CN113301018B - Data sharing method based on alliance chain - Google Patents

Data sharing method based on alliance chain Download PDF

Info

Publication number
CN113301018B
CN113301018B CN202110437519.6A CN202110437519A CN113301018B CN 113301018 B CN113301018 B CN 113301018B CN 202110437519 A CN202110437519 A CN 202110437519A CN 113301018 B CN113301018 B CN 113301018B
Authority
CN
China
Prior art keywords
data
encryption
decryption
node
chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110437519.6A
Other languages
Chinese (zh)
Other versions
CN113301018A (en
Inventor
张金琳
俞学劢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Shuqin Technology Co Ltd
Original Assignee
Zhejiang Shuqin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Shuqin Technology Co Ltd filed Critical Zhejiang Shuqin Technology Co Ltd
Priority to CN202110437519.6A priority Critical patent/CN113301018B/en
Publication of CN113301018A publication Critical patent/CN113301018A/en
Application granted granted Critical
Publication of CN113301018B publication Critical patent/CN113301018B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data sharing method based on a alliance chain, which comprises the following steps: step A), establishing a coalition chain encryption and decryption environment, wherein at least two coalition chain nodes participate in encryption and decryption in the coalition chain encryption and decryption environment, and encryption and decryption monitoring nodes are arranged in a coalition chain, and the monitoring nodes are alternately played by the coalition chain nodes through voting; step B), encrypting the data to be shared in a federation chain encryption environment, then putting the encrypted shared data into an intranet environment of a federation chain for display, and allowing the encrypted shared data to be copied without decryption; and C) decrypting the shared data through the alliance chain encryption and decryption environment when the application program is in the white list. The invention realizes real-time data sharing based on alliance link shared data, has high timeliness, monitors encryption and decryption by setting a flow monitoring node, and enhances the security of data sharing by sharing data encryption and decryption by multiple nodes.

Description

Data sharing method based on alliance chain
Technical Field
The invention relates to the technical field of data sharing, in particular to a data sharing method based on a alliance chain.
Background
A federation chain is an implementation of a blockchain, where the generation of each block is determined by all preselected nodes, only for members of a particular community and a limited number of third parties. Members of a federation chain refer to enterprises, financial institutions, and other institutions that join the federation subject to federation authentication.
Enterprises in the same industry have some valuable industry information, in order to enable the enterprises to develop better, many enterprises want to exchange information with the same company, and with the conflicting requirements of continuous importance on interconnection and communication among the enterprises and continuous increase of data leakage risks in the current internet environment, people have become an important requirement on whether data can be shared on the premise that limited information safety is guaranteed between the two parties and the data cannot be leaked, and the basic consensus and the requirement on data sharing are achieved while user sensitive information, confidential data and the like are protected from being illegally obtained and utilized while the data sharing is opened.
The current data sharing method mainly comprises a traditional data sharing scheme and a centralized data sharing scheme; the centralized data sharing scheme mainly takes a third party as a data opening and sharing center, each data owner trusts and opens data to the third party, the data sharing process is realized by scheduling through the third party, the data sharing is mainly based on the artificial trust basis development of the third party, and the unsafe problem exists along with the change of the business cooperation relationship in practice. The device for realizing data sharing by referring to configuration data of a control station with Chinese patent publication No. CN107480224A and a third-party database comprises a data source configuration module for creating a data source; the data table creating and configuring module is used for creating or configuring data tables of the database and the control station; the mapping function compiler provides self-defined mapping function compilation for a user; and the moving task creating and configuring module is used for creating or configuring the moving task, and a user can generate a moving task for starting and executing after selecting the moving direction, the data source and the corresponding data table, so that the configuration data of the control station and the third-party database are shared.
Meanwhile, at present, information exchange among enterprises is realized more by business communication, and information can be obtained only after evaluation, so that the timeliness is poor. In addition, the system architecture varies between different enterprises, and there are many limitations on exchanging information via the internet. Even if data are exchanged successfully, because each family manages own data in a centralized manner, the evaluation of the information after the data are obtained cannot be effectively known by the whole network.
Disclosure of Invention
The invention solves the problems of poor timeliness and poor safety of data sharing among enterprises in the prior art, and provides a data sharing method based on a alliance chain.
In order to realize the purpose, the following technical scheme is provided:
a data sharing method based on a federation chain comprises the following steps:
step A), establishing a coalition chain encryption and decryption environment, wherein at least two coalition chain nodes participate in encryption and decryption in the coalition chain encryption and decryption environment, and encryption and decryption monitoring nodes are arranged in a coalition chain, and the monitoring nodes are alternately played by the coalition chain nodes through voting;
step B), encrypting the data to be shared in a federation chain encryption environment, then putting the encrypted shared data into an intranet environment of a federation chain for display, and allowing the encrypted shared data to be copied without decryption;
step C) when a computer application program in an intranet environment of the alliance chain requests to open shared data, sending a request to the encryption and decryption monitoring node, the encryption and decryption monitoring node verifying whether the application program is in a white list or not, if the application program is in the white list, decrypting the shared data through the intranet environment of the alliance chain, putting the decrypted shared data into a specified buffer area, replacing a data reading address of the application program with the address of the buffer area, when the application program is closed, emptying the buffer area by the encryption and decryption monitoring node, and if the application program is not in the white list, not doing any operation.
The invention selects the alliance link node as the encryption and decryption monitoring node by voting, and avoids the long-term fixation of a monitoring third party, thereby realizing the decentralization of the monitoring node and improving the security of data sharing. The invention utilizes the encryption environment of the alliance chain to encrypt the data to be shared, and allows the data to be copied under the condition of not decrypting in the intranet environment of the alliance chain, thereby not only preventing nodes outside the alliance chain from obtaining the shared data, but also facilitating the nodes inside the alliance chain to quickly copy the shared data. When the application program is closed, the encryption and decryption monitoring nodes empty the buffer area, so that the decrypted data is prevented from being stored in the buffer area and leaking, meanwhile, the storage space of the buffer area is saved, and the instant use and the timely emptying are realized.
Preferably, in step a), the method for constructing the federation chain encryption and decryption environment includes:
an encryption intelligent contract and a decryption intelligent contract are constructed by an encryption and decryption monitoring node, and the encryption intelligent contract records a data identifier k and a public number BkParticipating in the reward, participating in a node identification list, a node key generation number list, a storage address before encryption and a storage address after encryption; the decryption intelligent boxThe method records an initial encryption key, a participation node identification list and a storage address of data to be decrypted. The invention constructs a alliance chain encryption and decryption environment through the encryption intelligent contract and the decryption intelligent contract, and the alliance chain encryption and decryption environment is used for providing an alliance chain internal network encryption and decryption environment for encrypting and decrypting shared data.
Preferably, in the step B), after the data to be shared is encrypted in the alliance chain encryption environment, the signature of the data source is associated, then the encrypted shared data associated with the signature of the data source is put into the alliance chain intranet environment,
in step C), the encryption and decryption monitoring node maintains a decryption log, after verifying that the application program is in the white list, the encryption and decryption monitoring node associates the identifier of the decryption application party with the data source and then uses the associated identifier as a record of the decryption log, and the decryption log is periodically synchronized to the alliance chain for storage.
The invention records each decryption operation for tracing, improves the reliability of data sharing, and simultaneously, the decryption log is periodically synchronized to the alliance chain for storage, thereby avoiding the decryption log data from being distorted.
Preferably, a decryption-allowed white list is established for the data source of the shared data, in the step C), the encryption and decryption monitoring node sends the identifier of the decryption application party to the data source for auditing, if the decryption application party is located in the decryption-allowed white list, the auditing is passed, the encryption and decryption monitoring node decrypts the shared data through a federation chain encryption and decryption environment, if the decryption application party is not located in the decryption-allowed white list, the auditing is not passed, and the encryption and decryption monitoring node does not perform further operation. The invention sets the application program white list, the alliance chain only responds to the request of opening the shared data of the application program on the white list, decrypts the shared data and places the shared data in the appointed buffer area, and the data reading address of the application program is replaced by the buffer area address, so that the application program can read the decrypted shared data conveniently.
Preferably, in the step B), the method for encrypting the data to be shared through a federation chain encryption environment includes:
step B1) the encryption and decryption listening nodeReceiving data D to be sharedkAnd shared data description, the encryption and decryption monitoring nodes are used for sharing data DkDivided into several data blocks dki,i∈[1,n]N is the number of data blocks, and the data block dkiEncrypted as a data Block d'kiThe encryption key is marked as keyk0
Step B2) identifying the data k and the public number BkParticipating in the reward, storing the address before encryption and storing the address after encryption to fill in the encrypted intelligent contract, and then issuing the encrypted intelligent contract;
step B3) deciding to participate in the encrypted federation chain node Pj,j∈[1,n]Writing own identification into a participating node identification list in the intelligent contract until the participating node identification list is filled;
step B4) each federation chain node P deciding to participate in encryptionjGenerating node Key generating number CkiAccording to the publication number BkAnd node key generation number CkiGenerating an encryption keykiFrom data block d'kiCorresponding pre-encryption storage address read data block d'kiUsing encryption keykiEncrypt data Block d'kiObtaining the encrypted data block d ″)kiData block d ″, willkiStoring the corresponding encrypted storage address, and generating a node key number CkiWriting the corresponding position of the generated number list of the key of the intelligent contract node, and encrypting the keykiBy a federation chain node PjStoring;
step B5) when all data blocks d ″)kiWhen the encrypted data are all written into the storage address after encryption, the encryption and decryption monitoring node encrypts the keyk0Downloading the participating node identification list and the node key generation number list to the local, and reading the encrypted data block d' from the encrypted storage addresskiData block d ″)kiSpliced into encrypted data D'kThe encryption and decryption monitoring node encrypts the keyk0A list of participating node identities, a list of node key generation numbers and shared data description and encryption data D'kAnd associating as shared data.
The invention utilizes multiple nodes to encrypt and decrypt shared data, thereby improving the security of data sharing.
Preferably, in step C), the method for decrypting the shared data through the federation chain encryption and decryption environment includes:
step C1) the encryption and decryption monitoring node finds the encrypted data D 'according to the decryption request'kCorresponding encryption keyk0And a list of participating node identifications;
step C2) the encryption and decryption listening node encrypts data D'kDisassembled into data blocks d ″ki,i∈[1,n]The encryption and decryption monitoring node sends a data block d' according to the participation node identification listki,i∈[1,n]Sent to the corresponding alliance link node PjNode P of the federation chainjUsing locally stored encryption keykiDecrypt data Block d ″)kiObtaining a data block d'kiThe encryption and decryption monitoring node sends all data blocks d'kiData D is obtained by splicing after decryptionkThe encryption and decryption monitoring node sends data DkAnd putting the data into a buffer area, and replacing the data reading address of the application program with the address of the buffer area.
Preferably, in step B4), block link point PjGenerated node Key generating number CkiIs a random number according to the public number BkAnd node key generation number CkiGenerating an encryption keykiI.e. there is a functional relationship keyki=H(Bk,Cki) Said functional relation H is defined by functional relation library HNIs randomly selected from the library of function relations HNProvided by intelligent contracts, the functional relation library HNIncluding at least two functional relationships H, said functional relationship library HNKeeping the requestor secret.
Preferably, in step C), if the shared data is modified and saved when the shared data is opened by the computer application program, the modified shared data is saved in the temporary buffer area, and when the application program is closed, the encryption and decryption monitoring node clears the buffer area, and then the data in the temporary buffer area is added with the modification source identifier and then is used as new shared data to execute step B).
The invention has the beneficial effects that: the alliance link nodes are selected as encryption and decryption monitoring nodes through voting, and long-term fixation of a monitoring third party is avoided, so that decentralization of the monitoring nodes is achieved, and the safety of data sharing is improved. The invention utilizes the encryption environment of the alliance chain to encrypt the data to be shared, and allows the data to be copied under the condition of no decryption in the intranet environment of the alliance chain, thereby not only preventing nodes outside the alliance chain from acquiring the shared data, but also facilitating the nodes inside the alliance chain to quickly copy the shared data.
Drawings
FIG. 1 is a flow chart of an embodiment.
Detailed Description
Example (b):
the embodiment proposes a data sharing method based on a federation chain, and with reference to fig. 1, the method includes:
step A), establishing a coalition chain encryption and decryption environment, wherein at least two coalition chain nodes participate in encryption and decryption in the coalition chain encryption and decryption environment, encryption and decryption monitoring nodes are arranged in a coalition chain, and the monitoring nodes are alternately played by the coalition chain nodes through voting; in the step A), the method for constructing the alliance chain encryption and decryption environment comprises the following steps:
an encryption and decryption monitoring node constructs an encryption intelligent contract and a decryption intelligent contract, and the encryption intelligent contract records a data identifier k and a public number BkParticipating in the reward, participating in a node identification list, a node key generation number list, a storage address before encryption and a storage address after encryption; the intelligent decryption contract records an initial encryption key, a participation node identification list and a storage address of data to be decrypted.
Step B), encrypting the data to be shared in a federation chain encryption environment, then putting the encrypted shared data into an intranet environment of a federation chain for display, and allowing the encrypted shared data to be copied without decryption; in the step B), the data to be shared is encrypted in a alliance chain encryption environment, the signature of a data source is associated, and then the encrypted shared data associated with the signature of the data source is placed in an alliance chain intranet environment;
in the step B), the method for encrypting the data to be shared in the alliance chain encryption environment comprises the following steps:
step B1) encryption and decryption listening node receives data D to be sharedkAnd describing shared data, and encrypting and decrypting the data D to be shared by the monitoring nodeskDivided into several data blocks dki,i∈[1,n]N is the number of data blocks, and the data block dkiEncrypted as a data Block d'kiThe encryption key is marked as keyk0
Step B2) identifying the data k and the public number BkParticipating in the reward, filling the encrypted intelligent contract with the storage address before encryption and the storage address after encryption, and then issuing the encrypted intelligent contract;
step B3) deciding the federation link node P participating in the encryptionj,j∈[1,n]Writing own identification into a participating node identification list in the intelligent contract until the participating node identification list is filled;
step B4) each federation chain node P deciding to participate in encryptionjGenerating node Key generating number CkiAccording to the publication number BkAnd node key generation number CkiGenerating an encryption keykiFrom data block d'kiCorresponding pre-encryption storage address read data block d'kiUsing encryption keykiEncrypt data Block d'kiObtaining the encrypted data block d ″)kiData block d ″, willkiStoring the corresponding encrypted storage address, and generating a node key number CkiWriting the corresponding position of the generated number list of the key of the intelligent contract node, and encrypting the keykiBy a federation chain node PjStoring;
in step B4), block link point PjGenerated node Key generating number CkiIs a random number according to the public number BkAnd node key generation number CkiGenerating an encryption keykiI.e. there is a functional relationship keyki=H(Bk,Cki) By a functional relationship library HNIs randomly selected from the function relation library HNProvided by intelligent contracts, a functional relation library HNIncluding at least two functional relationshipsH, functional relation library HNKeeping the requestor secret.
Step B5) when all data blocks d ″)kiWhen the encrypted data are all written into the storage address after encryption, the encryption and decryption monitoring node encrypts the keyk0Downloading the participating node identification list and the node key generation number list to the local, and reading the encrypted data block d' from the encrypted storage addresskiData block d ″)kiSpliced into encrypted data D'kThe encryption and decryption monitoring node encrypts the keyk0A list of participating node identifications, a list of node key generation numbers and shared data description and encryption data D'kAnd associating as shared data.
Step C) when a computer application program in the intranet environment of the alliance chain requests to open shared data, sending a request to an encryption and decryption monitoring node, verifying whether the application program is in a white list or not by the encryption and decryption monitoring node, decrypting the shared data through the encryption and decryption environment of the alliance chain if the application program is in the white list, putting the decrypted shared data into a specified buffer area, replacing a data reading address of the application program with a buffer area address, when the application program is closed, emptying the buffer area by the encryption and decryption monitoring node, and if the application program is not in the white list, not doing any operation.
In the step C), the encryption and decryption monitoring node maintains a decryption log, after the encryption and decryption monitoring node verifies that the application program is in the white list, the identification of the decryption application party is associated with the data source and then serves as a record of the decryption log, and the decryption log is periodically synchronized to the alliance chain for storage.
And C), the data source of the shared data establishes a decryption-allowed white list, in the step C), the encryption and decryption monitoring node sends the identifier of the decryption application party to the data source for auditing, if the decryption application party is positioned in the decryption-allowed white list, the auditing is passed, the encryption and decryption monitoring node decrypts the shared data through the alliance chain encryption and decryption environment, if the decryption application party is not in the decryption-allowed white list, the auditing is not passed, and the encryption and decryption monitoring node does not perform further operation.
In step C), the method for decrypting the shared data through the federation chain encryption and decryption environment includes:
step C1) the encryption and decryption listening node finds the encrypted data D 'according to the decryption request'kCorresponding encryption keyk0And a list of participating node identifications;
step C2) encryption and decryption listening node encrypts data D'kDisassembled into data blocks d ″ki,i∈[1,n]The encryption and decryption monitoring node sends the data block d' according to the participation node identification listki,i∈[1,n]Sent to the corresponding alliance link node PjNode P of the federation chainjUsing locally stored encryption keykiDecrypt data Block d ″)kiObtaining a data block d'kiAnd the encryption and decryption monitoring node sends all data blocks d'kiData D is obtained by splicing after decryptionkThe encryption and decryption monitoring nodes monitor the data DkAnd putting the data into a buffer area, and replacing the data reading address of the application program with the address of the buffer area.
In step C), if the shared data is modified and saved when the shared data is opened by the computer application program, saving the modified shared data into a temporary buffer area, when the application program is closed, emptying the buffer area by the encryption and decryption monitoring node, and then executing step B) by taking the data in the temporary buffer area as new shared data after adding a modification source identifier.
The invention selects the alliance link node as the encryption and decryption monitoring node by voting, and avoids the long-term fixation of a monitoring third party, thereby realizing the decentralization of the monitoring node and improving the security of data sharing. The invention utilizes the encryption environment of the alliance chain to encrypt the data to be shared, and allows the data to be copied under the condition of not decrypting in the intranet environment of the alliance chain, thereby not only preventing nodes outside the alliance chain from obtaining the shared data, but also facilitating the nodes inside the alliance chain to quickly copy the shared data. When the application program is closed, the encryption and decryption monitoring nodes empty the buffer area, so that the decrypted data is prevented from being stored in the buffer area and leaking, meanwhile, the storage space of the buffer area is saved, and the instant use and the timely emptying are realized.
The invention constructs a alliance chain encryption and decryption environment through the encryption intelligent contract and the decryption intelligent contract, and the alliance chain encryption and decryption environment is used for providing an alliance chain internal network encryption and decryption environment for encrypting and decrypting shared data.
The invention records each decryption operation for tracing, improves the reliability of data sharing, and simultaneously, the decryption log is periodically synchronized to the alliance chain for storage, thereby avoiding the decryption log data from being distorted.
The invention sets the application program white list, the alliance chain only responds to the request of opening the shared data of the application program on the white list, decrypts the shared data and places the shared data in the appointed buffer area, and the data reading address of the application program is replaced by the buffer area address, so that the application program can read the decrypted shared data conveniently.

Claims (8)

1. A data sharing method based on alliance chain is characterized in that,
the method comprises the following steps:
step A), establishing a alliance chain encryption and decryption environment, wherein at least two alliance chain link points participate in encryption and decryption in the alliance chain encryption and decryption environment, and encryption and decryption monitoring nodes are arranged in an alliance chain and are alternately played by the alliance chain nodes through voting;
step B), encrypting the data to be shared in a federation chain encryption environment, then putting the encrypted shared data into an intranet environment of a federation chain for display, and allowing the encrypted shared data to be copied without decryption;
step C) when a computer application program in an intranet environment of the alliance chain requests to open shared data, sending a request to the encryption and decryption monitoring node, the encryption and decryption monitoring node verifying whether the application program is in a white list or not, if the application program is in the white list, decrypting the shared data through the intranet environment of the alliance chain, putting the decrypted shared data into a specified buffer area, replacing a data reading address of the application program with the address of the buffer area, when the application program is closed, emptying the buffer area by the encryption and decryption monitoring node, and if the application program is not in the white list, not doing any operation.
2. A federation chain-based data sharing method as recited in claim 1,
in the step A), the method for constructing the alliance chain encryption and decryption environment comprises the following steps:
an encryption intelligent contract and a decryption intelligent contract are constructed by an encryption and decryption monitoring node, and the encryption intelligent contract records a data identifier k and a public number BkParticipating in the reward, participating in a node identification list, a node key generation number list, a storage address before encryption and a storage address after encryption; the intelligent decryption contract records an initial encryption key, a participation node identification list and a storage address of data to be decrypted.
3. A federation chain-based data sharing method as claimed in claim 2,
in the step B), the data to be shared is encrypted in the alliance chain encryption environment, the signature of the data source is associated, then the encrypted shared data associated with the signature of the data source is put into the alliance chain intranet environment,
in step C), the encryption and decryption monitoring node maintains a decryption log, after verifying that the application program is in the white list, the encryption and decryption monitoring node associates the identifier of the decryption application party with the data source and then uses the associated identifier as a record of the decryption log, and the decryption log is periodically synchronized to the alliance chain for storage.
4. A federation chain-based data sharing method as claimed in claim 3,
and C), the encryption and decryption monitoring node sends the identifier of the decryption application party to the data source for auditing, if the decryption application party is positioned in the decryption allowing white list, the auditing is passed, the encryption and decryption monitoring node decrypts the shared data through a alliance chain encryption and decryption environment, if the decryption application party is not in the decryption allowing white list, the auditing is not passed, and the encryption and decryption monitoring node does not perform further operation.
5. A federation chain-based data sharing method according to any one of claims 2 to 4,
in the step B), the method for encrypting the data to be shared in the encryption environment of the alliance chain comprises the following steps:
step B1) the encryption and decryption listening node receives the data D to be sharedkAnd shared data description, the encryption and decryption monitoring nodes are used for sharing data DkDivided into several data blocks dki,i∈[1,n]N is the number of data blocks, and the data block dkiEncrypted as data Block d'kiThe encryption key is marked as keyk0
Step B2) identifying the data k and the public number BkParticipating in the reward, filling the encrypted intelligent contract with the storage address before encryption and the storage address after encryption, and then issuing the encrypted intelligent contract;
step B3) deciding to participate in the encrypted federation chain node Pj,j∈[1,n]Writing own identification into a participating node identification list in the intelligent contract until the participating node identification list is filled;
step B4) each federation link node P deciding to participate in encryptionjGenerating node Key generating number CkiAccording to the publication number BkAnd node key generation number CkiGenerating an encryption keykiFrom data block d'kiCorresponding pre-encryption storage address read data block d'kiUsing encryption keykiEncrypt data Block d'kiTo obtain data block d ″)kiData block d ″, willkiStoring the corresponding encrypted storage address, and generating a node key number CkiWriting the corresponding position of the generated number list of the key of the intelligent contract node, and encrypting the keykiBy a federation chain node PjStoring;
step B5) when all data blocks d ″)kiWhen all are written into the encrypted storage address, the encryption and the decryption are performedThe cryptographic monitoring node encrypts the keyk0Downloading the participating node identification list and the node key generation number list to the local, and reading the encrypted data block d' from the encrypted storage addresskiData block d ″)kiSpliced into encrypted data D'kThe encryption and decryption monitoring node encrypts the keyk0A list of participating node identities, a list of node key generation numbers and shared data description and encryption data D'kAnd associating as shared data.
6. A federation chain-based data sharing method as claimed in claim 5,
in step C), the method for decrypting the shared data through the federation chain encryption and decryption environment includes:
step C1) the encryption and decryption monitoring node finds the encrypted data D 'according to the decryption request'kCorresponding encryption keyk0And a list of participating node identifications;
step C2) the encryption and decryption listening node encrypts data D'kDisassembled into data blocks d ″ki,i∈[1,n]The encryption and decryption monitoring node sends a data block d' according to the participation node identification listki,i∈[1,n]Sent to the corresponding alliance link node PjNode P of the federation chainjUsing locally stored encryption keykiDecrypt data Block d ″)kiObtaining a data block d'kiThe encryption and decryption monitoring node sends all data blocks d'kiData D is obtained by splicing after decryptionkThe encryption and decryption monitoring node sends data DkAnd putting the data into a buffer area, and replacing the data reading address of the application program with the address of the buffer area.
7. A federation chain-based data sharing method according to claim 6,
in step B4), block link point PjGenerated node Key generating number CkiIs a random number according to the public number BkAnd node key generation number CkiGenerating an encryption keykiI.e. there is a functional relationship keyki=H(Bk,Cki) Said functional relation H is defined by functional relation library HNIs randomly selected from the library of function relations HNProvided by intelligent contracts, the functional relation library HNIncluding at least two functional relationships H, said functional relationship library HNKeeping the requestor secret.
8. A federation chain-based data sharing method according to any one of claims 1 to 4,
in step C), if the shared data is modified and saved when the shared data is opened by the computer application program, the modified shared data is saved in the temporary buffer area, and when the application program is closed, the encryption and decryption monitoring node clears the buffer area, and then the data in the temporary buffer area is added with the modification source identifier and then is used as new shared data to execute step B).
CN202110437519.6A 2021-04-22 2021-04-22 Data sharing method based on alliance chain Active CN113301018B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110437519.6A CN113301018B (en) 2021-04-22 2021-04-22 Data sharing method based on alliance chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110437519.6A CN113301018B (en) 2021-04-22 2021-04-22 Data sharing method based on alliance chain

Publications (2)

Publication Number Publication Date
CN113301018A CN113301018A (en) 2021-08-24
CN113301018B true CN113301018B (en) 2022-05-24

Family

ID=77320142

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110437519.6A Active CN113301018B (en) 2021-04-22 2021-04-22 Data sharing method based on alliance chain

Country Status (1)

Country Link
CN (1) CN113301018B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114153630B (en) * 2021-11-23 2022-11-18 国网黑龙江省电力有限公司双鸭山供电公司 Power information sharing method based on alliance chain
CN114638697B (en) * 2022-05-18 2022-11-15 浙江数秦科技有限公司 Small loan management system based on block chain
CN115801368A (en) * 2022-11-07 2023-03-14 昆明理工大学 Data sharing method based on alliance chain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10841082B2 (en) * 2015-11-24 2020-11-17 Adi BEN-ARI System and method for blockchain smart contract data privacy
CN108055274B (en) * 2017-12-22 2020-09-11 广东工业大学 Encryption and sharing method and system based on alliance chain storage data
CN109587132B (en) * 2018-11-29 2021-03-26 南京苏宁软件技术有限公司 Data transmission method and device based on alliance chain
CN111600908B (en) * 2020-06-17 2021-07-13 杭州云链趣链数字科技有限公司 Data processing method, system, computer device and readable storage medium
CN111951074A (en) * 2020-08-05 2020-11-17 珠海格力电器股份有限公司 Sharing equipment system based on alliance chain
CN112149077B (en) * 2020-10-12 2022-03-25 杭州云链趣链数字科技有限公司 Supply chain billing method, system and computer equipment based on block chain technology
CN112163046A (en) * 2020-10-29 2021-01-01 军工保密资格审查认证中心 Block chain-based equipment data storage method, device and system

Also Published As

Publication number Publication date
CN113301018A (en) 2021-08-24

Similar Documents

Publication Publication Date Title
CN113301018B (en) Data sharing method based on alliance chain
Liang et al. PDPChain: A consortium blockchain-based privacy protection scheme for personal data
CN110727737B (en) Intelligent medical data storage method based on multilevel block chain system architecture
CN107231351B (en) Electronic certificate management method and related equipment
CN109948367B (en) Medical data authorization method based on block chain technology
CN103502994B (en) Method for handling privacy data
CN113132103B (en) Data cross-domain security sharing system and method
CN108055274A (en) A kind of encryption based on alliance's chain storage data and shared method and system
CN110061845A (en) Block chain data ciphering method, device, computer equipment and storage medium
CN111797415A (en) Block chain based data sharing method, electronic device and storage medium
CN109120639A (en) A kind of data cloud storage encryption method and system based on block chain
CN111324881B (en) Data security sharing system and method fusing Kerberos authentication server and block chain
CN110502916A (en) A kind of sensitive data processing method and system based on block chain
CN102075544A (en) Encryption system, encryption method and decryption method for local area network shared file
CN113420319A (en) Data privacy protection method and system based on block chain and permission contract
CN114329529A (en) Asset data management method and system based on block chain
CN114520747B (en) Data security sharing system and method taking data as center
CN110135175A (en) Information processing, acquisition methods, device, equipment and medium based on block chain
CN109361663A (en) A kind of correlation technique, system and relevant apparatus accessing encryption data
CN111008855A (en) Retroactive data access control method based on improved proxy re-encryption
CN115296838A (en) Data sharing method, system and storage medium based on block chain
CN115883214A (en) Electronic medical data sharing system and method based on alliance chain and CP-ABE
CN113486082B (en) Outsourcing data access control system based on block chain
CN113326529A (en) Decentralized architecture unifying method based on trusted computing
CN110019463A (en) A kind of data store query method and system shared in many ways

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A data sharing method based on consortium chain

Effective date of registration: 20220825

Granted publication date: 20220524

Pledgee: Bank of Beijing Limited by Share Ltd. Hangzhou branch

Pledgor: ZHEJIANG SHUQIN TECHNOLOGY CO.,LTD.

Registration number: Y2022330001899