CN110839015B - Log storage and reading method, device, equipment and medium based on block chain - Google Patents

Log storage and reading method, device, equipment and medium based on block chain Download PDF

Info

Publication number
CN110839015B
CN110839015B CN201910970065.1A CN201910970065A CN110839015B CN 110839015 B CN110839015 B CN 110839015B CN 201910970065 A CN201910970065 A CN 201910970065A CN 110839015 B CN110839015 B CN 110839015B
Authority
CN
China
Prior art keywords
log
stored
hash value
abstract
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910970065.1A
Other languages
Chinese (zh)
Other versions
CN110839015A (en
Inventor
夏子钦
羊志敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Financial Technology Co Ltd Shanghai
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN201910970065.1A priority Critical patent/CN110839015B/en
Publication of CN110839015A publication Critical patent/CN110839015A/en
Application granted granted Critical
Publication of CN110839015B publication Critical patent/CN110839015B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a log storage method based on a block chain, which comprises the following steps: receiving a log storage request uploaded by a client, wherein the log storage request carries a log to be stored; acquiring a log abstract and a log hash value of the log to be stored; generating safety check information according to the log to be stored, the log abstract and the log hash value; returning the safety check information to the client so that the client can verify whether the log to be stored is tampered according to the safety check information, and returning a storage confirmation notice when the log to be stored is verified not to be tampered; after receiving a storage confirmation notification returned by the client, storing the log to be stored in the client or a cloud storage end; performing digital signature on data formed by splicing the log abstract, the log hash value and the storage address of the log to be stored to obtain a second signature result; and storing the log abstract, the log hash value and the second signature result locally at the block chain server. The invention can improve the safety of the stored log.

Description

Log storage and reading method, device, equipment and medium based on block chain
Technical Field
The present invention relates to a block chain technology, and in particular, to a method, an apparatus, a device, and a medium for storing and reading a log based on a block chain.
Technical Field
With the rapid development of computer internet technology, services on the internet and the number of applications in the services have also increased explosively, and users can generate a large amount of service usage record data every day when using the services and application products provided by operators, and how to reliably store and collect the service usage record data generated by the users using the applications is beneficial to extracting the stored service usage record data subsequently, so that the user habits and user characteristic behaviors contained in the service usage record data are counted and analyzed by using the technologies of data analysis, data mining and the like, and valuable information for the operators is found out from the data, thereby guiding the application products to improve, expand and push out new application products, and helping the popularization of the application products.
In the prior art, various user service usage record data generated in the service and application product operation process are usually stored in the form of logs, and usually, the logs are stored locally or at a cloud storage end and then protected by various security mechanisms. However, the existing security mechanism cannot effectively identify the log tampering problem, and no matter what environment the log is stored in, a vulnerability may exist, and the log is vulnerable to accidental damage and the threat of counterfeiting original data.
Disclosure of Invention
In view of the above-mentioned deficiencies of the prior art, the present invention provides a method, an apparatus, a device and a medium for storing and reading a log based on a block chain, so as to improve the security of the stored log.
In order to achieve the above object, the present invention provides a block chain based log storage method, which is suitable for a block chain server and includes the following steps:
receiving a log storage request uploaded by a client, wherein the log storage request carries a log to be stored;
acquiring a log abstract and a log hash value of the log to be stored;
generating safety check information according to the log to be stored, the log abstract and the log hash value;
returning the security check information to the client so that the client can verify whether the log to be stored is tampered according to the security check information, and returning a storage confirmation notice when the log to be stored is verified not to be tampered;
after receiving a storage confirmation notification returned by the client, storing the log to be stored in the client or a cloud storage end;
performing digital signature on data formed by splicing the log abstract, the log hash value and the storage address of the log to be stored to obtain a second signature result;
and storing the log abstract, the log hash value and the second signature result locally at the block chain server.
In an embodiment of the present invention, the step of generating the security check information according to the log to be stored, the log digest, and the log hash value includes:
performing digital signature on the data formed by splicing the log to be stored, the log abstract and the log hash value according to a pre-generated server-side private key to obtain a first signature result;
encrypting the data formed by splicing the log to be stored, the log abstract, the log hash value and the first signature result by adopting a preset symmetric key to obtain a first encryption result;
encrypting the symmetric key by adopting a client public key which is pre-sent by the client to obtain a second encryption result;
and determining the first encryption result and the second encryption result as the security check information.
In an embodiment of the present invention, the step of the client verifying whether the log to be stored is tampered with and returning a verification result according to the security check information includes:
decrypting the second encryption result by adopting a preset client private key corresponding to the client public key to obtain the symmetric key;
decrypting the first encryption result by adopting the symmetric key to obtain the log to be stored, the log abstract, the log hash value and a first signature result;
verifying the first signature result by adopting a server public key corresponding to the server private key received in advance, and obtaining the log to be stored, the log abstract and the log hash value again;
and judging whether the log to be stored, the log abstract and the log hash value obtained by decrypting the first encryption result are consistent with the log to be stored, the log abstract and the log hash value obtained by verifying the first signature result, if so, carrying out hash operation on the log to be stored, judging whether the result of the hash operation is consistent with the log hash value, if so, judging that the log to be stored is not tampered, otherwise, judging that the log to be stored is tampered.
In one embodiment of the invention, the method further comprises: before the log abstract and the log hash value of the log to be stored are obtained, desensitization processing is carried out on sensitive data in the log to be stored.
In an embodiment of the present invention, the desensitizing processing of the sensitive data in the log to be stored includes:
matching the sensitive data in the log to be stored according to a preset regular expression matching rule;
and desensitizing the matched sensitive data according to a preset desensitizing rule.
In an embodiment of the present invention, the step of obtaining the log digest and the log hash value of the log to be stored includes:
extracting field names of preset fields in the log to be stored to form the log abstract;
and carrying out hash operation on the log to be stored to obtain the hash value of the log.
In order to achieve the above object, the present invention further provides a block chain based log storage method, which is suitable for a client, and includes the following steps:
sending a log storage request to a block chain server, wherein the log storage request carries a log to be stored, so that the block chain server can obtain a log abstract and a log hash value of the log to be stored according to the log storage request, and then generate and return security check information according to the log to be stored, the log abstract and the log hash value;
verifying whether the log to be stored is tampered according to the safety verification information returned by the block chain server, returning a storage confirmation notification to the block chain server when the log to be stored is verified not to be tampered, so that the block chain server stores the log to be stored in a local client or a cloud storage end after receiving the storage confirmation notification, digitally signs data formed by splicing the log abstract, the log hash value and a storage address of the log to be stored, obtains a second signature result, and stores the log abstract, the log hash value and the second signature result in the block chain server.
In an embodiment of the present invention, the step of generating, by the blockchain server, the security check information according to the log to be stored, the log digest, and the log hash value includes:
performing digital signature on the data formed by splicing the log to be stored, the log abstract and the log hash value according to a pre-generated server-side private key to obtain a first signature result;
encrypting the data formed by splicing the log to be stored, the log abstract, the log hash value and the first signature result by adopting a preset symmetric key to obtain a first encryption result;
encrypting the symmetric key by adopting a pre-received client public key to obtain a second encryption result, and then returning the first encryption result and the second encryption result;
decrypting the second encryption result by adopting a preset client private key corresponding to the client public key to obtain the symmetric key;
and determining the first encryption result and the second encryption result as the security check information.
In an embodiment of the present invention, the step of verifying whether the log to be stored is tampered according to the security check information returned by the blockchain server includes:
decrypting the second encryption result by adopting a preset client private key corresponding to the client public key to obtain the symmetric key;
decrypting the first encryption result by adopting the symmetric key to obtain the log to be stored, the log abstract, the log hash value and a first signature result;
verifying the first signature result by adopting a server public key which is received in advance and corresponds to the server private key, and obtaining the log to be stored, the log abstract and the log hash value again;
and judging whether the log to be stored, the log abstract and the log hash value obtained by decrypting the first encryption result are consistent with the log to be stored, the log abstract and the log hash value obtained by verifying the first signature result, if so, carrying out hash operation on the log to be stored, judging whether the result of the hash operation is consistent with the log hash value, if so, judging that the log to be stored is not tampered, otherwise, judging that the log to be stored is tampered.
In one embodiment of the invention, the method further comprises: and before the block chain server acquires the log abstract and the log hash value of the log to be stored, desensitizing sensitive data in the log to be stored.
In an embodiment of the present invention, the step of desensitizing, by the blockchain server, the sensitive data in the log to be stored includes:
matching the sensitive data in the log to be stored according to a preset regular expression matching rule;
and desensitizing the matched sensitive data according to a preset desensitizing rule.
In an embodiment of the present invention, the step of acquiring the log digest and the log hash value of the log to be stored by the blockchain server includes:
extracting field names of preset fields in the log to be stored to form the log abstract;
and carrying out hash operation on the log to be stored to obtain the hash value of the log.
In order to achieve the above object, the present invention further provides a log reading method based on a block chain, which is suitable for a block chain server and is used for reading a log stored based on the foregoing method, and the reading method includes the following steps:
receiving a log query request sent by the client, wherein the log query request carries a preset identification field in a log to be queried;
and locally acquiring a log abstract, a log hash value and a second signature result corresponding to the preset identification field from the blockchain server and returning the log abstract, the log hash value and the second signature result to the client, so that the client can verify the second signature result to obtain the log abstract, the log hash value and a storage address in the second signature result, and then judging whether the log abstract and the log hash value locally acquired from the blockchain server are consistent with the log abstract and the log hash value in the second signature result, if so, acquiring the log to be queried from the client or the cloud storage end according to the acquired storage address.
In order to achieve the above object, the present invention further provides a log reading method based on a block chain, which is suitable for a client and is used for reading a log stored based on the foregoing method, and the reading method includes the following steps:
sending a log query request to the blockchain server, wherein the log query request carries a preset identification field in a log to be queried, so that the blockchain server locally obtains a log abstract, a log hash value and a second signature result corresponding to the preset identification field from the blockchain server and returns the log abstract, the log hash value and the second signature result;
verifying the returned second signature result by using the server public key to obtain a log abstract, a log hash value and a storage address in the second signature result;
and judging whether the log abstract and the log hash value acquired locally from the blockchain server are consistent with the log abstract and the log hash value in the second signature result, if so, acquiring the log to be queried from a client locally or a cloud storage terminal according to the acquired storage address.
In order to achieve the above object, the present invention further provides a block chain-based log storage device, including:
the storage request receiving module is used for receiving a log storage request uploaded by a client, wherein the log storage request carries a log to be stored;
the log abstract acquiring module is used for acquiring the log abstract of the log to be stored;
the log hash value acquisition module is used for acquiring the log hash value of the log to be stored;
the verification information generation module is used for generating safety verification information according to the log to be stored, the log abstract and the log hash value;
a check information returning module, configured to return the security check information to the client, so that the client verifies whether the log to be stored is tampered according to the security check information, and returns a storage confirmation notification when it is verified that the log to be stored is not tampered;
the log storage module is used for storing the log to be stored in the client or the cloud storage terminal after receiving a storage confirmation notification returned by the client;
the log index signature module is used for carrying out digital signature on data formed by splicing the log abstract, the log hash value and the storage address of the log to be stored to obtain a second signature result;
and the log index storage module is used for storing the log abstract, the log hash value and the second signature result in the local block chain server.
In an embodiment of the present invention, the step of generating, by the check information generating module, the security check information according to the log to be stored, the log digest and the log hash value includes:
performing digital signature on the data formed by splicing the log to be stored, the log abstract and the log hash value according to a pre-generated server-side private key to obtain a first signature result;
encrypting the data formed by splicing the log to be stored, the log abstract, the log hash value and the first signature result by adopting a preset symmetric key to obtain a first encryption result;
encrypting the symmetric key by adopting a client public key which is pre-sent by the client to obtain a second encryption result;
and determining the first encryption result and the second encryption result as the security check information.
In an embodiment of the present invention, the step of the client verifying whether the log to be stored is tampered with and returning a verification result according to the security check information includes:
decrypting the second encryption result by adopting a preset client private key corresponding to the client public key to obtain the symmetric key;
decrypting the first encryption result by adopting the symmetric key to obtain the log to be stored, the log abstract, the log hash value and a first signature result;
verifying the first signature result by adopting a server public key corresponding to the server private key received in advance, and obtaining the log to be stored, the log abstract and the log hash value again;
and judging whether the log to be stored, the log abstract and the log hash value obtained by decrypting the first encryption result are consistent with the log to be stored, the log abstract and the log hash value obtained by verifying the first signature result, if so, carrying out hash operation on the log to be stored, judging whether the result of the hash operation is consistent with the log hash value, if so, judging that the log to be stored is not tampered, otherwise, judging that the log to be stored is tampered.
In one embodiment of the invention, the apparatus further comprises: and the desensitization module is used for desensitizing the sensitive data in the log to be stored before acquiring the log digest and the log hash value of the log to be stored.
In an embodiment of the present invention, the desensitizing module performs desensitization processing on the sensitive data in the log to be stored, including:
matching the sensitive data in the log to be stored according to a preset regular expression matching rule;
and desensitizing the matched sensitive data according to a preset desensitizing rule.
In an embodiment of the present invention, the step of obtaining the log digest and the log hash value of the log to be stored includes:
the log abstract acquiring module is specifically used for extracting field names of preset fields in the log to be stored to form the log abstract;
the log hash value obtaining module is specifically configured to perform hash operation on the log to be stored to obtain the log hash value.
In order to achieve the above object, the present invention further provides a block chain-based log storage device, including:
the storage request sending module is used for sending a log storage request to the block chain server, wherein the log storage request carries a log to be stored, so that the block chain server can obtain a log abstract and a log hash value of the log to be stored according to the log storage request, and then generate and return security check information according to the log to be stored, the log abstract and the log hash value;
the verification module is used for verifying whether the log to be stored is tampered according to the safety verification information returned by the block chain server, and returning a storage confirmation notice to the block chain server when the log to be stored is verified not to be tampered, so that the block chain server stores the log to be stored in a local or cloud storage end of a client after receiving the storage confirmation notice, digitally signs data formed by splicing the log abstract, the log hash value and the storage address of the log to be stored, obtains a second signature result, and then stores the log abstract, the log hash value and the second signature result in the block chain server.
In an embodiment of the present invention, the step of generating, by the blockchain server, the security check information according to the log to be stored, the log digest, and the log hash value includes:
performing digital signature on the data formed by splicing the log to be stored, the log abstract and the log hash value according to a pre-generated server-side private key to obtain a first signature result;
encrypting the data formed by splicing the log to be stored, the log abstract, the log hash value and the first signature result by adopting a preset symmetric key to obtain a first encryption result;
encrypting the symmetric key by adopting a pre-received client public key to obtain a second encryption result, and then returning the first encryption result and the second encryption result;
decrypting the second encryption result by adopting a preset client private key corresponding to the client public key to obtain the symmetric key;
and determining the first encryption result and the second encryption result as the security check information.
In an embodiment of the present invention, the step of the checking module verifying whether the log to be stored is tampered according to the security check information returned by the block chain server includes:
decrypting the second encryption result by adopting a preset client private key corresponding to the client public key to obtain the symmetric key;
decrypting the first encryption result by adopting the symmetric key to obtain the log to be stored, the log abstract, the log hash value and a first signature result;
verifying the first signature result by adopting a server public key corresponding to the server private key received in advance, and obtaining the log to be stored, the log abstract and the log hash value again;
and judging whether the log to be stored, the log abstract and the log hash value obtained by decrypting the first encryption result are consistent with the log to be stored, the log abstract and the log hash value obtained by verifying the first signature result, if so, carrying out hash operation on the log to be stored, judging whether the result of the hash operation is consistent with the log hash value, if so, judging that the log to be stored is not tampered, otherwise, judging that the log to be stored is tampered.
In an embodiment of the present invention, before acquiring the log digest and the log hash value of the log to be stored, the blockchain server performs desensitization processing on sensitive data in the log to be stored.
In an embodiment of the present invention, the step of desensitizing, by the blockchain server, the sensitive data in the log to be stored includes:
matching the sensitive data in the log to be stored according to a preset regular expression matching rule;
and desensitizing the matched sensitive data according to a preset desensitizing rule.
In an embodiment of the present invention, the step of acquiring the log digest and the log hash value of the log to be stored by the blockchain server includes:
extracting field names of preset fields in the log to be stored to form the log abstract;
and carrying out hash operation on the log to be stored to obtain the hash value of the log.
In order to achieve the above object, the present invention further provides a block chain-based log reading apparatus for reading a log stored in the storage apparatus, where the apparatus includes:
the query request receiving module is used for receiving a log query request sent by the client, wherein the log query request carries a preset identification field in a log to be queried;
and the log index query module is used for locally acquiring the log abstract, the log hash value and the second signature result corresponding to the preset identification field from the block chain server and returning the log abstract, the log hash value and the second signature result to the client, so that the client can verify the second signature result to obtain the log abstract, the log hash value and the storage address in the second signature result, and then judging whether the log abstract and the log hash value locally acquired from the block chain server are consistent with the log abstract and the log hash value in the second signature result, if so, acquiring the log to be queried from the client or the cloud storage end according to the acquired storage address.
In order to achieve the above object, the present invention further provides a block chain-based log reading apparatus for reading a log stored in the storage apparatus, where the apparatus includes:
the query request sending module is used for sending a log query request to the block chain server, wherein the log query request carries a preset identification field in a log to be queried, so that the block chain server locally obtains a log abstract, a log hash value and a second signature result corresponding to the preset identification field from the block chain server and returns the log abstract, the log hash value and the second signature result;
the verification module is used for verifying the returned second signature result by adopting the server public key to obtain a log abstract, a log hash value and a storage address in the second signature result;
and the log query module is used for judging whether the log abstract and the log hash value which are locally acquired from the block chain server are consistent with the log abstract and the log hash value in the second signature result, and if so, acquiring the log to be queried from a client local or a cloud storage end according to the acquired storage address.
To achieve the above object, the present invention also provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of any of the preceding methods when executing the computer program.
To achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of any of the methods described above.
By adopting the technical scheme, the invention has the following beneficial effects:
according to the invention, the block chain technology is introduced, the log abstract, the log hash value and the log storage address are stored in the block chain server, and due to the advantage of difficult tampering of the block chain, the safety of the log abstract, the log hash value and the log storage address can be improved, and the source tracing can be carried out according to the traceability of the block chain, so that the log use record can be obtained. The block chain can not store overlarge data, so that the log to be stored is stored in the local client or the cloud storage end, and after the log to be inquired is inquired according to the log storage address, whether the log is tampered or not can be judged by comparing the hash operation result of the log inquired from the local client or the cloud storage end with the hash value of the log inquired from the block chain, and the data safety is guaranteed. In addition, the invention greatly improves the confidentiality, the integrity and the usability of the log through a unique encryption and decryption mechanism.
Drawings
Fig. 1 is a flowchart of a block chain-based log storage method according to an embodiment of the present invention;
fig. 2 is a flowchart of a block chain-based log storage method according to a second embodiment of the present invention;
fig. 3 is a flowchart of a block chain-based log storage method according to an embodiment of the present invention;
fig. 4 is a flowchart of a block chain-based log storage method according to a second embodiment of the present invention;
fig. 5 is a flowchart of a log reading method based on a block chain according to a third embodiment of the present invention;
fig. 6 is a flowchart of a log reading method based on a block chain according to a fourth embodiment of the present invention;
fig. 7 is a flowchart of a block chain-based log storage apparatus according to a fifth embodiment of the present invention;
fig. 8 is a flowchart of a block chain-based log storage apparatus according to a sixth embodiment of the present invention;
fig. 9 is a flowchart of a log reading apparatus based on a block chain according to a seventh embodiment of the present invention;
fig. 10 is a flowchart of a log reading apparatus based on a block chain according to an eighth embodiment of the present invention;
fig. 11 is a hardware architecture diagram of the computer apparatus of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In the invention, the blockchain server refers to a server added into a blockchain, the client refers to a service system needing to store logs, and the blockchain server can perform data interaction with the client through appropriate technologies such as a network and a near field communication technology.
Example one
In this embodiment, a log storage method based on a block chain is suitable for a block chain server, as shown in fig. 1, the method includes the following steps:
s11, receiving a log storage request uploaded by a client, wherein the log storage request carries a log to be stored;
s12, acquiring the log abstract and the log hash value of the log to be stored;
s13, generating safety check information according to the log to be stored, the log abstract and the log hash value;
s14, returning the security check information to the client, so that the client can verify whether the log to be stored is tampered according to the security check information, and returning a storage confirmation notice when the log to be stored is verified not to be tampered;
s15, after receiving a storage confirmation notification returned by the client, storing the log to be stored in the client or a cloud storage terminal;
s16, performing digital signature on the data formed by splicing the log abstract, the log hash value and the storage address of the log to be stored to obtain a second signature result;
and S17, storing the log abstract, the log hash value and the second signature result locally at the blockchain server.
As mentioned above, the blockchain server refers to a server that joins a blockchain, and the blockchain technology is a well-known peer-to-peer (peer-to-peer) network based on decentralization, which combines a cryptography principle with a consensus mechanism to ensure data consistency and persistence of distributed nodes, and implements instant verification, traceability, difficult tampering and non-shielding of information, thereby creating a set of private, efficient and safe shared value system. According to the method, the block chain technology is introduced, the log is stored in the local client or the cloud storage end, the log storage address, the log abstract and the log hash value are stored in the block chain, and due to the advantage of difficulty in tampering of the block chain, the correctness of information obtained from the block chain can be improved. After the log is inquired according to the log storage address, whether the log is tampered or not can be judged by comparing the hash operation result of the log inquired from the local client or the cloud storage end with the hash value of the log inquired from the block chain, and therefore the safety of the log is guaranteed.
Example two
This embodiment is a preferred scheme of the block chain-based log storage method provided in the first embodiment, and as shown in fig. 2, the method includes the following steps:
and S11, the blockchain server receives a log storage request uploaded by the client, wherein the log storage request carries a log to be stored.
S12, the blockchain server desensitizes the sensitive data in the log to be stored, and then obtains a log Digest (which can be recorded as Digest (D-data)) and a log Hash value (which can be recorded as Hash (D-data)) of the desensitized log to be stored (which can be recorded as D-data).
Sensitive data such as a personal mobile phone number, a bank card number, an identification number, an email address and the like may exist in the log to be stored, so that great risk is brought to data security, and desensitization needs to be performed on the sensitive data. When desensitizing, firstly, matching the sensitive data in the log to be stored according to a preset regular expression matching rule. The regular expression is a logic formula for operating on character strings, i.e. a certain number of specific characters defined in advance and a combination of the specific characters form a 'regular character string', and the 'regular character string' is used for expressing a filtering logic for the character strings. For example, a username regular expression "/[ a-zA-Z0-9_ ] {3,16} $/", a handset number regular expression "(\ \ (+)? (0|00|86| 0086)? 1[345789] \ \ d {9} ". After the sensitive data is obtained by regular pattern matching, according to a preset desensitization rule, desensitizing the matched sensitive data, for example, replacing or hiding some or all characters in the sensitive data by an "x" or other forms, if the sensitive data is a mobile phone number "13845671234", it may be desensitized to "138 x 1234".
In the embodiment, a log summary Digest (D-data) is formed by extracting field names of preset fields in a log D-data to be stored; and carrying out Hash operation on the log D-data to be stored to obtain a log Hash value Hash (D-data). Preferably, the Hash operation uses a sha512 algorithm, that is, Hash (D-data) ═ sha512 (D-data).
S13, the block chain server side generates safety check information according to the desensitized log to be stored, the log abstract and the log hash value, and the specific steps are as follows:
s131, the block chain server side carries out digital signature on data formed by splicing the desensitized log D-data to be stored, the log Digest (D-data) and the log Hash value Hash (D-data) according to a server side private key generated in advance by the block chain server side, and a first signature result (which can be recorded as Sign1) is obtained. The private key is a private key in a public and private key pair generated by the blockchain server according to an asymmetric cryptographic algorithm (such as RSA), and the corresponding public key is pre-distributed by the blockchain server. The device for sending data to the blockchain server can encrypt the data to be sent by using a public key widely sent by the blockchain server in advance, and the blockchain server can decrypt the data by using a private key generated by the blockchain server. In addition, the blockchain server may encrypt the transmitted data by using a private key generated by the blockchain server (the process of private key encryption is referred to as digital signature), and the device receiving the data decrypts the received data by using a public key widely transmitted by the blockchain server in advance (the process of public key decryption is referred to as verification).
S132, the block chain server side encrypts data formed by splicing the desensitized log D-data to be stored, the log Digest (D-data), the log Hash value Hash (D-data) and the first signature result Sign1 by using a symmetric key K to obtain a first encryption result (which can be recorded as SecretData).
S133, the block chain server side encrypts the data formed by splicing the symmetric keys K by adopting a client public key which is widely sent by the client in advance to obtain a second encryption result SecretK. The public key is a public key in a pair of public and private keys generated by the client according to an asymmetric encryption algorithm (such as RSA), and is widely issued by the client in advance. The device sending data to the client can encrypt the data formed by splicing the data to be sent by using a public key widely sent by the client, and the client can decrypt the data by using a private key generated by the client.
S133, determining the first encryption result SecretData and the second encryption result SecretK as the security check information.
S14, returning the security check information, i.e. the first encryption result SecretData and the second encryption result SecretK, to the client, so that the client verifies whether the log to be stored is tampered according to the security check information, and returns a storage confirmation notification when verifying that the log to be stored is not tampered. The process that the client side verifies whether the log to be stored is tampered according to the safety verification information is as follows: decrypting the second encrypted result SecretK by using a preset client private key corresponding to the client public key to obtain a symmetric key K, decrypting the first encrypted result SecretData by using the symmetric key K to obtain a log D-data to be stored, a log Digest (D-data), a log Hash value Hash (D-data) and a first signature result Sign1, verifying the first signature result Sign1 by using a server public key corresponding to the server private key received in advance, obtaining the log D-data to be stored, the log Digest (D-data) and the log Hash value Hash (D-data) again, judging whether the log D-data to be stored, the log Digest (D-data) and the log Hash value Hash (D-data) obtained by decryption and verification are consistent, if so, performing Hash operation on the stored log (by using a Hash algorithm consistent with the step S12), and judging whether the Hash operation result is consistent with the log Hash value Hash (D-data) obtained by decryption and verification, if so, judging that the log to be stored is not tampered, returning a storage confirmation notice, otherwise, judging that the log to be stored is tampered, outputting alarm information, and ending the process.
And S15, after receiving the storage confirmation notification returned by the client, the blockchain server stores the log D-data to be stored (which can be stored in the client or uploaded to the cloud storage end) and obtains a storage address (which can be recorded as URL) of the log D-data to be stored.
S16, the block chain server side carries out digital signature on data formed by splicing the log Digest (D-data), the log Hash value Hash (D-data) and the storage address URL of the log to be stored by using the server side private key, and a second signature result (which can be recorded as Sign2) is obtained.
S17, the blockchain server stores the log Digest (D-data), the log Hash value Hash (D-data) and the second signature result Sign2 in the local blockchain server.
EXAMPLE III
The embodiment provides a block chain-based log storage method, which is suitable for a client, and as shown in fig. 3, the method includes the following steps:
s21, sending a log storage request to a block chain server, wherein the log storage request carries a log to be stored, so that the block chain server can obtain a log abstract and a log hash value of the log to be stored according to the log storage request, and then generate and return security check information according to the log to be stored, the log abstract and the log hash value;
s22, verifying whether the log to be stored is tampered according to the safety check information returned by the blockchain server, returning a confirmation storage notice to the blockchain server when the log to be stored is verified to be not tampered, so that the blockchain server stores the log to be stored in a local or cloud storage end of a client after receiving the confirmation storage notice, digitally signing data formed by splicing the log abstract, the log hash value and the storage address of the log to be stored, obtaining a second signature result, and then storing the log abstract, the log hash value and the second signature result in the blockchain server.
Example four
This embodiment is a preferred scheme of the block chain-based log storage method provided in the third embodiment, and as shown in fig. 4, the method includes the following steps:
s21, the client sends a log storage request to the blockchain server, the log storage request carries the log to be stored, so that after the blockchain server receives the log storage request, the blockchain server performs sensitivity processing on the log to be stored, then obtains a log Digest (D-data) of the desensitized log D-data to be stored and a log Hash value (D-data), generates security check information according to the desensitized log to be stored, the log Digest and the log Hash value, and returns the security check information. Therefore, compared with the embodiment, the embodiment adds desensitization treatment and ensures the safety of sensitive data.
In this embodiment, the step of generating, by the blockchain server, the security check information according to the desensitized log to be stored, the log digest, and the log hash value includes: firstly, according to a pre-generated server private key, performing digital signature on data formed by splicing a desensitized log D-data to be stored, a log abstract Digest (D-data) and a log Hash value Hash (D-data) to obtain a first signature result Sign1, then encrypting the desensitized data formed by splicing the desensitized log D-data to be stored, the log abstract Digest (D-data), the log Hash value Hash (D-data) and the first signature result Sign1 by using a preset symmetric key to obtain a first encryption result SecretData, encrypting the symmetric key by using a pre-received client public key to obtain a second encryption result SecretK, and then returning the first encryption result SecretData and the second encryption result SecretK.
S22, the client verifies whether the log to be stored is tampered according to the safety verification information returned by the block chain server, and returns a storage confirmation notice to the block chain server when the log to be stored is verified not to be tampered, so that the block chain server stores the log to be stored in a local or cloud storage end of the client after receiving the storage confirmation notice, digitally signs data formed by splicing the log abstract, the log hash value and the storage address of the log to be stored to obtain a second signature result, and then stores the log abstract, the log hash value and the second signature result in the block chain server.
In an embodiment, the step of the client verifying whether the log to be stored is tampered according to the security check information returned by the blockchain server is as follows:
and S221, the client decrypts the second encryption result SecretK by adopting a preset client private key corresponding to the client public key to obtain a symmetric key.
S222, the client decrypts the first encryption result SecretData by using the symmetric key to obtain a log D-data to be stored, a log Digest (D-data), a log Hash value Hash (D-data) and a first signature result Sign 1.
S223, the client verifies the first signature result Sign1 by using a server public key corresponding to the server private key received in advance, and obtains a log D-data to be stored, a log Digest (D-data) and a log Hash value Hash (D-data) again.
S224, the client side judges whether the log D-data to be stored, the log Digest (D-data) and the log Hash value Hash (D-data) obtained through decryption and verification are consistent or not, and if yes, Hash operation is carried out on the log D-data to be stored.
S2225, the client side judges whether the Hash operation result is consistent with the Hash value of the log (D-data), if yes, the log to be stored is judged not to be tampered, a storage confirmation notice is sent to the block chain server side, and if not, the log to be stored is judged to be tampered, and alarm information is sent.
EXAMPLE five
The embodiment provides a log reading method based on a block chain, which is suitable for a block chain server and is used for reading logs stored by the log storage method based on the first embodiment and the second embodiment, as shown in fig. 5, the method includes the following steps:
and S31, the block chain server receives a log query request sent by the client, wherein the log query request carries the preset identification field in the log to be queried. The query request carries preset identification fields in the log to be queried, such as operation time, system name, operation category and the like.
S32, the blockchain server locally acquires the log Digest (D-data), the log Hash value Hash (D-data) and the second signature result Sign2 corresponding to the preset identification field from the blockchain server and returns the log Digest (D-data), the log Hash value Hash (D-data) and the second signature result Sign2 to the client, so that the client verifies the second signature result Sign2 by using the server public key to obtain the log Digest (D-data), the log Hash value Hash (D-data) and the storage address URL in the second signature result Sign2, and then judges whether the log Digest (D-data) and the log Hash value Hash (D-data) locally acquired from the blockchain server are consistent with the log Digest (D-data) and the log Hash value Hash (D-data) in the second signature result Sign2 or not, if yes, the data are correct, the log to be queried is acquired from the client or the cloud storage terminal according to the acquired storage address URL, otherwise, the data is described to be wrong, the process is ended, and the query is failed.
Preferably, after the client acquires the log to be queried, the client may further perform Hash operation on the log to be queried, determine whether a Hash operation result obtained here is consistent with a log Hash value Hash (D-data) in the second signature result Sign2, and output a determination result, if the determination result is consistent, it may be determined that the log to be queried has not been tampered, otherwise, it may be determined that the log to be queried has been tampered.
EXAMPLE six
The embodiment provides a log reading method based on a block chain, which is suitable for a client and is used for reading logs stored by the log storage method based on the third embodiment and the fourth embodiment, as shown in fig. 6, the reading method includes the following steps:
s41, the client sends a log query request to the blockchain server, wherein the log query request carries a preset identification field in the log to be queried, so that the blockchain server locally obtains a log Digest (D-data), a log Hash value Hash (D-data) and a second signature result Sign2 corresponding to the preset identification field from the blockchain server and returns the log Digest, the log Hash value Hash (D-data) and the second signature result Sign 2.
S42, the client side verifies the second signature result by the server side public key to obtain the log abstract Digest (D-data), the log Hash value Hash (D-data) and the storage address in the second signature result Sign 2.
S43, the client side judges whether the log Digest (D-data) and the log Hash value Hash (D-data) locally acquired from the blockchain server side are consistent with the log Digest (D-data) and the log Hash value Hash (D-data) in the second signature result Sign2, and if yes, the log to be queried is acquired from the client side or the cloud storage side according to the acquired storage address.
Preferably, after the client acquires the log to be queried, the client may perform Hash operation on the log to be queried, determine whether a Hash operation result obtained here is consistent with a log Hash value Hash (D-data) in the second signature result Sign2, and output a determination result, if the determination result is consistent, it may be determined that the log to be queried has not been tampered, otherwise, it may be determined that the log to be queried has been tampered.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
EXAMPLE seven
The present embodiment provides a block chain-based log storage apparatus 10, as shown in fig. 7, where the apparatus 10 includes:
the storage request receiving module 11 is configured to receive a log storage request uploaded by a client, where the log storage request carries a log to be stored;
a log abstract acquiring module 12, configured to acquire a log abstract of the log to be stored;
a log hash value obtaining module 13, configured to obtain a log hash value of the log to be stored;
the verification information generating module 14 is configured to generate security verification information according to the log to be stored, the log digest and the log hash value;
a check information returning module 15, configured to return the security check information to the client, so that the client verifies whether the log to be stored is tampered according to the security check information, and returns a storage confirmation notification when it is verified that the log to be stored is not tampered;
the log storage module 16 is configured to store the log to be stored in the client or the cloud storage after receiving a storage confirmation notification returned by the client;
the log index signature module 17 is configured to digitally sign data obtained by splicing the log digest, the log hash value, and the storage address of the log to be stored, so as to obtain a second signature result;
and the log index storage module 18 is configured to store the log digest, the log hash value, and the second signature result locally at the blockchain server.
Further, the step of generating the security check information by the check information generation module according to the log to be stored, the log digest and the log hash value includes:
performing digital signature on the data formed by splicing the log to be stored, the log abstract and the log hash value according to a pre-generated server-side private key to obtain a first signature result;
encrypting the data formed by splicing the log to be stored, the log abstract, the log hash value and the first signature result by adopting a preset symmetric key to obtain a first encryption result;
encrypting the symmetric key by adopting a client public key which is pre-sent by the client to obtain a second encryption result;
and determining the first encryption result and the second encryption result as the security check information.
Further, the step that the client verifies whether the log to be stored is tampered according to the security check information and returns a verification result includes:
decrypting the second encryption result by adopting a preset client private key corresponding to the client public key to obtain the symmetric key;
decrypting the first encryption result by adopting the symmetric key to obtain the log to be stored, the log abstract, the log hash value and a first signature result;
verifying the first signature result by adopting a server public key corresponding to the server private key received in advance, and obtaining the log to be stored, the log abstract and the log hash value again;
and judging whether the log to be stored, the log abstract and the log hash value obtained by decrypting the first encryption result are consistent with the log to be stored, the log abstract and the log hash value obtained by verifying the first signature result, if so, carrying out hash operation on the log to be stored, judging whether the result of the hash operation is consistent with the log hash value, if so, judging that the log to be stored is not tampered, otherwise, judging that the log to be stored is tampered.
Further, the apparatus 10 may further include: and the desensitization module is used for desensitizing the sensitive data in the log to be stored before acquiring the log digest and the log hash value of the log to be stored.
Further, the desensitization module desensitizes the sensitive data in the log to be stored, including:
matching the sensitive data in the log to be stored according to a preset regular expression matching rule;
and desensitizing the matched sensitive data according to a preset desensitizing rule.
Further, the step of obtaining the log digest and the log hash value of the log to be stored includes:
the log abstract acquiring module is specifically used for extracting field names of preset fields in the log to be stored to form the log abstract;
the log hash value obtaining module is specifically configured to perform hash operation on the log to be stored to obtain the log hash value.
Example eight
The present embodiment provides a block chain-based log storage apparatus 20, as shown in fig. 8, where the apparatus 20 includes:
the storage request sending module 21 is configured to send a log storage request to the blockchain server, where the log storage request carries a log to be stored, so that the blockchain server obtains a log digest and a log hash value of the log to be stored according to the log storage request, and then generates security check information according to the log to be stored, the log digest and the log hash value, and returns the security check information;
the verification module 22 is configured to verify whether the log to be stored is tampered according to the security verification information returned by the blockchain server, and return a storage confirmation notification to the blockchain server when the log to be stored is verified not tampered, so that the blockchain server stores the log to be stored in a local or cloud storage end of the client after receiving the storage confirmation notification, digitally signs data formed by splicing the log digest, the log hash value and a storage address of the log to be stored, obtains a second signature result, and then stores the log digest, the log hash value and the second signature result in the blockchain server.
Further, the step of generating the security check information by the blockchain server according to the log to be stored, the log digest and the log hash value includes:
performing digital signature on the data formed by splicing the log to be stored, the log abstract and the log hash value according to a pre-generated server-side private key to obtain a first signature result;
encrypting the data formed by splicing the log to be stored, the log abstract, the log hash value and the first signature result by adopting a preset symmetric key to obtain a first encryption result;
encrypting the symmetric key by adopting a pre-received client public key to obtain a second encryption result, and then returning the first encryption result and the second encryption result;
decrypting the second encryption result by adopting a preset client private key corresponding to the client public key to obtain the symmetric key;
and determining the first encryption result and the second encryption result as the security check information.
Further, the step that the checking module verifies whether the log to be stored is tampered according to the safety checking information returned by the block chain server side includes:
decrypting the second encryption result by adopting a preset client private key corresponding to the client public key to obtain the symmetric key;
decrypting the first encryption result by adopting the symmetric key to obtain the log to be stored, the log abstract, the log hash value and a first signature result;
verifying the first signature result by adopting a server public key corresponding to the server private key received in advance, and obtaining the log to be stored, the log abstract and the log hash value again;
and judging whether the log to be stored, the log abstract and the log hash value obtained by decrypting the first encryption result are consistent with the log to be stored, the log abstract and the log hash value obtained by verifying the first signature result, if so, carrying out hash operation on the log to be stored, judging whether the result of the hash operation is consistent with the log hash value, if so, judging that the log to be stored is not tampered, otherwise, judging that the log to be stored is tampered.
Further, before the block chain server acquires the log digest and the log hash value of the log to be stored, desensitizing sensitive data in the log to be stored.
Further, the step of desensitizing the block chain server to sensitive data in the log to be stored includes:
matching the sensitive data in the log to be stored according to a preset regular expression matching rule;
and desensitizing the matched sensitive data according to a preset desensitizing rule.
Further, the step of acquiring the log digest and the log hash value of the log to be stored by the blockchain server includes:
extracting field names of preset fields in the log to be stored to form the log abstract;
and carrying out hash operation on the log to be stored to obtain the hash value of the log.
Example nine
The present embodiment provides a log reading apparatus 30 based on a block chain, which is used for reading a log stored in the storage apparatus 10 based on the seventh embodiment, where the apparatus 30 includes:
the query request receiving module 31 is configured to receive a log query request sent by the client, where the log query request carries a preset identification field in a log to be queried;
and the log index query module 32 is configured to locally obtain a log digest, a log hash value, and a second signature result corresponding to the preset identification field from the blockchain server and return the log digest, the log hash value, and the second signature result to the client, so that the client verifies the second signature result to obtain the log digest, the log hash value, and the storage address in the second signature result, and then judges whether the log digest and the log hash value locally obtained from the blockchain server are consistent with the log digest and the log hash value in the second signature result, if so, the log to be queried is obtained from the client or the cloud storage end according to the obtained storage address.
Example ten
The present embodiment provides a log reading apparatus 40 based on a block chain, configured to read a log stored in a storage apparatus based on the eighth embodiment, where the apparatus 40 includes:
the query request sending module 41 is configured to send a log query request to the blockchain server, where the log query request carries a preset identification field in a log to be queried, so that the blockchain server locally obtains a log digest, a log hash value, and a second signature result corresponding to the preset identification field from the blockchain server and returns the log digest, the log hash value, and the second signature result;
the verification module 42 is configured to verify the returned second signature result by using the server public key to obtain a log digest, a log hash value, and a storage address in the second signature result;
and the log query module 43 is configured to determine whether the log digest and the log hash value locally obtained from the blockchain server are consistent with the log digest and the log hash value in the second signature result, and if so, obtain the log to be queried from a client locally or a cloud storage according to the obtained storage address.
EXAMPLE eleven
The present invention also provides a computer device, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a rack server, a blade server, a tower server or a rack server (including an independent server or a server cluster composed of a plurality of servers) capable of executing programs, and the like. The computer device 50 of the present embodiment includes at least, but is not limited to: a memory 51, a processor 52, which may be communicatively coupled to each other via a system bus, as shown in FIG. 11. It is noted that fig. 11 only shows a computer device 50 with components 51-52, but it is to be understood that not all shown components are required to be implemented, and that more or fewer components may be implemented instead.
In the present embodiment, the memory 51 (i.e., a readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 51 may be an internal storage unit of the computer device 50, such as a hard disk or a memory of the computer device 50. In other embodiments, the memory 51 may be an external storage device of the computer device 50, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 50. Of course, the memory 51 may also include both internal and external storage devices for the computer device 50. In this embodiment, the memory 51 is generally used for storing an operating system and various application software installed in the computer device 50, such as the program codes of any one of the apparatuses 10 to 40 described in the seventh to tenth embodiments. Further, the memory 51 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 52 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 52 generally serves to control the overall operation of the computer device 50. In this embodiment, the processor 52 is configured to execute the program codes stored in the memory 51 or process data, for example, to execute any one of the apparatuses 10 to 40, so as to implement any one of the methods of the first to sixth embodiments.
Example twelve
The present invention also provides a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application mall, etc., on which a computer program is stored, which when executed by a processor implements corresponding functions. The computer readable storage medium of the embodiment is used in any one of the storage devices 10 to 40, and when executed by a processor, implements any one of the methods of the first to sixth embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A log storage method based on a block chain is suitable for a block chain server side and is characterized by comprising the following steps:
receiving a log storage request uploaded by a client, wherein the log storage request carries a log to be stored;
acquiring a log abstract and a log hash value of the log to be stored;
generating safety check information according to the log to be stored, the log abstract and the log hash value;
returning the security check information to the client so that the client can verify whether the log to be stored is tampered according to the security check information, and returning a storage confirmation notice when the log to be stored is verified not to be tampered;
after receiving a storage confirmation notification returned by the client, storing the log to be stored in the client or a cloud storage end;
performing digital signature on data formed by splicing the log abstract, the log hash value and the storage address of the log to be stored to obtain a second signature result;
and storing the log abstract, the log hash value and the second signature result locally at the block chain server side.
2. The blockchain-based log storage method according to claim 1, wherein the step of generating the security check information according to the log to be stored, the log digest and the log hash value includes:
performing digital signature on the data formed by splicing the log to be stored, the log abstract and the log hash value according to a pre-generated server-side private key to obtain a first signature result;
encrypting the data formed by splicing the log to be stored, the log abstract, the log hash value and the first signature result by adopting a preset symmetric key to obtain a first encryption result;
encrypting the symmetric key by adopting a client public key which is pre-sent by the client to obtain a second encryption result;
and determining the first encryption result and the second encryption result as the security check information.
3. The blockchain-based log storage method according to claim 2, wherein the step of verifying, by the client, whether the log to be stored is tampered with according to the security check information and returning a verification result includes:
decrypting the second encryption result by adopting a preset client private key corresponding to the client public key to obtain the symmetric key;
decrypting the first encryption result by adopting the symmetric key to obtain the log to be stored, the log abstract, the log hash value and a first signature result;
verifying the first signature result by adopting a server public key corresponding to the server private key received in advance, and obtaining the log to be stored, the log abstract and the log hash value again;
and judging whether the log to be stored, the log abstract and the log hash value obtained by decrypting the first encryption result are consistent with the log to be stored, the log abstract and the log hash value obtained by verifying the first signature result, if so, carrying out hash operation on the log to be stored, judging whether the result of the hash operation is consistent with the log hash value, if so, judging that the log to be stored is not tampered, otherwise, judging that the log to be stored is tampered.
4. The method of claim 1, further comprising: before the log abstract and the log hash value of the log to be stored are obtained, desensitization processing is carried out on sensitive data in the log to be stored.
5. A log storage method based on a block chain is suitable for a client and is characterized by comprising the following steps:
sending a log storage request to a block chain server, wherein the log storage request carries a log to be stored, so that the block chain server can obtain a log abstract and a log hash value of the log to be stored according to the log storage request, and then generate and return security check information according to the log to be stored, the log abstract and the log hash value;
verifying whether the log to be stored is tampered according to the safety verification information returned by the block chain server, returning a storage confirmation notification to the block chain server when the log to be stored is verified not to be tampered, so that the block chain server stores the log to be stored in a local client or a cloud storage end after receiving the storage confirmation notification, digitally signs data formed by splicing the log abstract, the log hash value and a storage address of the log to be stored, obtains a second signature result, and stores the log abstract, the log hash value and the second signature result in the block chain server.
6. A log reading method based on a block chain, which is suitable for a block chain server and is used for reading logs stored based on the method of any one of the preceding claims 1 to 4, wherein the reading method comprises the following steps:
receiving a log query request sent by the client, wherein the log query request carries a preset identification field in a log to be queried;
and locally acquiring a log abstract, a log hash value and a second signature result corresponding to the preset identification field from the blockchain server and returning the log abstract, the log hash value and the second signature result to the client, so that the client can verify the second signature result to obtain the log abstract, the log hash value and a storage address in the second signature result, and then judging whether the log abstract and the log hash value locally acquired from the blockchain server are consistent with the log abstract and the log hash value in the second signature result, if so, acquiring the log to be queried from the client or the cloud storage end according to the acquired storage address.
7. A log reading method based on a block chain, which is suitable for a client and is used for reading logs stored based on the method of the preceding claim 5, wherein the reading method comprises the following steps:
sending a log query request to the blockchain server, wherein the log query request carries a preset identification field in a log to be queried, so that the blockchain server locally obtains a log abstract, a log hash value and a second signature result corresponding to the preset identification field from the blockchain server and returns the log abstract, the log hash value and the second signature result;
verifying the returned second signature result by using the server public key to obtain a log abstract, a log hash value and a storage address in the second signature result;
and judging whether the log abstract and the log hash value acquired locally from the blockchain server are consistent with the log abstract and the log hash value in the second signature result, if so, acquiring the log to be queried from a client locally or a cloud storage terminal according to the acquired storage address.
8. A block chain based log storage device, comprising:
the storage request receiving module is used for receiving a log storage request uploaded by a client, wherein the log storage request carries a log to be stored;
the log abstract acquiring module is used for acquiring the log abstract of the log to be stored;
the log hash value acquisition module is used for acquiring the log hash value of the log to be stored;
the verification information generation module is used for generating safety verification information according to the log to be stored, the log abstract and the log hash value;
a check information returning module, configured to return the security check information to the client, so that the client verifies whether the log to be stored is tampered according to the security check information, and returns a storage confirmation notification when it is verified that the log to be stored is not tampered;
the log storage module is used for storing the log to be stored in the client or the cloud storage terminal after receiving a storage confirmation notification returned by the client;
the log index signature module is used for carrying out digital signature on data formed by splicing the log abstract, the log hash value and the storage address of the log to be stored to obtain a second signature result;
and the log index storage module is used for storing the log abstract, the log hash value and the second signature result in the local block chain server.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method of any one of claims 1 to 4, the method of claim 5, the method of claim 6 or the method of claim 7 are performed by the processor when the computer program is executed.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method of any one of claims 1 to 4, the method of claim 5, the method of claim 6 or the steps of the method of claim 7.
CN201910970065.1A 2019-10-12 2019-10-12 Log storage and reading method, device, equipment and medium based on block chain Active CN110839015B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910970065.1A CN110839015B (en) 2019-10-12 2019-10-12 Log storage and reading method, device, equipment and medium based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910970065.1A CN110839015B (en) 2019-10-12 2019-10-12 Log storage and reading method, device, equipment and medium based on block chain

Publications (2)

Publication Number Publication Date
CN110839015A CN110839015A (en) 2020-02-25
CN110839015B true CN110839015B (en) 2022-05-24

Family

ID=69575329

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910970065.1A Active CN110839015B (en) 2019-10-12 2019-10-12 Log storage and reading method, device, equipment and medium based on block chain

Country Status (1)

Country Link
CN (1) CN110839015B (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111339206B (en) * 2020-03-11 2023-07-18 建信金融科技有限责任公司 Block chain-based data sharing method and device
CN111291415A (en) * 2020-03-12 2020-06-16 北京阿尔山金融科技有限公司 Data storage method and device and business system server
CN111090573A (en) * 2020-03-24 2020-05-01 中国计量大学 Research and development log management method and device based on block chain and electronic equipment
CN111683051A (en) * 2020-05-13 2020-09-18 深圳市元征科技股份有限公司 Log processing method and related equipment
CN111831997B (en) * 2020-06-18 2021-07-27 华东师范大学 Method for establishing credible relationship between client and centralized database
CN111898155B (en) * 2020-06-19 2024-04-26 杭州鸽子蛋网络科技有限责任公司 Information storage method, information checking method and information storage and checking system
CN111752797B (en) * 2020-06-23 2022-06-17 厦门美柚股份有限公司 Terminal log processing method and device, terminal and storage medium
CN111881481B (en) * 2020-08-05 2024-04-09 杭州翔毅科技有限公司 Medical data processing method, device, equipment and storage medium based on blockchain
CN111988421B (en) * 2020-08-28 2021-04-16 清华大学 Method and system for recording DDoS attack log abstract based on block chain
CN112235243A (en) * 2020-09-10 2021-01-15 李文华 Log audit security platform based on Web application security
CN112328558B (en) * 2020-10-29 2022-11-01 厦门大学附属第一医院 Access log storage method and system of medical system based on block chain
CN112506884A (en) * 2020-12-10 2021-03-16 杭州安恒信息技术股份有限公司 Log checking method, device, equipment and storage medium
CN112783973A (en) * 2020-12-31 2021-05-11 中国人民银行数字货币研究所 Method for determining data integrity, related device and data integrity protection system
FR3121240A1 (en) * 2021-03-25 2022-09-30 Orange Process for guaranteeing the integrity of the computer data managed by an application while preserving their confidentiality
CN113055171B (en) * 2021-03-30 2022-05-31 西安电子科技大学 Log security analysis and storage method based on block chain
CN113254964A (en) * 2021-06-02 2021-08-13 杭州趣链科技有限公司 Log security certificate storage method and device, electronic equipment and storage medium
CN113779155A (en) * 2021-09-24 2021-12-10 支付宝(杭州)信息技术有限公司 Block chain transaction processing method, device and equipment
CN114756901B (en) * 2022-04-11 2022-12-13 敏于行(北京)科技有限公司 Operational risk monitoring method and device
CN115118507B (en) * 2022-06-29 2023-09-08 支付宝(杭州)信息技术有限公司 Log evidence-storing and log verification method and device suitable for privacy calculation
CN117097476B (en) * 2023-10-19 2024-01-26 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet
CN117194334B (en) * 2023-11-07 2024-02-09 苏州元脑智能科技有限公司 Log storage method, device, equipment and medium of distributed log storage system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107888375A (en) * 2017-11-08 2018-04-06 深圳市携网科技有限公司 A kind of electronic evidence safety system and method based on block chain technology
CN109002732B (en) * 2018-07-17 2022-04-26 深圳前海微众银行股份有限公司 Data evidence storage method, equipment and system and data evidence obtaining method
CN109902074B (en) * 2019-04-17 2021-02-09 江苏全链通信息科技有限公司 Data center-based log storage method and system
CN110084069B (en) * 2019-04-17 2021-05-11 江苏全链通信息科技有限公司 Server log monitoring method and system based on block chain

Also Published As

Publication number Publication date
CN110839015A (en) 2020-02-25

Similar Documents

Publication Publication Date Title
CN110839015B (en) Log storage and reading method, device, equipment and medium based on block chain
CN108900464B (en) Electronic device, block chain-based data processing method, and computer storage medium
US6233567B1 (en) Method and apparatus for software licensing electronically distributed programs
CN110457945B (en) List query method, query party device, service party device and storage medium
CN111506901A (en) Data processing method based on block chain, terminal and storage medium
CN110688662A (en) Sensitive data desensitization and inverse desensitization method and electronic equipment
CN108363929B (en) System and method for generating information elimination report of storage device and preventing tampering
CN110932859B (en) User information processing method, device and equipment and readable storage medium
US9600690B2 (en) Secure access for sensitive digital information
CN104796257A (en) Flexible data authentication
EP1777651A1 (en) Electronic data delivery method
CN108075888B (en) Dynamic URL generation method and device, storage medium and electronic equipment
EP1227613A2 (en) Method and apparatus for attaching electronic signature to document having structure
CN114282193A (en) Application authorization method, device, equipment and storage medium
CN111585995B (en) Secure wind control information transmission and processing method and device, computer equipment and storage medium
CN112733180A (en) Data query method and device and electronic equipment
CN112699353A (en) Financial information transmission method and financial information transmission system
CN112307503B (en) Signature management method and device and electronic equipment
CN111628863B (en) Data signature method and device, electronic equipment and storage medium
CN111224826B (en) Configuration updating method, device, system and medium based on distributed system
CN110175471B (en) File storage method and system
CN112199730A (en) Method and device for processing application data on terminal and electronic equipment
CN116361833A (en) Verification method and device and terminal equipment
CN111062030A (en) Method and device for identifying tampering of application program
CN113434177B (en) Medical software updating method and device based on medical data safety

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant