CN114329512A - Encrypted data asset right confirming, managing and using method and device based on block chain - Google Patents
Encrypted data asset right confirming, managing and using method and device based on block chain Download PDFInfo
- Publication number
- CN114329512A CN114329512A CN202111398176.3A CN202111398176A CN114329512A CN 114329512 A CN114329512 A CN 114329512A CN 202111398176 A CN202111398176 A CN 202111398176A CN 114329512 A CN114329512 A CN 114329512A
- Authority
- CN
- China
- Prior art keywords
- data asset
- asset
- owner
- encrypted
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a method and a device for determining the authority, managing and using encrypted data assets based on a block chain, which are used for acquiring or creating an encrypted data asset account representing the identity of a subject; receiving data asset uploading information of a corresponding account, symmetrically encrypting the uploaded data asset by using a randomly generated symmetric key, and using the ID of the data asset as a unique identifier on a chain of the asset; the method comprises the steps of receiving an application request of a data asset owner, determining the right of the data asset owner, asymmetrically encrypting a key of a symmetrically encrypted data asset by using a held public key, storing an encrypted ciphertext and right information by using an account book, decrypting the symmetric key by the owner with the right according to a private key of the owner to obtain the content of the data asset, and managing the data asset information. The invention can realize the management of all on-chain data assets and the under-chain real world mapping.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a block chain-based encrypted data asset right confirming, managing and using method and device.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
With the development of the block chain, the block chain evolves from 'account book' expressing virtual money transfer transaction to the point that various data assets can be expressed, but most of the block chains are used as databases to store data asset certificates and only support data asset storage and acquisition operations, mainly because the bottom layer of the block chain does not support the full life cycle management and operation of various data assets, the data assets on the chain do not have complete semantics and cannot be subjected to full-process trace and tracing.
The entity assets such as certificates, vouchers, bills and the like of individuals and enterprises in the real world are stored by a main body and are used and circulated in various social activities. However, according to the inventor's understanding, the existing blockchain system main body cannot uniformly manage the data assets, the data assets do not have complete semantics, and the data assets cannot be completely mapped with the real world resource usage.
Disclosure of Invention
The invention aims to solve the problems and provides an encrypted data asset right confirming, managing and using method and device based on a block chain.
According to some embodiments, the invention adopts the following technical scheme:
a blockchain-based encrypted data asset entitlement, management and use method, comprising the steps of:
obtaining or creating an encrypted data asset account representing the identity of the principal;
receiving data asset uploading information of a corresponding account, symmetrically encrypting the uploaded data asset by using a randomly generated symmetric key, and using the ID of the data asset as a unique identifier on a chain of the asset;
the method comprises the steps of receiving an application request of a data asset owner, determining the right of the data asset owner, asymmetrically encrypting a key of the symmetrically encrypted data asset by using a held public key, storing an encrypted ciphertext and right information by using an account book, decrypting the symmetric key by the owner with the right according to a private key of the owner to obtain the content of the data asset, and managing or using the data asset information.
In an alternative embodiment, the encrypted data asset accounts each generate a unique identification of a public and private key that serves as an index associated with the asset on the chain.
As an alternative embodiment, a data asset ciphertext generated by symmetrically encrypting an uploaded data asset by using a randomly generated symmetric key is stored in the IPFS system for retention, and the storage route is through block chain book record network-wide consensus.
As an alternative implementation, in the process of determining the right of the data asset owner, the asset encryption mode, the ciphertext obtained after asymmetrically encrypting the symmetric key, and the route of the encrypted asset are all recorded in the block chain ledger, so as to support the data owner to decrypt the symmetric key according to the private key of the data owner to obtain the data asset content.
As an alternative implementation, when the application request is a data asset content viewing request, in an authorized viewing process, a private key of an application data owner obtains a symmetric key of an encrypted data asset; the original data asset is decrypted and then encrypted using the public key of the authorized party to generate an authorized copy of the data asset for viewing and use by the authorized party.
As an alternative embodiment, when the application requests to delegate authority for the data asset, the data asset owner adds or deletes the authority and validity period of the corresponding data asset in the block chain data asset account in advance, and within the validity period, the data asset account information is autonomously viewed or authorized to be shared by the delegate.
As an alternative embodiment, when the application requests to transfer the data asset, the data asset owner transfers the data asset to another person, after the right confirmation process is performed, the transfer is performed, and after the transfer, the original data asset holder does not own any right and does not own the management authority of the asset and the account information.
In response to the application request, the private key of the owner of the application data asset obtains the symmetric key of the encrypted data asset, and obtains the public key of the authorized party to encrypt the data asset and generate a copy of the data asset for authorization.
As an alternative embodiment, the data asset authorization usage history is recorded in a blockchain ledger and associated with the encrypted data asset accounts by a globally unique asset ID to provide an asset circulation record for traceability.
An apparatus for encrypted data asset entitlement, management and use based on blockchain, comprising:
an asset account creation module configured to obtain or create an encrypted data asset account representing a principal identity;
the asset account right confirming module is configured to receive data asset uploading information of a corresponding account, symmetrically encrypt the uploaded data asset by using a randomly generated symmetric key, and use the ID of the data asset as the unique identifier on the chain of the asset;
the asset information management module is configured to receive an application request of a data asset owner, determine the right of the data asset owner, asymmetrically encrypt a key of the symmetrically encrypted data asset by using a held public key, store the encrypted ciphertext and the ownership information by using an account book, decrypt the symmetric key by using the owner with the ownership according to a private key of the owner to obtain the data asset content, and manage or use the data asset information.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a block chain encrypted data asset account, so that a trusted subject, a trusted object and trusted transactions in real life can be mapped in a block chain, and the mutual mapping relation (data asset right confirmation) between the block chain subject account and the encrypted data asset account is realized. Important information such as data asset detailed information, data asset state information, data asset ownership information and data asset circulation records is summarized by building an encrypted data asset account, association is carried out through an ID of a global unique identifier, an object transaction process in real life is completely reflected by an application block chain, and a subject can uniformly manage the data assets on the chain. The block chain function and the range of the block chain description are expanded and perfected.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description serve to explain the invention and not to limit the invention.
FIG. 1 is a schematic diagram of an overall system for blockchain encrypted data asset accounts in accordance with at least one embodiment of the present invention;
FIG. 2 is a flow diagram illustrating a blockchain encrypted data asset account in accordance with at least one embodiment of the present invention.
The specific implementation mode is as follows:
the invention is further described with reference to the following figures and examples.
It is to be understood that the following detailed description is exemplary and is intended to provide further explanation of the invention as claimed. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
In order to change the current situations that the existing blockchain system main body in the background technology can not uniformly manage data assets, the data assets do not have complete semantics, and the data assets can not be completely mapped with real world resources; the invention provides a realization method for establishing a block chain encrypted data asset account with a main body as an origin.
As an exemplary embodiment, as shown in fig. 2, the method includes the steps of:
1. the block chain supports the creation of block chain encrypted data asset accounts for all social subjects, namely individuals and enterprises, each account generates a pair of public and private keys, and the public and private keys are stored in the block chain nodes for subsequent asset encryption.
2. Uploading data assets (i.e., identity cards, residence certificates, etc.) to blockchain nodes through a blockchain application port to generate a symmetric key, symmetrically encrypting the uploaded data assets with the symmetric key to generate encrypted data assets, and creating a unique Identification (ID). The symmetrically encrypted data asset ciphertext store persists, and the process creates an on-chain data asset instance.
3. After data are encrypted and stored, the authority of the encrypted data assets is confirmed, the association relation between the encrypted data asset account and the main account is determined, namely the belonger of the data assets is confirmed, the public and private keys of the data owner are obtained, and the public key of the data owner is applied to encrypt the symmetric key of the symmetrically encrypted data assets.
4. And a structural body is generated by storing a ciphertext obtained by encrypting the symmetric key by using the public key of the data owner and is stored in the account book, the ownership information of the encrypted data asset is recorded, and the ownership can be added or the existing ownership can be deleted later according to the asset flowing.
5. And in the data asset authorization application process, a private key of a data asset owner is applied to obtain a symmetric key of the encrypted data asset, and a public key of an authorized party is obtained to encrypt the data asset to generate a data asset copy for authorization.
6. The data asset authorization use history is recorded in a blockchain account book and is associated to an encrypted data asset account through a globally unique asset ID so as to be used for checking and tracing the asset circulation record in the later period.
The present embodiment is described in detail in terms of blockchain encrypted data asset account creation, blockchain encrypted data asset account content, and blockchain encrypted data asset application mode.
Based on a block chain infrastructure, an encrypted data asset account is constructed for the main body, and all the data assets on the chain are associated with the related main body according to the actual situation by using an intelligent contract, so that the relationship of the intricate and complex assets in the real world is represented.
1) Encrypted data asset account creation:
encrypted data asset accounts representing the identities of the social entities are created for the social entities, and each account generates a unique identification of a public and private key as an index associated with the assets on the chain.
2) Encrypted data asset account content:
the encrypted data asset account comprises a data asset ID owned under the account, and the data asset content, the data asset state, a data asset owner list, a data asset historical version and the like can be viewed through the asset ID, and the functions of asset authority confirmation, asset owner adding, asset owner deleting, asset circulation historical viewing, asset version backtracking and the like are realized.
Storing on the data asset chain:
and the issuer uploads the data assets to the block chain node through the application end, symmetrically encrypts the uploaded data assets by using the randomly generated symmetric key, and outputs the ID of the data assets as the unique identification on the chain of the assets. And storing the symmetrically encrypted data asset ciphertext in an IPFS system for retention, and storing and routing through block chain ledger record full-network consensus so as to create an encrypted data asset example.
Data asset content viewing:
data asset content is viewed in two cases:
(1) a data asset owner checks personal data assets by logging in a personal blockchain account; (2) the data asset owner authorizes the data asset to others to provide others with rights to view the data asset.
Data asset status viewing:
the embodiment provides data asset state checking, the state of the encrypted data asset can be checked, and the data asset corresponds to entity certificates such as certificates and certificates in real life, so that the data asset comprises a plurality of state conditions such as initial state, normal state, frozen state and the like.
Data asset validation:
and in the process of determining the right of the data asset, the public keys of a plurality of owners of the data asset are applied to asymmetrically encrypt the key of the symmetrically encrypted data asset, and the asset encryption mode, the ciphertext after asymmetrically encrypting the symmetric key and the route of the encrypted asset are all recorded in the block chain account book to support the data right owner to decrypt the symmetric key according to the private key of the data right owner to obtain the content of the data asset.
Data asset ownership view:
the data asset ownership is provided for viewing, the data is confirmed during the data uplink process, the long-term holder of the data asset is determined, and all the ownership who view the data asset is supported.
Data asset ownership is increased:
and if a right party is newly added to one asset in the real life circulation process, the right party can be added to the data asset corresponding to the block chain data asset account.
Data asset owner deletion:
the method provides a function of deleting the ownership of the data assets, the block chain encrypted data assets correspond to the data assets in the real world, the problems of asset transfer and asset deletion exist, and the block chain encrypted data asset account provides a function of deleting the ownership of the data assets.
And (3) data asset circulation record checking:
after establishing the encrypted data asset account, the support agent views the authorized usage record for the asset via the asset ID.
Data asset version backtracking:
the data asset owner may view historical versions of the data assets.
3) Application mode of encrypted data asset accounts:
after the on-chain encrypted data asset account is created, a plurality of application modes of the data asset are provided, such as presence authorization viewing, entrusting authorization, asset transfer and asset segmentation.
Authorized viewing of data assets:
the data owner uses and shares own data assets through the data asset authorized viewing,
during authorized viewing, the private key of the data owner is applied to obtain the symmetric key of the encrypted data asset. The original data asset is decrypted and then encrypted using the public key of the authorized party to generate an authorized copy of the data asset for viewing and use by the authorized party. The asset authorization has a specific time option, the data owner can determine the authorization time according to specific services, and the authorized copy can be automatically recycled after the authorization time.
Data asset delegation authorization:
the delegation authorization, i.e., the data owner temporarily transfers the right of use of the data asset to others, may specify a time limit within which the delegated owner may autonomously view or authorize sharing of the data asset.
Data asset transfer:
data asset transfer, i.e. the owner of the data asset transfers the data asset to another person, and after transfer the holder of the original data asset will not own any right and will not own the asset.
Merging and dividing data assets:
the data asset support is divided, namely, one data asset is divided into two data assets according to requirements so as to be used by actual business. Also, data assets support consolidation of data assets.
As another exemplary embodiment, there is provided a block chain encrypted data asset account information management system including:
an asset account creation module configured to obtain or create an encrypted data asset account representing a principal identity;
the asset account right confirming module is configured to receive data asset uploading information of a corresponding account, symmetrically encrypt the uploaded data asset by using a randomly generated symmetric key, and use the ID of the data asset as the unique identifier on the chain of the asset;
the asset information management module is configured to receive an application request of a data asset owner, determine the right of the data asset owner, asymmetrically encrypt a key of the symmetrically encrypted data asset by using a held public key, store the encrypted ciphertext and the ownership information by using an account book, decrypt the symmetric key by using the owner with the ownership according to a private key of the owner to obtain the data asset content, and manage the data asset information.
As shown in fig. 1, each module further includes a plurality of sub-modules, and each sub-module respectively executes each step in the above method embodiment or implements the function of the corresponding step, which is not described herein again.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts by those skilled in the art based on the technical solution of the present invention.
Claims (10)
1. A method for confirming, managing and using encrypted data assets based on a block chain is characterized in that: the method comprises the following steps:
obtaining or creating an encrypted data asset account representing the identity of the principal;
receiving data asset uploading information of a corresponding account, symmetrically encrypting the uploaded data asset by using a randomly generated symmetric key, and using the ID of the data asset as a unique identifier on a chain of the asset;
the method comprises the steps of receiving an application request of a data asset owner, determining the right of the data asset owner, asymmetrically encrypting a key of the symmetrically encrypted data asset by using a held public key, storing an encrypted ciphertext and right information by using an account book, decrypting the symmetric key by the owner with the right according to a private key of the owner to obtain the content of the data asset, and managing or using the data asset information.
2. The block chain based encrypted data asset entitlement, management and usage method of claim 1, characterized by: the encrypted data asset accounts each generate a unique identification of a public and private key that serves as an index associated with the asset on the chain.
3. The block chain based encrypted data asset entitlement, management and usage method of claim 1, characterized by: and storing and retaining a data asset ciphertext generated by symmetrically encrypting the uploaded data asset by using a randomly generated symmetric key in an IPFS (Internet protocol file system), and storing and routing the data asset ciphertext through block chain account book record whole network consensus.
4. The block chain based encrypted data asset entitlement, management and usage method of claim 1, characterized by: in the process of determining the right of the data asset owner, the asset encryption mode, the ciphertext obtained after asymmetrically encrypting the symmetric key and the route of the encrypted asset are all recorded in the block chain account book so as to support the data asset owner to decrypt the symmetric key according to the private key of the data asset owner to obtain the data asset content.
5. The block chain based encrypted data asset entitlement, management and usage method of claim 1, characterized by: when the application request is a data asset content viewing request, in an authorized viewing process, a private key of an application data owner acquires a symmetric key of an encrypted data asset; the original data asset is decrypted and then encrypted using the public key of the authorized party to generate an authorized copy of the data asset for viewing and use by the authorized party.
6. The block chain based encrypted data asset entitlement, management and usage method of claim 1, characterized by: when the application request is data asset entrustment authorization, a data asset owner adds or deletes the ownership and the valid period of the corresponding data asset in the block chain data asset account in advance, and the entrusted person independently checks or authorizes to share the data asset account information within the valid period.
7. The block chain based encrypted data asset entitlement, management and usage method of claim 1, characterized by: when the application request is data asset transfer, a data asset owner transfers the data asset to other people, the transfer is executed after the right confirmation process is carried out, and after the transfer, an original data asset holder does not own any right and does not own the management authority of the asset and the account information.
8. The block chain based encrypted data asset entitlement, management and usage method of claim 1, characterized by: and when the application request is responded, the private key of the owner of the application data asset acquires the symmetric key of the encrypted data asset, and the public key of the authorized party is acquired to encrypt the data asset to generate a data asset copy for authorization.
9. The block chain based encrypted data asset entitlement, management and usage method of claim 1, characterized by: the data asset authorization usage history is recorded in a blockchain ledger and is associated with the encrypted data asset account by a globally unique asset ID to provide an asset flow record for traceability.
10. An encrypted data asset right confirming, managing and using device based on block chain is characterized in that: the method comprises the following steps:
an asset account creation module configured to obtain or create an encrypted data asset account representing a principal identity;
the asset account right confirming module is configured to receive data asset uploading information of a corresponding account, symmetrically encrypt the uploaded data asset by using a randomly generated symmetric key, and use the ID of the data asset as the unique identifier on the chain of the asset;
the asset information management module is configured to receive an application request of a data asset owner, determine the right of the data asset owner, asymmetrically encrypt a key of the symmetrically encrypted data asset by using a held public key, store the encrypted ciphertext and the ownership information by using an account book, decrypt the symmetric key by using the owner with the ownership according to a private key of the owner to obtain the data asset content, and manage or use the data asset information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111398176.3A CN114329512A (en) | 2021-11-19 | 2021-11-19 | Encrypted data asset right confirming, managing and using method and device based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111398176.3A CN114329512A (en) | 2021-11-19 | 2021-11-19 | Encrypted data asset right confirming, managing and using method and device based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114329512A true CN114329512A (en) | 2022-04-12 |
Family
ID=81047152
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111398176.3A Pending CN114329512A (en) | 2021-11-19 | 2021-11-19 | Encrypted data asset right confirming, managing and using method and device based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114329512A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115757637A (en) * | 2022-11-30 | 2023-03-07 | 常州唯实智能物联创新中心有限公司 | Block chain-based diesel locomotive data management method and device |
-
2021
- 2021-11-19 CN CN202111398176.3A patent/CN114329512A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115757637A (en) * | 2022-11-30 | 2023-03-07 | 常州唯实智能物联创新中心有限公司 | Block chain-based diesel locomotive data management method and device |
| CN115757637B (en) * | 2022-11-30 | 2024-03-12 | 常州唯实智能物联创新中心有限公司 | Block chain-based diesel locomotive data management method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sharma et al. | Blockchain technology for cloud storage: A systematic literature review | |
| US11899820B2 (en) | Secure identity and profiling system | |
| CN109492419B (en) | Method, device and storage medium for acquiring data in block chain | |
| US10735202B2 (en) | Anonymous consent and data sharing on a blockchain | |
| CN106503574B (en) | Block chain safe storage method | |
| CN110535833B (en) | Data sharing control method based on block chain | |
| CN111931238B (en) | Block chain-based data asset transfer method, device and equipment | |
| US20190333031A1 (en) | System, method, and computer program product for validating blockchain or distributed ledger transactions in a service requiring payment | |
| US20210218720A1 (en) | Systems and methods for secure custodial service | |
| US11403417B2 (en) | Managing group authority and access to a secured file system in a decentralized environment | |
| CN112347470A (en) | Power grid data protection method and system based on block chain and data security sandbox | |
| CN111434084A (en) | Permission to access information from an entity | |
| CN110352413A (en) | A kind of real data files access control method and system based on strategy | |
| CN109587146A (en) | Method for managing object and system based on block chain | |
| CN113364589B (en) | Key management system, method and storage medium for federal learning security audit | |
| CN115296838B (en) | Block chain-based data sharing method, system and storage medium | |
| CN112149077B (en) | Supply chain billing method, system and computer equipment based on block chain technology | |
| CN112967054B (en) | Data management method, device and equipment | |
| CN117396869A (en) | System and method for secure key management using distributed ledger techniques | |
| CN113271366B (en) | Data sharing system based on block chain and safety calculation | |
| Ernstberger et al. | SoK: Data Sovereignty | |
| CN114329512A (en) | Encrypted data asset right confirming, managing and using method and device based on block chain | |
| CN114239043A (en) | Shared encryption storage system constructed based on block chain technology | |
| Sadath et al. | Scalability in Blockchain-Hyperledger Fabric and Hierarchical Model | |
| US20230177209A1 (en) | Distributed Communication Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |