
the information query comprises:
step 21, the member mechanism calculates a main body identification encryption index which does not contain a random value, and sends the main body identification encryption index to a data exchange center for inquiring;
step 22, the data exchange center inquires whether the member organization index library registered has the record of the encryption index, and if not, the data exchange center returns the information without the corresponding index;
step 23, if there is a record, the data exchange center extracts the transaction information from the transaction chain corresponding to the index, and extracts the evaluation information from the corresponding evaluation chain;
step 24, the data exchange center returns the extracted information to the requesting member institution, and the extracted information comprises records and corresponding transaction information and evaluation information of the records;
step 25, requesting the member organization to select the records to be acquired according to the transaction and the evaluation, using a self certificate or an effective private key to index and sign the information to be acquired, and generating a request random value A to be sent as an information acquisition request; the data exchange center forwards the request to the member organization providing the information corresponding to the record;
step 26, after receiving the information acquisition request, the member institution providing the information verifies the request information, confirms the identity of the member institution requesting the information, generates a key K1 according to the request random a, wherein the key K1 comprises a body identifier and a random value a, generates a response random value S as a key K2, synthesizes an encryption key K1+ K2, encrypts the content of the provided shared information by using K, encrypts a part of the encryption key K2 by using the public key of the member institution requesting the information, and returns the encrypted part of the encryption key K2 to the member institution requesting the information;
step 27, requesting the member authority to decrypt K2 by using its own private key, generating a key K1, where the key K1 includes a subject identifier and a random value a, and finally synthesizing an encryption key K1+ K2, and then decrypting the shared information content;
step 28, after obtaining the information, requesting the member organization to extract corresponding record contents from the public index chain, the transaction chain and the evaluation chain, comparing the record contents with the obtained contents, and confirming that the information is registered on the chain and the contents are consistent;
step 29, providing member organization to write the transaction content into the public transaction chain;
step 210, requesting member institution to write the evaluation of this transaction into common evaluation chain.
2. The sharing method according to claim 1, further comprising, before information registration: member authentication;
the member authentication includes:
the member organization applies for joining, and the data exchange center checks and confirms the real identity of the member;
after the verification is passed, the member institution generates a public and private key pair and a digital certificate request, the digital certificate request is sent to the data exchange center, the data exchange center uses a self-signed certificate to sign a digital certificate for the member institution, and the digital certificate is used as a network identity of the member institution.
3. The sharing method according to claim 1, wherein in step 12:
step 121, if the member organization adopts real-name shared information, the information in step 11 is signed by using an identity certificate of the member organization, if the member adopts anonymous shared information, a new public and private key pair is generated, and the information in step 11 is signed by using a new private key;
step 122, the information generated in step 11 and step 121 is sent to the common recording area, and the index chain is written by the nodes in competition or in turn.
4. The sharing method according to claim 1, wherein in step 14:
the index registration packet includes: the system comprises a main body identification index, an index chain block number, an index chain record number, a private key signature corresponding to an index chain and an authority certificate signature.
5. The sharing method according to claim 1, wherein in step 25:
the information request includes: the host identifies the HASH value, the random information, the requesting member authority public key information, and the requesting member authority signature.
6. The sharing method according to claim 1, wherein in step 29:
the content written in the transaction chain is: the encryption index corresponding to the index chain, the index chain block number and record number, the transaction time, the HASH value of the request packet, the HASH value of the response packet, the requesting member authority public key, and the providing member authority's signature.
7. The sharing method of claim 1, wherein in step 210:
the content written in the evaluation chain is: an encryption index corresponding to the transaction chain, a transaction chain block number and record number, the evaluator content, the evaluator public key, and the evaluator signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810398885.3A CN108650252B (en) | 2018-04-28 | 2018-04-28 | Data sharing system and method for protecting privacy safely and fairly |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810398885.3A CN108650252B (en) | 2018-04-28 | 2018-04-28 | Data sharing system and method for protecting privacy safely and fairly |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108650252A CN108650252A (en) | 2018-10-12 |
| CN108650252B true CN108650252B (en) | 2020-09-29 |
Family
ID=63748456
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810398885.3A Active CN108650252B (en) | 2018-04-28 | 2018-04-28 | Data sharing system and method for protecting privacy safely and fairly |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108650252B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109639675A (en) * | 2018-12-12 | 2019-04-16 | 北京时代远行信息科技有限公司 | A kind of data transmission device and system based on block chain |
| CN110059495B (en) * | 2018-12-14 | 2020-11-17 | 创新先进技术有限公司 | Data sharing method, device and system and electronic equipment |
| CN109902495B (en) * | 2019-01-31 | 2021-09-24 | 同盾控股有限公司 | Data fusion method and device |
| CN109919766A (en) * | 2019-02-19 | 2019-06-21 | 上海市张江公证处 | Data deposit card and verify the method and terminal, server of trade user authenticity |
| TWI772648B (en) * | 2019-06-03 | 2022-08-01 | 銓鴻資訊有限公司 | Method of verifying partial data based on collective certificate |
| CN111106941B (en) * | 2019-11-29 | 2022-08-02 | 中国电信股份有限公司云南分公司 | Distributed chained data sharing authorization method based on time sequence and encryption |
| CN112560115A (en) * | 2021-03-01 | 2021-03-26 | 南京可信区块链与算法经济研究院有限公司 | Multi-party combined research and development method and system based on block chain |
| CN112968902B (en) * | 2021-03-05 | 2023-03-24 | 电子科技大学 | Named data network-based hidden IP method |
| CN113434739B (en) * | 2021-06-08 | 2022-03-22 | 暨南大学 | Forward-safe multi-user dynamic symmetric encryption retrieval method in cloud environment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106651346A (en) * | 2016-11-28 | 2017-05-10 | 上海凯岸信息科技有限公司 | Block chain-based credit investigation data sharing and trading system |
| WO2017090329A1 (en) * | 2015-11-24 | 2017-06-01 | ソニー株式会社 | Information processing device, information processing method, and program |
| CN107196762A (en) * | 2017-06-13 | 2017-09-22 | 贵州大学 | One kind weighs method really towards big data |
| CN107682308A (en) * | 2017-08-16 | 2018-02-09 | 北京航空航天大学 | The electronic evidence preservation system for Channel Technology of being dived based on block chain |
-
2018
- 2018-04-28 CN CN201810398885.3A patent/CN108650252B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017090329A1 (en) * | 2015-11-24 | 2017-06-01 | ソニー株式会社 | Information processing device, information processing method, and program |
| CN106651346A (en) * | 2016-11-28 | 2017-05-10 | 上海凯岸信息科技有限公司 | Block chain-based credit investigation data sharing and trading system |
| CN107196762A (en) * | 2017-06-13 | 2017-09-22 | 贵州大学 | One kind weighs method really towards big data |
| CN107682308A (en) * | 2017-08-16 | 2018-02-09 | 北京航空航天大学 | The electronic evidence preservation system for Channel Technology of being dived based on block chain |
Non-Patent Citations (2)
| Title |
|---|
| "Blockchain based approach to enhance big data authentication in distributed environment";N. Abdullah, A. Hakansson and E. Moradian;《2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN), Milan》;20171231;887-892页 * |
| "基于区块链的政府基础信息协同共享模式研究";高国伟,龚掌立,李永先;《电子政务》;20180228(第185期);15-25页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108650252A (en) | 2018-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108650252B (en) | Data sharing system and method for protecting privacy safely and fairly | |
| CN112989415B (en) | Private data storage and access control method and system based on block chain | |
| US20210150521A1 (en) | Blockchain-based privacy transaction and blockchain-based privacy transaction application methods and apparatuses | |
| JP6547079B1 (en) | Registration / authorization method, device and system | |
| US10614456B2 (en) | Dynamic cryptocurrency aliasing | |
| WO2020082887A1 (en) | Block chain transaction method and apparatus | |
| US8447983B1 (en) | Token exchange | |
| CN108696358B (en) | Digital certificate management method and device, readable storage medium and service terminal | |
| CN109687959B (en) | Key security management system, key security management method, key security management medium, and computer program | |
| CN110493347A (en) | Data access control method and system in large-scale cloud storage based on block chain | |
| WO2021174927A1 (en) | Blockchain-based identity verification method and apparatus, device, and storage medium | |
| CN110009349B (en) | Method and device for generating and verifying linkable ring signature in block chain | |
| WO2020051710A1 (en) | System and process for managing digitized security tokens | |
| US11924332B2 (en) | Cryptographic systems and methods using distributed ledgers | |
| US11405198B2 (en) | System and method for storing and managing keys for signing transactions using key of cluster managed in trusted execution environment | |
| CN110020541A (en) | A kind of the reputation evaluation method and system of the secret protection based on block chain | |
| CN111291407A (en) | Data sharing method based on block chain privacy protection | |
| US20230071022A1 (en) | Zero-knowledge proof-based certificate service method using blockchain network, certification support server using same, and user terminal using same | |
| Gao et al. | Secure, fair and instant data trading scheme based on bitcoin | |
| CN102075518A (en) | Trust negotiation building method and system based on history roles | |
| US11405188B2 (en) | Method for secure transferring of information through a network between an origin virtual asset service provider and a destination virtual asset service provider | |
| US11870898B2 (en) | Split keys for wallet recovery | |
| Huynh et al. | A reliability guaranteed solution for data storing and sharing | |
| CN112446701B (en) | Identity authentication method, equipment and storage device based on blockchain | |
| KR102475434B1 (en) | Security method and system for crypto currency |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210125 Address after: Room 202, No.12, Lane 883, Daning Road, Jing'an District, Shanghai Patentee after: Han Honghui Address before: Room 210, 2 / F, building 11, No.1 Yanfu Road, Yancun Town, Fangshan District, Beijing Patentee before: FENBUGONGXIANG (BEIJING) INFORMATION TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230404 Address after: 311215 No. 8, Qiannong East Road, Economic and Technological Development Zone, Xiaoshan District, Hangzhou, Zhejiang Patentee after: Zhejiang Hongji Internet Technology Co.,Ltd. Address before: Room 202, No.12, Lane 883, Daning Road, Jing'an District, Shanghai Patentee before: Han Honghui |