CN110955909B - Personal data protection method and block link point - Google Patents
Personal data protection method and block link point Download PDFInfo
- Publication number
- CN110955909B CN110955909B CN201910969874.0A CN201910969874A CN110955909B CN 110955909 B CN110955909 B CN 110955909B CN 201910969874 A CN201910969874 A CN 201910969874A CN 110955909 B CN110955909 B CN 110955909B
- Authority
- CN
- China
- Prior art keywords
- personal data
- ciphertext
- user
- key
- transaction information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The embodiment of the invention provides a personal data protection method and a block chain node, wherein the block chain node sends encrypted personal data of a first user and a digital abstract thereof to a server of a storage service provider, stores the personal data after the personal data is confirmed by the server, and sends transaction information comprising the digital abstract of the personal data and a public key of the first user to a billing node so as to add the transaction information into a block. Therefore, the plaintext of the personal data can be prevented from being directly checked, whether the received personal data changes or not can be determined by comparing the digital abstract, further, the loss caused by the use of the changed personal data is avoided, and the responsibility can be asked for the storage service provider.
Description
Technical Field
The invention relates to the field of data security, in particular to a personal data protection method and a block chain node.
Background
At present, in order to avoid troubles of memory space occupation of personal devices, carrying of storage media (e.g., a usb disk, a mobile hard disk, a DVD, an SD card, etc.), data maintenance, etc., people usually choose to upload personal data (text, pictures, audio, video, source codes, etc.) to a server of a storage service (e.g., a network disk service) provider for storage, and then download the stored personal data from the server at any time and any place.
However, the above approach has some disadvantages in data security: firstly, relevant personnel in a storage service provider can check personal data stored by a user, even personal data stored by the user is used privately, tampered and unpacked, and the privacy and the benefit of the user are seriously damaged; secondly, illegal personnel outside the storage service provider attacks the server of the storage service provider or intervenes in the transmission process of personal data to check, steal, tamper and drop personal data, and the privacy and the benefits of users are seriously damaged.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: in the prior art, personal data stored in a server by a user can be viewed by others, even used privately, tampered and unpacked, so that the privacy and the benefits of the user are damaged.
In order to solve the technical problems, the invention provides the following technical scheme:
in a first aspect, an embodiment of the present invention provides a personal data protection method, which is applied to a first blockchain node, and the method includes:
encrypting a plaintext of personal data of a first user to obtain a ciphertext of the personal data;
generating a digital digest of the ciphertext;
signing the digital digest of the ciphertext by using the private key of the first user to obtain a signed ciphertext digital digest;
sending the ciphertext, the signed ciphertext digital abstract and the public key of the first user to a server of a storage service provider, so that the server checks the received signed ciphertext digital abstract, and stores the ciphertext after confirming that the ciphertext digital abstract obtained after checking the signature is consistent with the digital abstract generated by the received ciphertext;
generating transaction information comprising the signed ciphertext digital digest and the public key of the first user;
and sending the generated transaction information to an accounting node so that the transaction information is added into a block.
Optionally, the transaction information further includes summary information of the personal data and/or a storage location of the personal data in the server.
Optionally, the step of encrypting the plaintext of the personal data of the first user to obtain the ciphertext of the personal data includes:
and encrypting the plaintext of the personal data of the first user by adopting the symmetric secret key to obtain the ciphertext of the personal data.
Optionally, the transaction information further includes summary information of the personal data, and the method further includes:
receiving an access request of a second user to the personal data, which is sent by a second blockchain node, wherein the access request comprises a public key of the second user;
obtaining the ciphertext from the server;
encrypting the symmetric secret key by adopting the public key of the second user to obtain an encrypted symmetric secret key;
and sending the ciphertext and the encrypted symmetric key to the second blockchain node.
Optionally, the transaction information further includes summary information of the personal data and a storage location of the personal data in the server, and the method further includes:
receiving an access request of a second user to the personal data, which is sent by a second blockchain node of the blockchain, wherein the access request comprises a public key of the second user;
encrypting the symmetric secret key by using the public key of the second user to obtain an encrypted symmetric secret key;
and sending the encrypted symmetric key to the second blockchain node.
Optionally, the transaction information further includes summary information of the personal data;
the step of encrypting the plaintext of the personal data of the first user to obtain the ciphertext of the personal data comprises:
encrypting a plaintext of personal data of a first user by using a first symmetric key to obtain a first ciphertext of the personal data;
the method further comprises the following steps:
receiving an access request of a second user to the personal data, which is sent by a second blockchain node of the blockchain, wherein the access request comprises a public key of the second user;
obtaining the first ciphertext from the server;
decrypting the first ciphertext by using the first symmetric secret key to obtain a plaintext of the personal data;
encrypting the plaintext of the personal data by adopting a second symmetric key to obtain a second ciphertext of the personal data;
encrypting the symmetric secret key by using the public key of the second user to obtain an encrypted second symmetric secret key;
generating a digital abstract of the plaintext;
signing the digital abstract of the plaintext by using the private key of the first user to obtain a signed plaintext digital abstract;
and sending the second ciphertext, the encrypted second symmetric key, and the signed plaintext digital digest to the second blockchain node.
Optionally, the step of encrypting the plaintext of the personal data of the first user to obtain the ciphertext of the personal data includes:
encrypting a plaintext of personal data of a first user by using a first symmetric key to obtain a first ciphertext of the personal data;
the transaction information further includes summary information of the personal data, the method further including:
receiving an access request of a second user to the personal data, which is sent by a second blockchain node of the blockchain, wherein the access request comprises a public key of the second user;
obtaining the first ciphertext from the server;
decrypting the first ciphertext by using the first symmetric secret key to obtain a plaintext of the personal data;
encrypting the plaintext of the personal data by adopting a second symmetric key to obtain a second ciphertext of the personal data;
encrypting the symmetric secret key by using the public key of the second user to obtain an encrypted second symmetric secret key;
generating a digital digest of the second ciphertext;
signing the digital digest of the second ciphertext by using the private key of the first user to obtain a signed second ciphertext digital digest;
and sending the second ciphertext, the encrypted second symmetric key and the signed second ciphertext digital digest to the second blockchain node.
Optionally, the transaction information further includes a transaction type corresponding to the transaction information;
the step of generating transaction information including the signed ciphertext digital digest and the public key of the first user includes:
and generating the transaction information in response to the operation that the first user specifies the transaction type corresponding to the transaction information.
In a second aspect, an embodiment of the present invention provides a block link node, where the block link node stores a computer program, and the computer program, when executed by a processor, implements the personal data protection method according to the first aspect.
Compared with the prior art, one or more embodiments in the above scheme can have the following advantages or beneficial effects:
the embodiment of the invention provides a personal data protection method and a block chain node, wherein the method comprises the following steps: the first block link point sends the encrypted personal data of the first user and the encrypted digital abstract of the personal data to a server of a storage service provider, the personal data are stored after being confirmed by the server, and the transaction information comprising the digital abstract of the personal data and the public key of the first user is sent to an accounting node so that the transaction information is added into the block. Therefore, the plaintext of the personal data can be prevented from being directly checked, and whether the received personal data changes or not can be determined by comparing the digital abstract, so that the loss caused by using the changed personal data is avoided, and the responsibility can be asked for a storage service provider.
Drawings
The scope of the present disclosure may be better understood by reading the following detailed description of exemplary embodiments in conjunction with the accompanying drawings. Wherein the included drawings are:
FIG. 1 illustrates an application scenario of an embodiment of the present invention;
fig. 2 is a schematic flow chart of a personal data protection method according to an embodiment of the present invention;
fig. 3 is another schematic flow chart of a personal data protection method according to an embodiment of the present invention.
Fig. 4 is another schematic flow chart of a personal data protection method according to an embodiment of the present invention.
Fig. 5 is another schematic flow chart of a personal data protection method according to an embodiment of the present invention.
Fig. 6 is another schematic flow chart of a personal data protection method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the following will describe in detail an implementation method of the present invention with reference to the accompanying drawings and embodiments, so that how to apply technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented.
Referring to fig. 1, fig. 1 is a schematic view of an application scenario of an embodiment of the present invention. The general idea of the embodiment is as follows: the owner of the personal data, through his personal device, i.e. the first blockchain node in fig. 1, stores the complete personal data in the server of the storage service provider and causes the transaction information including the digital summary of the personal data to be added to the Block (shown in fig. 1 by Block). The digital abstract is a hash value obtained by performing certain operation (the operation includes hash operation) on the personal data. First, the hash value has the characteristic of being irreversible and unique, so that the digital digest of the personal data stored in the block can uniquely map the personal data without exposing the content of the personal data. Based on this, because the transaction information stored in the block chain has the characteristic of being not easy to be tampered, the personal data owner can use the digital abstract of the personal data stored in the block as a reliable reference, and compare the digital abstract with the digital abstract obtained by the same operation of the personal data read from the server, if the two are consistent, the received personal data is not tampered or the packet is dropped, otherwise, the received personal data is tampered or the packet is dropped.
Referring to fig. 1 and fig. 2 in combination, fig. 2 is a schematic flow chart of a personal data protection method according to the above-mentioned idea. The method is applied to the first blockchain node, and specific steps of the method are described in detail below.
S201, encrypting the plaintext of the personal data of the first user to obtain the ciphertext of the personal data.
In this embodiment, the first user is an owner of the personal data. By encrypting the plaintext of the personal data, the obtained ciphertext of the personal data can be uploaded to a server of a storage service provider subsequently, and the situation that the content of the personal data can be directly viewed in the transmission process and after the personal data is stored in the server is avoided. It should be appreciated that in order to avoid as far as possible that the ciphertext is not decrypted by others, the encryption process may be performed without touching the network, and the key to decrypt the ciphertext may be stored in a local storage of the first blockchain node or set up a key that the person can remember.
It should be noted that the encryption methods involved in this embodiment are classified into two types, namely symmetric encryption and asymmetric encryption. Aiming at symmetric encryption, a symmetric key is adopted for encryption, and the same symmetric key is adopted for decryption; for asymmetric encryption, any secret key in a public and private key pair is encrypted, and another secret key in the public and private key pair is decrypted, namely, a public key in the public and private key pair is encrypted and a private key in the public and private key pair is decrypted, or a private key in the public and private key pair is encrypted and a private key in the public and private key pair is decrypted.
And S202, generating a digital abstract of the ciphertext.
It should be noted that, in the present embodiment, the hash algorithms used for generating the digital digests are consistent.
And S203, signing the digital abstract of the ciphertext by adopting the private key of the first user to obtain the signed ciphertext digital abstract.
And S204, sending the ciphertext, the signed ciphertext digital abstract and the public key of the first user to a server of a storage service provider, so that the server checks the received signed ciphertext digital abstract, and the server stores the ciphertext after confirming that the ciphertext digital abstract obtained after checking is consistent with the digital abstract generated by the received ciphertext.
In this embodiment, when the public key of the user is used as the identity information of the user, encrypting data with the private key of the user is described as signing data with the private key of the user, and successfully decrypting received signed (encrypted) data (for example, the signed ciphertext digital digest) with the received public key is described as passing signature verification on the encrypted data.
In this embodiment, the ciphertext, the signed ciphertext digital digest, and the public key of the first user are sent to a server of a storage service provider, so that, on one hand, the server checks the received signed ciphertext digital digest to determine whether the received signed ciphertext digital digest is from the first user, and on the other hand, the server confirms that the ciphertext digital digest obtained after checking the signature is consistent with the digital digest generated by the received ciphertext and stores the ciphertext to confirm that the signed digital digest is from the personal data to be stored. In other words, when the signature verification is successful and the comparison is successful, it can be ensured that the signed ciphertext digital digest in the transaction information in the subsequent steps (S205 and S206) is derived from the ciphertext transmitted by the first user to the server for storage, and the server will store the received ciphertext of the personal data.
In this embodiment, the servers may be separate, may also be clustered, may be centralized, or may also be distributed.
And S205, generating transaction information comprising the signed ciphertext digital abstract and the public key of the first user.
S206, sending the generated transaction information to an accounting node (not shown in fig. 1) so that the transaction information is added to the block.
In this embodiment, by using the characteristic that the transaction information in the blockchain is not easily tampered, the first user (i.e., the owner of the personal data) may verify the personal data acquired from the server, that is, generate a digital digest of the acquired personal data and compare the digital digest with the digital digest (after verification) in the transaction information. If the comparison is successful, it is indicated that (the ciphertext of) the personal data has not changed, and the first user may normally use (after decryption) the acquired personal data. If the comparison fails, the personal data is changed, the first user can avoid loss caused by using the changed personal data, and the first user can ask the storage service provider for accountability because the transaction information is disclosed through the block chain and the storage service provider also confirms the signed ciphertext digital abstract in the transaction information.
In this embodiment, the transaction information may further include more content.
In some embodiments, the transaction information may further include a storage location of the personal data in the server. Specifically, the storage location may be a URL (Uniform Resource Locator). In this way, not only the storage location of the personal data can be recorded by the block, but also the personal data of different types can be respectively stored in a plurality of storage locations, the transaction information corresponding to the personal data of each storage location is generated, the transaction information is added into the block, and different personal data corresponding to different transaction information can be distinguished through the storage location in the transaction information.
In still other embodiments, the transaction information may further include summary information of the personal data, which is set by the first user, and may be a keyword, a tag, or the like of the personal data. The first user can also generate corresponding transaction information aiming at the personal data of each type of summary information, the transaction information is added into the block, and different personal data corresponding to different transaction information are distinguished through the summary information in the transaction information.
In still other embodiments, the transaction information may further include the transaction type corresponding to the transaction information. Accordingly, the first tile link point may generate the transaction information in response to an operation of the first user specifying a transaction type corresponding to the transaction information.
In some cases, considering that the data volume of personal data is generally large, the asymmetric encryption method is selected to encrypt and decrypt the personal data, so that the symmetric encryption method can be selected when the data volume of the personal data is large. Namely, the plaintext of the personal data of the first user is encrypted by adopting the symmetric key, and the ciphertext of the personal data is obtained.
In this case, when the transaction information further includes summary information of the personal data, a function of searching the transaction information according to the summary information may also be provided to other users of the blockchain (i.e., hereinafter, referred to as second users). For example, the second user obtains the transaction information of which the fed-back summary information meets the search condition by inputting the search condition, and then the second user further screens the required transaction information from the fed-back transaction information according to the summary information. For another example, the transaction information recently added to the block is displayed in real time, and the second user directly selects the transaction information corresponding to the required personal data by browsing the summary information in the displayed transaction information. Several alternative embodiments of this case are described below.
In a first embodiment, the method may further include the steps shown in fig. 3.
S301, receiving an access request of a second user to the personal data, which is sent by a second block chain node, wherein the access request includes a public key of the second user.
In this embodiment, the public key of the second user may be used not only as the identity information of the second user, but also as an encryption key of the symmetric key (see S303).
S302, the ciphertext is obtained from the server.
S303, encrypting the symmetric key by using the public key of the second user to obtain an encrypted symmetric key.
S304, sending the ciphertext and the encrypted symmetric key to the second blockchain node.
In this embodiment, the second user may also generate a digital digest of the received ciphertext and compare the digital digest with the digital digest (after signature verification) in the transaction information requested to be accessed. If the comparison is successful, it indicates that the received (ciphertext of) personal data is unchanged from the (ciphertext of) personal data stored in the server, and the second user may decrypt the encrypted symmetric key with a private key to obtain the symmetric key, and then decrypt the ciphertext with the symmetric key to obtain the plaintext of the personal data that can be normally used. If the comparison fails, it is indicated that the (ciphertext of the) personal data may be changed (tampered, dropped, etc.) during the transmission process, and the (ciphertext of the) personal data may be acquired again from the first user, or the changed personal data may be directly abandoned.
In a second embodiment, the transaction information includes not only the summary information but also the storage location, and the method may further include the steps shown in fig. 4.
S401, receiving an access request of a second user to the personal data, which is sent by a second block chain node of the block chain, wherein the access request includes a public key of the second user.
S402, the public key of the second user is adopted to encrypt the symmetric secret key to obtain an encrypted symmetric secret key.
S403, sending the encrypted symmetric key to the second blockchain node.
Compared with the first embodiment, since the second user can obtain the ciphertext of the personal data from the server according to the storage location in the transaction information, the first user does not need to obtain the ciphertext and send the ciphertext to the second user.
In this embodiment, the first user may not want to disclose the key used for encrypting the personal data to be stored to the second user, for example, the key is a key common to the first user for encrypting a plurality of data including the personal data, and disclosure of the common key to the second user may cause leakage of other data. Therefore, in the third and fourth embodiments to be described later, the plaintext of the personal data of the first user is encrypted with the first symmetric key, the obtained first ciphertext of the personal data is stored in the server, and the plaintext of the personal data to be transmitted to the personal data visitor (i.e., the second user) is encrypted with the second symmetric key different from the first symmetric key, and the obtained second ciphertext is transmitted to the second user. In particular, the second symmetric key may be generated temporarily randomly after each access request is received, typically resulting in a second symmetric key that is different from the first symmetric key.
In a third embodiment, the method may further include the steps shown in fig. 5.
S501, receiving an access request of a second user to the personal data, where the access request includes a public key of the second user, sent by a second blockchain node of the blockchain.
S502, the first ciphertext is obtained from the server.
S503, decrypting the first ciphertext with the first symmetric key to obtain a plaintext of the personal data.
S504, encrypting the plaintext of the personal data by using a second symmetric secret key to obtain a second ciphertext of the personal data.
And S505, encrypting the symmetric secret key by using the public key of the second user to obtain an encrypted second symmetric secret key.
And S506, generating the digital abstract of the plaintext.
And S507, signing the digital abstract of the plaintext by adopting the private key of the first user to obtain the signed plaintext digital abstract.
S508, sending the second ciphertext, the encrypted second symmetric key, and the signed plaintext digital digest to the second blockchain node.
In a fourth embodiment, the method may further include the steps shown in fig. 6.
S601, receiving an access request of the second user to the personal data, where the access request includes a public key of the second user, and the access request is sent by a second blockchain node of the blockchain.
S602, the first ciphertext is obtained from the server.
S603, decrypting the first ciphertext with the first symmetric key to obtain a plaintext of the personal data.
S604, encrypting the plaintext of the personal data by using a second symmetric key to obtain a second ciphertext of the personal data.
S605, encrypt the symmetric key by using the public key of the second user to obtain an encrypted second symmetric key.
And S606, generating a digital abstract of the second ciphertext.
And S607, signing the digital abstract of the second ciphertext by using the private key of the first user to obtain the signed digital abstract of the second ciphertext.
S608, sending the second ciphertext, the encrypted second symmetric key, and the signed second ciphertext digital digest to the second blockchain node.
In the above four embodiments, it is worth to be noted that, compared to the third embodiment in which the digital digest of the plaintext is used to verify the personal data (i.e., whether the received personal data is changed is determined by comparing the digital digests), in the other three embodiments, the digital digest of the ciphertext is used to verify the personal data, and the second user does not need to decrypt the encrypted symmetric key and decrypt the ciphertext of the received personal data by using the obtained symmetric key before generating the digital digest. In this way, the extra calculation overhead caused by decrypting the encrypted symmetric key before verification and decrypting with the obtained symmetric key when verification fails (i.e. the received personal data changes) can be avoided.
An embodiment of the present invention further provides a block link node, where the block link node is a first block link node, and the first block link node stores a computer program, and the computer program is executed by a processor to implement the aforementioned personal data protection method.
In summary, an embodiment of the present invention provides a personal data protection method and a block chain node, where the method includes: the first block link point sends the encrypted personal data and the encrypted digital abstract of the first user to a server of a storage service provider, the personal data is stored after the personal data is confirmed by the server, and the transaction information comprising the digital abstract of the personal data and the public key of the first user is sent to the accounting node so that the transaction information is added into the block. Therefore, the plaintext of the personal data can be prevented from being directly checked, whether the received personal data changes or not can be determined by comparing the digital abstract, further, the loss caused by the use of the changed personal data is avoided, and the responsibility can be asked for the storage service provider.
Although the embodiments of the present invention have been described above, the above description is only for the convenience of understanding the present invention, and is not intended to limit the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. A method for personal data protection, applied to a first blockchain node, the method comprising:
the method for encrypting the personal data of the first user comprises the following steps of encrypting the plaintext of the personal data of the first user to obtain the ciphertext of the personal data, and encrypting the plaintext of the personal data of the first user to obtain the ciphertext of the personal data, wherein the steps comprise: encrypting a plaintext of personal data of a first user by using a first symmetric key to obtain a first ciphertext of the personal data;
generating a digital digest of the ciphertext;
signing the digital digest of the ciphertext by using the private key of the first user to obtain a signed ciphertext digital digest;
sending the ciphertext, the signed ciphertext digital abstract and the public key of the first user to a server of a storage service provider, so that the server checks the received signed ciphertext digital abstract, and stores the ciphertext after confirming that the ciphertext digital abstract obtained after checking the signature is consistent with the digital abstract generated by the received ciphertext;
generating transaction information comprising the signed ciphertext digital digest and a public key of the first user, wherein the transaction information further comprises summary information of the personal data;
sending the generated transaction information to an accounting node so that the transaction information is added into a block;
receiving an access request of a second user to the personal data, which is sent by a second blockchain node of the blockchain, wherein the access request comprises a public key of the second user; obtaining the first ciphertext from the server; decrypting the first ciphertext by using the first symmetric secret key to obtain a plaintext of the personal data; encrypting the plaintext of the personal data by adopting a second symmetric key to obtain a second ciphertext of the personal data; encrypting the symmetric secret key by using the public key of the second user to obtain an encrypted second symmetric secret key; generating a digital abstract of the plaintext; signing the digital abstract of the plaintext by using the private key of the first user to obtain a signed plaintext digital abstract; and sending the second ciphertext, the encrypted second symmetric key, and the signed plaintext digital digest to the second blockchain node.
2. The method of claim 1, wherein the transaction information further comprises summary information of the personal data and/or a storage location of the personal data at the server.
3. The method of claim 1, wherein the transaction information further includes summary information of the personal data, the method further comprising:
receiving an access request of a second user to the personal data, which is sent by a second blockchain node, wherein the access request comprises a public key of the second user;
obtaining the ciphertext from the server;
encrypting the symmetric secret key by using the public key of the second user to obtain an encrypted symmetric secret key;
and sending the ciphertext and the encrypted symmetric key to the second blockchain node.
4. The method of claim 1, wherein the transaction information further includes summary information of the personal data and a storage location of the personal data at the server, the method further comprising:
receiving an access request of a second user to the personal data, which is sent by a second blockchain node of the blockchain, wherein the access request comprises a public key of the second user;
encrypting the symmetric secret key by using the public key of the second user to obtain an encrypted symmetric secret key;
and sending the encrypted symmetric key to the second blockchain node.
5. The method of claim 1, wherein the step of encrypting the plaintext of the personal data of the first user to obtain the ciphertext of the personal data comprises:
encrypting a plaintext of personal data of a first user by using a first symmetric key to obtain a first ciphertext of the personal data;
the transaction information further includes summary information of the personal data, the method further comprising:
receiving an access request of a second user to the personal data, which is sent by a second blockchain node of the blockchain, wherein the access request comprises a public key of the second user;
obtaining the first ciphertext from the server;
decrypting the first ciphertext by using the first symmetric secret key to obtain a plaintext of the personal data;
encrypting the plaintext of the personal data by adopting a second symmetric key to obtain a second ciphertext of the personal data;
encrypting the symmetric secret key by using the public key of the second user to obtain an encrypted second symmetric secret key;
generating a digital digest of the second ciphertext;
signing the digital digest of the second ciphertext by using the private key of the first user to obtain a signed second ciphertext digital digest;
and sending the second ciphertext, the encrypted second symmetric key and the signed second ciphertext digital digest to the second blockchain node.
6. The method of claim 1, wherein the transaction information further includes a transaction type corresponding to the transaction information;
the step of generating transaction information including the signed ciphertext digital digest and the public key of the first user includes:
and generating the transaction information in response to the operation that the first user specifies the transaction type corresponding to the transaction information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910969874.0A CN110955909B (en) | 2019-10-12 | 2019-10-12 | Personal data protection method and block link point |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910969874.0A CN110955909B (en) | 2019-10-12 | 2019-10-12 | Personal data protection method and block link point |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110955909A CN110955909A (en) | 2020-04-03 |
| CN110955909B true CN110955909B (en) | 2022-08-05 |
Family
ID=69975553
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910969874.0A Active CN110955909B (en) | 2019-10-12 | 2019-10-12 | Personal data protection method and block link point |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110955909B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112163171B (en) * | 2020-09-21 | 2022-03-18 | 中国电子科技网络信息安全有限公司 | Data chaining method based on terminal signature |
| CN112422287B (en) * | 2021-01-22 | 2021-04-13 | 杭州城市大数据运营有限公司 | Multi-level role authority control method and device based on cryptography |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109559122A (en) * | 2018-12-07 | 2019-04-02 | 北京瑞卓喜投科技发展有限公司 | Block chain data transmission method and block chain data transmission system |
| CN109660485A (en) * | 2017-10-10 | 2019-04-19 | 中兴通讯股份有限公司 | A kind of authority control method and system based on the transaction of block chain |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB201711878D0 (en) * | 2017-07-24 | 2017-09-06 | Nchain Holdings Ltd | Computer - implemented system and method |
| CN110311883B (en) * | 2018-03-27 | 2020-11-10 | 华为技术有限公司 | Identity management method, device, communication network and storage medium |
| CN108681966B (en) * | 2018-05-11 | 2020-07-21 | 阿里巴巴集团控股有限公司 | Information supervision method and device based on block chain |
| CN108964905A (en) * | 2018-07-18 | 2018-12-07 | 胡祥义 | A kind of safe and efficient block chain implementation method |
| CN109523267A (en) * | 2018-10-30 | 2019-03-26 | 苏宁易购集团股份有限公司 | A kind of verification method, the apparatus and system of the transaction data based on block chain |
| CN109347878B (en) * | 2018-11-30 | 2020-06-05 | 西安电子科技大学 | Decentralized data verification and data security transaction system and method |
| CN110163007B (en) * | 2019-04-23 | 2021-05-04 | 西安邮电大学 | Block chain-based data integrity verification method, equipment and storage medium |
| CN110046521B (en) * | 2019-04-24 | 2023-04-18 | 成都派沃特科技股份有限公司 | Decentralized privacy protection method |
-
2019
- 2019-10-12 CN CN201910969874.0A patent/CN110955909B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109660485A (en) * | 2017-10-10 | 2019-04-19 | 中兴通讯股份有限公司 | A kind of authority control method and system based on the transaction of block chain |
| CN109559122A (en) * | 2018-12-07 | 2019-04-02 | 北京瑞卓喜投科技发展有限公司 | Block chain data transmission method and block chain data transmission system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110955909A (en) | 2020-04-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109740384B (en) | Data certification method and device based on blockchain | |
| JP6606156B2 (en) | Data security service | |
| US7975312B2 (en) | Token passing technique for media playback devices | |
| JP4240297B2 (en) | Terminal device, authentication terminal program, device authentication server, device authentication program | |
| CN103189872B (en) | Safety in networked environment and the effectively method and apparatus of Content Selection | |
| US8775810B1 (en) | Self-validating authentication token | |
| KR102094497B1 (en) | System and method for providing storage service based on block chain | |
| CN110798315B (en) | Data processing method and device based on block chain and terminal | |
| US8396218B2 (en) | Cryptographic module distribution system, apparatus, and program | |
| US9769654B2 (en) | Method of implementing a right over a content | |
| US10685141B2 (en) | Method for storing data blocks from client devices to a cloud storage system | |
| CN103731395A (en) | Processing method and system for files | |
| CN110611657A (en) | File stream processing method, device and system based on block chain | |
| US20090199303A1 (en) | Ce device management server, method of issuing drm key by using ce device management server, and computer readable recording medium | |
| CN112632593B (en) | Data storage method, data processing method, device and storage medium | |
| CN101651714A (en) | Downloading method and related system and equipment | |
| CN110955909B (en) | Personal data protection method and block link point | |
| US20210035018A1 (en) | Apparatus for verifying integrity of AI learning data and method therefor | |
| US8755521B2 (en) | Security method and system for media playback devices | |
| CN110602075A (en) | File stream processing method, device and system for encryption access control | |
| JP2004140715A (en) | System and method for managing electronic document | |
| CN101404573B (en) | Authorization method, system and apparatus | |
| CN114338091A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN110263553B (en) | Database access control method and device based on public key verification and electronic equipment | |
| KR102423507B1 (en) | Information comparing system and information comparing method using the system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |