CN114745201B - Data access privacy protection system and method based on blockchain and attribute encryption - Google Patents

Data access privacy protection system and method based on blockchain and attribute encryption Download PDF

Info

Publication number
CN114745201B
CN114745201B CN202210494243.XA CN202210494243A CN114745201B CN 114745201 B CN114745201 B CN 114745201B CN 202210494243 A CN202210494243 A CN 202210494243A CN 114745201 B CN114745201 B CN 114745201B
Authority
CN
China
Prior art keywords
data
attribute
key
encryption
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210494243.XA
Other languages
Chinese (zh)
Other versions
CN114745201A (en
Inventor
杨洋
王理
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202210494243.XA priority Critical patent/CN114745201B/en
Publication of CN114745201A publication Critical patent/CN114745201A/en
Application granted granted Critical
Publication of CN114745201B publication Critical patent/CN114745201B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data access privacy protection system based on blockchain and attribute encryption, which comprises a user management module, a user management module and a data access privacy protection module, wherein the user management module generates an identity key for an enterprise user according to an identity number of the enterprise user and a group of random numbers; the data encryption uploading module encrypts and stores the data file in the IPFS distributed database by using an SM4 encryption algorithm, sets a file access authority attribute strategy, and generates and returns a corresponding public key and private key pair according to the attribute strategy; encrypting a plaintext to be uploaded to obtain a ciphertext; and the data access module generates a private key and a conversion key according to the checking result and the identity key, successfully obtains a storage address and an SM4 symmetric key of the data according to the private key of the visitor, requests to obtain encrypted data according to the storage address, and decrypts the encrypted data by using the symmetric key obtained by decryption to obtain plaintext data. The invention realizes the decentralized process of the evaluation and attribute distribution of the newly added enterprise users, and improves the safety of the evaluation process of the newly added enterprise users.

Description

Data access privacy protection system and method based on blockchain and attribute encryption
Technical Field
The invention relates to the technical field of blockchain and data access, in particular to a data access privacy protection system and method based on blockchain and attribute encryption.
Background
Most of the existing data sharing systems adopt a data access control method based on attribute encryption to realize fine-grained data access control among enterprises, namely, corresponding rights can be acquired by possessing attributes. However, for newly added enterprise users, most systems evaluate enterprise users by introducing a third party organization, and the third party organization directly grants enterprise user attributes according to the evaluation results, while the evaluation process and the attribute grant results are not disclosed to other enterprise users, resulting in the following two possible problems:
(1) The third party assessment process is opaque, if the assessment process has problems, some enterprise users can have abnormal access rights to data, so that other enterprise data privacy in the system can be leaked.
(2) Since the enterprise users as the data provider do not know the properties owned by other users, it is difficult to set reasonable rights to the own enterprise data access because it is impossible to know which enterprise users can access the own data.
Disclosure of Invention
The invention aims to provide a data access privacy protection system and method based on blockchain and attribute encryption, so as to solve the problems.
The invention solves the technical problems by adopting the following technical scheme:
the data access privacy protection system based on block chain and attribute encryption comprises a user management module, a data encryption uploading module and a data access module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the user management module shares the proving material and the application attribute data uploaded by enterprises with cross-industry data requirements to all existing enterprise users, distributes attribute rights to newly-added enterprise users according to voting results of voting on the applied attribute rights of the existing enterprise users, and stores the process data in a link mode; generating an identity key for the enterprise user according to the identity number of the enterprise user and a group of random numbers;
the data encryption uploading module encrypts and stores the data file in the IPFS distributed database by using an SM4 encryption algorithm, sets a file access authority attribute strategy, and generates and returns a corresponding public key and private key pair according to the attribute strategy; encrypting a plaintext to be uploaded to obtain a ciphertext;
the data access module is used for checking the attribute set of the data visitor according to the data access strategy, generating a private key and a conversion key according to the checking result and the identity key, successfully obtaining the storage address and the SM4 symmetric key of the data according to the private key of the visitor, obtaining the encrypted data according to the storage address request, and decrypting the encrypted data by using the symmetric key obtained by decryption to obtain the plaintext data.
Further, the method for encrypting the plaintext to be uploaded to obtain the ciphertext comprises the following steps:
let A be m n attribute matrix, each column is an attribute, and the attribute is represented by m dimension column vector; f is a function mapping, each column of the matrix is mapped into an attribute; setting p as a prime number;
the encryption process is expressed as: enc (p, M, (A, F), { APK } - > CT
M is plaintext to be encrypted, (A, F) is access right attribute strategy, APK is public key generated according to attribute, CT is ciphertext after encryption is completed.
Further, the method for obtaining the plaintext data by decrypting the symmetric key obtained by decryption comprises the following steps:
let EID be the enterprise user identity number:
the decryption process is expressed as Dec (p, CT, { TK, EID }) →M
Where TK is the translation key.
The data access privacy protection method based on block chain and attribute encryption comprises the following steps:
step one: distributing attributes to the new users according to voting conditions of all users, and storing auditing results and attribute distribution conditions on a chain;
step two: encrypting a data file of a user through an SM4 encryption algorithm, storing the encrypted data file in an IPFS distributed database, encrypting an address of data stored on the IPFS and an SM4 symmetric key according to an attribute authority set by the user, storing the encrypted data file on a blockchain, and attaching a related data abstract;
step three: the consensus node verifies and consensus the data uploaded by the user, generates a new block and then adds the new block into a block chain;
step four: detecting whether the attribute authority of the data visitor meets the requirement, if so, the data visitor can acquire the address of the data file and the symmetric encryption key, and can access the data file according to the address and the symmetric encryption key; if the access authority is not satisfied, the data file address and the encryption key cannot be obtained; and recording and storing the data access process data in a uplink mode.
Further, before the first step, the method further includes: the existing users audit the new user uploading materials, vote on the attributes applied by the new users according to the auditing results and give whether the admission qualification of joining the blockchain system can be obtained or not.
Further, before the step of uploading the related proving material and selecting the application attribute authority of the newly added user of the enterprise community data sharing system, the method further comprises the following steps: the enterprise community data share newly joined users upload their associated certification materials and select application attribute rights.
Further, before the fourth step, the method further includes: when accessing data, the user searches the needed data according to the provided data abstract and selects the needed data to initiate an access request.
The beneficial effects are that:
the invention provides a data access privacy protection system and a data access privacy protection method based on blockchain and attribute encryption, which realize the process of decentralized user evaluation and attribute distribution of a new enterprise. Compared with the existing inter-enterprise data access method, the method has three advantages and positive effects:
all users can evaluate the new enterprise users according to the materials provided by the new enterprise users, so that the safety of the evaluation process of the new enterprise users is improved.
And the data provider can easily set the access authority of the data file by distributing the result of the uplink storage to the newly added enterprise user attribute so as to protect the privacy of the data file.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
FIG. 2 is a flow chart of the new enterprise user registration of the present invention.
FIG. 3 is a flow chart of the data encryption uploading of the present invention.
FIG. 4 is a flow chart of the data grant access of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
2-4, the invention discloses a data access privacy protection system based on blockchain and attribute encryption, which comprises a user management module, a data encryption uploading module and a data access module; wherein, the liquid crystal display device comprises a liquid crystal display device,
and a user management module: existing data sharing system users are often businesses or units of a plurality of different industries, each unit or business serving as an individual to access the data sharing system blockchain network. The user management module provided by the scheme supports enterprise user assessment and attribute authority grant operations in the alliance chain. The enterprise crossing the industry data requirement firstly needs to upload related proving materials in a data sharing system, selects application attribute authorities, and shares proving materials and application attribute data to all existing enterprise users, and the existing enterprise users evaluate the newly added enterprise according to the materials and vote on the application attribute authorities. After the voting is finished, the system allocates attribute authorities to newly-added enterprise users according to voting results, and stores the process data in a uplink mode. After this process is completed, the system will generate an identity key (UK) for its enterprise user identity number (EID) and a set of random numbers (RPN), for which the enterprise user now gains access to the enterprise community data sharing system.
The new enterprise user registration process is as follows:
1.1 uploading related proving materials by newly added enterprise users, and selecting application attributes.
1.2 the existing enterprise users audit the materials of the newly added enterprise users, and vote the attributes applied by the newly added enterprise users according to the audit result. If the material audit is not passed, the newly added enterprise user fails to acquire the admission qualification. And if the verification passes, acquiring the admission qualification.
1.3, after the newly added enterprise user obtains the admission qualification, the data sharing system grants the corresponding attribute authority of the newly added enterprise user according to the voting result of the existing enterprise user for the newly added enterprise user attribute application. After the attribute permission is allocated, the system performs data uplink storage on the material auditing data and the attribute allocation condition, and supports all users to check the data.
Application example: there are A, B, C, D enterprises on a certain enterprise community data sharing system, and the existing enterprise E wants to join the system. Firstly, an enterprise E logs in a system, uploads enterprise related materials, and selects application attribute authorities. Enterprise A, B, C, D receives the material of E and votes whether E can join the system or not and the application rights based on the material. If the voting passes, the enterprise E acquires the authority of joining the system, and becomes a user of the data sharing system to acquire the functions of data uploading, data access and the like, and can upload enterprise materials again and apply for attribute authorities in a certain time period.
And a data encryption uploading module: after gaining access to the data sharing system, the enterprise user becomes both a data provider and a data visitor. During data uploading, the data provider encrypts and stores the data file in the IPFS distributed database by using an SM4 encryption algorithm, and sets a file access authority attribute strategy (A, F), at which time the system generates and returns a corresponding public key and private key pair (APK, ASK) according to the attribute strategy (A, F). The data owner encrypts the plaintext (M) (data storage address, symmetric encryption key) to be uploaded accordingly to obtain Ciphertext (CT). Let A be m n attribute matrix, each column is an attribute, and the attribute is represented by m dimension column vector; f is a function mapping, each column of the matrix is mapped into an attribute; setting p as a prime number;
the encryption process is expressed as: enc (p, M, (A, F), { APK } - > CT
M is plaintext to be encrypted, (A, F) is access right attribute strategy, APK is public key generated according to attribute, CT is ciphertext after encryption is completed.
After encryption, the data provider transmits the encrypted data address and the data abstract to the chain. After uploading, the consensus user verifies and consensus the data information, generates a new block and joins the blockchain.
The data encryption uploading flow is as follows:
2.1, firstly, encrypting a data file by an SM4 encryption algorithm, and storing the encrypted file in an IPFS distributed database; and setting access attribute policies of the data files, encrypting the storage addresses of the data files and the encryption keys according to the policies, and uploading the encrypted addresses and the keys to the blockchain.
2.2 consensus user verifies and consensus the data address and key uploaded by the data owner and generates a new block to be added into the blockchain.
And a data access module: when the data visitor applies for accessing data according to the data abstract, the system firstly checks the attribute set of the data visitor according to the data access strategy, generates a private key (SK) and a conversion key (TK) according to the checking result and the identity key, the visitor can successfully obtain the storage address of the data and the SM4 symmetric key according to the private key, then obtains the encrypted data according to the storage address request, and then decrypts the encrypted symmetric key to obtain plaintext data. Let EID be the enterprise user identity number:
this decryption process may be denoted as Dec (p, CT, { TK, EID }) →m.
Where TK is the translation key.
And for unauthorized users, the storage address of the data and the symmetric encryption key cannot be obtained, so that the access of the data file cannot be performed.
The data access flow is as follows:
3.1 the data access party selects the data file according to the on-chain data summary information and sends a data access request to the system.
And 3.2, the data sharing system detects the attribute authority set by the data owner on the data file, and generates a private key and a conversion key according to the attribute authority and the identity key of the data visitor.
And 3.3, the data visitor decrypts the data address and the symmetric encryption key through the private key, accesses the data owner database, acquires the corresponding file, and can acquire the required data after decryption.
3.4 the data sharing system performs the uplink storage record on the data process data accessed by the data visitor.
Referring to fig. 1, the invention also provides a data access privacy protection method based on blockchain and attribute encryption, which comprises the following steps:
step S1: and uploading the related proving materials of the newly added users of the enterprise community data sharing system, and selecting application attribute authorities.
Step S2: the existing users audit the new user uploading materials, vote on the attributes applied by the new users according to the auditing results and give whether the admission qualification of joining the blockchain system can be obtained or not.
Step S3: if the new user material fails the audit, the admission qualification cannot be obtained; if the material auditing passes and the admission qualification is obtained, the system distributes attributes to the new users according to the voting conditions of all the users, and stores the auditing results and attribute distribution conditions on a chain. The new user has the functions of data uploading and data accessing.
Step S4: when a user uploads data, the system encrypts a data file of the user through an SM4 encryption algorithm and stores the encrypted data file in an IPFS distributed database, encrypts an address of data stored on the IPFS and an SM4 symmetric key according to an attribute authority set by the user and stores the encrypted address and the SM4 symmetric key on a blockchain, and attaches related data summaries.
Step S5: and the consensus node verifies and consensus the data uploaded by the user, generates a new block, and then adds the new block into the block chain.
Step S6: when accessing data, a user can search the needed data according to the data abstract provided by the system and select the needed data to initiate an access request to the system.
Step S7: the system detects whether the attribute authority of the data visitor meets the requirement, if so, the data visitor can acquire the address of the data file and the symmetric encryption key, and can access the data file according to the address and the symmetric encryption key. If the access authority is not satisfied, the data file address and the encryption key cannot be acquired. The system will record and store the data access process data in a chain.
The invention combines the characteristics of decentralization, non-falsification and easy traceability of the blockchain with a data access control method based on attribute encryption, replaces a centralized audit and evaluation mechanism of a third mechanism with a new user audit and authorization mechanism of all enterprise users in the decentralization system, directly stores audit data and result data as shared data on the blockchain, encrypts and stores a shared data file of a data provider in an IPFS distributed database, stores a data access address and a symmetric encryption key on the blockchain for all users to inquire, and realizes the transparent and decentralization enterprise user evaluation and attribute authority allocation process; the enterprise user is provided with the function of inquiring the attribute authority possessed by other users, so that the data provider can easily set the data access control authority of the enterprise user, and the data privacy of the enterprise user is prevented from being leaked.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (2)

1. The data access privacy protection system based on block chain and attribute encryption is characterized by comprising a user management module, a data encryption uploading module and a data access module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the user management module shares the proving material and the application attribute authority uploaded by enterprises which cross the industry data requirements to all existing enterprise users, distributes the attribute authority to newly added enterprise users according to the voting result of the existing enterprise users for voting the applied attribute authority, and stores the process data in a uplink manner; generating an identity key for the enterprise user according to the identity number of the enterprise user and a group of random numbers;
the data encryption uploading module encrypts and stores the data file in the IPFS distributed database by using an SM4 encryption algorithm, sets a file access authority attribute strategy, and generates and returns a corresponding public key and private key pair according to the attribute strategy; encrypting a plaintext to be uploaded to obtain a ciphertext;
the data access module is used for checking the attribute set of the data visitor according to the data access strategy, generating a private key and a conversion key according to the checking result and the identity key, successfully obtaining the storage address and the SM4 symmetric key of the data according to the private key of the visitor, obtaining the encrypted data according to the storage address request, and decrypting the encrypted data by using the symmetric key obtained by decryption to obtain plaintext data;
firstly, encrypting a data file by a data owner through an SM4 encryption algorithm, and storing the encrypted file in an IPFS distributed database; setting access attribute strategies of the data files, encrypting the storage addresses of the data files and the encryption keys according to the strategies, and uploading the encrypted addresses and the encryption keys to a blockchain;
the consensus user verifies and consensus the data address and the secret key uploaded by the data owner, generates a new block and adds the new block into a block chain;
let A be m n attribute matrix, each column is an attribute, and the attribute is represented by m dimension column vector; f is a function mapping, each column of the matrix is mapped into an attribute; setting p as a prime number;
the encryption process is expressed as: enc (p, M, (A, F), { APK } - > CT
Wherein M is plaintext to be encrypted, (A, F) is access right attribute strategy, APK is public key generated according to attribute, CT is ciphertext after encryption;
after encryption, the data provider transmits the encrypted data address and the encrypted data abstract to a chain; after uploading, the consensus user verifies and consensus the data information, generates a new block and joins the block chain;
the data access party selects a data file according to the on-chain data abstract information and sends a data access request to the system;
the data sharing system detects an attribute authority set by a data owner on a data file, and generates a private key and a conversion key according to the attribute authority and an identity key of a data access party;
the data access party decrypts the data address and the symmetric encryption key through the private key, accesses the data owner database, acquires the corresponding file, and acquires the required data after decryption;
the data sharing system performs uplink storage record on the data of the data process accessed by the data access party;
let EID be the enterprise user identity number:
this decryption process is denoted Dec (p, CT, { TK, EID }) →m;
where TK is the translation key.
2. The data access privacy protection method based on block chain and attribute encryption is characterized by comprising the following steps:
step one: distributing attributes to the new users according to voting conditions of all users, and storing auditing results and attribute distribution conditions on a chain;
step two: encrypting a data file of a user through an SM4 encryption algorithm, storing the encrypted data file in an IPFS distributed database, encrypting an address of data stored on the IPFS and an SM4 symmetric key according to an attribute authority set by the user, storing the encrypted data file on a blockchain, and attaching a related data abstract;
step three: the consensus node verifies and consensus the data uploaded by the user, generates a new block and then adds the new block into a block chain;
step four: detecting whether the attribute authority of the data visitor meets the requirement, if so, the data visitor can acquire the address of the data file and the symmetric encryption key, and can access the data file according to the address and the symmetric encryption key; if the access authority is not satisfied, the data file address and the encryption key cannot be obtained; recording and uplink storing data access process data;
an enterprise crossing industry data demands firstly needs to upload related proving materials in a data sharing system, selects application attribute authorities, shares the proving materials and the application attribute authorities to all existing enterprise users, and the existing enterprise users evaluate newly added enterprises according to the materials and vote on the applied attribute authorities; after the voting is finished, attribute rights are allocated to newly-added enterprise users according to voting results, and the process data are stored in a uplink manner; after the process is completed, an identity key is generated for the enterprise user according to the identity number of the enterprise user and a group of random numbers, and the enterprise user obtains the access qualification of the enterprise community data sharing system at the moment;
let A be m n attribute matrix, each column is an attribute, and the attribute is represented by m dimension column vector; f is a function mapping, each column of the matrix is mapped into an attribute; setting p as a prime number;
the encryption process is expressed as: enc (p, M, (A, F), { APK } - > CT
Wherein M is plaintext to be encrypted, (A, F) is access right attribute strategy, APK is public key generated according to attribute, CT is ciphertext after encryption;
after encryption, the data provider transmits the encrypted data address and the encrypted data abstract to a chain; after uploading, the consensus user verifies and consensus the data information, generates a new block and joins the block chain;
the data encryption uploading flow is as follows:
firstly, encrypting a data file by a data owner through an SM4 encryption algorithm, and storing the encrypted file in an IPFS distributed database; setting access attribute strategies of the data files, encrypting the storage addresses of the data files and the encryption keys according to the strategies, and uploading the encrypted addresses and the encryption keys to a blockchain;
the consensus user verifies and consensus the data address and the secret key uploaded by the data owner, generates a new block and adds the new block into a block chain;
when the data access module is used as a data access party and applies for accessing data according to a data abstract, the system firstly checks the attribute set of the data access party according to a data access strategy, generates a private key and a conversion key according to a check result and an identity key, the access party successfully obtains a storage address and an SM4 symmetric key of the data according to the private key of the access party, obtains encrypted data according to a storage address request, and decrypts the encrypted data by using the decrypted symmetric key to obtain plaintext data;
let EID be the enterprise user identity number:
this decryption process is denoted Dec (p, CT, { TK, EID }) →m;
wherein TK is a conversion key;
the data access flow is as follows:
the data access party selects a data file according to the on-chain data abstract information and sends out a data access request;
the data sharing system detects an attribute authority set by a data owner on a data file, and generates a private key and a conversion key according to the attribute authority and an identity key of a data access party;
the data access party decrypts the data address and the symmetric encryption key through the private key, accesses the data owner database, acquires the corresponding file, and acquires the required data after decryption;
the data sharing system performs uplink storage record on the data process data accessed by the data access party.
CN202210494243.XA 2022-05-07 2022-05-07 Data access privacy protection system and method based on blockchain and attribute encryption Active CN114745201B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210494243.XA CN114745201B (en) 2022-05-07 2022-05-07 Data access privacy protection system and method based on blockchain and attribute encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210494243.XA CN114745201B (en) 2022-05-07 2022-05-07 Data access privacy protection system and method based on blockchain and attribute encryption

Publications (2)

Publication Number Publication Date
CN114745201A CN114745201A (en) 2022-07-12
CN114745201B true CN114745201B (en) 2023-05-23

Family

ID=82285626

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210494243.XA Active CN114745201B (en) 2022-05-07 2022-05-07 Data access privacy protection system and method based on blockchain and attribute encryption

Country Status (1)

Country Link
CN (1) CN114745201B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115271554A (en) * 2022-09-27 2022-11-01 北京共识数信科技有限公司 Method, system and medium for analyzing commissioning service quality map based on block chain
CN117251859A (en) * 2023-03-15 2023-12-19 桂林电子科技大学 System and method for sharing geographic information data based on blockchain
CN116566745B (en) * 2023-07-11 2023-10-13 国网湖北省电力有限公司武汉供电公司 Block chain-based data sharing and monitoring system and method
CN116881947A (en) * 2023-08-01 2023-10-13 江苏恒为信息科技有限公司 Block chain-based enterprise database security access control method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624522A (en) * 2012-03-30 2012-08-01 华中科技大学 Key encryption method based on file attribution
CN109951498A (en) * 2019-04-18 2019-06-28 中央财经大学 A kind of block chain access control method and device based on ciphertext policy ABE encryption
CN113645195A (en) * 2021-07-17 2021-11-12 中国人民解放军战略支援部队信息工程大学 Ciphertext access control system and method based on CP-ABE and SM4

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108898475B (en) * 2018-05-08 2021-04-06 众安信息技术服务有限公司 Attribute encryption-based alliance block chain credit implementation method and system
CN109559117B (en) * 2018-11-14 2022-05-20 北京科技大学 Block linkage contract privacy protection method and system based on attribute-based encryption
CN110099043B (en) * 2019-03-24 2021-09-17 西安电子科技大学 Multi-authorization-center access control method supporting policy hiding and cloud storage system
CN110689331A (en) * 2019-09-25 2020-01-14 重庆邮电大学 Block chain-based digital currency transaction method and system
CN110719176A (en) * 2019-10-22 2020-01-21 黑龙江工业学院 Logistics privacy protection method and system based on block chain and readable storage medium
CN111901302B (en) * 2020-06-28 2022-02-25 石家庄铁道大学 Medical information attribute encryption access control method based on block chain
CN112688927B (en) * 2020-12-18 2022-06-24 重庆大学 Block chain-based distributed access control method
CN112738194A (en) * 2020-12-25 2021-04-30 南京联成科技发展股份有限公司 Access control system for safe operation and maintenance management
CN113162907A (en) * 2021-03-02 2021-07-23 西安电子科技大学 Attribute-based access control method and system based on block chain
CN112989385B (en) * 2021-03-26 2022-07-19 中国人民解放军国防科技大学 Method and system for controlling data security dynamic access in inter-cloud computing environment
CN113779612B (en) * 2021-09-30 2023-06-13 国网湖南省电力有限公司 Data sharing method and system based on blockchain and hidden policy attribute encryption

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624522A (en) * 2012-03-30 2012-08-01 华中科技大学 Key encryption method based on file attribution
CN109951498A (en) * 2019-04-18 2019-06-28 中央财经大学 A kind of block chain access control method and device based on ciphertext policy ABE encryption
CN113645195A (en) * 2021-07-17 2021-11-12 中国人民解放军战略支援部队信息工程大学 Ciphertext access control system and method based on CP-ABE and SM4

Also Published As

Publication number Publication date
CN114745201A (en) 2022-07-12

Similar Documents

Publication Publication Date Title
CN114745201B (en) Data access privacy protection system and method based on blockchain and attribute encryption
US10803194B2 (en) System and a method for management of confidential data
US8850593B2 (en) Data management using a virtual machine-data image
AU2010256810B2 (en) Workgroup key wrapping for community of interest membership authentication
US20100211781A1 (en) Trusted cloud computing and services framework
CN105072180A (en) Cloud storage data security sharing method with permission time control
CN106992988B (en) Cross-domain anonymous resource sharing platform and implementation method thereof
CN106161402A (en) Encryption equipment key injected system based on cloud environment, method and device
WO2010093558A2 (en) Trusted cloud computing and services framework
US10657275B2 (en) Encryption directed database management system and method
CN115567312B (en) Alliance chain data authority management system and method capable of meeting various scenes
CN112926082A (en) Information processing method and device based on block chain
EP3817320B1 (en) Blockchain-based system for issuing and validating certificates
Fugkeaw Achieving privacy and security in multi-owner data outsourcing
Almutairi et al. Survey of centralized and decentralized access control models in cloud computing
CN112995109B (en) Data encryption system, data encryption method, data processing device and electronic equipment
CN116155585A (en) Data sharing method and system
Fugkeaw et al. Enabling dynamic and efficient data access control in cloud computing based on attribute certificate management and CP-ABE
CN115048672A (en) Data auditing method and device based on block chain, processor and electronic equipment
KR102115828B1 (en) Paper spillage prevention method based on block chain
CN114762291A (en) Method, computer program and data sharing system for sharing user specific data of a user
Celiktas et al. A Higher Level Security Protocol for Cloud Computing
US20240179150A1 (en) Management of access rights to digital files with possible delegation of the rights
Mulimani et al. Preserving Anonymity in Cloud Environment
CN117473551A (en) Data sharing method based on block chain and access control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant