CN110532786A - Using the block chain blacklist sharing method of Hash desensitization process - Google Patents

Using the block chain blacklist sharing method of Hash desensitization process Download PDF

Info

Publication number
CN110532786A
CN110532786A CN201810501190.3A CN201810501190A CN110532786A CN 110532786 A CN110532786 A CN 110532786A CN 201810501190 A CN201810501190 A CN 201810501190A CN 110532786 A CN110532786 A CN 110532786A
Authority
CN
China
Prior art keywords
data
blacklist
request
node
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810501190.3A
Other languages
Chinese (zh)
Inventor
张燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Way Technology Co Ltd
Original Assignee
Shenzhen Way Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Way Technology Co Ltd filed Critical Shenzhen Way Technology Co Ltd
Priority to CN201810501190.3A priority Critical patent/CN110532786A/en
Publication of CN110532786A publication Critical patent/CN110532786A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Power Engineering (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a kind of block chain blacklist sharing methods using Hash desensitization process, which comprises each operating mechanism builds the business platform and network node of oneself, and network node belonging to each mechanism is accessed block chain network;Service request is sent to respective network node by business platform, wherein the service request includes the upload request, removal request and inquiry request of blacklist data, at least carries out desensitization and encryption to the partial data field of upload request;Monitor blacklist data exchange request and the response between the partial node;It is that each partial node distributes corresponding responsibility according to monitoring result;The partial node that notice is not involved in this exchange is used as supervision side, verifies to the give-and-take conditions of exchange both sides;And the one-to-one carry out data exchange of partial node that notice is verified by give-and-take conditions.The present invention solves the problems, such as that shared at high cost, data the timeliness of original sensitive data and safety are poor.

Description

Using the block chain blacklist sharing method of Hash desensitization process
Technical field
The present invention relates to Internet technical fields, systems a kind of block chain using Hash desensitization process Blacklist sharing method.
Background technique
With the rise of big data and internet, data driven technique have become all kinds of industry developments mainstream technology it One.The data for constructing enough scales are the bases of data driven technique, but data accumulation will usually expend a large amount of manpower object Power.For this problem, by integrating the data with existing of different institutions, allow multiple mechanisms carry out data sharings be undoubtedly it is a kind of compared with Good solution.But the exchange of data and shared to the safety of data, timeliness and true is carried out between different institutions Property has certain requirement.Especially face it is some be related on the sensitive datas such as privacy, trade secret, such as blacklist, reference, The user data such as white list, seek a kind of effective data sharing method be still have in related fields problem to be solved it One.
Traditional database technology usually requires the operating agency of a centralization to construct data center, and using multiple The high security measures such as firewall protect the data not by hacker attack, and operation cost is high, once security breaches are broken, Losing will be difficult to estimate, meanwhile, need to expend update and maintenance of a large amount of manpower realization to database, to greatly improve each The cost of mechanism acquisition data.
In recent years, certain methods propose to realize the shared of data using block chain, by storing key message to area On block chain, the data exchange of point-to-point type between different institutions can be directly established, to reduce the cost of data acquisition.Such as patent It is real that " a kind of data sharing method based on block chain technology ", " data sharing method based on block chain " etc. are all made of block chain Existing data are shared, but these methods concentrate on the restorability for guaranteeing data using the distributed nature of block chain, part side Clear data is directly stored on chain by method, cannot play the role of protecting sensitive data privacy, " data based on block chain are total Enjoy method " the shared mode of used key is difficult to meet the security requirement of sensitive data.It is currently, there are some by block chain For the method for private data processing, as patent " the block chain private data access control method based on encryption attribute " realizes Encryption storage to data, but only regulatory agency could obtain the information of data, not support the share and access to data, patent " a kind of to be related to the data sharing method of private data based on block chain " realizes the identity of node by the way of private key combination Certification and data sharing, on the one hand, each node holds a part of private key jointly, still has a degree of safety hidden Suffer from, on the other hand, each node is the object that need to specify sharing uploading, and does not have dynamic scalability.In addition, above-mentioned Method is without providing the delete operation to data, when sharing some data with timeliness, it is difficult to safeguard data itself Validity.
Summary of the invention
It is an object of the present invention to provide a kind of block chain blacklist sharing methods using Hash desensitization process, to solve The problem of original blacklist data shared at high cost, data poor in timeliness and safety difference.
In order to solve the above technical problems, the technical solution adopted in the present invention is as follows:
A kind of block chain blacklist sharing method using Hash desensitization process, which comprises
Each operating mechanism builds the business platform and network node of oneself, and by network node access area belonging to each mechanism Block chain network;
Service request is sent to respective network node by business platform, wherein the service request includes blacklist Upload request, removal request and the inquiry request of data are at least desensitized and are encrypted to the partial data field of upload request Processing;
The block platform chain broadcasts the service request of a certain meshed network to the other network nodes of platform, according to Common recognition result is sought unity of action the service request in the whole network node, and carries out data update in the whole network node, wherein is asked for inquiry It asks, does not know together in the whole network node of block platform chain;
Wherein, blacklist data broadcasted application is in application server, and the application server is host node, with multiple merogenesis Point carries out data communication, blacklist data broadcast comprising steps of
Monitor blacklist data exchange request and the response between the partial node;
It is that each partial node distributes corresponding responsibility according to monitoring result;
The partial node that notice is not involved in this exchange is used as supervision side, verifies to the give-and-take conditions of exchange both sides;And
Notify the one-to-one carry out data exchange of partial node verified by give-and-take conditions.
Further, the block platform chain includes data Layer, network layer and intelligent contract, wherein
The data Layer, including slip condition database and mechanism operation log, the slip condition database is for recording platform The blacklist data of biography, the mechanism operation log are used to record the operation of update each time of the slip condition database;
The business platform calls the intelligent contract on respective network node, by the network layer to the whole network node broadcasts Corresponding service request, and sought unity of action the request according to common recognition result in the whole network node, meanwhile, the intelligence contract will also be each The service request of node is mapped as the read-write operation to slip condition database.
Further, the data record format of the slip condition database is made of following multiple fields:
Blacklist data={ call number, major key, detail information delete label, the identity of uploader }, wherein flat The blacklist data that platform uploads need to carry out field according to the predefined record format and fill in, and at least take off to major key Quick processing carries out algorithm for encryption processing to detail information field.
Further, include the following: to the common recognition process of service request
The service request of each network node mechanism is sent to Kafka cluster;
Kafka cluster collects all requests, and is ranked up by Kafka sort algorithm to all requests;
Ranked request queue is returned to each node by Kafka cluster;
Each node temporally or by number of deals to request queue carries out cutting, and each section is packaged into a block;
It is continuously generated new block during common recognition, after node receives block, the validity of transaction can be checked again for, and The operation is executed on the node of oneself.
Further, the upload process of the blacklist data includes the following steps:
Field is filled according to predefined data record format, major key and detail information including data, in respective industry Business system, which is submitted, uploads application;
Desensitization process is carried out to major key using SHA1 algorithm, using elliptic curve encryption algorithm and the public key of business side to detailed Feelings information is encrypted;
Call block chain intelligence contract method for uploading, by after desensitization and encryption data and public key be transmitted to On block platform chain;
The list method for uploading of intelligent contract can check whether the data repeat, if not repeating, send the request to Block chain the whole network node is known together;
After waiting common recognition confirmation, each network node data information is written into the slip condition database of each node and is protected It deposits, and deletion is denoted as 0.
Further, the deletion process of the blacklist data includes the following steps:
The record oneself uploaded is selected by business platform, submits the deletion application to the data;
The index value of the record is obtained, and elliptic curve cryptography is carried out to index value using the private key of business side;
The data-erasure method for calling block chain intelligence contract, is sent to block chain for index value, encrypted index value Platform;
The list delet method of intelligent contract using the public key in the corresponding data of index value to encrypted index value into Row decryption is refused to delete the data if the index value that the index value and transmission after decryption come mismatches, if success, is broadcasted The request to the whole network is known together;
After waiting common recognition confirmation, the deletion of corresponding data information is denoted as 1 in each network node slip condition database.
Further, the query process of the blacklist data includes the following steps:
The plaintext of data major key to be checked is inputted in business platform, submits the inquiry request to the data;
The cryptographic Hash of major key is obtained using SHA1 algorithm;
The querying method for calling block chain intelligence contract, sends the cryptographic Hash of major key on block platform chain;
The querying method of intelligent contract is inquired in slip condition database according to the cryptographic Hash of major key, if not inquiring It arrives, then returns to sky;If inquiring corresponding record, index value in respective record, the detail information of encryption and upload are obtained The mark of person;
It requests network node inquiry request belonging to the mechanism of inquiry to carry out the whole network broadcast, and sends mechanism simultaneously Public key, data index value to be checked, the details ciphertext of encryption and the public key of uploader;
After other nodes of block chain network capture the inquiry request, can check uploader identify whether for oneself, if on Biography person is not oneself, then abandons the request, and otherwise, the details of encryption are decrypted using private key first, then using biography Come public key the information is encrypted, then encrypted using the details of private key pair encryption, two parts of ciphertexts and oneself Public key carries out the whole network broadcast;
After the mechanism of request inquiry captures return message, corresponding ciphertext is decrypted using the public key of uploader, It whether consistent with the ciphertext in slip condition database verifies ciphertext, if inconsistent, abandons the message, if unanimously, using oneself The corresponding ciphertext of key pair be decrypted, obtain required data detail information.
Further, new block establishes the link with existing newest block on node by Hash pointer.
Further, the network node of each mechanism need to call public private key pair generation method before accessing block chain network, The key Ks and public key Kp of oneself mechanism are generated, to support subsequent encryption and signature operation.
Based on another aspect of the present invention, a kind of shared system of the block chain sensitive data based on Hash desensitization process is also provided System, the system comprises: business platform and block platform chain, wherein
The business platform, for sending the service request of each mechanism to the block platform chain;
The block platform chain, receives the service request of the business platform, carries out in the overall network node of platform wide It broadcasts, is sought unity of action the service request according to common recognition result in the whole network node;Wherein,
The block platform chain includes multiple network nodes built by said mechanism and access block chain network, the industry Platform be engaged in by the data upload interface of platform, data deletion interface and data-query interfaces, respectively to respective network node It sends data and uploads service request, data deletion service request and data query service request, wherein asked for inquiry business It asks, does not know together in the whole network node of block platform chain.
Compared with prior art, the shared side of a kind of block chain blacklist using Hash desensitization process disclosed in this invention Method has reached following technical effect:
1, the shared model of decentralization operating agency is not necessarily to build data center, reduces its operation and construction cost, To reduce the cost of sensitive data acquisition;Data providing is established by block chain network and the point-to-point of data recipient is led to Letter, effectively reduces the cost of data acquisition, and using the cryptographic Hash on block chain come the authenticity of verify data.
2, each mechanism in platform can upload at any time, delete and obtain corresponding data, establish for the data analysis of each mechanism Fixed basis meets the requirement such as timeliness and scale of sensitive data to realize the mutual reciprocity and mutual benefit of each mechanism.
3, block chain can guarantee to upload can not distorting for data, establish the data participated between mechanism and trust, protect number According to safety;By in sensitive data storage to block chain by the way of desensitization and encryption, the invariance of sensitive data ensure that And safety.
Detailed description of the invention
Fig. 1 is described in the embodiment of the present invention using the principle of the block chain blacklist sharing method of Hash desensitization process Figure.
Fig. 2 is to use in the block chain sensitive data shared system based on Hash desensitization process described in the embodiment of the present invention The network topological diagram of four mechanisms.
Fig. 3 is the framework of the block chain sensitive data shared system based on Hash desensitization process described in the embodiment of the present invention Figure.
Fig. 4 is that data described in the embodiment of the present invention upload flow chart.
Fig. 5 is that data described in the embodiment of the present invention delete flow chart.
Fig. 6 is data query flow chart described in the embodiment of the present invention.
Specific embodiment
Below in conjunction with attached drawing, invention is further described in detail, but not as a limitation of the invention.
It is shown in reference picture 1, Fig. 2, a kind of black name of block chain using Hash desensitization process disclosed in the embodiment of the present invention Single sharing method, the method realize that the method includes as follows based on the business platform and block platform chain built:
Step S1: each operating mechanism builds the business platform and network node of oneself, and by network section belonging to each mechanism Point access block chain network.
Step S2: each mechanism sends service request to respective network node by business platform, wherein the business is asked Ask upload request, removal request and inquiry request including blacklist data, at least to the partial data field of upload request into Row desensitization and encryption;By desensitizing and encrypting the safety for guaranteeing that data are transmitted.
Step S3: the block platform chain to the service request from a certain meshed network to the other network nodes of platform into Row broadcast is sought unity of action in the whole network node according to common recognition result or is not executed the service request, and carries out data in the whole network node It updates, wherein be directed to inquiry request, do not know together in the whole network node of block platform chain, namely for the upper of blacklist data Biography and removal request, need to know together in the whole network node, but are directed to data inquiry request, since it is not related to the update of data, It does not know together then.
For blacklist data broadcasted application in application server, the application server is host node, is clicked through with multiple merogenesis Row data communication, the blacklist data broadcast is comprising steps of monitor the blacklist data exchange request between the partial node And response;It is that each partial node distributes corresponding responsibility according to monitoring result;Notice is not involved in the partial node conduct of this exchange Supervision side verifies the give-and-take conditions of exchange both sides;And the one-to-one progress of partial node that notice is verified by give-and-take conditions Data exchange.
Participating in mechanism needs to build the access block chain network of network node belonging to each mechanism first to carry out being total to for block chain Know, then can by respective business platform to network node belonging to each mechanism send service request, accordingly with other mechanisms Network node communicated, realize to the reading and writing data of bottom block chain.The block platform chain is responsible for network node Synchronous and processing business platform request, guarantees the consistency of the system mode of each node of network.
Fig. 2 shows the schematic diagram for using four mechanism access block chain networks in the embodiment of the present invention, each mechanism has Oneself independent business platform and block chain node, the corresponding block chain node of each platform pass through a unified cluster Kafka It communicates, builds consensus with the foundation of other nodes.
In addition, it will be apparent to a skilled person that the service request in the embodiment of the present invention is not limited to upload, delete It removes, inquire three kinds of modes, further include other types of service that may be implemented, such as data downloading, data change etc..
Referring to shown in Fig. 3, Fig. 3 shows the interactive relation of block platform chain and business platform, and the block chain of bottom uses State machine reproduction technology safeguards a unified slip condition database and operation log on each node, wherein status data Library has recorded all responsive type information, and the record format of responsive type information is formed using multiple field combinations, and operation log Each mechanism is then completely had recorded to record the change of slip condition database.Network layer be responsible for the request of each node carry out broadcast or Common recognition.
Each record in slip condition database includes a responsive type information uploaded by a certain mechanism, mainly includes Following five fields: call number, major key, detail information, the identity for deleting label and uploader.Wherein, call number is by area The Transaction Identification Number of block chain is identified, and has global uniqueness, and deleting label is then a marker bit, for example passes through 0 or 1 table Show, for identifying whether the data have been deleted, other data major keys and detail information are all made of Encryption Algorithm and are encrypted, will Encrypted ciphertext is stored in the protection realized in slip condition database to data privacy.But those skilled in the art should manage Solution, the record format of the blacklist data in the embodiment of the present invention are not limited to five fields described above to indicate, when When in order to realize certain service request, part field can be used to fill in, or new field is added.
Operation log then have recorded the update each time to slip condition database operation, the identity including operating mechanism with And the relevant parameter of operation.The data sharing service request that all nodes of block chain can collect other node broadcasts (refers mainly to Data are uploaded and are deleted), and know together to the validity of request and sequence.According to common recognition as a result, by corresponding business operation It is packaged into a block, and new block is returned into each node of block chain.With accumulative, the block of data related traffic operation Platform chain can be continuously generated new block and add up, and the link of newest block is established by Hash pointer and had to new block, according to This indicates the sequence between block.For the historical data source that storage is come in, because they cannot be modified, we can be right Big data makees Hash processing, and adds timestamp, and there are on block chain.At following a certain moment, when we need to verify Initial data authenticity when, corresponding data can be done with same Hash processing, if the answer obtained be it is identical, Illustrate that data were not tampered with.
Block platform chain uses the business operation of intelligent contract mode implementation mechanism, and intelligent contract maps the operation of business It for the read-write operation to slip condition database, and is sought unity of action on the whole network node according to common recognition result, to guarantee each node state The consistency of database.One intelligent contract is a set of promise (promises) defined in digital form, including contract participates in Side can execute the agreement of these promises above.
Business platform can call the intelligent contract on each agency node, to the corresponding service request of the whole network node broadcasts, tool Body includes the upload, deletion and inquiry three categories operation of blacklist data.According to required business operation type, the intelligence of calling Contract method is different, such as when needing to upload data, calls the data uploading method of block chain intelligence contract, when needing to delete When data, the data-erasure method of block chain intelligence contract is called, when needing to inquire data, calls block chain intelligence contract Data query method.
Below by taking this blacklist data of blacklist as an example, to use Hash desensitization process disclosed in the embodiment of the present invention Block chain blacklist sharing method be described in detail.
In the embodiment of the present invention, the block platform chain, mainly comprising data Layer, network layer and intelligence and about three portions Point.
Data Layer includes two parts: first is blacklist slip condition database, has recorded the black of all mechanisms uploads List data, second is mechanism operation log, with the upload and delete operation of all mechanisms of chained structured record, inquiry Operation is not known together, and is not also modified, is not recorded into operation log to database.
The format of the every data library record of blacklist slip condition database is as follows:
Black list information={ call number, identity card, name, blacklist detail information upload the public key of mechanism, delete mark Note }, wherein call number is confirmed that identity card and name are all made of the progress of SHA1 algorithm by recent operation ID (Transaction Identification Number) Desensitization process;Blacklist detail information carries out elliptic curve cryptography using the public key of uploader, deletes and is labeled as 0 or 1, if 0, It indicates that the data are not deleted, if 1, indicates that the data have been deleted;Database uses KV database realizing, with identity card It is major key with name.
Operation log then has recorded the operation of the update each time to blacklist slip condition database, the identity including operating mechanism Mark and the relevant parameter of operation.Operation log will update operation all as a transaction each time, and generate an overall situation Unique Transaction Identification Number is identified it.Operation log is stored with chain structure, and link chronologically connects different areas Block, each block encapsulate the transaction of several sequences, and block head then has recorded the cryptographic Hash of a block.Once area before Block message is changed, occur as soon as block chain link not on phenomenon, can effectively prevent data tampering behavior.
The essential core of block chain is to know together to operation collected by network node, and generate block, of the invention Common recognition process is as follows:
1. the service request of network node mechanism is sent to Kafka cluster by respective block chain node;
2.Kafka cluster collects all requests, and is ranked up by Kafka sort algorithm to all requests;
Ranked request queue is returned to each node by 3.Kafka cluster;
4. each node temporally or by number of deals to request queue carries out cutting, each part is packaged into a block;
5. being continuously generated new block during the common recognition of block chain, after node receives block, can check again for trading Validity, and the operation is executed on the node of oneself.
All operations on block chain are executed using intelligent contract, i.e., are realized using intelligent contract to blacklist state The read-write operation of database.The blacklist that block chain realizes intelligent contract uploads, deletes and inquires three big methods, is put down by business Platform is called according to different business demands.Wherein, method for uploading is that black list information is written in slip condition database;It deletes Except method is that corresponding blacklist is deleted label to be written as 1;Issuer's rule is read according to the identity card and name of blacklist Corresponding blacklist record.
Business platform can call the intelligent contract on agency node, by network layer to the corresponding business of the whole network node broadcasts Request specifically includes the upload, deletion and inquiry three categories operation of blacklist.
Referring to shown in Fig. 4, the upload of blacklist is that the black list information of newest collection is uploaded to the black name of block chain by mechanism The process of single slip condition database, mainly comprises the steps of:
1, the business personnel of mechanism fills in field according to predefined blacklist data format, the surname including blacklist personnel Name N, identity card ID, blacklist details M, submit in operation system and upload application.
2, it uploads interface and desensitization process is carried out to name N and identity card ID using SHA1 algorithm, it is close to obtain corresponding name Then literary Ns and identity card ciphertext IDs carries out blacklist details M using elliptic curve encryption algorithm and the public key Kp of business side Encryption, obtains the ciphertext Ms of details;Data desensitization technology based on block chain can guarantee data privacy, be under secret protection Data opening provides solution.Data desensitization technology mainly uses the Encryption Algorithm such as Hash processing.
3, the method for uploading that interface calls block chain intelligence contract is uploaded, it will be by desensitizing and the data after encryption Ns, IDs and Ms, public key Kp pass to the method interface of intelligent contract as parameter.
4, the list method for uploading of intelligent contract can check that the blacklist is believed according to name ciphertext Ns and identity card ciphertext IDs The repeatability of breath sends the request to block chain the whole network and knows together if not repeating, if repeating, to mechanism business Platform returns to list repetition message.
5, wait common recognition confirmation after, each network node black list information be written into the slip condition database of each node into Row saves, and deletion is denoted as 0.
Referring to Figure 5, the deletion of blacklist is that the black list information uploaded before mechanism is deleted by mechanism, is mainly wrapped Containing following steps:
1, the business personnel of mechanism selects the record that mechanism uploads, and deletes in operation system submission to the blacklist Except application.
2, the index value H that interface obtains the record is deleted, and oval song is carried out to index value using the private key Ks of business side Line encryption, obtains corresponding index value ciphertext Hs.
3, the list delet method that interface calls block chain intelligence contract is deleted, by index value H, encrypted index value Hs It is sent to the method interface of intelligent contract.
4, the list delet method of intelligent contract using the public key Kp in the corresponding blacklist data of index value H to encryption after Index value Hs be decrypted, if decryption after index value H ' and transmission come index value H mismatch, refuse to delete the black name It is single, if success, broadcasts the request to the whole network and knows together.
5, after waiting common recognition confirmation, the deletion of corresponding black list information marks note in each network node slip condition database It is 1.
Referring to shown in Fig. 6, whether it is blacklist that the inquiry of blacklist is mechanism according to identity card and the name lookup user User, and the process of blacklist specifying information is obtained, mainly comprise the steps of:
1, the business personnel of mechanism inputs the identity card N and name ID of black list information to be checked, mentions in business platform Hand over the inquiry request to the blacklist.
2, query interface obtains the cryptographic Hash Ns and IDs of identity card and name using SHA1 algorithm;
3, query interface calls the querying method of block chain intelligence contract, by the cryptographic Hash Ns and IDs of identity card and name It is sent to the method interface of intelligent contract.
4, the querying method of intelligent contract is according to the cryptographic Hash Ns and IDs of identity card and name, in blacklist status data It is inquired in library, if not inquiring, returns to sky;If inquiring corresponding record, the index in respective record is obtained The public key Kp of value H, the blacklist details Ms of encryption and uploader.
5, network node inquiry request the whole network broadcast of mechanism is inquired, and sends the public key Kp1, to be checked of mechanism simultaneously Blacklist index value H, the details ciphertext Ms of encryption and the public key Kp of uploader of inquiry.
6, after other nodes of network capture the inquiry request, can check whether uploader public key is oneself public key, if It is not then to abandon the request, otherwise, the details Ms of encryption is decrypted using private key Ks first, then using transmits Public key encrypts the Kp1 information, obtains details ciphertext Ms1, is then carried out using details Ms of the private key Ks to original encryption Two parts of ciphertext Ms1 and Ms2 and the public key Kp of oneself are carried out the whole network broadcast by encryption, the ciphertext Ms2 after being signed.
7, after inquiry mechanism captures return message, corresponding ciphertext Ms2 is decrypted using the public key Kp of uploader, Whether the ciphertext Ms3 after verifying decryption is consistent with the ciphertext Ms in slip condition database, if inconsistent, abandons the message, if one It causes, then corresponding ciphertext Ms1 is decrypted using the key Ks1 of oneself, obtains required blacklist detail information M.
A kind of block chain blacklist sharing method using Hash desensitization process disclosed in the embodiment of the present invention is located at area Each mechanism of block chain interior joint can upload at any time, delete and obtain corresponding data, lay the foundation for the data analysis of each mechanism, To realize the mutual reciprocity and mutual benefit of each mechanism, also meet the requirement such as timeliness and scale of sensitive data.In addition, blacklist data Upper crossing, by the way of desensitization and encryption by sensitive data storage to the invariance that on block chain, ensure that sensitive data and Safety.
Again referring to figure 2., shown in Fig. 3, correspond to the above method, another embodiment of the present invention additionally provides a kind of base In the block chain sensitive data shared system of Hash desensitization process, to execute the above method, the system comprises: business platform With block platform chain, wherein
The business platform is built by each participation mechanism, and the business for sending each mechanism to the block platform chain is asked It asks, and receives the processing result returned from the block platform chain;
The block platform chain, receives the service request of the business platform, carries out in the overall network node of platform wide It broadcasts, sought unity of action according to common recognition result in the whole network node or does not execute the service request, and return to processing result to the business Platform;Wherein,
The block platform chain includes multiple network nodes built by said mechanism and access block chain network, each business Platform sends corresponding service request by respective network node, and the business platform includes that data upload interface, data are deleted Except interface and data-query interfaces, it is respectively used to the upload, deletion and inquiry of blacklist data, wherein at least for by upper It passes the partial data field that interface uploads and carries out desensitization and data encryption, requested for inquiry business, in block platform chain The whole network node do not know together, and for upload and removal request, then need by the whole network know together rear each node status number It is updated according to library.
The not detailed place of blacklist data processing system described in the embodiment of the present invention, please refers in above-described embodiment Sensitive data sharing method, and therefore not to repeat here.
Proposed by the invention realizes that the blacklist data of decentralization shares scheme using block chain, has not only widened area The application field of block chain technology, be also the fields such as finance, safety sensitive data it is shared provide a kind of new solution route and Thinking solves the problems such as original sensitive data shared timeliness and safety at high cost, data are poor.
Several preferred embodiments of the invention have shown and described in above description, but as previously described, it should be understood that the present invention Be not limited to forms disclosed herein, should not be regarded as an exclusion of other examples, and can be used for various other combinations, Modification and environment, and the above teachings or related fields of technology or knowledge can be passed through within that scope of the inventive concept describe herein It is modified.And changes and modifications made by those skilled in the art do not depart from the spirit and scope of the present invention, then it all should be in this hair In the protection scope of bright appended claims.

Claims (10)

1. a kind of block chain blacklist sharing method using Hash desensitization process, which is characterized in that the described method includes:
Each operating mechanism builds the business platform and network node of oneself, and network node belonging to each mechanism is accessed block chain Network;
Service request is sent to respective network node by business platform, wherein the service request includes blacklist data Upload request, removal request and inquiry request, at least to the partial data field of upload request carry out desensitization and encryption;
The block platform chain broadcasts the service request of a certain meshed network to the other network nodes of platform, according to common recognition As a result it seeks unity of action or does not execute the service request in the whole network node, and carry out data update in the whole network node, wherein for looking into Request is ask, is not known together in the whole network node of block platform chain;
Wherein, for blacklist data broadcasted application in application server, the application server is host node, is clicked through with multiple merogenesis Row data communication, blacklist data broadcast comprising steps of
Monitor blacklist data exchange request and the response between the partial node;
It is that each partial node distributes corresponding responsibility according to monitoring result;
The partial node that notice is not involved in this exchange is used as supervision side, verifies to the give-and-take conditions of exchange both sides;And
Notify the one-to-one carry out data exchange of partial node verified by give-and-take conditions.
2. using the block chain blacklist sharing method of Hash desensitization process as described in claim 1, which is characterized in that the party Method further comprises the steps of: before being monitored
The blacklist data uploaded to partial node is verified in advance;
Verification classification processing is carried out to the partial node according to pre- check results.
3. using the block chain blacklist sharing method of Hash desensitization process as claimed in claim 2, which is characterized in that described Pre- checking procedure is whether host node meets the requirements according to the preset rules verifying blacklist data, the preset rules packet Include: data format is correct, privacy of user cannot be written, and cannot have repetition, missing, false data.
4. using the block chain blacklist sharing method of Hash desensitization process as claimed in claim 2, which is characterized in that described It is that corresponding switch-level is arranged in the corresponding partial node that verification classification processing, which is according to the standard degree of the blacklist data, Then corresponding transaction coin is authorized and distributed to the partial node.
5. using the block chain blacklist sharing method of Hash desensitization process as claimed in claim 4, which is characterized in that described Verification classification processing further include:
It is arranged when the standard degree of the blacklist data is higher, the partial node exchanges to more number with less transaction coin According to;
It is the transaction coin that the partial node distributes corresponding number according to the data volume of the blacklist data and preset ratio.
6. using the block chain blacklist sharing method of Hash desensitization process as claimed in claim 2, which is characterized in that described It is that the step of each partial node distributes corresponding responsibility specifically includes according to monitoring result:
Request of data side is configured by the partial node for issuing blacklist data exchange request, will have agreed to the blacklist data exchange The partial node of request is configured to data providing, anti-in blacklist data exchange request and response or the response by not issuing Feedback result is to disagree the partial node of the blacklist data exchange request or choose wherein one or more to be configured to supervise Side.
7. using the block chain blacklist sharing method of Hash desensitization process as claimed in claim 3, which is characterized in that described Give-and-take conditions include whether the blacklist data of data providing offer meets whether the preset rules and request of data side have Enough transaction coin, when exchange both sides reach give-and-take conditions, i.e., the blacklist data that data providing provides meets described pre- If rule and request of data side there are enough transaction coin corresponding with the blacklist data, indicate that verification passes through.
8. as claimed in claim 2 based on the blacklist data processing system of block chain, which is characterized in that described to pass through The step of partial node one-to-one progress data exchange of give-and-take conditions verification, specifically includes:
The request of data side is calculated according to the data volume of the switch-level of the request of data side and blacklist data to need to prop up The transaction coin paid;
After the request of data side is paid successfully, the blacklist data replication synchronization that the data providing is uploaded is to described Request of data side.
9. using the block chain blacklist sharing method of Hash desensitization process as described in claim 1, which is characterized in that described Block platform chain includes data Layer, network layer and intelligent contract, wherein
The data Layer, including slip condition database and mechanism operation log, the slip condition database are used to record platform upload Blacklist data, the mechanism operation log are used to record the operation of update each time of the slip condition database;
The business platform calls the intelligent contract on respective network node, corresponding to the whole network node broadcasts by the network layer Service request, and sought unity of action or do not executed the request according to common recognition result in the whole network node, meanwhile, the intelligence contract is also The service request of each node is mapped as the read-write operation to slip condition database.
10. using the block chain blacklist sharing method of Hash desensitization process as described in claim 1, which is characterized in that each The network node of mechanism need to call public private key pair generation method, generate the key of oneself mechanism before accessing block chain network Ks and public key Kp, to support subsequent encryption and signature operation.
CN201810501190.3A 2018-05-23 2018-05-23 Using the block chain blacklist sharing method of Hash desensitization process Pending CN110532786A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810501190.3A CN110532786A (en) 2018-05-23 2018-05-23 Using the block chain blacklist sharing method of Hash desensitization process

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810501190.3A CN110532786A (en) 2018-05-23 2018-05-23 Using the block chain blacklist sharing method of Hash desensitization process

Publications (1)

Publication Number Publication Date
CN110532786A true CN110532786A (en) 2019-12-03

Family

ID=68657950

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810501190.3A Pending CN110532786A (en) 2018-05-23 2018-05-23 Using the block chain blacklist sharing method of Hash desensitization process

Country Status (1)

Country Link
CN (1) CN110532786A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111526180A (en) * 2020-03-30 2020-08-11 中国建设银行股份有限公司 Data sharing method and device
CN111899019A (en) * 2020-07-28 2020-11-06 朱玮 Method and system for cross validation and sharing of blacklist and multiple parties

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107122477A (en) * 2017-05-02 2017-09-01 成都中远信电子科技有限公司 A kind of block chain storage system
CN107180350A (en) * 2017-03-31 2017-09-19 唐晓领 A kind of method of the multi-party shared transaction metadata based on block chain, apparatus and system
CN107392813A (en) * 2017-09-12 2017-11-24 杭州趣链科技有限公司 A kind of student status information sharing system based on block chain
CN107845032A (en) * 2017-10-24 2018-03-27 深圳四方精创资讯股份有限公司 Pledge method and its system based on block chain
CN107888375A (en) * 2017-11-08 2018-04-06 深圳市携网科技有限公司 A kind of electronic evidence safety system and method based on block chain technology
CN107896157A (en) * 2017-08-31 2018-04-10 上海壹账通金融科技有限公司 Blacklist data exchange method and application server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107180350A (en) * 2017-03-31 2017-09-19 唐晓领 A kind of method of the multi-party shared transaction metadata based on block chain, apparatus and system
CN107122477A (en) * 2017-05-02 2017-09-01 成都中远信电子科技有限公司 A kind of block chain storage system
CN107896157A (en) * 2017-08-31 2018-04-10 上海壹账通金融科技有限公司 Blacklist data exchange method and application server
CN107392813A (en) * 2017-09-12 2017-11-24 杭州趣链科技有限公司 A kind of student status information sharing system based on block chain
CN107845032A (en) * 2017-10-24 2018-03-27 深圳四方精创资讯股份有限公司 Pledge method and its system based on block chain
CN107888375A (en) * 2017-11-08 2018-04-06 深圳市携网科技有限公司 A kind of electronic evidence safety system and method based on block chain technology

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111526180A (en) * 2020-03-30 2020-08-11 中国建设银行股份有限公司 Data sharing method and device
CN111526180B (en) * 2020-03-30 2022-05-24 中国建设银行股份有限公司 Data sharing method and device
CN111899019A (en) * 2020-07-28 2020-11-06 朱玮 Method and system for cross validation and sharing of blacklist and multiple parties

Similar Documents

Publication Publication Date Title
CN110502916A (en) A kind of sensitive data processing method and system based on block chain
CN109858272A (en) Blacklist data processing system based on block chain
CN112989415B (en) Private data storage and access control method and system based on block chain
CN110060162A (en) Data grant, querying method and device based on block chain
CN109729168A (en) A kind of data share exchange system and method based on block chain
CN109120639A (en) A kind of data cloud storage encryption method and system based on block chain
CN108471350A (en) Trust data computational methods based on block chain
CN110059503A (en) The retrospective leakage-preventing method of social information
CN110032545A (en) File memory method, system and electronic equipment based on block chain
CN108390891A (en) Information protecting method based on privately owned block chain
CN112418860A (en) Block chain efficient management framework based on cross-chain technology and working method
CN108429759A (en) Decentralization stores safety implementation method
CN108632292A (en) Data sharing method based on alliance's chain and system
CN109246137A (en) The safety protecting method and device of naval warfare data based on block chain
Yao et al. PBCert: Privacy-preserving blockchain-based certificate status validation toward mass storage management
CN110932854B (en) Block chain key distribution system and method for Internet of things
CN112861172B (en) Symmetric searchable encryption method based on PBFT (public domain representation) consensus mechanism
CN111274599A (en) Data sharing method based on block chain and related device
CN112685790B (en) Block chain data security and privacy protection method
CN113065961A (en) Power block chain data management system
CN112200496A (en) Laboratory detection report management system based on block chain
CN115049398A (en) Complete data asset trusted management and value transfer system and method
CN112966022B (en) Information query method, device and system of data transaction platform
CN112532718A (en) Block chain based offshore equipment data sharing system, method and medium
CN113554421A (en) Police affair resource data governance cooperation method based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191203

RJ01 Rejection of invention patent application after publication