CN112765665A - Data source management method and management platform - Google Patents

Data source management method and management platform Download PDF

Info

Publication number
CN112765665A
CN112765665A CN202110118159.3A CN202110118159A CN112765665A CN 112765665 A CN112765665 A CN 112765665A CN 202110118159 A CN202110118159 A CN 202110118159A CN 112765665 A CN112765665 A CN 112765665A
Authority
CN
China
Prior art keywords
data
chain
channel
source management
data source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110118159.3A
Other languages
Chinese (zh)
Inventor
宋设
李萍
杨胜华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Original Assignee
Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chaozhou Zhuoshu Big Data Industry Development Co Ltd filed Critical Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Priority to CN202110118159.3A priority Critical patent/CN112765665A/en
Publication of CN112765665A publication Critical patent/CN112765665A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data source management method and a data source management platform, wherein the method comprises the following steps of constructing the data source management platform based on a hyper account book Fabric, wherein the data source management platform comprises the following steps: performing user-level control on data privacy through data encryption storage; and establishing a virtual channel in the channel to establish the virtual channel for data isolation in the channel. The data management platform is built based on a super book Fabric, the system carries out user-level control on data privacy through data encryption and storage, and data isolation in a channel is carried out through building a virtual channel in a Fabric channel. The credible data source management platform is established based on the block chain, the access authority of the user to the data is controlled through safe multi-party calculation, an intelligent contract technology, an asymmetric encryption technology and the like, the problems of data privacy safety, data leading authority and the like can be solved, data island barriers among data sources are broken, data fusion is realized, and a safer and credible data transaction ecological system is formed.

Description

Data source management method and management platform
Technical Field
The invention relates to the technical field of big data, in particular to a data source management method and a data source management platform.
Background
With the advent of the big data age, data has penetrated various industries and functional fields in the society, and many companies or enterprises have a large amount of data. Data can flow and exert value only by breaking data island barriers among data sources through an effective means, and reliable storage and management of the data sources are the basis for ensuring stable operation of the system. The current data storage modes, such as cloud computing, cloud storage, cloud sharing and the like, are all based on the design concept of a centralized server. The method solves the problem of data sharing, but also brings various hidden dangers such as data ownership, privacy safety and the like. The blockchain enables trusted data management in an incomplete trusted environment with decentralized, tamper-resistant, non-repudiation, consistency and integrity characteristics, but also suffers from high latency and low throughput.
Disclosure of Invention
The invention aims to provide a data source management method based on a block chain technology and realizing user-level control of data privacy, and also provides a data source management platform for the medical method.
The technical scheme adopted by the invention is as follows:
a data source management method comprises the steps of building a data source management platform based on a hyper book Fabric, wherein the data source management platform comprises the following steps:
performing user-level control on data privacy through data encryption storage;
and establishing a virtual channel in the channel to establish the virtual channel for data isolation in the channel.
As a further optimization of the method, the data encryption storage comprises on-chain data encryption storage and/or off-chain data encryption storage.
As a further optimization of the method, the encryption process in the chain data encryption storage of the present invention includes:
converting the plaintext data to be transmitted into plaintext data in a Json format;
generating a random number as a symmetric key, and encrypting the plaintext data in the Json format through the symmetric key to obtain ciphertext data;
carrying out asymmetric encryption on the symmetric key by using a public key of an authorized user to obtain an authorized key;
arranging the authorization keys of all authorized users in sequence to form an authorization white list, and connecting the ciphertext data and the white list together for storage to form transmission data;
the decryption process of the data encryption storage mode on the chain comprises the following steps:
the authorized user receives the transmission data, and the symmetric key is obtained by analyzing the authorized key through the corresponding private key;
and analyzing the ciphertext data through the symmetric key to obtain corresponding plaintext data.
As a further optimization of the method, the chain encryption of the present invention is implemented using intelligent contracts, and in order to achieve chain consensus, the intelligent contracts need to be run on all nodes.
As a further optimization of the method, the encryption process of the off-chain data encryption storage of the present invention includes:
generating a random number as a symmetric key, encrypting the plaintext file to obtain a ciphertext file, and storing the ciphertext file in an object storage;
performing hash calculation on the first ciphertext file to obtain a hash value as the ID of the ciphertext file;
encrypting the symmetric key through the public key of the authorized user to obtain an authorized key;
arranging the authorization keys of all authorized users in sequence to form an authorization white list, attaching the authorization white list to the ID of the ciphertext file, and storing the authorization white list on a block chain;
the decryption process of the off-link data store includes:
the authorized user analyzes the authorized key through the private key of the authorized user to obtain a symmetric key;
and decrypting the ciphertext file in the object storage through the symmetric key to obtain a plaintext file.
As the further optimization of the method, the data encryption storage outside the chain realizes the data encryption through the credible service and the central session service outside the chain, and realizes the management of the symmetric key through the intelligent contract.
As a further optimization of the method, both the on-chain encryption storage and the off-chain encryption storage relate to authorized white list management, and the authorized white list management is on-chain intelligent contract management or off-chain business layer management.
As a further optimization of the method, the virtual channel has the same construction mode as that in the Fabric channel, a plurality of associated users are placed in one channel to ensure the relevance management of the plurality of users, and the data security in each channel is ensured by isolating each user private data in the channel by adopting the virtual channel.
The invention also provides a data source management platform which is built based on the super book Fabric, the system carries out user-level control on data privacy through data encryption and storage, and data isolation in the channels is carried out through building the virtual channels in the Fabric channels.
As a further optimization of the system, the data encryption storage comprises on-chain data encryption storage and/or off-chain data encryption storage.
The invention has the following advantages:
1. the credible data source management platform is built based on the block chain, the access authority of the user to the data is controlled through safe multi-party calculation, an intelligent contract technology, an asymmetric encryption technology and the like, the problems of data privacy safety, data leading authority and the like can be solved, data island barriers among data sources are broken, data fusion is realized, and a safer and credible data transaction ecological system is formed;
2. the invention establishes the secondary channel in the Fabric channel, places related user groups in the same channel for convenient management, and carries out the private transaction data of each user in the secondary channel, thereby further ensuring the user-level control of the data security.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
The invention is further described below with reference to the accompanying drawings:
FIG. 1 is a schematic structural view of the present invention;
FIG. 2 is a schematic flow diagram of on-chain encrypted storage;
FIG. 3 is a schematic flow diagram of the in-chain encryption storage;
fig. 4 is a schematic diagram of an application of a virtual channel.
Detailed Description
The present invention is further described in the following with reference to the drawings and the specific embodiments so that those skilled in the art can better understand the present invention and can implement the present invention, but the embodiments are not to be construed as limiting the present invention, and the embodiments and the technical features of the embodiments can be combined with each other without conflict.
It is to be understood that the terms first, second, and the like in the description of the embodiments of the invention are used for distinguishing between the descriptions and not necessarily for describing a sequential or chronological order. The "plurality" in the embodiment of the present invention means two or more.
The term "and/or" in the embodiment of the present invention is only an association relationship describing an associated object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, B exists alone, and A and B exist at the same time. In addition, the character "/" herein generally indicates that the former and latter associated objects are in an "or" relationship.
The embodiment provides a data source management method, which includes building a data source management platform based on a hyper book Fabric, wherein the data source management platform:
user-level control over data privacy through data encryption storage, as shown in fig. 1;
and establishing a virtual channel in the channel to establish the virtual channel for data isolation in the channel.
In the above, the data encryption storage includes data encryption storage on a chain and/or data encryption storage outside the chain, the encryption on the chain is implemented by using an intelligent contract, in order to obtain consensus on the chain, the intelligent contract needs to be run on all nodes, data on the current super ledger Fabric network is generally transmitted in a plaintext form in a Json format, all nodes in a channel receive plaintext data through a Gossip point-to-point protocol and store the plaintext data to the local, but in order to implement user-level control of data privacy, a mode of encryption storage on the chain may be adopted, as shown in fig. 2, an encryption process in the data encryption storage on the chain includes:
converting the plaintext data to be transmitted into plaintext data in a Json format;
generating a random number as a symmetric key, and encrypting the plaintext data in the Json format through the symmetric key to obtain ciphertext data;
carrying out asymmetric encryption on the symmetric key by using a public key of an authorized user to obtain an authorized key;
arranging the authorization keys of all authorized users in sequence to form an authorization white list, and connecting the ciphertext data and the white list together for storage to form transmission data;
the decryption process of the data encryption storage mode on the chain comprises the following steps:
the authorized user receives the transmission data, and the symmetric key is obtained by analyzing the authorized key through the corresponding private key;
and analyzing the ciphertext data through the symmetric key to obtain corresponding plaintext data.
However, the above encryption and decryption process for data encryption and storage in a chain is an algorithm that consumes a lot of computing resources, especially when the amount of data is large, and thus a lot of computing and storage resources are needed. The encryption storage of a large amount of data may consider the way of the encryption storage of data outside a chain due to the limitation of block chain computing resources, where the encryption storage of data outside a chain realizes data encryption through an outside-chain trusted central-session service, and realizes management of a symmetric key through an intelligent contract, as shown in fig. 3, a specific encryption process of the encryption storage of data outside a chain includes:
generating a random number as a symmetric key, encrypting the plaintext file to obtain a ciphertext file, and storing the ciphertext file in an object storage;
performing hash calculation on the first ciphertext file to obtain a hash value as the ID of the ciphertext file;
encrypting the symmetric key through the public key of the authorized user to obtain an authorized key;
arranging the authorization keys of all authorized users in sequence to form an authorization white list, attaching the authorization white list to the ID of the ciphertext file, and storing the authorization white list on a block chain;
the decryption process of the off-link data store includes:
the authorized user analyzes the authorized key through the private key of the authorized user to obtain a symmetric key;
and decrypting the ciphertext file in the object storage through the symmetric key to obtain a plaintext file.
The on-chain encryption storage and the off-chain encryption storage both relate to authorization white list management, and the authorization white list management is on-chain intelligent contract management or off-chain business layer management. And (3) managing the intelligent contract on the chain, namely managing the corresponding relation between the authorized user and the secret key through the intelligent contract, wherein the authorized user obtains the own encryption secret key through the intelligent contract. And managing the service layer outside the chain, namely managing the corresponding relation between the user and the key at the service layer outside the chain, and authorizing the user to obtain the own encryption key through the service of the service layer outside the chain. And after the authorized user takes the own encryption key, the encryption key is decrypted by using the own private key, and then the ciphertext is decrypted by using the decryption result, so that the target plaintext is finally obtained.
As shown in fig. 4, the virtual channel is proposed mainly to solve the problem of data isolation and communication when a distributor or an ingredient provider participates in the cooperation of multiple supply chains, and if an independent Fabric channel is set up for each supply chain, the data on the chains of the distributor or the ingredient provider participating in multiple different supply chains is completely isolated by the channel and is difficult to communicate. If a plurality of supply chains are placed in the same Fabric channel, transaction data of a plurality of competitors in the industry can become visible mutually, so that enterprises dare not to move business to a block chain, and the Fabric private data can not effectively solve the problem because many enterprises can not operate and maintain private Peer nodes due to cost or lack of technicians, the plain text storage of the private data depends on the private Peer nodes, the virtual channel is a secondary channel established in the Fabric channel, the virtual channel has the same construction mode with that in the Fabric channel, a plurality of associated users are placed in one channel to ensure the relevance management of the plurality of users, and the private data of each user in the channel is isolated by adopting the virtual channel to ensure the data security in each channel. Defining a plurality of virtual channels in the channel, and adding channel members into the virtual channels according to needs. When privacy transaction is carried out, a virtual channel is selected, and the privacy transaction automatically generates a decryption white list according to the members of the virtual channel. And establishing an association relation between the privacy transaction and the virtual channel so as to facilitate subsequent management and statistics. Neither the joining of a new member to the virtual channel nor the exiting of a member from the virtual channel will affect the privacy transactions that have occurred. According to the sequence of the channel, the virtual channel and the privacy transaction, the visible range of the transaction data is gradually reduced. In practice, the privacy control mode can be selected as required according to the actual control needs of the visible range of the transaction data.
In view of the above data source management method, this embodiment further provides a data source management platform, where the data management platform is built based on a hyper-directory Fabric, the system performs user-level control on data privacy through data encryption storage, the data encryption storage includes on-link data encryption storage and/or off-link data encryption storage, and performs data isolation in a channel by establishing a virtual channel in a Fabric channel.
The above-mentioned embodiments are merely preferred embodiments for fully illustrating the present invention, and the scope of the present invention is not limited thereto. The equivalent substitution or change made by the technical personnel in the technical field on the basis of the invention is all within the protection scope of the invention. The protection scope of the invention is subject to the claims.

Claims (10)

1. A data source management method is characterized in that: including setting up data source management platform based on super account book Fabric, data source management platform:
performing user-level control on data privacy through data encryption storage;
and establishing a virtual channel in the channel to establish the virtual channel for data isolation in the channel.
2. The data source management method of claim 1, wherein: the data encryption storage comprises on-chain data encryption storage and/or off-chain data encryption storage.
3. The data source management method of claim 2, wherein: the encryption process in the chain data encryption storage comprises the following steps:
converting the plaintext data to be transmitted into plaintext data in a Json format;
generating a random number as a symmetric key, and encrypting the plaintext data in the Json format through the symmetric key to obtain ciphertext data;
carrying out asymmetric encryption on the symmetric key by using a public key of an authorized user to obtain an authorized key;
arranging the authorization keys of all authorized users in sequence to form an authorization white list, and connecting the ciphertext data and the white list together for storage to form transmission data;
the decryption process of the data encryption storage mode on the chain comprises the following steps:
the authorized user receives the transmission data, and the symmetric key is obtained by analyzing the authorized key through the corresponding private key;
and analyzing the ciphertext data through the symmetric key to obtain corresponding plaintext data.
4. The data source management method of claim 3, wherein: the chain encryption is implemented using intelligent contracts, which need to be run on all nodes in order to achieve chain consensus.
5. The data source management method of claim 2, wherein: the encryption process of the off-chain data encryption storage comprises the following steps:
generating a random number as a symmetric key, encrypting the plaintext file to obtain a ciphertext file, and storing the ciphertext file in an object storage;
performing hash calculation on the first ciphertext file to obtain a hash value as the ID of the ciphertext file;
encrypting the symmetric key through the public key of the authorized user to obtain an authorized key;
arranging the authorization keys of all authorized users in sequence to form an authorization white list, attaching the authorization white list to the ID of the ciphertext file, and storing the authorization white list on a block chain;
the decryption process of the off-link data store includes:
the authorized user analyzes the authorized key through the private key of the authorized user to obtain a symmetric key;
and decrypting the ciphertext file in the object storage through the symmetric key to obtain a plaintext file.
6. The data source management method of claim 4, wherein: the data encryption storage outside the chain realizes data encryption through credible and central session service outside the chain, and realizes the management of the symmetric key through an intelligent contract.
7. The data source management method of claim 2, wherein: the on-chain encryption storage and the off-chain encryption storage both relate to authorization white list management, and the authorization white list management is on-chain intelligent contract management or off-chain business layer management.
8. The data source management method of claim 1, wherein: the virtual channel is constructed in the same way as the Fabric channel, a plurality of associated users are placed in one channel to ensure the relevance management of the plurality of users, and the data security in each channel is ensured by isolating each user private data in the channel by adopting the virtual channel.
9. The utility model provides a data source management platform, data management platform builds its characterized in that based on super account book Fabric: the system performs user-level control on data privacy through data encryption storage, and performs data isolation in a channel by establishing a virtual channel in a Fabric channel.
10. The data source management platform of claim 9, wherein: the data encryption storage comprises on-chain data encryption storage and/or off-chain data encryption storage.
CN202110118159.3A 2021-01-28 2021-01-28 Data source management method and management platform Withdrawn CN112765665A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110118159.3A CN112765665A (en) 2021-01-28 2021-01-28 Data source management method and management platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110118159.3A CN112765665A (en) 2021-01-28 2021-01-28 Data source management method and management platform

Publications (1)

Publication Number Publication Date
CN112765665A true CN112765665A (en) 2021-05-07

Family

ID=75706374

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110118159.3A Withdrawn CN112765665A (en) 2021-01-28 2021-01-28 Data source management method and management platform

Country Status (1)

Country Link
CN (1) CN112765665A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941230A (en) * 2022-01-11 2023-04-07 浪潮云信息技术股份公司 Supervision method and system for protecting privacy based on block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941230A (en) * 2022-01-11 2023-04-07 浪潮云信息技术股份公司 Supervision method and system for protecting privacy based on block chain

Similar Documents

Publication Publication Date Title
CN106503098B (en) Block chain cloud service framework system built in Paas service layer
Shi et al. Blockchain‐based trusted data sharing among trusted stakeholders in IoT
US9049011B1 (en) Secure key storage and distribution
US6363154B1 (en) Decentralized systems methods and computer program products for sending secure messages among a group of nodes
CN111930851A (en) Control data processing method, device, medium and electronic equipment of block chain network
CN101282211B (en) Method for distributing key
US20110158405A1 (en) Key management method for scada system
CN109981584B (en) Block chain-based distributed social contact method
CN101252506A (en) Data transmission system
CN104735087A (en) Public key algorithm and SSL (security socket layer) protocol based method of optimizing security of multi-cluster Hadoop system
Touati et al. Batch-based CP-ABE with attribute revocation mechanism for the Internet of Things
CN110545273B (en) Resource allocation method and system based on block chain application
CN115632779B (en) Quantum encryption communication method and system based on power distribution network
Bisne et al. Composite secure MQTT for Internet of Things using ABE and dynamic S-box AES
CN104660583A (en) Encryption service method based on Web encryption service
CN116011014A (en) Privacy computing method and privacy computing system
CN113992427B (en) Data encryption sending method and device based on adjacent nodes
CN106301791B (en) A kind of realization method and system of the unifying user authentication authorization based on big data platform
CN112765665A (en) Data source management method and management platform
Benmalek et al. Scalable multi-group key management for advanced metering infrastructure
Ponomarev Attribute-based access control in service mesh
CN101364866A (en) Entity secret talk establishing system based on multiple key distribution centers and method therefor
CN111914272A (en) Encryption retrieval method and system for origin data in mobile edge computing environment
KR101067720B1 (en) Communication apparatus and method using a public key encryption algorithm and a group key
Ma et al. Research on data security and privacy protection of smart grid based on alliance chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210507