CN111901338A - Data security protection method for application block chain - Google Patents

Data security protection method for application block chain Download PDF

Info

Publication number
CN111901338A
CN111901338A CN202010736384.9A CN202010736384A CN111901338A CN 111901338 A CN111901338 A CN 111901338A CN 202010736384 A CN202010736384 A CN 202010736384A CN 111901338 A CN111901338 A CN 111901338A
Authority
CN
China
Prior art keywords
transaction information
block chain
data
middleman
receiver
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010736384.9A
Other languages
Chinese (zh)
Inventor
杨宁波
李�杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Gaoshan Technology Co ltd
Original Assignee
Anhui Gaoshan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Gaoshan Technology Co ltd filed Critical Anhui Gaoshan Technology Co ltd
Priority to CN202010736384.9A priority Critical patent/CN111901338A/en
Publication of CN111901338A publication Critical patent/CN111901338A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a data security protection method for an application block chain, which belongs to the technical field of block chains and comprises the following steps: detecting malicious nodes accessing the block chain by performing authorized access control on access nodes of the block chain, and adding the malicious nodes into a blacklist; adding an intermediary account number between two transaction parties, encrypting transaction information data by a sender through a public key of the intermediary and sending the encrypted transaction information data to the intermediary, decrypting and verifying the transaction information by the intermediary through a private key, and encrypting and forwarding the decrypted transaction information to a receiver through a public key of the receiver; and after the receiving party verifies the transaction information of the sending party, encrypting the transaction information data through a private key and broadcasting the encrypted transaction information data in the block chain. The intermediate person account number is added in the data sending process of the two transaction parties for data protection, and the data is transferred by the intermediate person account number, so that the transaction information data is maliciously intercepted in time and the address information of the two transaction parties cannot be analyzed according to the transaction information, and the safety of the transaction information data is improved.

Description

Data security protection method for application block chain
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a data security protection method for an application block chain.
Background
The block chain is a decentralized, trust-free and tamper-resistant distributed accounting book technology, comprehensively utilizes a plurality of computer technologies such as cryptography, probability theory, consensus mechanism and distributed network, and is a great innovation in the history of the Internet. The blockchain technology was first applied to bitcoin blockchains, which have been globally equipped with thousands of distributed nodes since the birth of bitcoin in 2009, and which operate uninterruptedly for nearly 10 years without significant security holes. Although the blockchain technology originated from the encrypted digital currency, the development and application thereof are not limited to the financial field, but can be widely applied to a plurality of aspects such as cultural entertainment, social public welfare and data protection.
With the continuous development and wide application of the block chain technology, the problem of privacy disclosure is more and more prominent, and sufficient attention must be paid. Compared with the traditional centralized architecture, the block chain mechanism does not depend on specific central nodes to process and store data, so that the risks of single point breakdown and data leakage of a centralized server can be avoided. But in order to reach consensus among scattered blockchain nodes, all transaction records in the blockchain must be disclosed to all nodes, which will significantly increase the risk of privacy disclosure. For example, in a transaction, an analyst may obtain a transaction rule of a user by analyzing a transaction record, and even may infer identity information and location information of the user, because a public blockchain has a high data storage cost, an extension technology of a blockchain, a federation chain or a private chain, is generally used, and because of private maintenance in the federation chain or the private chain, a malicious node is easily present in a blockchain network, data is stolen, and potential safety hazards exist in the address information of two parties of the transaction by analyzing the data.
Disclosure of Invention
The invention aims to provide a data security protection method for an application block chain, aiming at solving the problem that when the block chain is used commercially, a node is easy to attack and potential safety hazards exist in the data transmission process, and the method has the advantages of avoiding information leakage of both sides of transaction, verifying block chain link points and maintaining a network and avoiding the block chain from being attacked maliciously by adding a man-in-the-middle.
The invention achieves the aim through the following technical scheme, and a data security protection method of an application block chain comprises the following steps:
detecting malicious nodes accessing the block chain by performing authorized access control on access nodes of the block chain, and adding the malicious nodes into a blacklist;
adding an intermediary account number between two transaction parties, encrypting transaction information data by a sender through a public key of the intermediary and sending the encrypted transaction information data to the intermediary, decrypting and verifying the transaction information by the intermediary through a private key, and encrypting and forwarding the decrypted transaction information to a receiver through a public key of the receiver;
and after the receiving party verifies the transaction information of the sending party, encrypting the transaction information data through a private key and broadcasting the encrypted transaction information data in the block chain.
Preferably, the authorized access control method is as follows:
searching node authentication of all nodes in the whole block chain, and offline the nodes lacking authentication;
uploading the IP of the offline node, defining the IP as a malicious node and adding the malicious node into an access blacklist;
and adding a block chain network firewall, disconnecting the network connection between the existing block chain and the external node after finding the network leak, and connecting the network between the block chain and the external node after checking and killing the leak through the network firewall.
Preferably, the node authentication is CA authentication.
Preferably, the blockchain network firewall is configured by a hypervisor.
Preferably, the number of the intermediate people accounts can be single or multiple, and the forwarding method of the transaction information data is adjusted according to the number of the intermediate people accounts, and the forwarding method comprises the following steps:
when the account number of the middleman is single, the sender sends encrypted data to the middleman through the public key of the account number of the middleman, and the middleman forwards the encrypted data to the receiver by using the public key of the receiver;
when the number of the account numbers of the middleman is multiple, the sender sends the encrypted data to the nearest middleman through the public key of the adjacent middleman, the middleman uses the public key of another adjacent middleman to encrypt the data, and the encrypted data is sequentially forwarded by the middleman and finally forwarded to the receiver by the middleman adjacent to the receiver through the public key of the receiver.
Preferably, the encryption method of the receiving party is to add encryption characters to the head and the tail of the transaction information data through a private key.
Compared with the prior art, the invention has the beneficial effects that: the access control is carried out on the nodes in the blockchain, malicious nodes are screened to protect the operation of the whole blockchain, the blockchain authorization access control also protects the blockchain network, the transmission safety of data in the network is improved, an intermediary account number is added in the data sending process of both transaction parties of the blockchain for data protection, the intermediary account number is used for transferring the data, the transaction information data is maliciously intercepted in time, the address information of both transaction parties cannot be analyzed according to the transaction information, and therefore the safety of the transaction information data is improved.
Drawings
Fig. 1 is a flowchart of a data security protection method for an application block chain according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a method for protecting data security of an application block chain includes the following steps:
step S101, through authorizing access control to access nodes of the block chain, malicious nodes accessing the block chain are detected, and added into a blacklist, because the public block chain has higher use cost of stored data, a alliance chain or a private chain is adopted to store data, the nodes of the block chain are generally personal computers and are easy to be attacked, and therefore, the malicious nodes can be blackened through authorizing access control, so that the malicious nodes cannot be accessed into a block chain network, and data transmission in the network is protected;
step S102, adding a broker account between two parties of a transaction, wherein a sender encrypts transaction information data through a public key of the broker and sends the encrypted transaction information data to the broker, the broker decrypts and verifies the transaction information through a private key and forwards the decrypted transaction information to a receiver through the public key encryption of the receiver, and the relationship between the two parties of the transaction is not easy to find through the broker account, so that the information of the two parties of the transaction is effectively protected, the broker account cannot acquire the private keys of the sender and the receiver, and the forwarding safety is improved;
step S103, after the receiving party verifies the transaction information of the sending party, the transaction information data is encrypted through a private key and is broadcasted in the blockchain, the transaction information data encrypted by the receiving party through the private key can be decrypted by the sending party through a public key of the receiving party, and therefore the transaction information data can be guaranteed to be inquired by the sending party and the receiving party.
The authorized access control method comprises the following steps:
searching node authentication of all nodes in the whole block chain, and offline the nodes lacking authentication;
uploading the IP of the offline node, defining the IP as a malicious node and adding the malicious node into an access blacklist;
and adding a block chain network firewall, disconnecting the network connection between the existing block chain and the external node after finding the network leak, and connecting the network between the block chain and the external node after checking and killing the leak through the network firewall.
The node authentication is CA authentication, whether nodes in a block chain network are authenticated by CA is inquired, the nodes which are not authenticated are eliminated by comparison, an IP address using the nodes is tracked, blackening is carried out, the nodes are prevented from being connected to the block chain again, the nodes can be preliminarily screened by the method, the block chain is protected by a protective wall, once a network leak is found, the connection between a main chain of the block chain and external nodes is broken, the block chain is prevented from being attacked by the network, the block chain network firewall is configured by a super manager, the super manager is a constructor of a private chain or an alliance chain, the protective wall is configured and managed by the super manager, and the network protection condition can be conveniently monitored.
The number of the intermediate people accounts can be single or multiple, and the forwarding method of the transaction information data is adjusted according to the number of the intermediate people accounts, and the forwarding method comprises the following steps:
when the account number of the middleman is single, the sender sends encrypted data to the middleman through the public key of the account number of the middleman, and the middleman forwards the encrypted data to the receiver by using the public key of the receiver;
when the number of the account numbers of the middleman is multiple, the sender sends the encrypted data to the nearest middleman through the public key of the adjacent middleman, the middleman uses the public key of another adjacent middleman to encrypt the data, and the encrypted data is sequentially forwarded by the middleman and finally forwarded to the receiver by the middleman adjacent to the receiver through the public key of the receiver.
The more the intermediary accounts are, the less the addresses of both transaction parties are easy to be inquired, the higher the security is, but the lower the data transmission efficiency is, the appropriate number of intermediary accounts can be selected according to the actual demand, the encryption method of the receiver is to add the encrypted characters to the head and the tail of the transaction information data through the private key, the sender can decrypt the encrypted characters through the public key of the receiver, and therefore both the sender and the receiver can conveniently search the transaction information data.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.

Claims (6)

1. A data security protection method of an application block chain is characterized by comprising the following steps:
detecting malicious nodes accessing the block chain by performing authorized access control on access nodes of the block chain, and adding the malicious nodes into a blacklist;
adding an intermediary account number between two transaction parties, encrypting transaction information data by a sender through a public key of the intermediary and sending the encrypted transaction information data to the intermediary, decrypting and verifying the transaction information by the intermediary through a private key, and encrypting and forwarding the decrypted transaction information to a receiver through a public key of the receiver;
and after the receiving party verifies the transaction information of the sending party, encrypting the transaction information data through a private key and broadcasting the encrypted transaction information data in the block chain.
2. The method according to claim 1, wherein the authorized access control method is:
searching node authentication of all nodes in the whole block chain, and offline the nodes lacking authentication;
uploading the IP of the offline node, defining the IP as a malicious node and adding the malicious node into an access blacklist;
and adding a block chain network firewall, disconnecting the network connection between the existing block chain and the external node after finding the network leak, and connecting the network between the block chain and the external node after checking and killing the leak through the network firewall.
3. The method according to claim 2, wherein the node authentication is a CA authentication.
4. The method of claim 1, wherein the blockchain network firewall is configured by a hypervisor.
5. The data security protection method of the application block chain according to claim 1, wherein the number of the intermediate people accounts is one or more, and the forwarding method of the transaction information data is adjusted according to the number of the intermediate people accounts, and the forwarding method is as follows:
when the account number of the middleman is single, the sender sends encrypted data to the middleman through the public key of the account number of the middleman, and the middleman forwards the encrypted data to the receiver by using the public key of the receiver;
when the number of the account numbers of the middleman is multiple, the sender sends the encrypted data to the nearest middleman through the public key of the adjacent middleman, the middleman uses the public key of another adjacent middleman to encrypt the data, and the encrypted data is sequentially forwarded by the middleman and finally forwarded to the receiver by the middleman adjacent to the receiver through the public key of the receiver.
6. The method for protecting data security of application block chain according to claim 1, wherein the encryption method of the receiving party is to add encryption characters to the head and tail of the transaction information data through a private key.
CN202010736384.9A 2020-07-28 2020-07-28 Data security protection method for application block chain Withdrawn CN111901338A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010736384.9A CN111901338A (en) 2020-07-28 2020-07-28 Data security protection method for application block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010736384.9A CN111901338A (en) 2020-07-28 2020-07-28 Data security protection method for application block chain

Publications (1)

Publication Number Publication Date
CN111901338A true CN111901338A (en) 2020-11-06

Family

ID=73189353

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010736384.9A Withdrawn CN111901338A (en) 2020-07-28 2020-07-28 Data security protection method for application block chain

Country Status (1)

Country Link
CN (1) CN111901338A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113111386A (en) * 2021-04-30 2021-07-13 永旗(北京)科技有限公司 Privacy protection method for block chain transaction data
CN114039739A (en) * 2020-11-30 2022-02-11 北京八分量信息科技有限公司 Method for rapidly searching for failure by optimizing node communication
CN114285593A (en) * 2021-11-08 2022-04-05 深圳市联洲国际技术有限公司 Method, device, equipment and storage medium for constructing secure local area network protocol

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114039739A (en) * 2020-11-30 2022-02-11 北京八分量信息科技有限公司 Method for rapidly searching for failure by optimizing node communication
CN114039739B (en) * 2020-11-30 2024-04-16 北京八分量信息科技有限公司 Method for fast failure by optimizing node communication
CN113111386A (en) * 2021-04-30 2021-07-13 永旗(北京)科技有限公司 Privacy protection method for block chain transaction data
CN114285593A (en) * 2021-11-08 2022-04-05 深圳市联洲国际技术有限公司 Method, device, equipment and storage medium for constructing secure local area network protocol
CN114285593B (en) * 2021-11-08 2024-03-29 深圳市联洲国际技术有限公司 Method, device, equipment and storage medium for constructing secure local area network protocol

Similar Documents

Publication Publication Date Title
EP3691216B1 (en) Key offsite storage-based data encryption storage system and method
CN109361668A (en) A kind of data trusted transmission method
CN111901338A (en) Data security protection method for application block chain
Jose et al. Implementation of data security in cloud computing
KR102179497B1 (en) System for Data Storing and Managing based on Multi-cloud and Driving method thereof
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
Anwer et al. Security of IoT using block chain: A review
Junghanns et al. Engineering of secure multi-cloud storage
US20190251269A1 (en) Methods and systems for a redundantly secure data store using independent networks
Bokhari et al. Evaluation of hybrid encryption technique to secure data during transmission in cloud computing
Purchina et al. Securing an Information System via the SSL Protocol.
Vikram et al. Blockchain Technology and its Impact on Future of Internet of Things (IoT) and Cyber Security
CN112202773A (en) Computer network information security monitoring and protection system based on internet
Nosrati et al. Security assessment of mobile-banking
CN114466353A (en) App user ID information protection device and method, electronic equipment and storage medium
CN112035853A (en) Storage data access control system based on enterprise cloud disk
Devi et al. Cyber attacks, security data detection, and critical loads in the power systems
Kankal et al. An adaptive authentication based on blockchain for bigdata hadoop framework
Al Barakati et al. IoT of Trust: Toward Ownership Management by Using Blockchain.
Selvakumar et al. Secure Sharing of Data in Private Cloud by RSA-OAEP Algorithm
JP7433620B1 (en) Communication method, communication device and computer program
Liu Application Of Data Encryption Technology in Computer Network Security
US20230004671A1 (en) System and method for managing transparent data encryption of database
Cheon et al. Cyber-attack and Cybersecurity Design for a Smart Work System
Sahu et al. A Review on Analysis of Data Search Scheme for Secure Information Retrieval in Cloud Computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20201106

WW01 Invention patent application withdrawn after publication