CN111884811B - Block chain-based data evidence storing method and data evidence storing platform - Google Patents
Block chain-based data evidence storing method and data evidence storing platform Download PDFInfo
- Publication number
- CN111884811B CN111884811B CN202010717491.7A CN202010717491A CN111884811B CN 111884811 B CN111884811 B CN 111884811B CN 202010717491 A CN202010717491 A CN 202010717491A CN 111884811 B CN111884811 B CN 111884811B
- Authority
- CN
- China
- Prior art keywords
- message authentication
- authentication code
- identification
- client
- timestamp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The invention discloses a data evidence storing method and a data evidence storing platform based on a block chain, wherein the data evidence storing method comprises the following steps: the client generates a first message authentication code by using the first key based on the first target data, and sends the client identifier, the first key and the first message authentication code to the server; the server side encrypts the first key by using the second key to generate a ciphertext, generates a timestamp and a certificate storing identification, and writes the client side identification, the server side identification, the ciphertext, the certificate storing identification, the first message authentication code and the timestamp into the block chain; the verifying terminal compares the time stamp with the reference time to verify whether the time stamp is correct or not; and if the timestamp is verified correctly, acquiring second target data from the client, generating a second message authentication code by using the first key based on the second target data, and comparing whether the second message authentication code is equal to the first message authentication code to obtain a final verification result.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a data evidence storing method and a data evidence storing platform based on a block chain.
Background
At present, the blockchain data evidence storage method is one of the main application schemes in the field of blockchain technology, and has been applied to numerous fields such as internet finance, intellectual property platforms and the like. The block chain data storage method mainly takes the technology as a virtual third party identity, and records target data to be stored into a block chain after a series of processing, so as to ensure the integrity of the target data.
In the prior art, a data evidence storing method based on a block chain mainly includes the following two types:
the first type is to store information such as target data files, certificate storing time and the like on a chain;
the second type is that the target data file generates the hash abstract of the data through a hash function; and then storing the information such as the hash abstract, the evidence storing time and the like in the uplink.
However, both of the above two data authentication methods have certain technical problems, and the first method has a main technical problem in that the data authentication method can only process a small amount of data, and due to the technical characteristics of the block chain itself, if a large amount of data is to be uplinked, for example, high definition video and the like, a large amount of time cost and on-chain storage cost are required.
The main technical problem of the second method is that the nature of the hash function itself is not considered, and the possibility of generating hash digest collision is ignored.
Disclosure of Invention
The present invention is directed to a data evidence storing method and a data evidence storing platform based on a block chain, so as to solve at least one technical problem in the prior art.
In order to achieve the purpose, the invention adopts the technical scheme that:
in a first aspect, an embodiment of the present invention provides a data evidence storing method based on a block chain, where the data evidence storing method includes the following steps:
the client generates a first message authentication code by using the first key based on the first target data, and sends the client identifier, the first key and the first message authentication code to the server;
the server side encrypts the first key by using the second key to generate a ciphertext, generates a timestamp and a certificate storing identification, sends the certificate storing identification to the client side, and writes the client side identification, the server side identification, the ciphertext, the certificate storing identification, the first message authentication code and the timestamp into the block chain;
the verifying end acquires the certificate storing identification from a client or a server, acquires the first secret key from the server, acquires the client identification, the server identification, the ciphertext, the first message authentication code and the time stamp from the block chain according to the certificate storing identification, and compares the time stamp with reference time to verify whether the time stamp is correct or not; and if the timestamp is verified correctly, acquiring second target data from the client, generating a second message authentication code by using the first key based on the second target data, and comparing whether the second message authentication code is equal to the first message authentication code to obtain a final verification result.
Further, the data evidence storing method further comprises the following steps: and if the timestamp is in error, directly outputting a verification failure result.
Further, the data evidence storing method further comprises the following steps:
the server also sets failure time and writes the failure time into the block chain;
the verifying end acquires the failure time according to the certificate storage identification;
before the verifying end compares the time stamp with the reference time, the method also comprises the following steps:
and the verifying end verifies whether the current time of the data evidence storage platform is before the failure time so as to output a verification result.
Further, the client identifier, the server identifier, the ciphertext, the first message authentication code, the timestamp or the expiration time are encrypted and transmitted through an SSL, TLS or HTTPS encryption channel.
Further, the ciphertext is generated using an AES encryption algorithm.
Further, the first and second message authentication codes are obtained by using a hash operation or a block cipher algorithm.
In a second aspect, an embodiment of the present invention provides a data evidence storing platform based on a block chain, where the data evidence storing platform includes a client, a server, the block chain, and a verification end; wherein the content of the first and second substances,
the client generates a first message authentication code by using the first key based on the first target data, and sends the client identifier, the first key and the first message authentication code to the server;
the server side encrypts the first key by using the second key to generate a ciphertext, generates a timestamp and a certificate storing identification, and writes the client side identification, the server side identification, the ciphertext, the certificate storing identification, the first message authentication code and the timestamp into the block chain;
the verifying end acquires the first secret key and the certificate storing identification from the server end, acquires the client end identification, the server end identification, the ciphertext, the first message authentication code and the timestamp from the block chain according to the certificate storing identification, and compares the timestamp with reference time to verify whether the timestamp is correct or not; and if the timestamp is verified correctly, acquiring second target data from the client, generating a second message authentication code by using the first key based on the second target data, and comparing whether the second message authentication code is equal to the first message authentication code to obtain a final verification result.
Further, the verifying end further performs the following operations: and if the timestamp is in error, directly outputting a verification failure result.
Further, the server side also executes the following operations: setting failure time, and writing the failure time into a block chain;
the verifying end acquires the failure time according to the certificate storage identification;
before the verifying end compares the time stamp with the reference time, the method further comprises the following steps:
and the verifying end verifies whether the current time of the data evidence storage platform is before the failure time so as to output a verification result.
Further, the first and second message authentication codes are obtained by using a hash operation or a block cipher algorithm.
The invention has the beneficial effects that:
firstly, the server only transmits the certificate storing identification, the client identification, the server identification, the ciphertext, the first message authentication code, the timestamp and the failure time to the block chain, and even if a large amount of data in the data certificate storing platform needs to be stored, a large amount of time is not needed for uplink and on-chain storage cost;
secondly, the first and second message authentication codes and the expiration time are stored in the blockchain, and except for a legal verifying end, a third party cannot modify the first target data to be authenticated because the third party does not know the first secret key, so that the third party cannot search another group of second target data to be authenticated in a brute force cracking manner, and therefore the group of second target data to be authenticated and the first target data can generate the same hash digest;
thirdly, since the invention sets the expiration time, it can prevent the third party from having sufficient time to generate the second target data due to the leakage of the first key, thereby preventing the group of second target data to be authenticated and the first target data from generating the hash digest of the same content.
Drawings
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a schematic flowchart of a data verification method based on a blockchain according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a data verification platform based on a block chain according to an embodiment of the present invention.
Detailed Description
The following description is presented to disclose the invention so as to enable any person skilled in the art to practice the invention. The preferred embodiments in the following description are given by way of example only, and other obvious variations will occur to those skilled in the art. The basic principles of the invention, as defined in the following description, may be applied to other embodiments, variations, modifications, equivalents, and other technical solutions without departing from the spirit and scope of the invention.
It is understood that the terms "a" and "an" should be interpreted as meaning "at least one" or "one or more," i.e., that a quantity of one element may be one in one embodiment, while a quantity of another element may be plural in other embodiments, and the terms "a" and "an" should not be interpreted as limiting the quantity.
The terminology used herein is for the purpose of describing various embodiments only and is not intended to be limiting. As used herein, the singular forms are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, numbers, steps, operations, components, elements, or combinations thereof, but do not preclude the presence or addition of one or more other features, numbers, steps, operations, components, elements, or groups thereof.
In this embodiment, first, various components related to a data certificate storage platform are briefly described, where the data certificate storage platform includes a client, a server, a block chain, and a verification end;
the client is used for a user to perform triggering operations, such as storing and acquiring target data, generating a corresponding transaction request, and sending the transaction request to the server and the blockchain for processing, and the client may participate in the blockchain in a manner of deploying DAPP, or indirectly participate in the blockchain by accessing other centralized blockchain nodes, to send the transaction request, and may be, for example, a computer, a mobile terminal (e.g., a cellular phone, etc.), a non-mobile terminal (e.g., an appliance, etc.), a Personal Data Assistant (PDA), etc.).
And the server is used for receiving the data sent by the client and sending the related data to the block chain.
The block chain is used for receiving each transaction request sent by the server side, and completing corresponding services in a transaction request processing mode so as to migrate the data management service to the block chain, so that unified management of data is facilitated.
The verification end is mainly used for verifying the target data so as to ensure the safety of the data storage platform; specifically, the verifying end may be one or more servers.
Example one
Referring to fig. 1, a data evidence storing method based on a block chain in this embodiment includes the following steps:
the client generates a first message authentication code by using the first key based on the first target data, and sends the client identifier, the first key and the first message authentication code to the server;
the server side encrypts the first key by using the second key to generate a ciphertext, generates a timestamp and a certificate storing identification, and writes the client side identification, the server side identification, the ciphertext, the certificate storing identification, the first message authentication code and the timestamp into the block chain;
the verifying end acquires the first secret key and the certificate storing identification from the server end, acquires the client end identification, the server end identification, the ciphertext, the first message authentication code and the timestamp from the block chain according to the certificate storing identification, and compares the timestamp with reference time to verify whether the timestamp is correct or not; and if the timestamp is verified correctly, acquiring second target data from the client, generating a second message authentication code by using the first key based on the second target data, and comparing whether the second message authentication code is equal to the first message authentication code to obtain a final verification result.
Further, the data evidence storing method further comprises the following steps: and if the timestamp is in error, directly outputting a verification failure result.
The detailed working process of the data storage method of the embodiment will be specifically described below.
The main working process of the client in this embodiment is as follows:
presetting a client identifier as a client identifier;
step 11: the client randomly generates a first character string and takes the first character string as a first key; the first character string in this embodiment is a long random number;
step 12: the client generates a first message authentication code by using the first key based on first target data; preferably, the client generates the first message authentication code by using a message authentication code algorithm, wherein the first message authentication code is used as a block chain evidence of the target data;
step 13: the client sends the client identification, the first key and the first message authentication code to the server by using an encrypted channel; preferably, the client may perform encrypted transmission using an encryption channel such as SSL (Secure Sockets Layer), TLS (Transport Layer Security), HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer), or the like.
The main working process of the server in this embodiment is as follows:
presetting a server-side identifier as a server-side identifier;
step 21: the server receives the client identifier, the first key and the first message authentication code;
step 22: the server randomly generates a second character string, and the second character string is used as a second secret key; the second character string in this embodiment is also a long random number;
step 23: the server side encrypts the first key by using the second key based on an encryption algorithm to generate a ciphertext; preferably, the Encryption algorithm may be AES (Advanced Encryption Standard), or the like.
Step 24: the server side acquires a timestamp of the first message authentication code; the time stamp of the first message authentication code is standard time stamp service provided by a time service center;
step 25: the server side sets failure time;
step 26: the server randomly generates a third character string which is used as a certificate storage identifier;
step 27: the server side sends the certificate storing identification to the client side;
the server side also transmits a certificate storage identification, a client side identification, a server side identification, a ciphertext, a first message authentication code, a timestamp and failure time to the block chain; the evidence storing identification, the client identification, the server identification, the ciphertext, the first message authentication code, the timestamp and the failure time can be used as a block chain evidence storing evidence of the client target data.
The main working process of the verification end in the embodiment is as follows:
presetting an identification of a verification end as a verification end identification;
step 31: the verifying end acquires the certificate storing identification from a client or a server;
step 32: the authentication end acquires the first secret key from the server end;
step 33: the verifying end searches the client end identification, the server end identification, the ciphertext, the first message authentication code, the timestamp and the failure time on the block chain according to the certificate storage identification; the block chain searches the client side identification, the server side identification, the ciphertext, the first message authentication code, the timestamp and the expiration time on the block chain through an encryption channel and transmits the client side identification, the server side identification, the ciphertext, the first message authentication code, the timestamp and the expiration time to the verification end in an encryption mode; preferably, the client identifier, the server identifier, the ciphertext, the first message authentication code, the timestamp and the expiration time may be encrypted and transmitted through an encryption channel such as SSL, TLS or HTTPS;
step 34: the verifying end verifies whether the current time of the data evidence storage platform is before the failure time so as to output a verification result; specifically, if the current time of the data evidence storage platform is before the expiration time, step 35 is executed; if the current time of the data storage platform is not before the failure time, outputting a verification failure result;
step 35: the verifying end compares the time stamp with the reference time to verify whether the time stamp is correct, if so, the step 36 is executed; if not, directly outputting a verification failure result; the reference time can be provided by a time stamp service provider of a national time service center;
step 36: the verifying end acquires second target data from the client; preferably, the client encrypts and transmits the second target data to the verification end by using an encryption channel such as SSL, TLS or HTTPS;
step 37: the verifying end generates a second message authentication code by using the first key based on the second target data, preferably, the verifying end generates the second message authentication code by using a message authentication code algorithm;
step 38: the verifying end compares whether the second message authentication code is equal to the first message authentication code to obtain a final verification result; specifically, if the second message authentication code is equal to the first message authentication code, a verification success result is output; if not, outputting a verification failure result.
Preferably, the message authentication code algorithm may be a hash operation or a block cipher algorithm.
Example two
Fig. 2 is a schematic structural diagram of a data certification platform based on a blockchain according to an embodiment of the present invention, referring to fig. 2, where the data certification platform includes a client, a server, a blockchain, and a verification end; wherein the content of the first and second substances,
the client generates a first message authentication code by using the first key based on the first target data, and sends the client identifier, the first key and the first message authentication code to the server;
the server side encrypts the first key by using the second key to generate a ciphertext, generates a timestamp and a certificate storing identification, and writes the client side identification, the server side identification, the ciphertext, the certificate storing identification, the first message authentication code and the timestamp into the block chain;
the verifying end acquires the first secret key and the certificate storing identification from the server end, acquires the client end identification, the server end identification, the ciphertext, the first message authentication code and the timestamp from the block chain according to the certificate storing identification, and compares the timestamp with reference time to verify whether the timestamp is correct or not; and if the timestamp is verified correctly, acquiring second target data from the client, generating a second message authentication code by using the first key based on the second target data, and comparing whether the second message authentication code is equal to the first message authentication code to obtain a final verification result.
Further, the verifying end further performs the following operations: and if the timestamp is in error, directly outputting a verification failure result.
Further, the server side also executes the following operations: setting failure time, and writing the failure time into a block chain;
the verifying end acquires the failure time according to the certificate storage identification;
before the verifying end compares the time stamp with the reference time, the method further comprises the following steps:
and the verifying end verifies whether the current time of the data storage and verification platform is before the failure time so as to output a verification result to the client.
Further, the first and second message authentication codes are obtained by using a hash operation or a block cipher algorithm.
The data evidence storage platform in this embodiment is basically the same as the data evidence storage method in the first embodiment in the working process, and is not described herein again.
Compared with the prior art, the invention has the following advantages:
firstly, the server only transmits the certificate storing identification, the client identification, the server identification, the ciphertext, the first message authentication code, the timestamp and the failure time to the block chain, and even if a large amount of data in the data certificate storing platform needs to be stored, a large amount of time is not needed for uplink and on-chain storage cost;
secondly, the first and second message authentication codes and the expiration time are stored in the blockchain, and except for a legal verifying end, a third party cannot modify the first target data to be authenticated because the third party does not know the first secret key, so that the third party cannot search another group of second target data to be authenticated in a brute force cracking manner, and therefore the group of second target data to be authenticated and the first target data can generate the same hash digest;
third, since the present invention sets the expiration time, it is possible to prevent a third party from having sufficient time to generate the second target data due to the leakage of the first key, thereby preventing the set of second target data to be authenticated and the first target data from generating the hash digest of the same content.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention or a part thereof which substantially contributes to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. A data evidence storing method based on a block chain comprises the following steps:
the client generates a first message authentication code by using the first key based on the first target data, and sends the client identifier, the first key and the first message authentication code to the server;
the server side encrypts the first key by using the second key to generate a ciphertext, generates a timestamp and a certificate storing identification, sends the certificate storing identification to the client side, and writes the client side identification, the server side identification, the ciphertext, the certificate storing identification, the first message authentication code and the timestamp into the block chain;
the verification end acquires the certificate storing identification from the server end or the client end, acquires the first secret key from the server end, acquires the client end identification, the server end identification, the ciphertext, the first message authentication code and the time stamp from the block chain according to the certificate storing identification, and compares the time stamp with reference time to verify whether the time stamp is correct or not; if the timestamp is verified correctly, acquiring second target data from the client, generating a second message authentication code by using the first key based on the second target data, and comparing whether the second message authentication code is equal to the first message authentication code to obtain a final verification result;
the data storage method further comprises the following steps:
the server also sets failure time and writes the failure time into the block chain;
the verifying end acquires the failure time according to the certificate storage identification;
before the verifying end compares the time stamp with the reference time, the method further comprises the following steps:
and the verifying end verifies whether the current time of the data evidence storage platform is before the failure time so as to output a verification result.
2. The data certification method according to claim 1, further comprising the steps of: and if the timestamp is in error, directly outputting a verification failure result.
3. The data authentication method of claim 1, wherein the client identifier, the server identifier, the ciphertext, the first message authentication code, the timestamp, or the expiration time are transmitted encrypted over an SSL, TLS, or HTTPS encrypted channel.
4. The data attestation method of claim 1, wherein the ciphertext is generated using an AES encryption algorithm.
5. The data authentication method of claim 1, wherein the first and second message authentication codes are obtained using a hash operation or a block cipher algorithm.
6. A data evidence storing platform based on a block chain comprises a client, a server, the block chain and a verification end; wherein the content of the first and second substances,
the client generates a first message authentication code by using the first key based on the first target data, and sends the client identifier, the first key and the first message authentication code to the server;
the server side encrypts the first key by using the second key to generate a ciphertext, generates a timestamp and a certificate storing identification, and writes the client side identification, the server side identification, the ciphertext, the certificate storing identification, the first message authentication code and the timestamp into the block chain;
the verifying end acquires the first secret key and the certificate storing identification from the server end, acquires the client end identification, the server end identification, the ciphertext, the first message authentication code and the timestamp from the block chain according to the certificate storing identification, and compares the timestamp with reference time to verify whether the timestamp is correct or not; if the timestamp is verified correctly, acquiring second target data from the client, generating a second message authentication code by using the first key based on the second target data, and comparing whether the second message authentication code is equal to the first message authentication code to obtain a final verification result;
the server side also executes the following operations: setting failure time, and writing the failure time into a block chain;
the verifying end acquires the failure time according to the certificate storage identification;
before the verifying end compares the time stamp with the reference time, the method further comprises the following steps:
and the verifying end verifies whether the current time of the data evidence storage platform is before the failure time so as to output a verification result.
7. The data certification platform of claim 6, wherein the verification end further performs the following operations: and if the timestamp is in error, directly outputting a verification failure result.
8. The data credentialing platform of claim 6, wherein the first and second message authentication codes are obtained using a hash operation or a block cipher algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010717491.7A CN111884811B (en) | 2020-07-23 | 2020-07-23 | Block chain-based data evidence storing method and data evidence storing platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010717491.7A CN111884811B (en) | 2020-07-23 | 2020-07-23 | Block chain-based data evidence storing method and data evidence storing platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111884811A CN111884811A (en) | 2020-11-03 |
| CN111884811B true CN111884811B (en) | 2022-08-19 |
Family
ID=73156098
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010717491.7A Active CN111884811B (en) | 2020-07-23 | 2020-07-23 | Block chain-based data evidence storing method and data evidence storing platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111884811B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804217B (en) * | 2020-12-31 | 2022-11-01 | 山东数字能源交易有限公司 | Block chain technology-based evidence storing method and device |
| CN112954039A (en) * | 2021-02-04 | 2021-06-11 | 上海百姓装潢有限公司 | Block chain evidence storage method |
| CN113098693B (en) * | 2021-04-08 | 2022-08-16 | 太原理工大学 | Memory verification method based on physical unclonable function algorithm |
| CN113078998A (en) * | 2021-04-08 | 2021-07-06 | 太原理工大学 | Block chain storage verification method for providing address information |
| CN113541938A (en) * | 2021-06-25 | 2021-10-22 | 国网山西省电力公司营销服务中心 | Non-deception non-blocking channel-based calculation amount asymmetric evidence storing method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107819777A (en) * | 2017-11-17 | 2018-03-20 | 北京亿生生网络科技有限公司 | A kind of data based on block chain technology deposit card method and system |
| CN108737326A (en) * | 2017-04-14 | 2018-11-02 | 北京京东尚科信息技术有限公司 | Method, system, device and electronic equipment for carrying out token authentication |
| CN109691016A (en) * | 2016-07-08 | 2019-04-26 | 卡列普顿国际有限公司 | Distributing real time system and Verification System |
| CN109889479A (en) * | 2018-12-21 | 2019-06-14 | 中链科技有限公司 | User identity based on block chain deposits card, verification method and device and verification system |
| CN110177124A (en) * | 2019-06-20 | 2019-08-27 | 深圳市网心科技有限公司 | Identity identifying method and relevant device based on block chain |
-
2020
- 2020-07-23 CN CN202010717491.7A patent/CN111884811B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109691016A (en) * | 2016-07-08 | 2019-04-26 | 卡列普顿国际有限公司 | Distributing real time system and Verification System |
| CN108737326A (en) * | 2017-04-14 | 2018-11-02 | 北京京东尚科信息技术有限公司 | Method, system, device and electronic equipment for carrying out token authentication |
| CN107819777A (en) * | 2017-11-17 | 2018-03-20 | 北京亿生生网络科技有限公司 | A kind of data based on block chain technology deposit card method and system |
| CN109889479A (en) * | 2018-12-21 | 2019-06-14 | 中链科技有限公司 | User identity based on block chain deposits card, verification method and device and verification system |
| CN110177124A (en) * | 2019-06-20 | 2019-08-27 | 深圳市网心科技有限公司 | Identity identifying method and relevant device based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 区块链技术在电子数据存证取证中的应用;朱兴雄;《2019电力行业信息化年会论文集》;20191231;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111884811A (en) | 2020-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109756485B (en) | Electronic contract signing method, electronic contract signing device, computer equipment and storage medium | |
| CN111884811B (en) | Block chain-based data evidence storing method and data evidence storing platform | |
| CN108965230B (en) | Secure communication method, system and terminal equipment | |
| CN109547445B (en) | Method and system for verifying legality of network request of client | |
| CN103051453B (en) | A kind of mobile terminal network affaris safety trade system based on digital certificate and method | |
| CN100512201C (en) | Method for dealing inserted-requested message of business in groups | |
| CN102624740A (en) | Data interaction method, client and server | |
| CN113472793B (en) | Personal data protection system based on hardware password equipment | |
| CN111159684B (en) | Safety protection system and method based on browser | |
| CN103107996A (en) | On-line download method and system of digital certificate and digital certificate issuing platform | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN111030814A (en) | Key negotiation method and device | |
| CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| CN112765626A (en) | Authorization signature method, device and system based on escrow key and storage medium | |
| JP2001177513A (en) | Authenticating method in communication system, center equipment, and recording medium with authentication program recorded thereon | |
| CN114390524B (en) | Method and device for realizing one-key login service | |
| CN113761578A (en) | Document true checking method based on block chain | |
| CN107786338B (en) | Shared platform in dynamic password verification | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN109412799B (en) | System and method for generating local key | |
| CN115242471B (en) | Information transmission method, information transmission device, electronic equipment and computer readable storage medium | |
| CN116318654A (en) | SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution | |
| KR101256114B1 (en) | Message authentication code test method and system of many mac testserver | |
| CN104868994A (en) | Collaboration secret key management method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |