CN111901338A - Data security protection method for application block chain - Google Patents
Data security protection method for application block chain Download PDFInfo
- Publication number
- CN111901338A CN111901338A CN202010736384.9A CN202010736384A CN111901338A CN 111901338 A CN111901338 A CN 111901338A CN 202010736384 A CN202010736384 A CN 202010736384A CN 111901338 A CN111901338 A CN 111901338A
- Authority
- CN
- China
- Prior art keywords
- transaction information
- block chain
- data
- middleman
- receiver
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0471—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a data security protection method for an application block chain, which belongs to the technical field of block chains and comprises the following steps: detecting malicious nodes accessing the block chain by performing authorized access control on access nodes of the block chain, and adding the malicious nodes into a blacklist; adding an intermediary account number between two transaction parties, encrypting transaction information data by a sender through a public key of the intermediary and sending the encrypted transaction information data to the intermediary, decrypting and verifying the transaction information by the intermediary through a private key, and encrypting and forwarding the decrypted transaction information to a receiver through a public key of the receiver; and after the receiving party verifies the transaction information of the sending party, encrypting the transaction information data through a private key and broadcasting the encrypted transaction information data in the block chain. The intermediate person account number is added in the data sending process of the two transaction parties for data protection, and the data is transferred by the intermediate person account number, so that the transaction information data is maliciously intercepted in time and the address information of the two transaction parties cannot be analyzed according to the transaction information, and the safety of the transaction information data is improved.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a data security protection method for an application block chain.
Background
The block chain is a decentralized, trust-free and tamper-resistant distributed accounting book technology, comprehensively utilizes a plurality of computer technologies such as cryptography, probability theory, consensus mechanism and distributed network, and is a great innovation in the history of the Internet. The blockchain technology was first applied to bitcoin blockchains, which have been globally equipped with thousands of distributed nodes since the birth of bitcoin in 2009, and which operate uninterruptedly for nearly 10 years without significant security holes. Although the blockchain technology originated from the encrypted digital currency, the development and application thereof are not limited to the financial field, but can be widely applied to a plurality of aspects such as cultural entertainment, social public welfare and data protection.
With the continuous development and wide application of the block chain technology, the problem of privacy disclosure is more and more prominent, and sufficient attention must be paid. Compared with the traditional centralized architecture, the block chain mechanism does not depend on specific central nodes to process and store data, so that the risks of single point breakdown and data leakage of a centralized server can be avoided. But in order to reach consensus among scattered blockchain nodes, all transaction records in the blockchain must be disclosed to all nodes, which will significantly increase the risk of privacy disclosure. For example, in a transaction, an analyst may obtain a transaction rule of a user by analyzing a transaction record, and even may infer identity information and location information of the user, because a public blockchain has a high data storage cost, an extension technology of a blockchain, a federation chain or a private chain, is generally used, and because of private maintenance in the federation chain or the private chain, a malicious node is easily present in a blockchain network, data is stolen, and potential safety hazards exist in the address information of two parties of the transaction by analyzing the data.
Disclosure of Invention
The invention aims to provide a data security protection method for an application block chain, aiming at solving the problem that when the block chain is used commercially, a node is easy to attack and potential safety hazards exist in the data transmission process, and the method has the advantages of avoiding information leakage of both sides of transaction, verifying block chain link points and maintaining a network and avoiding the block chain from being attacked maliciously by adding a man-in-the-middle.
The invention achieves the aim through the following technical scheme, and a data security protection method of an application block chain comprises the following steps:
detecting malicious nodes accessing the block chain by performing authorized access control on access nodes of the block chain, and adding the malicious nodes into a blacklist;
adding an intermediary account number between two transaction parties, encrypting transaction information data by a sender through a public key of the intermediary and sending the encrypted transaction information data to the intermediary, decrypting and verifying the transaction information by the intermediary through a private key, and encrypting and forwarding the decrypted transaction information to a receiver through a public key of the receiver;
and after the receiving party verifies the transaction information of the sending party, encrypting the transaction information data through a private key and broadcasting the encrypted transaction information data in the block chain.
Preferably, the authorized access control method is as follows:
searching node authentication of all nodes in the whole block chain, and offline the nodes lacking authentication;
uploading the IP of the offline node, defining the IP as a malicious node and adding the malicious node into an access blacklist;
and adding a block chain network firewall, disconnecting the network connection between the existing block chain and the external node after finding the network leak, and connecting the network between the block chain and the external node after checking and killing the leak through the network firewall.
Preferably, the node authentication is CA authentication.
Preferably, the blockchain network firewall is configured by a hypervisor.
Preferably, the number of the intermediate people accounts can be single or multiple, and the forwarding method of the transaction information data is adjusted according to the number of the intermediate people accounts, and the forwarding method comprises the following steps:
when the account number of the middleman is single, the sender sends encrypted data to the middleman through the public key of the account number of the middleman, and the middleman forwards the encrypted data to the receiver by using the public key of the receiver;
when the number of the account numbers of the middleman is multiple, the sender sends the encrypted data to the nearest middleman through the public key of the adjacent middleman, the middleman uses the public key of another adjacent middleman to encrypt the data, and the encrypted data is sequentially forwarded by the middleman and finally forwarded to the receiver by the middleman adjacent to the receiver through the public key of the receiver.
Preferably, the encryption method of the receiving party is to add encryption characters to the head and the tail of the transaction information data through a private key.
Compared with the prior art, the invention has the beneficial effects that: the access control is carried out on the nodes in the blockchain, malicious nodes are screened to protect the operation of the whole blockchain, the blockchain authorization access control also protects the blockchain network, the transmission safety of data in the network is improved, an intermediary account number is added in the data sending process of both transaction parties of the blockchain for data protection, the intermediary account number is used for transferring the data, the transaction information data is maliciously intercepted in time, the address information of both transaction parties cannot be analyzed according to the transaction information, and therefore the safety of the transaction information data is improved.
Drawings
Fig. 1 is a flowchart of a data security protection method for an application block chain according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a method for protecting data security of an application block chain includes the following steps:
step S101, through authorizing access control to access nodes of the block chain, malicious nodes accessing the block chain are detected, and added into a blacklist, because the public block chain has higher use cost of stored data, a alliance chain or a private chain is adopted to store data, the nodes of the block chain are generally personal computers and are easy to be attacked, and therefore, the malicious nodes can be blackened through authorizing access control, so that the malicious nodes cannot be accessed into a block chain network, and data transmission in the network is protected;
step S102, adding a broker account between two parties of a transaction, wherein a sender encrypts transaction information data through a public key of the broker and sends the encrypted transaction information data to the broker, the broker decrypts and verifies the transaction information through a private key and forwards the decrypted transaction information to a receiver through the public key encryption of the receiver, and the relationship between the two parties of the transaction is not easy to find through the broker account, so that the information of the two parties of the transaction is effectively protected, the broker account cannot acquire the private keys of the sender and the receiver, and the forwarding safety is improved;
step S103, after the receiving party verifies the transaction information of the sending party, the transaction information data is encrypted through a private key and is broadcasted in the blockchain, the transaction information data encrypted by the receiving party through the private key can be decrypted by the sending party through a public key of the receiving party, and therefore the transaction information data can be guaranteed to be inquired by the sending party and the receiving party.
The authorized access control method comprises the following steps:
searching node authentication of all nodes in the whole block chain, and offline the nodes lacking authentication;
uploading the IP of the offline node, defining the IP as a malicious node and adding the malicious node into an access blacklist;
and adding a block chain network firewall, disconnecting the network connection between the existing block chain and the external node after finding the network leak, and connecting the network between the block chain and the external node after checking and killing the leak through the network firewall.
The node authentication is CA authentication, whether nodes in a block chain network are authenticated by CA is inquired, the nodes which are not authenticated are eliminated by comparison, an IP address using the nodes is tracked, blackening is carried out, the nodes are prevented from being connected to the block chain again, the nodes can be preliminarily screened by the method, the block chain is protected by a protective wall, once a network leak is found, the connection between a main chain of the block chain and external nodes is broken, the block chain is prevented from being attacked by the network, the block chain network firewall is configured by a super manager, the super manager is a constructor of a private chain or an alliance chain, the protective wall is configured and managed by the super manager, and the network protection condition can be conveniently monitored.
The number of the intermediate people accounts can be single or multiple, and the forwarding method of the transaction information data is adjusted according to the number of the intermediate people accounts, and the forwarding method comprises the following steps:
when the account number of the middleman is single, the sender sends encrypted data to the middleman through the public key of the account number of the middleman, and the middleman forwards the encrypted data to the receiver by using the public key of the receiver;
when the number of the account numbers of the middleman is multiple, the sender sends the encrypted data to the nearest middleman through the public key of the adjacent middleman, the middleman uses the public key of another adjacent middleman to encrypt the data, and the encrypted data is sequentially forwarded by the middleman and finally forwarded to the receiver by the middleman adjacent to the receiver through the public key of the receiver.
The more the intermediary accounts are, the less the addresses of both transaction parties are easy to be inquired, the higher the security is, but the lower the data transmission efficiency is, the appropriate number of intermediary accounts can be selected according to the actual demand, the encryption method of the receiver is to add the encrypted characters to the head and the tail of the transaction information data through the private key, the sender can decrypt the encrypted characters through the public key of the receiver, and therefore both the sender and the receiver can conveniently search the transaction information data.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (6)
1. A data security protection method of an application block chain is characterized by comprising the following steps:
detecting malicious nodes accessing the block chain by performing authorized access control on access nodes of the block chain, and adding the malicious nodes into a blacklist;
adding an intermediary account number between two transaction parties, encrypting transaction information data by a sender through a public key of the intermediary and sending the encrypted transaction information data to the intermediary, decrypting and verifying the transaction information by the intermediary through a private key, and encrypting and forwarding the decrypted transaction information to a receiver through a public key of the receiver;
and after the receiving party verifies the transaction information of the sending party, encrypting the transaction information data through a private key and broadcasting the encrypted transaction information data in the block chain.
2. The method according to claim 1, wherein the authorized access control method is:
searching node authentication of all nodes in the whole block chain, and offline the nodes lacking authentication;
uploading the IP of the offline node, defining the IP as a malicious node and adding the malicious node into an access blacklist;
and adding a block chain network firewall, disconnecting the network connection between the existing block chain and the external node after finding the network leak, and connecting the network between the block chain and the external node after checking and killing the leak through the network firewall.
3. The method according to claim 2, wherein the node authentication is a CA authentication.
4. The method of claim 1, wherein the blockchain network firewall is configured by a hypervisor.
5. The data security protection method of the application block chain according to claim 1, wherein the number of the intermediate people accounts is one or more, and the forwarding method of the transaction information data is adjusted according to the number of the intermediate people accounts, and the forwarding method is as follows:
when the account number of the middleman is single, the sender sends encrypted data to the middleman through the public key of the account number of the middleman, and the middleman forwards the encrypted data to the receiver by using the public key of the receiver;
when the number of the account numbers of the middleman is multiple, the sender sends the encrypted data to the nearest middleman through the public key of the adjacent middleman, the middleman uses the public key of another adjacent middleman to encrypt the data, and the encrypted data is sequentially forwarded by the middleman and finally forwarded to the receiver by the middleman adjacent to the receiver through the public key of the receiver.
6. The method for protecting data security of application block chain according to claim 1, wherein the encryption method of the receiving party is to add encryption characters to the head and tail of the transaction information data through a private key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010736384.9A CN111901338A (en) | 2020-07-28 | 2020-07-28 | Data security protection method for application block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010736384.9A CN111901338A (en) | 2020-07-28 | 2020-07-28 | Data security protection method for application block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111901338A true CN111901338A (en) | 2020-11-06 |
Family
ID=73189353
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010736384.9A Withdrawn CN111901338A (en) | 2020-07-28 | 2020-07-28 | Data security protection method for application block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111901338A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113111386A (en) * | 2021-04-30 | 2021-07-13 | 永旗(北京)科技有限公司 | Privacy protection method for block chain transaction data |
CN114039739A (en) * | 2020-11-30 | 2022-02-11 | 北京八分量信息科技有限公司 | Method for rapidly searching for failure by optimizing node communication |
CN114285593A (en) * | 2021-11-08 | 2022-04-05 | 深圳市联洲国际技术有限公司 | Method, device, equipment and storage medium for constructing secure local area network protocol |
-
2020
- 2020-07-28 CN CN202010736384.9A patent/CN111901338A/en not_active Withdrawn
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114039739A (en) * | 2020-11-30 | 2022-02-11 | 北京八分量信息科技有限公司 | Method for rapidly searching for failure by optimizing node communication |
CN114039739B (en) * | 2020-11-30 | 2024-04-16 | 北京八分量信息科技有限公司 | Method for fast failure by optimizing node communication |
CN113111386A (en) * | 2021-04-30 | 2021-07-13 | 永旗(北京)科技有限公司 | Privacy protection method for block chain transaction data |
CN114285593A (en) * | 2021-11-08 | 2022-04-05 | 深圳市联洲国际技术有限公司 | Method, device, equipment and storage medium for constructing secure local area network protocol |
CN114285593B (en) * | 2021-11-08 | 2024-03-29 | 深圳市联洲国际技术有限公司 | Method, device, equipment and storage medium for constructing secure local area network protocol |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3691216B1 (en) | Key offsite storage-based data encryption storage system and method | |
CN109361668A (en) | A kind of data trusted transmission method | |
CN111901338A (en) | Data security protection method for application block chain | |
Jose et al. | Implementation of data security in cloud computing | |
KR102179497B1 (en) | System for Data Storing and Managing based on Multi-cloud and Driving method thereof | |
CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
Anwer et al. | Security of IoT using block chain: A review | |
Junghanns et al. | Engineering of secure multi-cloud storage | |
US20190251269A1 (en) | Methods and systems for a redundantly secure data store using independent networks | |
Bokhari et al. | Evaluation of hybrid encryption technique to secure data during transmission in cloud computing | |
Purchina et al. | Securing an Information System via the SSL Protocol. | |
Vikram et al. | Blockchain Technology and its Impact on Future of Internet of Things (IoT) and Cyber Security | |
CN112202773A (en) | Computer network information security monitoring and protection system based on internet | |
Nosrati et al. | Security assessment of mobile-banking | |
CN114466353A (en) | App user ID information protection device and method, electronic equipment and storage medium | |
CN112035853A (en) | Storage data access control system based on enterprise cloud disk | |
Devi et al. | Cyber attacks, security data detection, and critical loads in the power systems | |
Kankal et al. | An adaptive authentication based on blockchain for bigdata hadoop framework | |
Al Barakati et al. | IoT of Trust: Toward Ownership Management by Using Blockchain. | |
Selvakumar et al. | Secure Sharing of Data in Private Cloud by RSA-OAEP Algorithm | |
JP7433620B1 (en) | Communication method, communication device and computer program | |
Liu | Application Of Data Encryption Technology in Computer Network Security | |
US20230004671A1 (en) | System and method for managing transparent data encryption of database | |
Cheon et al. | Cyber-attack and Cybersecurity Design for a Smart Work System | |
Sahu et al. | A Review on Analysis of Data Search Scheme for Secure Information Retrieval in Cloud Computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20201106 |
|
WW01 | Invention patent application withdrawn after publication |