CN110532786A - Using the block chain blacklist sharing method of Hash desensitization process - Google Patents
Using the block chain blacklist sharing method of Hash desensitization process Download PDFInfo
- Publication number
- CN110532786A CN110532786A CN201810501190.3A CN201810501190A CN110532786A CN 110532786 A CN110532786 A CN 110532786A CN 201810501190 A CN201810501190 A CN 201810501190A CN 110532786 A CN110532786 A CN 110532786A
- Authority
- CN
- China
- Prior art keywords
- data
- blacklist
- request
- node
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 100
- 238000000586 desensitisation Methods 0.000 title claims abstract description 36
- 230000008569 process Effects 0.000 title claims abstract description 34
- 230000007246 mechanism Effects 0.000 claims abstract description 64
- 230000004044 response Effects 0.000 claims abstract description 6
- 238000012544 monitoring process Methods 0.000 claims abstract description 5
- 238000012545 processing Methods 0.000 claims description 15
- 230000009471 action Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims 5
- 230000010076 replication Effects 0.000 claims 1
- 238000012217 deletion Methods 0.000 description 12
- 230000037430 deletion Effects 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 8
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 5
- 238000012790 confirmation Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 238000009825 accumulation Methods 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Algebra (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Power Engineering (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of block chain blacklist sharing methods using Hash desensitization process, which comprises each operating mechanism builds the business platform and network node of oneself, and network node belonging to each mechanism is accessed block chain network;Service request is sent to respective network node by business platform, wherein the service request includes the upload request, removal request and inquiry request of blacklist data, at least carries out desensitization and encryption to the partial data field of upload request;Monitor blacklist data exchange request and the response between the partial node;It is that each partial node distributes corresponding responsibility according to monitoring result;The partial node that notice is not involved in this exchange is used as supervision side, verifies to the give-and-take conditions of exchange both sides;And the one-to-one carry out data exchange of partial node that notice is verified by give-and-take conditions.The present invention solves the problems, such as that shared at high cost, data the timeliness of original sensitive data and safety are poor.
Description
Technical field
The present invention relates to Internet technical fields, systems a kind of block chain using Hash desensitization process
Blacklist sharing method.
Background technique
With the rise of big data and internet, data driven technique have become all kinds of industry developments mainstream technology it
One.The data for constructing enough scales are the bases of data driven technique, but data accumulation will usually expend a large amount of manpower object
Power.For this problem, by integrating the data with existing of different institutions, allow multiple mechanisms carry out data sharings be undoubtedly it is a kind of compared with
Good solution.But the exchange of data and shared to the safety of data, timeliness and true is carried out between different institutions
Property has certain requirement.Especially face it is some be related on the sensitive datas such as privacy, trade secret, such as blacklist, reference,
The user data such as white list, seek a kind of effective data sharing method be still have in related fields problem to be solved it
One.
Traditional database technology usually requires the operating agency of a centralization to construct data center, and using multiple
The high security measures such as firewall protect the data not by hacker attack, and operation cost is high, once security breaches are broken,
Losing will be difficult to estimate, meanwhile, need to expend update and maintenance of a large amount of manpower realization to database, to greatly improve each
The cost of mechanism acquisition data.
In recent years, certain methods propose to realize the shared of data using block chain, by storing key message to area
On block chain, the data exchange of point-to-point type between different institutions can be directly established, to reduce the cost of data acquisition.Such as patent
It is real that " a kind of data sharing method based on block chain technology ", " data sharing method based on block chain " etc. are all made of block chain
Existing data are shared, but these methods concentrate on the restorability for guaranteeing data using the distributed nature of block chain, part side
Clear data is directly stored on chain by method, cannot play the role of protecting sensitive data privacy, " data based on block chain are total
Enjoy method " the shared mode of used key is difficult to meet the security requirement of sensitive data.It is currently, there are some by block chain
For the method for private data processing, as patent " the block chain private data access control method based on encryption attribute " realizes
Encryption storage to data, but only regulatory agency could obtain the information of data, not support the share and access to data, patent
" a kind of to be related to the data sharing method of private data based on block chain " realizes the identity of node by the way of private key combination
Certification and data sharing, on the one hand, each node holds a part of private key jointly, still has a degree of safety hidden
Suffer from, on the other hand, each node is the object that need to specify sharing uploading, and does not have dynamic scalability.In addition, above-mentioned
Method is without providing the delete operation to data, when sharing some data with timeliness, it is difficult to safeguard data itself
Validity.
Summary of the invention
It is an object of the present invention to provide a kind of block chain blacklist sharing methods using Hash desensitization process, to solve
The problem of original blacklist data shared at high cost, data poor in timeliness and safety difference.
In order to solve the above technical problems, the technical solution adopted in the present invention is as follows:
A kind of block chain blacklist sharing method using Hash desensitization process, which comprises
Each operating mechanism builds the business platform and network node of oneself, and by network node access area belonging to each mechanism
Block chain network;
Service request is sent to respective network node by business platform, wherein the service request includes blacklist
Upload request, removal request and the inquiry request of data are at least desensitized and are encrypted to the partial data field of upload request
Processing;
The block platform chain broadcasts the service request of a certain meshed network to the other network nodes of platform, according to
Common recognition result is sought unity of action the service request in the whole network node, and carries out data update in the whole network node, wherein is asked for inquiry
It asks, does not know together in the whole network node of block platform chain;
Wherein, blacklist data broadcasted application is in application server, and the application server is host node, with multiple merogenesis
Point carries out data communication, blacklist data broadcast comprising steps of
Monitor blacklist data exchange request and the response between the partial node;
It is that each partial node distributes corresponding responsibility according to monitoring result;
The partial node that notice is not involved in this exchange is used as supervision side, verifies to the give-and-take conditions of exchange both sides;And
Notify the one-to-one carry out data exchange of partial node verified by give-and-take conditions.
Further, the block platform chain includes data Layer, network layer and intelligent contract, wherein
The data Layer, including slip condition database and mechanism operation log, the slip condition database is for recording platform
The blacklist data of biography, the mechanism operation log are used to record the operation of update each time of the slip condition database;
The business platform calls the intelligent contract on respective network node, by the network layer to the whole network node broadcasts
Corresponding service request, and sought unity of action the request according to common recognition result in the whole network node, meanwhile, the intelligence contract will also be each
The service request of node is mapped as the read-write operation to slip condition database.
Further, the data record format of the slip condition database is made of following multiple fields:
Blacklist data={ call number, major key, detail information delete label, the identity of uploader }, wherein flat
The blacklist data that platform uploads need to carry out field according to the predefined record format and fill in, and at least take off to major key
Quick processing carries out algorithm for encryption processing to detail information field.
Further, include the following: to the common recognition process of service request
The service request of each network node mechanism is sent to Kafka cluster;
Kafka cluster collects all requests, and is ranked up by Kafka sort algorithm to all requests;
Ranked request queue is returned to each node by Kafka cluster;
Each node temporally or by number of deals to request queue carries out cutting, and each section is packaged into a block;
It is continuously generated new block during common recognition, after node receives block, the validity of transaction can be checked again for, and
The operation is executed on the node of oneself.
Further, the upload process of the blacklist data includes the following steps:
Field is filled according to predefined data record format, major key and detail information including data, in respective industry
Business system, which is submitted, uploads application;
Desensitization process is carried out to major key using SHA1 algorithm, using elliptic curve encryption algorithm and the public key of business side to detailed
Feelings information is encrypted;
Call block chain intelligence contract method for uploading, by after desensitization and encryption data and public key be transmitted to
On block platform chain;
The list method for uploading of intelligent contract can check whether the data repeat, if not repeating, send the request to
Block chain the whole network node is known together;
After waiting common recognition confirmation, each network node data information is written into the slip condition database of each node and is protected
It deposits, and deletion is denoted as 0.
Further, the deletion process of the blacklist data includes the following steps:
The record oneself uploaded is selected by business platform, submits the deletion application to the data;
The index value of the record is obtained, and elliptic curve cryptography is carried out to index value using the private key of business side;
The data-erasure method for calling block chain intelligence contract, is sent to block chain for index value, encrypted index value
Platform;
The list delet method of intelligent contract using the public key in the corresponding data of index value to encrypted index value into
Row decryption is refused to delete the data if the index value that the index value and transmission after decryption come mismatches, if success, is broadcasted
The request to the whole network is known together;
After waiting common recognition confirmation, the deletion of corresponding data information is denoted as 1 in each network node slip condition database.
Further, the query process of the blacklist data includes the following steps:
The plaintext of data major key to be checked is inputted in business platform, submits the inquiry request to the data;
The cryptographic Hash of major key is obtained using SHA1 algorithm;
The querying method for calling block chain intelligence contract, sends the cryptographic Hash of major key on block platform chain;
The querying method of intelligent contract is inquired in slip condition database according to the cryptographic Hash of major key, if not inquiring
It arrives, then returns to sky;If inquiring corresponding record, index value in respective record, the detail information of encryption and upload are obtained
The mark of person;
It requests network node inquiry request belonging to the mechanism of inquiry to carry out the whole network broadcast, and sends mechanism simultaneously
Public key, data index value to be checked, the details ciphertext of encryption and the public key of uploader;
After other nodes of block chain network capture the inquiry request, can check uploader identify whether for oneself, if on
Biography person is not oneself, then abandons the request, and otherwise, the details of encryption are decrypted using private key first, then using biography
Come public key the information is encrypted, then encrypted using the details of private key pair encryption, two parts of ciphertexts and oneself
Public key carries out the whole network broadcast;
After the mechanism of request inquiry captures return message, corresponding ciphertext is decrypted using the public key of uploader,
It whether consistent with the ciphertext in slip condition database verifies ciphertext, if inconsistent, abandons the message, if unanimously, using oneself
The corresponding ciphertext of key pair be decrypted, obtain required data detail information.
Further, new block establishes the link with existing newest block on node by Hash pointer.
Further, the network node of each mechanism need to call public private key pair generation method before accessing block chain network,
The key Ks and public key Kp of oneself mechanism are generated, to support subsequent encryption and signature operation.
Based on another aspect of the present invention, a kind of shared system of the block chain sensitive data based on Hash desensitization process is also provided
System, the system comprises: business platform and block platform chain, wherein
The business platform, for sending the service request of each mechanism to the block platform chain;
The block platform chain, receives the service request of the business platform, carries out in the overall network node of platform wide
It broadcasts, is sought unity of action the service request according to common recognition result in the whole network node;Wherein,
The block platform chain includes multiple network nodes built by said mechanism and access block chain network, the industry
Platform be engaged in by the data upload interface of platform, data deletion interface and data-query interfaces, respectively to respective network node
It sends data and uploads service request, data deletion service request and data query service request, wherein asked for inquiry business
It asks, does not know together in the whole network node of block platform chain.
Compared with prior art, the shared side of a kind of block chain blacklist using Hash desensitization process disclosed in this invention
Method has reached following technical effect:
1, the shared model of decentralization operating agency is not necessarily to build data center, reduces its operation and construction cost,
To reduce the cost of sensitive data acquisition;Data providing is established by block chain network and the point-to-point of data recipient is led to
Letter, effectively reduces the cost of data acquisition, and using the cryptographic Hash on block chain come the authenticity of verify data.
2, each mechanism in platform can upload at any time, delete and obtain corresponding data, establish for the data analysis of each mechanism
Fixed basis meets the requirement such as timeliness and scale of sensitive data to realize the mutual reciprocity and mutual benefit of each mechanism.
3, block chain can guarantee to upload can not distorting for data, establish the data participated between mechanism and trust, protect number
According to safety;By in sensitive data storage to block chain by the way of desensitization and encryption, the invariance of sensitive data ensure that
And safety.
Detailed description of the invention
Fig. 1 is described in the embodiment of the present invention using the principle of the block chain blacklist sharing method of Hash desensitization process
Figure.
Fig. 2 is to use in the block chain sensitive data shared system based on Hash desensitization process described in the embodiment of the present invention
The network topological diagram of four mechanisms.
Fig. 3 is the framework of the block chain sensitive data shared system based on Hash desensitization process described in the embodiment of the present invention
Figure.
Fig. 4 is that data described in the embodiment of the present invention upload flow chart.
Fig. 5 is that data described in the embodiment of the present invention delete flow chart.
Fig. 6 is data query flow chart described in the embodiment of the present invention.
Specific embodiment
Below in conjunction with attached drawing, invention is further described in detail, but not as a limitation of the invention.
It is shown in reference picture 1, Fig. 2, a kind of black name of block chain using Hash desensitization process disclosed in the embodiment of the present invention
Single sharing method, the method realize that the method includes as follows based on the business platform and block platform chain built:
Step S1: each operating mechanism builds the business platform and network node of oneself, and by network section belonging to each mechanism
Point access block chain network.
Step S2: each mechanism sends service request to respective network node by business platform, wherein the business is asked
Ask upload request, removal request and inquiry request including blacklist data, at least to the partial data field of upload request into
Row desensitization and encryption;By desensitizing and encrypting the safety for guaranteeing that data are transmitted.
Step S3: the block platform chain to the service request from a certain meshed network to the other network nodes of platform into
Row broadcast is sought unity of action in the whole network node according to common recognition result or is not executed the service request, and carries out data in the whole network node
It updates, wherein be directed to inquiry request, do not know together in the whole network node of block platform chain, namely for the upper of blacklist data
Biography and removal request, need to know together in the whole network node, but are directed to data inquiry request, since it is not related to the update of data,
It does not know together then.
For blacklist data broadcasted application in application server, the application server is host node, is clicked through with multiple merogenesis
Row data communication, the blacklist data broadcast is comprising steps of monitor the blacklist data exchange request between the partial node
And response;It is that each partial node distributes corresponding responsibility according to monitoring result;Notice is not involved in the partial node conduct of this exchange
Supervision side verifies the give-and-take conditions of exchange both sides;And the one-to-one progress of partial node that notice is verified by give-and-take conditions
Data exchange.
Participating in mechanism needs to build the access block chain network of network node belonging to each mechanism first to carry out being total to for block chain
Know, then can by respective business platform to network node belonging to each mechanism send service request, accordingly with other mechanisms
Network node communicated, realize to the reading and writing data of bottom block chain.The block platform chain is responsible for network node
Synchronous and processing business platform request, guarantees the consistency of the system mode of each node of network.
Fig. 2 shows the schematic diagram for using four mechanism access block chain networks in the embodiment of the present invention, each mechanism has
Oneself independent business platform and block chain node, the corresponding block chain node of each platform pass through a unified cluster Kafka
It communicates, builds consensus with the foundation of other nodes.
In addition, it will be apparent to a skilled person that the service request in the embodiment of the present invention is not limited to upload, delete
It removes, inquire three kinds of modes, further include other types of service that may be implemented, such as data downloading, data change etc..
Referring to shown in Fig. 3, Fig. 3 shows the interactive relation of block platform chain and business platform, and the block chain of bottom uses
State machine reproduction technology safeguards a unified slip condition database and operation log on each node, wherein status data
Library has recorded all responsive type information, and the record format of responsive type information is formed using multiple field combinations, and operation log
Each mechanism is then completely had recorded to record the change of slip condition database.Network layer be responsible for the request of each node carry out broadcast or
Common recognition.
Each record in slip condition database includes a responsive type information uploaded by a certain mechanism, mainly includes
Following five fields: call number, major key, detail information, the identity for deleting label and uploader.Wherein, call number is by area
The Transaction Identification Number of block chain is identified, and has global uniqueness, and deleting label is then a marker bit, for example passes through 0 or 1 table
Show, for identifying whether the data have been deleted, other data major keys and detail information are all made of Encryption Algorithm and are encrypted, will
Encrypted ciphertext is stored in the protection realized in slip condition database to data privacy.But those skilled in the art should manage
Solution, the record format of the blacklist data in the embodiment of the present invention are not limited to five fields described above to indicate, when
When in order to realize certain service request, part field can be used to fill in, or new field is added.
Operation log then have recorded the update each time to slip condition database operation, the identity including operating mechanism with
And the relevant parameter of operation.The data sharing service request that all nodes of block chain can collect other node broadcasts (refers mainly to
Data are uploaded and are deleted), and know together to the validity of request and sequence.According to common recognition as a result, by corresponding business operation
It is packaged into a block, and new block is returned into each node of block chain.With accumulative, the block of data related traffic operation
Platform chain can be continuously generated new block and add up, and the link of newest block is established by Hash pointer and had to new block, according to
This indicates the sequence between block.For the historical data source that storage is come in, because they cannot be modified, we can be right
Big data makees Hash processing, and adds timestamp, and there are on block chain.At following a certain moment, when we need to verify
Initial data authenticity when, corresponding data can be done with same Hash processing, if the answer obtained be it is identical,
Illustrate that data were not tampered with.
Block platform chain uses the business operation of intelligent contract mode implementation mechanism, and intelligent contract maps the operation of business
It for the read-write operation to slip condition database, and is sought unity of action on the whole network node according to common recognition result, to guarantee each node state
The consistency of database.One intelligent contract is a set of promise (promises) defined in digital form, including contract participates in
Side can execute the agreement of these promises above.
Business platform can call the intelligent contract on each agency node, to the corresponding service request of the whole network node broadcasts, tool
Body includes the upload, deletion and inquiry three categories operation of blacklist data.According to required business operation type, the intelligence of calling
Contract method is different, such as when needing to upload data, calls the data uploading method of block chain intelligence contract, when needing to delete
When data, the data-erasure method of block chain intelligence contract is called, when needing to inquire data, calls block chain intelligence contract
Data query method.
Below by taking this blacklist data of blacklist as an example, to use Hash desensitization process disclosed in the embodiment of the present invention
Block chain blacklist sharing method be described in detail.
In the embodiment of the present invention, the block platform chain, mainly comprising data Layer, network layer and intelligence and about three portions
Point.
Data Layer includes two parts: first is blacklist slip condition database, has recorded the black of all mechanisms uploads
List data, second is mechanism operation log, with the upload and delete operation of all mechanisms of chained structured record, inquiry
Operation is not known together, and is not also modified, is not recorded into operation log to database.
The format of the every data library record of blacklist slip condition database is as follows:
Black list information={ call number, identity card, name, blacklist detail information upload the public key of mechanism, delete mark
Note }, wherein call number is confirmed that identity card and name are all made of the progress of SHA1 algorithm by recent operation ID (Transaction Identification Number)
Desensitization process;Blacklist detail information carries out elliptic curve cryptography using the public key of uploader, deletes and is labeled as 0 or 1, if 0,
It indicates that the data are not deleted, if 1, indicates that the data have been deleted;Database uses KV database realizing, with identity card
It is major key with name.
Operation log then has recorded the operation of the update each time to blacklist slip condition database, the identity including operating mechanism
Mark and the relevant parameter of operation.Operation log will update operation all as a transaction each time, and generate an overall situation
Unique Transaction Identification Number is identified it.Operation log is stored with chain structure, and link chronologically connects different areas
Block, each block encapsulate the transaction of several sequences, and block head then has recorded the cryptographic Hash of a block.Once area before
Block message is changed, occur as soon as block chain link not on phenomenon, can effectively prevent data tampering behavior.
The essential core of block chain is to know together to operation collected by network node, and generate block, of the invention
Common recognition process is as follows:
1. the service request of network node mechanism is sent to Kafka cluster by respective block chain node;
2.Kafka cluster collects all requests, and is ranked up by Kafka sort algorithm to all requests;
Ranked request queue is returned to each node by 3.Kafka cluster;
4. each node temporally or by number of deals to request queue carries out cutting, each part is packaged into a block;
5. being continuously generated new block during the common recognition of block chain, after node receives block, can check again for trading
Validity, and the operation is executed on the node of oneself.
All operations on block chain are executed using intelligent contract, i.e., are realized using intelligent contract to blacklist state
The read-write operation of database.The blacklist that block chain realizes intelligent contract uploads, deletes and inquires three big methods, is put down by business
Platform is called according to different business demands.Wherein, method for uploading is that black list information is written in slip condition database;It deletes
Except method is that corresponding blacklist is deleted label to be written as 1;Issuer's rule is read according to the identity card and name of blacklist
Corresponding blacklist record.
Business platform can call the intelligent contract on agency node, by network layer to the corresponding business of the whole network node broadcasts
Request specifically includes the upload, deletion and inquiry three categories operation of blacklist.
Referring to shown in Fig. 4, the upload of blacklist is that the black list information of newest collection is uploaded to the black name of block chain by mechanism
The process of single slip condition database, mainly comprises the steps of:
1, the business personnel of mechanism fills in field according to predefined blacklist data format, the surname including blacklist personnel
Name N, identity card ID, blacklist details M, submit in operation system and upload application.
2, it uploads interface and desensitization process is carried out to name N and identity card ID using SHA1 algorithm, it is close to obtain corresponding name
Then literary Ns and identity card ciphertext IDs carries out blacklist details M using elliptic curve encryption algorithm and the public key Kp of business side
Encryption, obtains the ciphertext Ms of details;Data desensitization technology based on block chain can guarantee data privacy, be under secret protection
Data opening provides solution.Data desensitization technology mainly uses the Encryption Algorithm such as Hash processing.
3, the method for uploading that interface calls block chain intelligence contract is uploaded, it will be by desensitizing and the data after encryption
Ns, IDs and Ms, public key Kp pass to the method interface of intelligent contract as parameter.
4, the list method for uploading of intelligent contract can check that the blacklist is believed according to name ciphertext Ns and identity card ciphertext IDs
The repeatability of breath sends the request to block chain the whole network and knows together if not repeating, if repeating, to mechanism business
Platform returns to list repetition message.
5, wait common recognition confirmation after, each network node black list information be written into the slip condition database of each node into
Row saves, and deletion is denoted as 0.
Referring to Figure 5, the deletion of blacklist is that the black list information uploaded before mechanism is deleted by mechanism, is mainly wrapped
Containing following steps:
1, the business personnel of mechanism selects the record that mechanism uploads, and deletes in operation system submission to the blacklist
Except application.
2, the index value H that interface obtains the record is deleted, and oval song is carried out to index value using the private key Ks of business side
Line encryption, obtains corresponding index value ciphertext Hs.
3, the list delet method that interface calls block chain intelligence contract is deleted, by index value H, encrypted index value Hs
It is sent to the method interface of intelligent contract.
4, the list delet method of intelligent contract using the public key Kp in the corresponding blacklist data of index value H to encryption after
Index value Hs be decrypted, if decryption after index value H ' and transmission come index value H mismatch, refuse to delete the black name
It is single, if success, broadcasts the request to the whole network and knows together.
5, after waiting common recognition confirmation, the deletion of corresponding black list information marks note in each network node slip condition database
It is 1.
Referring to shown in Fig. 6, whether it is blacklist that the inquiry of blacklist is mechanism according to identity card and the name lookup user
User, and the process of blacklist specifying information is obtained, mainly comprise the steps of:
1, the business personnel of mechanism inputs the identity card N and name ID of black list information to be checked, mentions in business platform
Hand over the inquiry request to the blacklist.
2, query interface obtains the cryptographic Hash Ns and IDs of identity card and name using SHA1 algorithm;
3, query interface calls the querying method of block chain intelligence contract, by the cryptographic Hash Ns and IDs of identity card and name
It is sent to the method interface of intelligent contract.
4, the querying method of intelligent contract is according to the cryptographic Hash Ns and IDs of identity card and name, in blacklist status data
It is inquired in library, if not inquiring, returns to sky;If inquiring corresponding record, the index in respective record is obtained
The public key Kp of value H, the blacklist details Ms of encryption and uploader.
5, network node inquiry request the whole network broadcast of mechanism is inquired, and sends the public key Kp1, to be checked of mechanism simultaneously
Blacklist index value H, the details ciphertext Ms of encryption and the public key Kp of uploader of inquiry.
6, after other nodes of network capture the inquiry request, can check whether uploader public key is oneself public key, if
It is not then to abandon the request, otherwise, the details Ms of encryption is decrypted using private key Ks first, then using transmits
Public key encrypts the Kp1 information, obtains details ciphertext Ms1, is then carried out using details Ms of the private key Ks to original encryption
Two parts of ciphertext Ms1 and Ms2 and the public key Kp of oneself are carried out the whole network broadcast by encryption, the ciphertext Ms2 after being signed.
7, after inquiry mechanism captures return message, corresponding ciphertext Ms2 is decrypted using the public key Kp of uploader,
Whether the ciphertext Ms3 after verifying decryption is consistent with the ciphertext Ms in slip condition database, if inconsistent, abandons the message, if one
It causes, then corresponding ciphertext Ms1 is decrypted using the key Ks1 of oneself, obtains required blacklist detail information M.
A kind of block chain blacklist sharing method using Hash desensitization process disclosed in the embodiment of the present invention is located at area
Each mechanism of block chain interior joint can upload at any time, delete and obtain corresponding data, lay the foundation for the data analysis of each mechanism,
To realize the mutual reciprocity and mutual benefit of each mechanism, also meet the requirement such as timeliness and scale of sensitive data.In addition, blacklist data
Upper crossing, by the way of desensitization and encryption by sensitive data storage to the invariance that on block chain, ensure that sensitive data and
Safety.
Again referring to figure 2., shown in Fig. 3, correspond to the above method, another embodiment of the present invention additionally provides a kind of base
In the block chain sensitive data shared system of Hash desensitization process, to execute the above method, the system comprises: business platform
With block platform chain, wherein
The business platform is built by each participation mechanism, and the business for sending each mechanism to the block platform chain is asked
It asks, and receives the processing result returned from the block platform chain;
The block platform chain, receives the service request of the business platform, carries out in the overall network node of platform wide
It broadcasts, sought unity of action according to common recognition result in the whole network node or does not execute the service request, and return to processing result to the business
Platform;Wherein,
The block platform chain includes multiple network nodes built by said mechanism and access block chain network, each business
Platform sends corresponding service request by respective network node, and the business platform includes that data upload interface, data are deleted
Except interface and data-query interfaces, it is respectively used to the upload, deletion and inquiry of blacklist data, wherein at least for by upper
It passes the partial data field that interface uploads and carries out desensitization and data encryption, requested for inquiry business, in block platform chain
The whole network node do not know together, and for upload and removal request, then need by the whole network know together rear each node status number
It is updated according to library.
The not detailed place of blacklist data processing system described in the embodiment of the present invention, please refers in above-described embodiment
Sensitive data sharing method, and therefore not to repeat here.
Proposed by the invention realizes that the blacklist data of decentralization shares scheme using block chain, has not only widened area
The application field of block chain technology, be also the fields such as finance, safety sensitive data it is shared provide a kind of new solution route and
Thinking solves the problems such as original sensitive data shared timeliness and safety at high cost, data are poor.
Several preferred embodiments of the invention have shown and described in above description, but as previously described, it should be understood that the present invention
Be not limited to forms disclosed herein, should not be regarded as an exclusion of other examples, and can be used for various other combinations,
Modification and environment, and the above teachings or related fields of technology or knowledge can be passed through within that scope of the inventive concept describe herein
It is modified.And changes and modifications made by those skilled in the art do not depart from the spirit and scope of the present invention, then it all should be in this hair
In the protection scope of bright appended claims.
Claims (10)
1. a kind of block chain blacklist sharing method using Hash desensitization process, which is characterized in that the described method includes:
Each operating mechanism builds the business platform and network node of oneself, and network node belonging to each mechanism is accessed block chain
Network;
Service request is sent to respective network node by business platform, wherein the service request includes blacklist data
Upload request, removal request and inquiry request, at least to the partial data field of upload request carry out desensitization and encryption;
The block platform chain broadcasts the service request of a certain meshed network to the other network nodes of platform, according to common recognition
As a result it seeks unity of action or does not execute the service request in the whole network node, and carry out data update in the whole network node, wherein for looking into
Request is ask, is not known together in the whole network node of block platform chain;
Wherein, for blacklist data broadcasted application in application server, the application server is host node, is clicked through with multiple merogenesis
Row data communication, blacklist data broadcast comprising steps of
Monitor blacklist data exchange request and the response between the partial node;
It is that each partial node distributes corresponding responsibility according to monitoring result;
The partial node that notice is not involved in this exchange is used as supervision side, verifies to the give-and-take conditions of exchange both sides;And
Notify the one-to-one carry out data exchange of partial node verified by give-and-take conditions.
2. using the block chain blacklist sharing method of Hash desensitization process as described in claim 1, which is characterized in that the party
Method further comprises the steps of: before being monitored
The blacklist data uploaded to partial node is verified in advance;
Verification classification processing is carried out to the partial node according to pre- check results.
3. using the block chain blacklist sharing method of Hash desensitization process as claimed in claim 2, which is characterized in that described
Pre- checking procedure is whether host node meets the requirements according to the preset rules verifying blacklist data, the preset rules packet
Include: data format is correct, privacy of user cannot be written, and cannot have repetition, missing, false data.
4. using the block chain blacklist sharing method of Hash desensitization process as claimed in claim 2, which is characterized in that described
It is that corresponding switch-level is arranged in the corresponding partial node that verification classification processing, which is according to the standard degree of the blacklist data,
Then corresponding transaction coin is authorized and distributed to the partial node.
5. using the block chain blacklist sharing method of Hash desensitization process as claimed in claim 4, which is characterized in that described
Verification classification processing further include:
It is arranged when the standard degree of the blacklist data is higher, the partial node exchanges to more number with less transaction coin
According to;
It is the transaction coin that the partial node distributes corresponding number according to the data volume of the blacklist data and preset ratio.
6. using the block chain blacklist sharing method of Hash desensitization process as claimed in claim 2, which is characterized in that described
It is that the step of each partial node distributes corresponding responsibility specifically includes according to monitoring result:
Request of data side is configured by the partial node for issuing blacklist data exchange request, will have agreed to the blacklist data exchange
The partial node of request is configured to data providing, anti-in blacklist data exchange request and response or the response by not issuing
Feedback result is to disagree the partial node of the blacklist data exchange request or choose wherein one or more to be configured to supervise
Side.
7. using the block chain blacklist sharing method of Hash desensitization process as claimed in claim 3, which is characterized in that described
Give-and-take conditions include whether the blacklist data of data providing offer meets whether the preset rules and request of data side have
Enough transaction coin, when exchange both sides reach give-and-take conditions, i.e., the blacklist data that data providing provides meets described pre-
If rule and request of data side there are enough transaction coin corresponding with the blacklist data, indicate that verification passes through.
8. as claimed in claim 2 based on the blacklist data processing system of block chain, which is characterized in that described to pass through
The step of partial node one-to-one progress data exchange of give-and-take conditions verification, specifically includes:
The request of data side is calculated according to the data volume of the switch-level of the request of data side and blacklist data to need to prop up
The transaction coin paid;
After the request of data side is paid successfully, the blacklist data replication synchronization that the data providing is uploaded is to described
Request of data side.
9. using the block chain blacklist sharing method of Hash desensitization process as described in claim 1, which is characterized in that described
Block platform chain includes data Layer, network layer and intelligent contract, wherein
The data Layer, including slip condition database and mechanism operation log, the slip condition database are used to record platform upload
Blacklist data, the mechanism operation log are used to record the operation of update each time of the slip condition database;
The business platform calls the intelligent contract on respective network node, corresponding to the whole network node broadcasts by the network layer
Service request, and sought unity of action or do not executed the request according to common recognition result in the whole network node, meanwhile, the intelligence contract is also
The service request of each node is mapped as the read-write operation to slip condition database.
10. using the block chain blacklist sharing method of Hash desensitization process as described in claim 1, which is characterized in that each
The network node of mechanism need to call public private key pair generation method, generate the key of oneself mechanism before accessing block chain network
Ks and public key Kp, to support subsequent encryption and signature operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810501190.3A CN110532786A (en) | 2018-05-23 | 2018-05-23 | Using the block chain blacklist sharing method of Hash desensitization process |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810501190.3A CN110532786A (en) | 2018-05-23 | 2018-05-23 | Using the block chain blacklist sharing method of Hash desensitization process |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110532786A true CN110532786A (en) | 2019-12-03 |
Family
ID=68657950
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810501190.3A Pending CN110532786A (en) | 2018-05-23 | 2018-05-23 | Using the block chain blacklist sharing method of Hash desensitization process |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110532786A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111526180A (en) * | 2020-03-30 | 2020-08-11 | 中国建设银行股份有限公司 | Data sharing method and device |
CN111899019A (en) * | 2020-07-28 | 2020-11-06 | 朱玮 | Method and system for cross validation and sharing of blacklist and multiple parties |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107122477A (en) * | 2017-05-02 | 2017-09-01 | 成都中远信电子科技有限公司 | A kind of block chain storage system |
CN107180350A (en) * | 2017-03-31 | 2017-09-19 | 唐晓领 | A kind of method of the multi-party shared transaction metadata based on block chain, apparatus and system |
CN107392813A (en) * | 2017-09-12 | 2017-11-24 | 杭州趣链科技有限公司 | A kind of student status information sharing system based on block chain |
CN107845032A (en) * | 2017-10-24 | 2018-03-27 | 深圳四方精创资讯股份有限公司 | Pledge method and its system based on block chain |
CN107888375A (en) * | 2017-11-08 | 2018-04-06 | 深圳市携网科技有限公司 | A kind of electronic evidence safety system and method based on block chain technology |
CN107896157A (en) * | 2017-08-31 | 2018-04-10 | 上海壹账通金融科技有限公司 | Blacklist data exchange method and application server |
-
2018
- 2018-05-23 CN CN201810501190.3A patent/CN110532786A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107180350A (en) * | 2017-03-31 | 2017-09-19 | 唐晓领 | A kind of method of the multi-party shared transaction metadata based on block chain, apparatus and system |
CN107122477A (en) * | 2017-05-02 | 2017-09-01 | 成都中远信电子科技有限公司 | A kind of block chain storage system |
CN107896157A (en) * | 2017-08-31 | 2018-04-10 | 上海壹账通金融科技有限公司 | Blacklist data exchange method and application server |
CN107392813A (en) * | 2017-09-12 | 2017-11-24 | 杭州趣链科技有限公司 | A kind of student status information sharing system based on block chain |
CN107845032A (en) * | 2017-10-24 | 2018-03-27 | 深圳四方精创资讯股份有限公司 | Pledge method and its system based on block chain |
CN107888375A (en) * | 2017-11-08 | 2018-04-06 | 深圳市携网科技有限公司 | A kind of electronic evidence safety system and method based on block chain technology |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111526180A (en) * | 2020-03-30 | 2020-08-11 | 中国建设银行股份有限公司 | Data sharing method and device |
CN111526180B (en) * | 2020-03-30 | 2022-05-24 | 中国建设银行股份有限公司 | Data sharing method and device |
CN111899019A (en) * | 2020-07-28 | 2020-11-06 | 朱玮 | Method and system for cross validation and sharing of blacklist and multiple parties |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110502916A (en) | A kind of sensitive data processing method and system based on block chain | |
CN109858272A (en) | Blacklist data processing system based on block chain | |
CN112989415B (en) | Private data storage and access control method and system based on block chain | |
CN110060162A (en) | Data grant, querying method and device based on block chain | |
CN109729168A (en) | A kind of data share exchange system and method based on block chain | |
CN109120639A (en) | A kind of data cloud storage encryption method and system based on block chain | |
CN108471350A (en) | Trust data computational methods based on block chain | |
CN110059503A (en) | The retrospective leakage-preventing method of social information | |
CN110032545A (en) | File memory method, system and electronic equipment based on block chain | |
CN108390891A (en) | Information protecting method based on privately owned block chain | |
CN112418860A (en) | Block chain efficient management framework based on cross-chain technology and working method | |
CN108429759A (en) | Decentralization stores safety implementation method | |
CN108632292A (en) | Data sharing method based on alliance's chain and system | |
CN109246137A (en) | The safety protecting method and device of naval warfare data based on block chain | |
Yao et al. | PBCert: Privacy-preserving blockchain-based certificate status validation toward mass storage management | |
CN110932854B (en) | Block chain key distribution system and method for Internet of things | |
CN112861172B (en) | Symmetric searchable encryption method based on PBFT (public domain representation) consensus mechanism | |
CN111274599A (en) | Data sharing method based on block chain and related device | |
CN112685790B (en) | Block chain data security and privacy protection method | |
CN113065961A (en) | Power block chain data management system | |
CN112200496A (en) | Laboratory detection report management system based on block chain | |
CN115049398A (en) | Complete data asset trusted management and value transfer system and method | |
CN112966022B (en) | Information query method, device and system of data transaction platform | |
CN112532718A (en) | Block chain based offshore equipment data sharing system, method and medium | |
CN113554421A (en) | Police affair resource data governance cooperation method based on block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191203 |
|
RJ01 | Rejection of invention patent application after publication |