CN113743955A - Food material traceability data security access control method based on intelligent contract - Google Patents
Food material traceability data security access control method based on intelligent contract Download PDFInfo
- Publication number
- CN113743955A CN113743955A CN202110902305.1A CN202110902305A CN113743955A CN 113743955 A CN113743955 A CN 113743955A CN 202110902305 A CN202110902305 A CN 202110902305A CN 113743955 A CN113743955 A CN 113743955A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- access
- contract
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The application provides a food material traceability data security access control method based on an intelligent contract, which relates to the technical field of block chains, and comprises the following steps: registering an account number for a user; and when the access control strategy judges that the attribute of the user meets the access right, the data is sent to the user from the block chain. According to the embodiment of the application, the access control technology is introduced and combined with the block chain, and is applied to the traceability scene of the food material collection distribution supply chain, so that the problems of hierarchical access of the traceability information of the food material supply chain and public transparent supervision in the traceability process are solved, and the fine-grained traceability data access control is realized; the sensitive information grades are divided for hierarchical encryption, and the ciphertext is stored in the block chain, so that the privacy of each role in the food material supply chain is effectively protected.
Description
Technical Field
The application relates to the technical field of block chains, in particular to a food material traceability data security access control method based on an intelligent contract.
Background
The food material supply chain is composed of the isograms of suppliers, an acquisition and distribution base, logistics enterprises, consumer users and supervision departments, and is a complete chain for acquisition and distribution of food materials from food material production, purchasing, detection and distribution to consumer tables. The food safety problem causes wide social attention, and the food safety problem on public dining tables is particularly important. In order to better supervise the circulation process of the food materials from production to dining tables, transparent and credible food material traceability is gradually becoming a new need of society.
A food material supply chain generates a large amount of heterogeneous data in the operation process, food material commodity data in the data provides important support for the construction of a traceability system, and meanwhile, the data contains part of sensitive information. In the traceability system, transparent traceability of public information on a food material supply chain is achieved, a consumer user and even a social public can know the specific traceability information of the food material, all information on the supply chain is visible to a supervision department, part of sensitive information is shielded from the outside, and information required by traceability is displayed to the maximum extent.
In the food material traceability system in the prior art, food materials cannot be publicly and transparently traced, and traceability information disclosure and privacy data security protection cannot be guaranteed, so that the problem is urgently needed to be solved.
Disclosure of Invention
The purpose of this application aims at solving one of foretell technical defect at least, especially food material can't disclose transparent traceability in the food material traceability system among the prior art, and traceability information disclosure and privacy data safety protection can't obtain the guarantee technical defect.
In a first aspect, a food material traceability data security access control method based on an intelligent contract is provided, which includes:
receiving an account registration request of a user, registering an account containing user attributes of the user for the user based on the account registration request, issuing a CA certificate containing the user attributes to the user, and generating a private key for the user;
initializing a block chain network, and adding an organization and a node;
an access control strategy is formulated, an intelligent contract is designed and compiled, the intelligent contract is installed in each node, and the access control strategy is uploaded to a block chain for storage;
receiving data uploaded by a user through the intelligent contract, calling an encryption algorithm in a data encryption contract to carry out hierarchical encryption on the data based on the sensitivity of the data, and uploading the encrypted data to the block chain;
and receiving a data access request of a user, sending the data to the user from the block chain when the access control strategy judges that the attribute of the user meets the access right, and storing an access record of the user to the block chain.
As a possible embodiment of the present application, in this embodiment, the user includes a role in a food material supply chain, including a supplier, an acquisition base, a logistics enterprise, a consumer user, and a regulatory department, the receiving an account registration request of the user, registering an account containing user attributes of the user for the user based on the account registration request, issuing a CA certificate containing the user attributes to the user, and generating a private key for the user includes:
receiving an account registration request of a user, and sending the account registration request to a CA server for registration, wherein the account information of the user comprises an account number, an account password and a user attribute character string;
and generating a public key and private key pair for the user account, carrying out front operation on the public key and the attribute information of the user, and issuing a certificate and a private key for the user.
As a possible embodiment of the present application, in the embodiment, the formulating an access control policy, designing and writing an intelligent contract, installing the intelligent contract into each node, and uploading the access control policy to a blockchain storage includes:
designing and compiling a policy management contract, an access control contract, a data uploading contract and a data encryption contract, and installing the contract;
and based on the corresponding relation between the data and the user attribute and the access authority, the access policy is related, and the access policy is uploaded to a control channel through the policy management contract.
As a possible embodiment of the present application, in this embodiment, the grading of the data sensitivity level includes public access data, low sensitivity data, and high sensitivity data, and the receiving user uploads the data uploaded by the smart contract, and invokes an encryption algorithm in a data encryption contract to encrypt the data in a grading manner based on the sensitivity level of the data, and uploads the encrypted data to the blockchain, including:
receiving data uploaded by a user through a tracing system;
processing the data through a data uploading contract, and encrypting the low-sensitivity data by using an AES algorithm and encrypting the high-sensitivity data by using an ECC algorithm through calling the contract;
and storing the encrypted data in an IPFS distributed system, returning a storage index hash code, and calling a contract to upload the data index into a source tracing channel on the block chain.
As a possible embodiment of the present application, in the embodiment, the receiving a data access request of a user, sending the data from the block chain to the user when the access control policy determines that the attribute of the user satisfies the access right, and storing an access record of the user in the block chain includes:
receiving an access request with attributes, which is initiated by a user;
the access control contract inquires an access policy and checks whether the attribute of the access request is matched with the access policy;
and deciding whether to return data to the user or not based on the matching result.
As a possible embodiment of the present application, in this embodiment, the determining whether to return data to the user based on the matching result includes:
returning data to the user when the attribute matches the access policy;
when the attribute does not match the access policy, no data is returned to the user.
As a possible embodiment of the present application, in this embodiment, the access record includes an access event id, an access user, access data, an access time, and an access result.
In a second aspect, a food material traceability data security access control device based on an intelligent contract is provided, which includes:
a registration request receiving module, configured to receive an account registration request of a user, register an account including user attributes of the user for the user based on the account registration request, issue a CA certificate including the user attributes to the user, and generate a private key for the user;
the initialization module is used for initializing the block chain network and adding an organization and a node;
the contract determining module is used for making an access control strategy, designing and compiling an intelligent contract, installing the intelligent contract into each node, and uploading the access control strategy to a block chain for storage;
the data receiving module is used for receiving data uploaded by a user through the intelligent contract, calling an encryption algorithm in a data encryption contract based on the sensitivity of the data to carry out hierarchical encryption on the data, and uploading the encrypted data to the block chain;
and the data access module is used for receiving a data access request of a user, sending the data to the user from the block chain when the access control strategy judges that the attribute of the user meets the access right, and storing the access record of the user to the block chain.
In a third aspect, an electronic device is provided, where the electronic device includes a memory, a processor, and a computer program that is stored in the memory and is executable on the processor, and the processor implements the food material traceability data security access control method based on the smart contract when executing the program.
In a fourth aspect, a computer-readable storage medium is provided, where at least one instruction, at least one program, a code set, or a set of instructions is stored, and the at least one instruction, the at least one program, the code set, or the set of instructions is loaded and executed by the processor to implement the food material traceability data security access control method based on the smart contract.
According to the embodiment of the application, the access control technology is introduced and combined with the block chain, and is applied to the traceability scene of the food material collection distribution supply chain, so that the problems of hierarchical access of the traceability information of the food material supply chain and public transparent supervision in the traceability process are solved, and the fine-grained traceability data access control is realized; meanwhile, the sensitive information grades are divided for hierarchical encryption, the ciphertext is stored on the block chain, the privacy of each role on the food material supply chain is effectively protected, 2 different chains are used for decoupling the separate storage of the access control data and the traceability data, the access control chain stores the access strategy and the access record, the traceability chain stores the traceability information, IPFS distributed storage is introduced to realize chain uplink and downlink storage, and the data storage pressure is reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic flow chart of a food material traceability data security access control method based on an intelligent contract according to an embodiment of the present application;
fig. 2 is a schematic flowchart of an account registration method according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of a policy customization method according to an embodiment of the present application;
fig. 4 is a schematic flowchart of a data encryption method according to an embodiment of the present application;
fig. 5 is a schematic flowchart of a data access method according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a food material traceability data security access control device based on an intelligent contract according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
The above and other features, advantages and aspects of various embodiments of the present application will become more apparent from the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The application provides a three-dimensional point cloud-based positioning method, a three-dimensional point cloud-based positioning device, an electronic device and a computer-readable storage medium, which aim to solve the above technical problems in the prior art.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
The embodiment of the application provides a food material traceability data security access control method based on an intelligent contract, and as shown in fig. 1, the method comprises the following steps:
step S101, receiving an account registration request of a user, registering an account containing user attributes of the user for the user based on the account registration request, issuing a CA certificate containing the user attributes to the user, and generating a private key for the user;
step S102, initializing a block chain network, and adding an organization and a node;
step S103, making an access control strategy, designing and compiling an intelligent contract, installing the intelligent contract into each node, and uploading the access control strategy to a block chain for storage;
step S10,4, receiving data uploaded by a user through the intelligent contract, calling an encryption algorithm in the data encryption contract to carry out hierarchical encryption on the data based on the sensitivity of the data, and uploading the encrypted data to the block chain;
step S105, receiving a data access request of a user, when the access control strategy judges that the attribute of the user meets the access right, sending the data to the user from the block chain, and storing the access record of the user to the block chain.
In the embodiment of the application, the food material traceability data security access control method based on the intelligent contract is based on an access control model (ABAC) based on user attributes, and combines a blockchain technology to grant attributes for various roles in a supply chain network ABAC and a network, and an administrator customizes an access strategy and stores the access strategy to a blockchain; when a role needs to access data on the chain, the access control contract inquires the access strategy on the chain and checks whether the role attribute is matched with the data attribute, so that the access is allowed or denied. The access policy and the access log are stored on the blockchain, and the data to be accessed are also stored on different chains and are realized in different channels in the fabric framework. Meanwhile, sensitive data are classified, and different encryption means are adopted for data with different sensitivity levels, so that the safety of the data is protected. According to the low, medium and high sensitivity, the method of plaintext public storage, symmetric encryption and asymmetric encryption is respectively adopted for chain storage. In addition, in order to optimize the storage structure, a chain uplink and downlink mixed storage structure is adopted, data abstracts are stored on a chain, and real data contents are stored in a chain downlink distributed IPFS file system. Taking the food supply chain as an example, various data are generated in the food supply chain. Some of these data are needed for traceability reasons, but these data are likely to be sensitive data and are not easy to disclose. The food material traceability data security access control model based on the intelligent contract has the function of access control, and aims to enable different roles in a food material supply chain to access data of different degrees. The access control process is completely marked by the block chain, and the problem of single point failure possibly caused by a single attribute mechanism in the traditional access control is solved.
In the embodiment of the application, a CA center server registers a user account containing user attributes, issues a CA certificate containing the user attributes to a user, generates a private key for the user, completes the creation of the user account, initializes a block chain network, builds a block chain network and starts the network, joins each organization and node, an administrator formulates an access control strategy, designs and compiles an intelligent contract, remotely installs the intelligent contract on each node, uploads the access control strategy to the block chain for storage, the user uploads data through the intelligent contract, carries out hierarchical encryption according to the sensitivity of the data, calls an encryption algorithm in the data encryption contract for encryption, uploads the encrypted data to the block chain, the user initiates a data access request, judges whether the attributes of the access request meet the access authority according to the access control contract, and returns an access result to the user, if the user access request passes the verification, the user access data is returned to the user from the chain and the user access record is recorded simultaneously onto the blockchain.
According to the embodiment of the application, the access control technology is introduced and combined with the block chain, and is applied to the traceability scene of the food material collection distribution supply chain, so that the problems of hierarchical access of the traceability information of the food material supply chain and public transparent supervision in the traceability process are solved, and the fine-grained traceability data access control is realized; meanwhile, the sensitive information grades are divided for hierarchical encryption, the ciphertext is stored on the block chain, the privacy of each role on the food material supply chain is effectively protected, 2 different chains are used for decoupling the separate storage of the access control data and the traceability data, the access control chain stores the access strategy and the access record, the traceability chain stores the traceability information, IPFS distributed storage is introduced to realize chain uplink and downlink storage, and the data storage pressure is reduced.
As a possible embodiment of the present application, in this embodiment, as shown in fig. 2, the user includes roles on a food material supply chain, including a supplier, an acquisition base, a logistics enterprise, a consumer user, and a regulatory department, the receiving an account registration request of the user, registering an account containing user attributes of the user for the user based on the account registration request, issuing a CA certificate containing the user attributes to the user, and generating a private key for the user includes:
step S201, receiving an account registration request of a user, and sending the account registration request to a CA server for registration, wherein the account information of the user comprises an account number, an account password and a user attribute character string;
step S202, generating a public key and private key pair for the user account, advancing the public key and attribute information of the user, and issuing a certificate and a private key for the user.
In the embodiment of the application, the users include roles in a food material supply chain, such as suppliers, collection and distribution bases, logistics enterprises, consumer users, supervision departments and the like, and data owners and data visitors are generated among the users; the CA center is a credible certificate authority, before the blockchain network is started, a user creates an account to the CA center, an administrator sends account information of the user applying for registration to a CA server for registration, and the account information comprises a user account, a user password and a user attribute character string; a user initiates an account registration request to a CA server by using a pre-registered account and a password, wherein the request comprises the user account and the user password; the CA center generates a public key and private key pair for the user, uses the private key of the CA center to sign the public key of the user and the identity information containing the attribute, and issues a certificate and a private key for the user; the user saves the certificate and private key issued by the CA, and the account creation is completed.
As a possible embodiment of the present application, in this embodiment, as shown in fig. 3, the formulating an access control policy, designing and writing an intelligent contract, installing the intelligent contract into each node, and uploading the access control policy to a blockchain storage includes:
step S301, designing and compiling a policy management contract, an access control contract, a data uploading contract and a data encryption contract, and installing the contract;
step S302, access strategies are related based on the corresponding relation between the data and the user attributes and the access authority, and the access strategies are uploaded into the control channel through the strategy management contract.
In the embodiment of the application, a policy management contract PolicyMgrCC, an access control contract AccessCtrlCC, a data uploading contract UploadCC and a data encryption contract EncryptCC are designed and written, and a contract is installed; the administrator designs an access strategy according to the corresponding relation between the data and the user attribute and the access authority, and uploads the access strategy to an access control channel on the chain through a strategy management contract PolicyMgrCC. The intelligent contract is a code for performing data interaction with the block chain system, and comprises a data uploading contract, a data encryption contract, a data query contract, an access control contract and a policy management contract; when the data are uploaded, different encryption algorithms in a data encryption contract are called to encrypt the data according to different sensitivity degrees of the data; the access control contract is used for implementing access control operation when the user accesses data, and comprises the steps of checking whether the user attributes are matched or not and checking whether the user has the access right of the corresponding data or not.
As a possible embodiment of the present application, in this embodiment, as shown in fig. 4, the data sensitivity level ranking includes public access data, low sensitivity data, and high sensitivity data, and the receiving user uploads the data uploaded by the smart contract, and invokes an encryption algorithm in a data encryption contract to perform hierarchical encryption on the data based on the sensitivity level of the data, and uploads the encrypted data to the blockchain, the method includes:
step S401, receiving data uploaded by a user through a traceability system;
step S402, processing the data through a data uploading contract, and encrypting the low-sensitivity data by using an AES algorithm and encrypting the high-sensitivity data by using an ECC algorithm through calling the contract;
and S403, storing the encrypted data in the IPFS distributed system, returning a storage index hash code, and calling a contract to upload the data index into a source tracing channel on the block chain.
In the embodiment of the application, the data sensitivity grading comprises public access data, low sensitivity data and high sensitivity data; the public access data comprises data such as food commodity source tracing names, prices, production places, plant addresses, production dates, certificates and supervision conditions, the low-sensitivity data comprises employee names, supplier contact ways, food pesticide residue detection data and the like on a food material collection and distribution supply chain, and the high-sensitivity data comprises employee identity numbers, employee family addresses, employee contact ways and the like on the collection and distribution supply chain; receiving data uploaded by a user through a tracing system; the contract UploadCC is called to process data, low-sensitivity data is encrypted by using an AES algorithm through calling an EncryptCC contract, a secret key is sent to a supervision department, high-sensitivity data is encrypted by using an ECC algorithm, a private key is sent to a supervision node for recording, the encrypted data is stored in an IPFS distributed system, a storage index hash code is returned, and the contract UploadCC is called to upload data to a traceability channel on a block chain.
In the embodiment of the application, the encryption algorithm of the sensitive data comprises an AES symmetric encryption algorithm and an ECC elliptic curve encryption algorithm, the AES symmetric encryption algorithm is used for encrypting the low sensitive data, and the ECC elliptic curve encryption algorithm is used for encrypting the high sensitive data; after the sensitive data are encrypted, the private key or the secret key of the user is encrypted by the public key of the supervision department node in the food material supply chain, the ciphertext is uploaded to the block chain to be stored, only the supervision department and the user own private key ensure the safety of the data stored in the chain, and even if the block is taken down maliciously, the data safety can be ensured.
As a possible embodiment of the present application, in this embodiment, as shown in fig. 5, the receiving a data access request of a user, sending the data from the block chain to the user when the access control policy determines that the attribute of the user satisfies the access right, and storing an access record of the user in the block chain includes:
step S501, receiving an access request with attributes, which is initiated by a user;
step S502, the access control contract inquires the access strategy and checks whether the attribute of the access request is matched with the access strategy;
in step S503, it is determined whether to return data to the user based on the matching result.
In the embodiment of the application, an access request with an attribute, which is initiated by a user, is received, the access request user requests to access data, an access control contract inquires an access policy, whether the attribute of the access request is matched with the access policy is checked, and when the attribute is matched with the access policy, the data is returned to the user; when the attribute is not matched with the access strategy, a data access control model based on the attribute is not returned to the user, and the access model realizes the access control of the user on different data by checking that the user attribute of the requested data is matched with the strategy; the administrator can customize the access control strategy, add, delete and modify the access control strategy by calling the strategy management contract, upload the access control strategy to a block chain for storage, and inquire when the user initiates an access request so as to match whether the access request meets the requirement of the strategy; the user can apply for joint addition, deletion and modification of the access strategy to the administrator. The access result comprises an access permission and an access rejection, the access is permitted and the requested data is returned for the access request with the user attribute matched with the access policy, otherwise, the access rejection result is returned; the access record comprises fields of access event id, access user, access data, access time, access result and the like, and is recorded to a block chain for trace.
According to the embodiment of the application, the access control technology is introduced and combined with the block chain, and is applied to the traceability scene of the food material collection distribution supply chain, so that the problems of hierarchical access of the traceability information of the food material supply chain and public transparent supervision in the traceability process are solved, and the fine-grained traceability data access control is realized; meanwhile, the sensitive information grades are divided for hierarchical encryption, the ciphertext is stored on the block chain, the privacy of each role on the food material supply chain is effectively protected, 2 different chains are used for decoupling the separate storage of the access control data and the traceability data, the access control chain stores the access strategy and the access record, the traceability chain stores the traceability information, IPFS distributed storage is introduced to realize chain uplink and downlink storage, and the data storage pressure is reduced.
The embodiment of the application provides a food material traceability data security access control device based on an intelligent contract, as shown in fig. 6, the device includes: a registration request receiving module 601, an initialization module 602, a contract determination module 603, a data receiving module 604, and a data access module 605, wherein,
a registration request receiving module 601, configured to receive an account registration request of a user, register an account including user attributes of the user for the user based on the account registration request, issue a CA certificate including the user attributes to the user, and generate a private key for the user;
an initialization module 602, configured to initialize a block chain network and add an organization and a node;
a contract determining module 603, configured to make an access control policy, design and write an intelligent contract, install the intelligent contract into each node, and upload the access control policy to a block chain storage;
a data receiving module 604, configured to receive data uploaded by a user through the intelligent contract, call an encryption algorithm in a data encryption contract to perform hierarchical encryption on the data based on the sensitivity of the data, and upload the encrypted data to the block chain;
a data access module 605, configured to receive a data access request of a user, send the data to the user from the block chain when the access control policy determines that the attribute of the user meets the access right, and store an access record of the user in the block chain.
As a possible embodiment of the present application, in this embodiment, the user includes roles in a food material supply chain, including a supplier, an acquisition base, a logistics enterprise, a consumer user, and a regulatory department, the registration request receiving module 601, when receiving an account registration request of the user, registering an account containing user attributes of the user for the user based on the account registration request, and issuing a CA certificate containing the user attributes to the user, may be configured to, when generating a private key for the user:
receiving an account registration request of a user, and sending the account registration request to a CA server for registration, wherein the account information of the user comprises an account number, an account password and a user attribute character string;
and generating a public key and private key pair for the user account, carrying out front operation on the public key and the attribute information of the user, and issuing a certificate and a private key for the user.
As a possible embodiment of the present application, in this embodiment, the contract determining module 603, when preparing an access control policy, designing and writing an intelligent contract, installing the intelligent contract into each node, and uploading the access control policy to a blockchain storage, may be configured to:
designing and compiling a policy management contract, an access control contract, a data uploading contract and a data encryption contract, and installing the contract;
and based on the corresponding relation between the data and the user attribute and the access authority, the access policy is related, and the access policy is uploaded to a control channel through the policy management contract.
As a possible embodiment of the present application, in this embodiment, the data sensitivity level ranking includes public access data, low sensitivity data, and high sensitivity data, and when the data receiving module 604 receives data uploaded by a user through the smart contract, and invokes an encryption algorithm in a data encryption contract to encrypt the data in a hierarchical manner based on the sensitivity level of the data, and uploads the encrypted data to the blockchain, it may be configured to:
receiving data uploaded by a user through a tracing system;
processing the data through a data uploading contract, and encrypting the low-sensitivity data by using an AES algorithm and encrypting the high-sensitivity data by using an ECC algorithm through calling the contract;
and storing the encrypted data in an IPFS distributed system, returning a storage index hash code, and calling a contract to upload the data index into a source tracing channel on the block chain.
As a possible embodiment of the present application, in this embodiment, when the data access module 605 receives a data access request from a user, and when the access control policy determines that the attribute of the user satisfies the access right, the data access module may send the data from the block chain to the user, and store an access record of the user in the block chain, to be used for:
receiving an access request with attributes, which is initiated by a user;
the access control contract inquires an access policy and checks whether the attribute of the access request is matched with the access policy;
and deciding whether to return data to the user or not based on the matching result.
As a possible embodiment of the present application, in this embodiment, the determining whether to return data to the user based on the matching result includes:
returning data to the user when the attribute matches the access policy;
when the attribute does not match the access policy, no data is returned to the user.
As a possible embodiment of the present application, in this embodiment, the access record includes an access event id, an access user, access data, an access time, and an access result.
The food material traceability data security access control device based on the intelligent contract according to the embodiment of the application can execute the food material traceability data security access control method based on the intelligent contract according to the embodiment of the application, the implementation principles are similar, and details are not repeated here.
According to the embodiment of the application, the access control technology is introduced and combined with the block chain, and is applied to the traceability scene of the food material collection distribution supply chain, so that the problems of hierarchical access of the traceability information of the food material supply chain and public transparent supervision in the traceability process are solved, and the fine-grained traceability data access control is realized; meanwhile, the sensitive information grades are divided for hierarchical encryption, the ciphertext is stored on the block chain, the privacy of each role on the food material supply chain is effectively protected, 2 different chains are used for decoupling the separate storage of the access control data and the traceability data, the access control chain stores the access strategy and the access record, the traceability chain stores the traceability information, IPFS distributed storage is introduced to realize chain uplink and downlink storage, and the data storage pressure is reduced.
An embodiment of the present application provides an electronic device, including: a memory and a processor; at least one program stored in the memory for, when executed by the processor, receiving an account registration request of a user, registering an account for the user that includes user attributes of the user based on the account registration request, and issuing a CA certificate to the user that includes the user attributes, generating a private key for the user; initializing a block chain network, and adding an organization and a node; an access control strategy is formulated, an intelligent contract is designed and compiled, the intelligent contract is installed in each node, and the access control strategy is uploaded to a block chain for storage; receiving data uploaded by a user through the intelligent contract, calling an encryption algorithm in a data encryption contract to carry out hierarchical encryption on the data based on the sensitivity of the data, and uploading the encrypted data to the block chain; and receiving a data access request of a user, sending the data to the user from the block chain when the access control strategy judges that the attribute of the user meets the access right, and storing an access record of the user to the block chain.
Compared with the prior art, the method can realize that: according to the embodiment of the application, the access control technology is introduced and combined with the block chain, and is applied to the traceability scene of the food material collection distribution supply chain, so that the problems of hierarchical access of the traceability information of the food material supply chain and public transparent supervision in the traceability process are solved, and the fine-grained traceability data access control is realized; meanwhile, the sensitive information grades are divided for hierarchical encryption, the ciphertext is stored on the block chain, the privacy of each role on the food material supply chain is effectively protected, 2 different chains are used for decoupling the separate storage of the access control data and the traceability data, the access control chain stores the access strategy and the access record, the traceability chain stores the traceability information, IPFS distributed storage is introduced to realize chain uplink and downlink storage, and the data storage pressure is reduced.
In an alternative embodiment, an electronic device is provided, as shown in fig. 7, the electronic device 4000 shown in fig. 7 comprising: a processor 4001 and a memory 4003. Processor 4001 is coupled to memory 4003, such as via bus 4002. Optionally, the electronic device 4000 may further comprise a transceiver 4004. In addition, the transceiver 4004 is not limited to one in practical applications, and the structure of the electronic device 4000 is not limited to the embodiment of the present application.
The Processor 4001 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 4001 may also be a combination that performs a computational function, including, for example, a combination of one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
The Memory 4003 may be a ROM (Read Only Memory) or other types of static storage devices that can store static information and instructions, a RAM (Random Access Memory) or other types of dynamic storage devices that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.
The memory 4003 is used for storing application codes for executing the scheme of the present application, and the execution is controlled by the processor 4001. Processor 4001 is configured to execute application code stored in memory 4003 to implement what is shown in the foregoing method embodiments.
The present application provides a computer-readable storage medium, on which a computer program is stored, which, when running on a computer, enables the computer to execute the corresponding content in the foregoing method embodiments. Compared with the prior art, the access control technology is introduced and combined with the block chain, and the method is applied to the traceability scene of the food material collection and distribution supply chain, so that the problems of hierarchical access of the traceability information of the food material supply chain and public and transparent supervision in the traceability process are solved, and the fine-grained traceability data access control is realized; meanwhile, the sensitive information grades are divided for hierarchical encryption, the ciphertext is stored on the block chain, the privacy of each role on the food material supply chain is effectively protected, 2 different chains are used for decoupling the separate storage of the access control data and the traceability data, the access control chain stores the access strategy and the access record, the traceability chain stores the traceability information, IPFS distributed storage is introduced to realize chain uplink and downlink storage, and the data storage pressure is reduced.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, several modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.
Claims (7)
1. A food material traceability data security access control method based on an intelligent contract is characterized by comprising the following steps:
receiving an account registration request of a user, registering an account containing user attributes of the user for the user based on the account registration request, issuing a CA certificate containing the user attributes to the user, and generating a private key for the user;
initializing a block chain network, and adding an organization and a node;
an access control strategy is formulated, an intelligent contract is designed and compiled, the intelligent contract is installed in each node, and the access control strategy is uploaded to a block chain for storage;
receiving data uploaded by a user through the intelligent contract, calling an encryption algorithm in a data encryption contract to carry out hierarchical encryption on the data based on the sensitivity of the data, and uploading the encrypted data to the block chain;
and receiving a data access request of a user, sending the data to the user from the block chain when the access control strategy judges that the attribute of the user meets the access right, and storing an access record of the user to the block chain.
2. The food material traceability data security access control method based on the smart contract as claimed in claim 1, wherein the user comprises roles on a food material supply chain, including a supplier, an acquisition base, a logistics enterprise, a consumer user, and a supervision department, the receiving an account registration request of the user, registering an account containing user attributes of the user for the user based on the account registration request, and issuing a CA certificate containing the user attributes to the user, generating a private key for the user comprises:
receiving an account registration request of a user, and sending the account registration request to a CA server for registration, wherein the account information of the user comprises an account number, an account password and a user attribute character string;
and generating a public key and private key pair for the user account, carrying out front operation on the public key and the attribute information of the user, and issuing a certificate and a private key for the user.
3. The food material traceability data security access control method based on the intelligent contract as claimed in claim 1, wherein the making of the access control policy, the designing and writing of the intelligent contract, the installing of the intelligent contract into each node, and the uploading of the access control policy to the blockchain storage comprises:
designing and compiling a policy management contract, an access control contract, a data uploading contract and a data encryption contract, and installing the contract;
and based on the corresponding relation between the data and the user attribute and the access authority, the access policy is related, and the access policy is uploaded to a control channel through the policy management contract.
4. The food material traceability data security access control method based on the intelligent contract, as claimed in claim 1, wherein the data sensitivity level grading comprises public access data, low sensitivity data, and high sensitivity data, and the receiving user uploads the data through the intelligent contract, and based on the sensitivity level of the data, invokes an encryption algorithm in a data encryption contract to perform grading encryption on the data, and uploads the encrypted data to the block chain, comprises:
receiving data uploaded by a user through a tracing system;
processing the data through a data uploading contract, and encrypting the low-sensitivity data by using an AES algorithm and encrypting the high-sensitivity data by using an ECC algorithm through calling the contract;
and storing the encrypted data in an IPFS distributed system, returning a storage index hash code, and calling a contract to upload the data index into a source tracing channel on the block chain.
5. The food material traceability data security access control method based on the intelligent contract, as claimed in claim 1, wherein the receiving a data access request of a user, sending the data from the blockchain to the user when the access control policy determines that the attribute of the user satisfies the access right, and storing the access record of the user to the blockchain, comprises:
receiving an access request with attributes, which is initiated by a user;
the access control contract inquires an access policy and checks whether the attribute of the access request is matched with the access policy;
and deciding whether to return data to the user or not based on the matching result.
6. The food material traceability data security access control method based on the intelligent contract, as claimed in claim 5, wherein the deciding whether to return data to the user based on the matching result comprises:
returning data to the user when the attribute matches the access policy;
when the attribute does not match the access policy, no data is returned to the user.
7. The food material traceability data security access control method based on the intelligent contract as claimed in claim 1, wherein the access record comprises access event id, access user, access data, access time and access result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110902305.1A CN113743955A (en) | 2021-08-06 | 2021-08-06 | Food material traceability data security access control method based on intelligent contract |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110902305.1A CN113743955A (en) | 2021-08-06 | 2021-08-06 | Food material traceability data security access control method based on intelligent contract |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113743955A true CN113743955A (en) | 2021-12-03 |
Family
ID=78730357
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110902305.1A Pending CN113743955A (en) | 2021-08-06 | 2021-08-06 | Food material traceability data security access control method based on intelligent contract |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113743955A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114329526A (en) * | 2021-12-17 | 2022-04-12 | 重庆邮电大学 | Data sharing access control method based on block chain and user credit |
| CN114372281A (en) * | 2021-12-24 | 2022-04-19 | 浙江吉利控股集团有限公司 | Intelligent contract access method, device, equipment and storage medium |
| CN114780943A (en) * | 2022-04-20 | 2022-07-22 | 珠海复旦创新研究院 | Food supply chain management system based on block chain and decentralization attribute password |
| CN115208637A (en) * | 2022-06-23 | 2022-10-18 | 北京链道科技有限公司 | Access control method of block chain intelligent contract |
| CN116663047A (en) * | 2023-05-11 | 2023-08-29 | 中日友好医院(中日友好临床医学研究所) | Fine-granularity safe data sharing method for privacy protection of patient health record |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107909372A (en) * | 2017-10-25 | 2018-04-13 | 复旦大学 | A kind of agricultural product source tracing method based on block chain technology |
| CN108009830A (en) * | 2017-12-14 | 2018-05-08 | 上海密尔克卫化工储存有限公司 | Products in circulation tracking and system based on block chain |
| CN108764695A (en) * | 2018-05-23 | 2018-11-06 | 江苏涞哲信息科技有限公司 | A kind of food security traceability system and method based on block chain technology |
| CN109753815A (en) * | 2018-11-26 | 2019-05-14 | 远光软件股份有限公司 | Data processing method, data processing network and electronic equipment based on block chain |
| CN110706008A (en) * | 2019-10-14 | 2020-01-17 | 北京慧眼智行科技有限公司 | Traceability processing method based on block chain and block chain distributed traceability system |
| CN111008844A (en) * | 2019-11-21 | 2020-04-14 | 山东爱城市网信息技术有限公司 | Block chain-based drug tracing method, device and medium |
| CN111062731A (en) * | 2019-12-20 | 2020-04-24 | 江苏荣泽信息科技股份有限公司 | Block chain-based food safety tracing system and method |
| CN111445264A (en) * | 2020-02-17 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | Food supply chain traceability system based on block chain and implementation method |
| CN111709056A (en) * | 2020-08-24 | 2020-09-25 | 北京邮电大学 | Data sharing method and system based on block chain |
| CN112200690A (en) * | 2020-10-27 | 2021-01-08 | 西安纸贵互联网科技有限公司 | Ship quality traceability system based on block chain |
| CN112256662A (en) * | 2020-10-22 | 2021-01-22 | 安徽农业大学 | Storage and tracing method, device, equipment and storage medium for agricultural product information block chain |
| CN112417519A (en) * | 2020-11-25 | 2021-02-26 | 重庆邮电大学 | Supply chain logistics data secure sharing method based on block chain |
| CN112488734A (en) * | 2020-12-07 | 2021-03-12 | 崔艳兰 | Food and drug tracing method and system based on block chain |
| CN112967074A (en) * | 2021-03-29 | 2021-06-15 | 北京工商大学 | Block chain driven rice supply chain information supervision model construction method |
| CN113051609A (en) * | 2021-03-12 | 2021-06-29 | 广西综合交通大数据研究院 | Food material traceability system, method, equipment and storage medium based on block chain |
| CN113111364A (en) * | 2021-04-12 | 2021-07-13 | 浙江永旗区块链科技有限公司 | Block chain data privacy protection system and protection method thereof |
-
2021
- 2021-08-06 CN CN202110902305.1A patent/CN113743955A/en active Pending
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107909372A (en) * | 2017-10-25 | 2018-04-13 | 复旦大学 | A kind of agricultural product source tracing method based on block chain technology |
| CN108009830A (en) * | 2017-12-14 | 2018-05-08 | 上海密尔克卫化工储存有限公司 | Products in circulation tracking and system based on block chain |
| CN108764695A (en) * | 2018-05-23 | 2018-11-06 | 江苏涞哲信息科技有限公司 | A kind of food security traceability system and method based on block chain technology |
| CN109753815A (en) * | 2018-11-26 | 2019-05-14 | 远光软件股份有限公司 | Data processing method, data processing network and electronic equipment based on block chain |
| CN110706008A (en) * | 2019-10-14 | 2020-01-17 | 北京慧眼智行科技有限公司 | Traceability processing method based on block chain and block chain distributed traceability system |
| CN111008844A (en) * | 2019-11-21 | 2020-04-14 | 山东爱城市网信息技术有限公司 | Block chain-based drug tracing method, device and medium |
| CN111062731A (en) * | 2019-12-20 | 2020-04-24 | 江苏荣泽信息科技股份有限公司 | Block chain-based food safety tracing system and method |
| CN111445264A (en) * | 2020-02-17 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | Food supply chain traceability system based on block chain and implementation method |
| CN111709056A (en) * | 2020-08-24 | 2020-09-25 | 北京邮电大学 | Data sharing method and system based on block chain |
| CN112256662A (en) * | 2020-10-22 | 2021-01-22 | 安徽农业大学 | Storage and tracing method, device, equipment and storage medium for agricultural product information block chain |
| CN112200690A (en) * | 2020-10-27 | 2021-01-08 | 西安纸贵互联网科技有限公司 | Ship quality traceability system based on block chain |
| CN112417519A (en) * | 2020-11-25 | 2021-02-26 | 重庆邮电大学 | Supply chain logistics data secure sharing method based on block chain |
| CN112488734A (en) * | 2020-12-07 | 2021-03-12 | 崔艳兰 | Food and drug tracing method and system based on block chain |
| CN113051609A (en) * | 2021-03-12 | 2021-06-29 | 广西综合交通大数据研究院 | Food material traceability system, method, equipment and storage medium based on block chain |
| CN112967074A (en) * | 2021-03-29 | 2021-06-15 | 北京工商大学 | Block chain driven rice supply chain information supervision model construction method |
| CN113111364A (en) * | 2021-04-12 | 2021-07-13 | 浙江永旗区块链科技有限公司 | Block chain data privacy protection system and protection method thereof |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114329526A (en) * | 2021-12-17 | 2022-04-12 | 重庆邮电大学 | Data sharing access control method based on block chain and user credit |
| CN114329526B (en) * | 2021-12-17 | 2024-03-26 | 重庆邮电大学 | Data sharing access control method based on blockchain and user credibility |
| CN114372281A (en) * | 2021-12-24 | 2022-04-19 | 浙江吉利控股集团有限公司 | Intelligent contract access method, device, equipment and storage medium |
| CN114780943A (en) * | 2022-04-20 | 2022-07-22 | 珠海复旦创新研究院 | Food supply chain management system based on block chain and decentralization attribute password |
| CN114780943B (en) * | 2022-04-20 | 2024-03-26 | 珠海复旦创新研究院 | Food supply chain management system based on block chain and decentralised attribute passwords |
| CN115208637A (en) * | 2022-06-23 | 2022-10-18 | 北京链道科技有限公司 | Access control method of block chain intelligent contract |
| CN115208637B (en) * | 2022-06-23 | 2023-09-08 | 北京链道科技有限公司 | Access control method of blockchain intelligent contract |
| CN116663047A (en) * | 2023-05-11 | 2023-08-29 | 中日友好医院(中日友好临床医学研究所) | Fine-granularity safe data sharing method for privacy protection of patient health record |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11362815B2 (en) | Trusted data transmission methods, apparatuses, and devices | |
| CN113743955A (en) | Food material traceability data security access control method based on intelligent contract | |
| US11153092B2 (en) | Dynamic access control on blockchain | |
| US10122718B2 (en) | Data access and ownership management | |
| US8850593B2 (en) | Data management using a virtual machine-data image | |
| US11726968B2 (en) | Methods, apparatuses, and devices for transferring data assets based on blockchain | |
| US10666647B2 (en) | Access to data stored in a cloud | |
| US11870882B2 (en) | Data processing permits system with keys | |
| WO2021012548A1 (en) | Blockchain-based data processing method and system, and electronic apparatus and storage medium | |
| US10372628B2 (en) | Cross-domain security in cryptographically partitioned cloud | |
| Sicari et al. | Security&privacy issues and challenges in NoSQL databases | |
| CN111814196A (en) | Data processing method, device and equipment | |
| CN113297433A (en) | Method and system for accessing graph database | |
| US10049222B1 (en) | Establishing application trust levels using taint propagation | |
| CN114969832B (en) | Private data management method and system based on server-free architecture | |
| Kumar et al. | Data security and encryption technique for cloud storage | |
| Shang et al. | One Stone, Three Birds: Finer-Grained Encryption with Apache Parquet@ Large Scale | |
| US20240013294A1 (en) | Secure Decentralized System | |
| Jin et al. | A Blockchain-Based IoT Workflow Management Approach | |
| CN117993017A (en) | Data sharing system, method, device, computer equipment and storage medium | |
| CN116975902A (en) | Task execution method and device based on trusted execution environment | |
| CN115525679A (en) | Data processing method and device | |
| CN117313140A (en) | Information query method, device, computer equipment and storage medium | |
| CN117194508A (en) | Development document processing method and device based on blockchain, and computer equipment | |
| CN115544581A (en) | Data processing method, storage medium and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |