WO2024011812A1

WO2024011812A1 - Blockchain-based supervision system and method, device, and medium

Info

Publication number: WO2024011812A1
Application number: PCT/CN2022/133823
Authority: WO
Inventors: 谢志勇; 张闯; 孙颉; 任智新
Original assignee: 广东浪潮智慧计算技术有限公司
Priority date: 2022-07-15
Filing date: 2022-11-23
Publication date: 2024-01-18
Also published as: CN115118751A; CN115118751B

Abstract

The present application relates to the technical field of blockchains, and discloses a blockchain-based supervision system. A data encryption unit achieves encryption of transaction data and a key, and an abnormal transaction detection unit performs symmetric ciphertext retrieval on a transaction data ciphertext according to coding information corresponding to the transaction data. When the transaction data is abnormal, the transaction data ciphertext, the coding information, and a key ciphertext are saved together in a data storage unit. A proxy re-encryption unit generates a proxy re-encryption key; the proxy re-encryption key is a key generated according to a system private key and a public key of a supervisor; the coding information, the transaction data ciphertext, and the key ciphertext are read from the data storage unit; the key ciphertext is encrypted by using the proxy re-encryption key to obtain a re-encryption key ciphertext; and the coding information, the transaction data ciphertext, and the re-encryption key ciphertext are transmitted to a supervision client. The mutual cooperation of functional modules in the supervision system achieves reasonable and effective supervision of a blockchain.

Description

A blockchain-based supervision system, method, device and medium

Cross-references to related applications

This application requests the priority of the Chinese patent application submitted to the China Patent Office on July 15, 2022, with the application number 202210831344.1, and the application name is "A blockchain-based supervision system, method, equipment and medium", all of which The contents are incorporated into this application by reference.

Technical field

This application relates to the field of blockchain technology, and in particular to a blockchain-based supervision system, method, device and computer non-volatile readable storage medium.

Background technique

In recent years, blockchain technology has been developing rapidly and is widely used in the financial field, legal field, medical field, energy field, entertainment field, notarization field, etc. At present, academic circles mainly focus on the key technologies of blockchain, including the tracking and visualization of blockchain nodes, the penetrating supervision technology of alliance chains, the active discovery and detection and disposal technology of public chains, etc. As blockchain applications continue to deepen and expand, it also brings a series of risk challenges. At present, there is relatively insufficient research on blockchain regulatory technology. There is a lack of regulatory-friendly, privacy-safe blockchain regulatory technology, and it is impossible to achieve reasonable supervision of multi-blockchain systems. At the same time, there is also a lack of reasonable control over supervision. There will be Data security issues arise due to the introduction of regulation.

Contents of the invention

The purpose of the embodiments of this application is to provide a blockchain-based supervision system, method, equipment and computer non-volatile readable storage medium, which can achieve reasonable and effective supervision of the blockchain.

In order to solve the above technical problems, embodiments of the present application provide a blockchain-based supervision system, including a data encryption unit, an abnormal transaction detection unit, a data storage unit and an agent re-encryption unit;

The data encryption unit is used to encrypt the transaction data of the business blockchain; encrypt the key for encrypting the transaction data; and transmit the obtained transaction data ciphertext and key ciphertext to the abnormal transaction detection unit;

The abnormal transaction detection unit is used to perform symmetric ciphertext retrieval of the transaction data ciphertext based on the encoding information corresponding to the transaction data; when abnormal transaction data ciphertext is retrieved, the encoding information, transaction data ciphertext and key encryption The file is saved to the data storage unit; among them, the encoding information is used to represent the business blockchain identification and the corresponding client identification;

The agent re-encryption unit is used to generate the agent re-encryption key; where the agent re-encryption key is a key generated based on the system private key and the supervisor's public key; reads encoded information and transaction data ciphertext from the data storage unit and the key ciphertext; use the proxy re-encryption key to encrypt the key ciphertext to obtain the re-encryption key ciphertext; transmit the encoded information, transaction data ciphertext and re-encryption key ciphertext to the supervision client.

Optionally, the data encryption unit is used to encrypt the transaction data of the business blockchain using a randomly generated key to obtain the ciphertext of the transaction data.

Optionally, the data encryption unit is used to encrypt the key based on the system public key of the supervision system to obtain the key ciphertext.

Optionally, a key generation unit is also included;

Key generation unit, a key generation unit used to generate the system public key and the system private key of the supervision system.

Optionally, the data encryption unit is configured to, upon receiving the transaction data sent by the client, use the system public key to encrypt the coded information corresponding to the client to obtain the ciphertext of the coded information.

Optionally, it also includes a data receiving unit disposed between the data encryption unit and the abnormal transaction detection unit;

The data receiving unit is used to receive the encoded information ciphertext, transaction data ciphertext, key ciphertext and digital signature transmitted by the data encryption unit; after the digital signature verification is passed, the encoded information ciphertext, transaction data ciphertext and key The ciphertext is forwarded to the abnormal transaction detection unit.

Optionally, it also includes a data access unit disposed between the data receiving unit and the abnormal transaction detection unit;

The data access unit is used to decrypt and verify the ciphertext of the coded information based on the system private key of the supervision system and the pre-stored coded information; when the decrypted coded information passes the verification, the coded information and transaction data The ciphertext and key ciphertext are forwarded to the abnormal transaction detection unit.

Optionally, the data storage unit is used to store the encoding information, transaction data ciphertext and key ciphertext according to the business chain type and client identification.

Optionally, the data storage unit is used to send prompt information requiring manual review to the supervision client.

Optionally, the agent re-encryption unit is used to verify the identity of the supervision client. When the identity of the supervision client passes the verification, perform the process of reading the encoded information, transaction data ciphertext and key ciphertext from the data storage unit. step.

Optionally, a supervisory unit is also included;

The supervision unit is used to record the supervisor’s public key and encoded information, transaction data ciphertext and key ciphertext.

Optionally, there are multiple data encryption units, and each client has a corresponding data encryption unit. Each data encryption unit is used to generate a corresponding public-private key pair and encoding information for the client.

The embodiment of this application also provides a blockchain-based supervision method, including:

Encrypt the transaction data of the business blockchain to obtain the ciphertext of the transaction data; and encrypt the key of the encrypted transaction data to obtain the key ciphertext;

Perform symmetric ciphertext retrieval on the transaction data ciphertext based on the encoding information corresponding to the transaction data;

When there is an abnormality in the transaction data ciphertext retrieved, the encoding information, transaction data ciphertext and key ciphertext are saved; among them, the encoding information is used to represent the business blockchain identification and the corresponding client identification;

Generate an agent re-encryption key; where the agent re-encryption key is a key generated based on the system private key and the supervisor's public key;

Read the encoded information, transaction data ciphertext and key ciphertext;

Use the proxy re-encryption key to encrypt the key ciphertext to obtain the re-encryption key ciphertext; transmit the encoded information, transaction data ciphertext and re-encryption key ciphertext to the supervision client.

Optionally, encrypt the transaction data of the business blockchain, and the resulting ciphertext of the transaction data includes:

Use the randomly generated key to encrypt the transaction data of the business blockchain and obtain the ciphertext of the transaction data;

Encrypt the key used to encrypt the transaction data and obtain the key ciphertext including:

The key is encrypted based on the system public key of the supervision system to obtain the key ciphertext.

Optionally, before encrypting the transaction data of the business blockchain, the obtained transaction data ciphertext also includes:

The system public key and system private key of the supervision system are generated in advance.

Optionally, also includes:

When receiving the transaction data sent by the client, the system public key is used to encrypt the coded information corresponding to the client to obtain the ciphertext of the coded information.

Optionally, after using the system public key to encrypt the coded information corresponding to the client to obtain the ciphertext of the coded information, it also includes:

Verify the digital signature after receiving the encoded information ciphertext, transaction data ciphertext, key ciphertext and digital signature;

After the digital signature verification is passed, the step of retrieving the symmetric ciphertext of the transaction data ciphertext based on the encoding information corresponding to the transaction data is performed.

Optionally, after the digital signature verification is passed, before performing symmetric ciphertext retrieval of the transaction data ciphertext based on the encoding information corresponding to the transaction data, it also includes:

Decrypt and verify the coded information ciphertext based on the system private key of the supervision system and the pre-stored coded information;

When the decrypted coded information passes the verification, the step of performing a symmetric ciphertext retrieval of the transaction data ciphertext based on the coded information corresponding to the transaction data is performed.

Optionally, saving the encoding information, transaction data ciphertext and key ciphertext includes:

The encoded information, transaction data ciphertext and key ciphertext are stored according to the business chain type and client identification.

Optionally, after saving the encoding information, transaction data ciphertext and key ciphertext, it also includes:

Send a prompt message requiring manual review to the regulatory client.

Optionally, after generating the proxy re-encryption key also include:

Verify the identity of the supervision client. If the identity of the supervision client passes the verification, perform the steps of reading the encoded information, transaction data ciphertext and key ciphertext.

Optionally, after transmitting the encoded information, transaction data ciphertext and re-encryption key ciphertext to the regulatory client, it also includes:

Record the public key of the supervisor as well as the encoded information, transaction data ciphertext and key ciphertext.

Optionally, also includes:

Generate the corresponding public and private key pair and encoding information for the client.

An embodiment of the present application also provides an electronic device, including:

Memory, used to store computer programs;

A processor configured to execute a computer program to implement the steps of the above-mentioned blockchain-based supervision method.

Embodiments of the present application also provide a computer non-volatile readable storage medium. A computer program is stored on the computer non-volatile readable storage medium. When the computer program is executed by the processor, the above-mentioned blockchain-based supervision is implemented. Method steps.

As can be seen from the above technical solutions, the blockchain-based supervision system includes a data encryption unit, an abnormal transaction detection unit, a data storage unit and an agent re-encryption unit; a data encryption unit is used to encrypt transaction data on the business blockchain Process; and encrypt the key used to encrypt the transaction data; and transmit the obtained transaction data ciphertext and key ciphertext to the abnormal transaction detection unit. The abnormal transaction detection unit is used to perform symmetric ciphertext retrieval of the transaction data ciphertext based on the encoding information corresponding to the transaction data; when abnormal transaction data ciphertext is retrieved, the encoding information, transaction data ciphertext and key encryption The file is saved to the data storage unit; among them, the encoding information is used to represent the business blockchain identification and the corresponding client identification. The agent re-encryption unit is used to generate the agent re-encryption key; where the agent re-encryption key is a key generated based on the system private key and the supervisor's public key; reads encoded information and transaction data ciphertext from the data storage unit and the key ciphertext; use the proxy re-encryption key to encrypt the key ciphertext to obtain the re-encryption key ciphertext; transmit the encoded information, transaction data ciphertext and re-encryption key ciphertext to the supervision client. In this technical solution, the data encryption unit can implement encryption of transaction data, and the abnormal transaction detection unit can implement abnormal detection of the ciphertext of transaction data. When there is an abnormality in the transaction data, the transaction data will not flow to other places, but will be saved in the data storage unit together with its corresponding encoding information and key ciphertext, thus making it easier for the managers of the supervision system to handle the exception in a timely manner. data. By setting up a proxy re-encryption unit, it is ensured that no one other than the supervisor can obtain the plain text of the transaction data. Through the cooperation of various functional modules in the supervision system, reasonable and effective supervision of the blockchain is achieved.

Description of drawings

In order to explain the embodiments of the present application more clearly, the drawings required to be used in the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, As far as workers are concerned, other drawings can also be obtained based on these drawings without exerting creative work.

Figure 1 is a schematic structural diagram of a blockchain-based supervision system provided by an embodiment of this application;

Figure 2 is a schematic structural diagram of another supervision system provided by an embodiment of the present application;

Figure 3 is a flow chart of a blockchain-based supervision method provided by the embodiment of the present application;

Figure 4 is a structural diagram of an electronic device provided by an embodiment of the present application.

Detailed ways

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, rather than all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the protection scope of this application.

The terms "including" and "having" and any variations thereof in the description and claims of this application and the above-described drawings are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device that includes a series of steps or units is not limited to the listed steps or units, but may include unlisted steps or units.

In order to enable those skilled in the art to better understand the solution of the present application, the present application will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

Next, a blockchain-based supervision system provided by the embodiment of this application will be introduced in detail. Figure 1 is a schematic structural diagram of a blockchain-based supervision system provided by an embodiment of the present application. The system includes a data encryption unit 11, an abnormal transaction detection unit 12, a data storage unit 13 and an agent re-encryption unit 14;

The data encryption unit 11 is used to encrypt the transaction data of the business blockchain; encrypt the key for encrypting the transaction data; and transmit the obtained transaction data ciphertext and key ciphertext to the abnormal transaction detection unit 12 .

In practical applications, in order to ensure the security of transaction data, the transaction data can be encrypted. At this time, the key to encrypt the transaction data is crucial. Once the key is discovered by illegal personnel, there will be a risk of transaction data being leaked. Therefore, in the embodiment of this application, the key will be encrypted.

As the blockchain business is executed, the transaction data generated each time is different. In order to increase the difficulty of the key being discovered, different transaction data can be encrypted using different keys. In practical applications, randomly generated keys can be used to encrypt the transaction data of the business blockchain to obtain the ciphertext of the transaction data. For the key, asymmetric encryption can be used for encryption. In specific implementation, the key can be encrypted based on the system public key of the supervision system to obtain the key ciphertext. The system public key is used to encrypt the key. Only the supervision system knows the system private key corresponding to the system public key. Therefore, only the supervision system can use the system private key to decrypt and obtain the key, and then use the key to decrypt the transaction data ciphertext. Obtain clear text transaction data. Devices outside the supervision system cannot know the system private key and therefore cannot decrypt the key.

In this embodiment of the present application, in order to ensure the security of the system public key and system private key of the monitoring system, a key generation unit 15 may be provided in the monitoring system. The key generation unit 15 is used to generate the system public key and system private key of the supervision system. By arranging the key generation unit 15 inside the supervision system, it can effectively ensure that the system public key and the system private key are only known by the supervision system, ensuring the security of the system public key and the system private key.

The abnormal transaction detection unit 12 is used to perform symmetric ciphertext retrieval of the transaction data ciphertext based on the encoding information corresponding to the transaction data; when an abnormality in the transaction data ciphertext is retrieved, the encoding information, transaction data ciphertext and key The ciphertext is saved to the data storage unit 13; the coded information is used to represent the business blockchain identity and the corresponding client identity.

Different business blockchains can transmit transaction data to the monitoring system through their corresponding clients. There are often more clients interacting with the monitoring system, and the same business blockchain can correspond to multiple clients. In order to facilitate the differentiation of the monitoring system The currently received transaction data is transmitted by which business blockchain and through which client. Encoding information can be set based on the business blockchain identity and the corresponding client identity. Business blockchain identifiers can be used to distinguish different business blockchains. The client identifier can be used to distinguish different clients. In practical applications, the business blockchain identifier can use business blockchain encoding, and the client identifier can use client encoding.

Symmetric ciphertext retrieval technology is an existing relatively mature technology, and the specific implementation process of symmetric ciphertext retrieval will not be described again.

Considering that in actual applications, there will be situations where different business blockchains transmit transaction data to the supervision system through the client at the same time. In order to facilitate the management of transaction data on different business blockchains, each customer can be targeted in the supervision system. The end sets a corresponding data encryption unit 11. Each data encryption unit 11 can generate a corresponding public and private key pair and encoding information for the corresponding client.

The data managed by the supervision system is diverse, and the supervision tasks involved will also be different. In practical applications, different supervisors are often set up to be responsible for different data and different supervision tasks. In the embodiment of the present application, in order to avoid data leakage and ensure that the data is only known by personnel with administrative rights, a proxy re-encryption unit 14 can be set up in the supervision system.

The proxy re-encryption unit 14 can be used to generate a proxy re-encryption key; wherein the proxy re-encryption key is a key generated based on the system private key and the supervisor's public key. After obtaining the proxy re-encryption key, the proxy re-encryption unit 14 can read the encoding information, transaction data ciphertext and key ciphertext from the data storage unit 13; and use the proxy re-encryption key to encrypt the key ciphertext. , obtain the re-encryption key ciphertext, and then transmit the encoded information, transaction data ciphertext and re-encryption key ciphertext to the supervision client.

In addition to generating the system public key and system private key of the supervision system, the key generation unit 15 can also generate respective public and private key pairs for users and physical devices, as well as unique identity identifiers for real-name authentication of each user and physical device.

In practical applications, the proxy re-encryption unit 14 can obtain the system private key from the key generation unit 15 . For obtaining the supervisor's public key, the agent re-encryption unit 14 can obtain the supervisor's public key from the key generation unit 15 based on the supervisor's identity, or the supervisor can send it to the agent re-encryption unit 14 through the supervision client. The supervisor's public key. In the embodiment of the present application, there is no limitation on the way in which the agent re-encryption unit 14 obtains the public key of the supervisor.

Decryption of the re-encrypted key ciphertext requires not only the system private key, but also the supervisor's private key. Therefore, only supervisors who know the private key can decrypt and obtain the key, and then use the key to decrypt to obtain the plaintext transaction data. By setting up a proxy The re-encryption unit 14 ensures that no one other than the supervisor can obtain the transaction data.

It can be seen from the above technical solutions that the blockchain-based supervision system includes a data encryption unit, an abnormal transaction detection unit and a data storage unit; a data encryption unit is used to encrypt transaction data in the business blockchain; and encrypts The key of the transaction data is encrypted; the obtained transaction data ciphertext and key ciphertext are transmitted to the abnormal transaction detection unit. The abnormal transaction detection unit is used to perform symmetric ciphertext retrieval of the transaction data ciphertext based on the encoding information corresponding to the transaction data; when abnormal transaction data ciphertext is retrieved, the encoding information, transaction data ciphertext and key encryption The file is saved to the data storage unit; among them, the encoding information is used to represent the business blockchain identification and the corresponding client identification. The agent re-encryption unit is used to generate the agent re-encryption key; where the agent re-encryption key is a key generated based on the system private key and the supervisor's public key; reads encoded information and transaction data ciphertext from the data storage unit and the key ciphertext; use the proxy re-encryption key to encrypt the key ciphertext to obtain the re-encryption key ciphertext; transmit the encoded information, transaction data ciphertext and re-encryption key ciphertext to the supervision client. In this technical solution, the data encryption unit can implement encryption of transaction data, and the abnormal transaction detection unit can implement abnormal detection of the ciphertext of transaction data. When there is an abnormality in the transaction data, the transaction data will not flow to other places, but will be saved in the data storage unit together with its corresponding encoding information and key ciphertext, thus making it easier for the managers of the supervision system to handle the exception in a timely manner. data. By setting up a proxy re-encryption unit, it is ensured that no one other than the supervisor can obtain the plain text of the transaction data. Through the cooperation of various functional modules in the supervision system, reasonable and effective supervision of the blockchain is achieved.

In the embodiment of the present application, the abnormal transaction detection unit 12 needs to perform symmetric ciphertext retrieval of the transaction data ciphertext based on the encoding information corresponding to the transaction data. In practical applications, the encoding information can be transmitted to the abnormal transaction detection unit from the data encryption unit 11 12. When transmitting the transaction data ciphertext and key ciphertext, the encoded information is also transmitted.

In order to ensure the security of the coded information, the data encryption unit 11 can use the system public key to encrypt the coded information corresponding to the client to obtain the coded information ciphertext, thereby transmitting the coded information ciphertext, transaction data ciphertext, and key ciphertext. to the abnormal transaction detection unit 12.

Considering that in actual applications, devices without permission may pretend to be clients and send transaction data to the supervision system. This transaction data has security risks. In order to verify the identity of the client and ensure the reliability of the source of transaction data, you can A data receiving unit 16 is provided in the supervision system, and the data receiving unit 16 may be provided between the data encryption unit 11 and the abnormal transaction detection unit 12 .

The data receiving unit 16 is used to receive the encoded information ciphertext, transaction data ciphertext, key ciphertext and digital signature transmitted by the data encryption unit 11; after the digital signature verification is passed, it means that the source of the transaction data is reliable, and at this time, the The encoded information ciphertext, transaction data ciphertext and key ciphertext are forwarded to the abnormal transaction detection unit 12 .

In order to further ensure the reliability of the source of transaction data, the regulatory system can pre-store the coded information of the business blockchain and client under its jurisdiction. A data access unit 17 may be provided in the supervision system, and the data access unit 17 may be provided between the data receiving unit 16 and the abnormal transaction detection unit 12 .

The data access unit 17 is used to decrypt and verify the coded information ciphertext based on the system private key of the supervision system and the pre-stored coded information; when the decrypted coded information passes the verification, the coded information, transaction The data ciphertext and key ciphertext are forwarded to the abnormal transaction detection unit 12 .

In a specific implementation, after obtaining the coded information ciphertext, transaction data ciphertext and key ciphertext transmitted by the data receiving unit 16, the data access unit 17 can obtain the system private key from the key generation unit 15 and use the system The private key decrypts the ciphertext of the encoded information to obtain the decrypted encoded information. Compare the decrypted coded information with the pre-stored coded information. If the pre-stored coded information contains the same coded information as the decrypted coded information, indicate the business blockchain and client that transmit the transaction data to the supervision system. It falls within the scope of supervision by the regulatory system, which can further ensure the reliability of the source of transaction data.

The abnormal transaction detection unit 12 needs to perform symmetric ciphertext retrieval of the transaction data ciphertext based on the plaintext coded information. Therefore, if the coded information verification passes, the data access unit 17 can directly encrypt the decrypted coded information and transaction data. The text and key ciphertext are forwarded to the abnormal transaction detection unit 12.

In the embodiment of the present application, when there is an abnormality in the transaction data, the abnormal transaction detection unit 12 can transmit the encoded information, transaction data ciphertext and key ciphertext to the data storage unit 13 for storage. In order to facilitate the query and management of these data, in a specific implementation, the data storage unit 13 can store the encoded information, transaction data ciphertext and key ciphertext according to the business chain type and client identification.

For example, you can first classify and store the encoded information, transaction data ciphertext and key ciphertext according to the business chain type. Then based on the client identification, the encoded information, transaction data ciphertext and key ciphertext under the same business chain type are classified and stored according to the client identification. Or first classify and store the encoded information, transaction data ciphertext and key ciphertext according to the client identification. Then according to the business chain type, the encoded information, transaction data ciphertext and key ciphertext transmitted by the same client are classified and stored according to the business chain type. Or, the encoded information, transaction data ciphertext and key ciphertext transmitted by the same client under the same business chain type are classified and stored respectively based on the business chain type and client identification.

When you need to query transaction data later, you can directly input the information used to characterize the business chain type to obtain all the data corresponding to the business chain. Or directly enter the client ID to get all the data corresponding to the client ID. Or by inputting the information used to characterize the business chain type and the client identifier, you can obtain all the data transmitted by the same client under the same business chain type. By classifying and storing data according to the type of business chain and the client that transmits the data, the query and management of data can be facilitated.

In the embodiment of this application, supervisors can manage the supervisory system through a client. In order to easily distinguish it from the client that transmits transaction data, the client used by supervisors can be called a supervisory client.

Considering the actual application, the data storage unit 13 will store the encoded information, transaction data ciphertext and key ciphertext when there is an abnormality in the transaction data. In order to facilitate supervisory personnel to understand data anomalies in a timely manner, the data storage unit 13 can store the encoding information, transaction data ciphertext and key ciphertext, and then send prompt information requiring manual review to the supervisory client.

In practical applications, in order to ensure the reliability of the supervision client that interacts with the supervision system, the identity of the supervision client can be verified. In a specific implementation, the identity of the supervision client with access rights can be stored in the agent re-encryption unit 14, and the agent re-encryption unit 14 can verify the identity of the supervision client based on the stored identity of the supervision client. If the identity of the client is verified, it means that the supervision client is reliable. At this time, the proxy re-encryption unit 14 can perform the steps of reading the encoding information, transaction data ciphertext and key ciphertext from the data storage unit 13 .

In order to realize the monitoring and management of the operating behaviors of supervisors, a supervision unit 18 can be set up in the supervision system. The supervision unit 18 may be used to record the supervisor's public key and encoded information, transaction data ciphertext and key ciphertext.

Different supervisors have different public keys, and different supervisors can be distinguished by using their public keys. When supervisory personnel operate transaction data through the supervisory client, by recording the supervisory personnel's public key and coded information, transaction data ciphertext and key ciphertext in the supervisory unit 18, the traceability of the supervisory personnel's operational behavior can be realized. When problems arise, you can be held accountable in a timely manner.

Based on the above introduction, in order to achieve comprehensive supervision of the blockchain, in addition to setting up the data encryption unit 11, abnormal transaction detection unit 12, data storage unit 13 and agent re-encryption unit 14 in the supervision system, the key can be set at the same time Generating unit 15, data receiving unit 16, data admission unit 17 and supervision unit 18.

Figure 2 is a schematic structural diagram of another supervision system provided by an embodiment of the present application. The supervision system can realize supervision of different types of business chains. Therefore, the supervision system can be called a heterogeneous alliance chain supervision system. The heterogeneous alliance chain supervision system in Figure 2 includes data encryption unit 11, data receiving unit 16, data access unit 17, abnormal transaction detection unit 12, data storage unit 13, key generation unit 15, corresponding to each business chain client. Agent re-encryption unit 14 and supervision unit 18 for saving supervision records. The business chain client connects to the outside through the SDK (Software Development Kit) interface.

The key generation unit 15 is mainly responsible for generating system public and private key pairs and generating respective public and private key pairs for users and physical devices, as well as unique identities for real-name authentication of each user and physical device.

The function of the data encryption unit 11 is mainly to encrypt the transaction data to be uploaded to the business blockchain. The data encryption unit 11 has a one-to-one binding relationship with the client.

For example, the operation flow of the data encryption unit 11 is as follows: first, the public key S2 of the supervision system is obtained from the key generation unit 15 . For ease of description, the symbol M1 can be used to represent the business blockchain code and client code, and the public key S2 is used to encrypt the MI to generate the coded information ciphertext C1. Then obtain your own public and private key pair from the key generation unit 15, and then use the AES algorithm to use the randomly generated key K1 to encrypt the plain text transaction data M2 to generate the transaction data ciphertext C2, and use the public key K1 of the supervision system to generate the transaction data ciphertext C2. The key S2 is encrypted to generate the key ciphertext C3, and finally the ciphertexts C1, C2, C3 and the digital signature are sent to the data receiving unit 16 of the supervision system. The key K1 is random, and the AES key K1 used in each transaction data is different, ensuring the security of the data.

The data receiving unit 16 is mainly responsible for introducing the ciphertext of transaction data sent by each business blockchain, and verifying the digital signature of the ciphertext of the transaction data. After passing the verification, it forwards the ciphertext data C1, C2, and C3 to the data access unit 17 .

When the data access unit 17 is initialized, the basic information of the encoding is introduced. The data access unit 17 is responsible for decrypting the C1 ciphertext data using the private key of the supervision system, performing verification, and sending the verified transaction data M1, C2, and C3 to the abnormal transaction detection unit 12.

The abnormal transaction detection unit 12 receives M1, C2, and C3 data, performs symmetric ciphertext retrieval on the transaction data ciphertext based on the encoding information in M1, and checks whether there is any illegal transaction data to ensure data security. If abnormal transaction data is found, the corresponding M1, C2, and C3 are sent to the data storage unit 13 for storage.

The data storage unit 13 is responsible for storing M1, C2, and C3 according to business chain type and client type, and then notifies the monitoring and management system that there is new transaction data that requires manual review.

When the supervisor reads the transaction data through the supervision client, he first obtains the system private key S3 of the supervision system from the key generation unit 15, and then uses the system private key S3 of the supervision system and his own public key U1 to generate the agent re-encryption key K (S->U), and then send the proxy re-encryption key K (S->U) to the proxy re-encryption unit 14, and then the proxy re-encryption unit 14 reads the transaction data M1, C2, C3, and uses the proxy re-encryption unit 14 to The encryption key K (S->U) and the ciphertext C3 perform a proxy re-encryption operation to generate a new ciphertext C4, which is then sent to the supervisor's client. The supervisor's client can display the obtained C4, C2, and C3. The data is decrypted by the supervisor's agent re-encryption key and then provided for audit by the supervisor.

At the same time, the agent re-encryption unit 14 stores the records of the read business data into the supervision unit 18. The data includes the supervisor's public key information and transaction data M1, C2, and C3 to ensure the traceability of supervision actions. The supervision unit 18 will record these data on the supervision chain to prevent the data from being maliciously tampered with and ensure safe and reliable storage of the data.

As shown in Figure 2, supervised business chain A and supervised business chain B are blockchain business systems that use different blockchain underlying technology platforms. Since the current business alliance chain uses a variety of blockchain underlying platforms, in order to allow the supervision system to adapt to all business alliances. This application designs all business blockchain clients to be supervised to send data to the regulatory system for legal compliance supervision during the process of submitting transactions to the chain. The supervision system encrypts and stores abnormal transaction data, and supervisors scan and detect the encrypted transaction data through the supervision system client. Records of transaction data read by supervisors will be recorded in the chain of custody to ensure traceability of supervisory records.

This application realizes pre-chain supervision of heterogeneous alliance chain businesses, using symmetric encryption algorithms, asymmetric encryption algorithms, proxy re-encryption and other algorithms, ciphertext retrieval and other technologies. Among them, the key to encrypt transaction data has a random It can ensure the safety and reliability of the transaction data of the business blockchain to be supervised during the supervision process, and at the same time, the supervision traces ensure the data security of the supervised business system.

Figure 3 is a flow chart of a blockchain-based supervision method provided by the embodiment of this application, including:

S301: Encrypt the transaction data of the business blockchain to obtain the ciphertext of the transaction data; encrypt the key for encrypting the transaction data to obtain the key ciphertext.

In practical applications, in order to ensure the security of transaction data, the transaction data can be encrypted. At this time, the key to encrypt the transaction data is crucial. Once the key is discovered by illegal personnel, there will be a risk of transaction data being leaked. Therefore, in the embodiment of this application, the key will also be encrypted to obtain the key ciphertext. As the blockchain business is executed, the transaction data generated each time is different. In order to increase the difficulty of the key being discovered, different transaction data can be encrypted using different keys. In practical applications, randomly generated keys can be used to encrypt the transaction data of the business blockchain and obtain the ciphertext of the transaction data.

S302: Perform symmetric ciphertext retrieval on the ciphertext of the transaction data based on the encoding information corresponding to the transaction data.

S303: If there is an abnormality in the retrieved transaction data ciphertext, save the encoding information, transaction data ciphertext and key ciphertext.

Among them, the encoding information is used to represent the business blockchain identity and the corresponding client identity. Different business blockchains can transmit transaction data to the monitoring system through their corresponding clients. There are often more clients interacting with the monitoring system, and the same business blockchain can correspond to multiple clients. In order to facilitate the differentiation of the monitoring system The currently received transaction data is transmitted by which business blockchain and through which client. Encoding information can be set based on the business blockchain identity and the corresponding client identity.

S304: Generate a proxy re-encryption key.

Among them, the agent re-encryption key is a key generated based on the system private key and the supervisor's public key.

S305: Read the encoded information, transaction data ciphertext and key ciphertext.

S306: Use the proxy re-encryption key to encrypt the key ciphertext to obtain the re-encryption key ciphertext.

S307: Transmit the encoded information, transaction data ciphertext and re-encryption key ciphertext to the supervision client.

Using randomly generated keys, the transaction data of the business blockchain is encrypted to obtain the ciphertext of the transaction data.

Optionally, encrypt the key used to encrypt the transaction data, and obtain the key ciphertext including:

Optionally, also includes:

Send a prompt message requiring manual review to the supervision client.

Optionally, after generating the proxy re-encryption key also include:

Optionally, also includes:

For descriptions of the features in the embodiment corresponding to Figure 3, please refer to the relevant descriptions of the embodiments corresponding to Figures 1 and 2, and will not be described again here.

Figure 4 is a structural diagram of an electronic device provided by an embodiment of the present application. As shown in Figure 4, the electronic device includes: a memory 20 for storing computer programs;

The processor 21 is configured to implement the steps of the blockchain-based supervision method in the above embodiment when executing a computer program.

Electronic devices provided in this embodiment may include, but are not limited to, smartphones, tablets, laptops, or desktop computers.

The processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 21 can adopt at least one hardware form among DSP (Digital Signal Processing, digital signal processing), FPGA (Field-Programmable Gate Array, field programmable gate array), and PLA (Programmable Logic Array, programmable logic array). accomplish. The processor 21 may also include a main processor and a co-processor. The main processor is a processor used to process data in the wake-up state, also called CPU (Central Processing Unit, central processing unit); the co-processor is A low-power processor used to process data in standby mode. In some embodiments, the processor 21 may be integrated with a GPU (Graphics Processing Unit, image processor), and the GPU is responsible for rendering and drawing the content that needs to be displayed on the display screen. In some embodiments, the processor 21 may also include an AI (Artificial Intelligence, artificial intelligence) processor, which is used to process computing operations related to machine learning.

Memory 20 may include one or more computer non-volatile readable storage media, which may be non-transitory. The memory 20 may also include high-speed random access memory, and non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used to store the following computer program 201. After the computer program is loaded and executed by the processor 21, the relevant steps of the blockchain-based supervision method disclosed in any of the foregoing embodiments can be implemented. In addition, the resources stored in the memory 20 may also include the operating system 202, data 203, etc., and the storage method may be short-term storage or permanent storage. Among them, the operating system 202 may include Windows, Unix, Linux, etc. Data 203 may include, but is not limited to, encoded information, transaction data ciphertext, key ciphertext, etc.

In some embodiments, the electronic device may also include a display screen 22 , an input-output interface 23 , a communication interface 24 , a power supply 25 and a communication bus 26 .

Those skilled in the art can understand that the structure shown in FIG. 4 does not constitute a limitation on the electronic device, and may include more or fewer components than shown in the figure.

It can be understood that if the blockchain-based supervision method in the above embodiment is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , execute all or part of the steps of the methods of various embodiments of this application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM), random access memory (Random Access Memory, RAM), electrically erasable programmable ROM, register, hard disk, removable memory. Various media that can store program code, such as removable disks, CD-ROMs, magnetic disks or optical disks.

Based on this, embodiments of the present application also provide a computer non-volatile readable storage medium. A computer program is stored on the computer non-volatile readable storage medium. When the computer program is executed by the processor, the above-mentioned blockchain-based implementation is implemented. steps in the regulatory approach.

The functions of each functional module of the computer non-volatile readable storage medium in the embodiment of the present application can be specifically implemented according to the method in the above method embodiment. The specific implementation process can be referred to the relevant description of the above method embodiment, and will not be described again here. .

The above provides a detailed introduction to the blockchain-based supervision system, method, equipment and computer non-volatile readable storage medium provided by the embodiments of the present application. Each embodiment in the specification is described in a progressive manner. Each embodiment focuses on its differences from other embodiments. The same and similar parts between the various embodiments can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple. For relevant details, please refer to the description in the method section.

Those skilled in the art may further realize that the units and algorithm steps of each example described in connection with the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of both. In order to clearly illustrate the possible functions of hardware and software, Interchangeability, in the above description, the composition and steps of each example have been generally described according to functions. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each specific application, but such implementations should not be considered beyond the scope of this application.

The above provides a detailed introduction to a blockchain-based supervision system, method, equipment and computer non-volatile readable storage medium provided by this application. This article uses specific examples to illustrate the principles and implementation methods of this application. The description of the above embodiments is only used to help understand the method and its core idea of this application. It should be noted that for those of ordinary skill in the art, several improvements and modifications can be made to the present application without departing from the principles of the present application, and these improvements and modifications also fall within the protection scope of the claims of the present application.

Claims

A blockchain-based supervision system, characterized by including a data encryption unit, an abnormal transaction detection unit, a data storage unit and an agent re-encryption unit;

The data encryption unit is used to encrypt the transaction data of the business blockchain; encrypt the key for encrypting the transaction data; and transmit the obtained transaction data ciphertext and key ciphertext to the Abnormal transaction detection unit;

The abnormal transaction detection unit is used to perform symmetric ciphertext retrieval of the transaction data ciphertext based on the encoding information corresponding to the transaction data; when an abnormality is found in the transaction data ciphertext, the encoded The information, the transaction data ciphertext and the key ciphertext are saved to the data storage unit; wherein the encoded information is used to represent the business blockchain identification and the corresponding client identification;

The agent re-encryption unit is used to generate an agent re-encryption key; wherein the agent re-encryption key is a key generated based on the system private key and the supervisor's public key; read all the keys from the data storage unit The coded information, the transaction data ciphertext and the key ciphertext; the proxy re-encryption key is used to encrypt the key ciphertext to obtain the re-encryption key ciphertext; the coded information is , the transaction data ciphertext and the re-encryption key ciphertext are transmitted to the supervision client.
A blockchain-based supervision method, characterized by:

Encrypt the transaction data of the business blockchain to obtain the ciphertext of the transaction data; and encrypt the key used to encrypt the transaction data to obtain the key ciphertext;

Perform symmetric ciphertext retrieval on the ciphertext of the transaction data based on the encoding information corresponding to the transaction data;

When there is an abnormality in retrieving the transaction data ciphertext, the encoding information, the transaction data ciphertext and the key ciphertext are saved; wherein the encoding information is used to represent the business blockchain identifier and Corresponding client ID;

Generate an agent re-encryption key; wherein the agent re-encryption key is a key generated based on the system private key and the supervisor's public key;

Read the encoded information, the transaction data ciphertext and the key ciphertext;

Use the proxy re-encryption key to encrypt the key ciphertext to obtain the re-encryption key ciphertext; transmit the encoded information, the transaction data ciphertext and the re-encryption key ciphertext to Supervise clients.
The method according to claim 2, characterized in that the encrypted transaction data of the business blockchain is processed, and the obtained transaction data ciphertext includes:

Using randomly generated keys, the transaction data of the business blockchain is encrypted to obtain the ciphertext of the transaction data.
The method according to claim 3, characterized in that the key used to encrypt the transaction data is encrypted to obtain the key ciphertext, including:

The key of the transaction data is encrypted according to the system public key of the supervision system to obtain the key ciphertext.
The method according to claim 4, characterized in that, before encrypting the transaction data of the business blockchain to obtain the ciphertext of the transaction data, the method further includes:

The system public key and system private key of the supervision system are generated in advance.
The method of claim 5, further comprising:

Obtain the system private key of the supervision system.
The method of claim 5, further comprising:

When receiving the transaction data sent by the client, the system public key is used to encrypt the coded information corresponding to the client to obtain the ciphertext of the coded information.
The method according to claim 7, characterized in that after encrypting the coded information corresponding to the client using the system public key to obtain the ciphertext of the coded information, the method further includes:

Receive the encoded information ciphertext, the transaction data ciphertext, the key ciphertext and the digital signature transmitted by the data encryption unit;

After the digital signature is verified, the step of retrieving the symmetric ciphertext of the transaction data ciphertext based on the encoding information corresponding to the transaction data is performed.
The method according to claim 8, characterized in that after the digital signature is verified and before the symmetric ciphertext retrieval of the transaction data ciphertext is performed based on the encoding information corresponding to the transaction data, the method further includes :

Decrypt and verify the ciphertext of the coded information based on the system private key of the supervision system and the pre-stored coded information;

If the decrypted coded information passes the verification, the step of retrieving the symmetric ciphertext of the transaction data ciphertext based on the coded information corresponding to the transaction data is performed.
The method of claim 8, further comprising:

Use the system private key to decrypt the coded information ciphertext to obtain the decrypted coded information; compare the decrypted coded information with the pre-stored coded information. If the pre-stored coded information is When there is encoding information that is the same as the decrypted encoding information in the encoding information, it is determined that the decrypted encoding information passes the verification.
The method according to claim 1, characterized in that said saving the encoded information, the transaction data ciphertext and the key ciphertext includes:

The encoded information, the transaction data ciphertext and the key ciphertext are stored according to the business chain type and client identification.
The method according to claim 1, characterized in that, after saving the encoded information, the transaction data ciphertext and the key ciphertext, the method further includes:

Send a prompt message requiring manual review to the supervision client.
The method according to claim 1, characterized in that, after generating the proxy re-encryption key, the method further includes:

Verify the identity of the supervision client. If the identity of the supervision client passes the verification, execute the reading of the encoded information, the transaction data ciphertext and the key from the data storage unit. Steps to encrypt text.
The method of claim 13, further comprising:

The identity of the supervision client is verified based on the stored identity of the supervision client.
The method according to claim 13, characterized in that, after transmitting the encoded information, the transaction data ciphertext and the re-encryption key ciphertext to the supervision client, the method further includes:

Record the supervisor's public key as well as the encoded information, the transaction data ciphertext and the key ciphertext
The method of claim 1, further comprising:

Generate the corresponding public and private key pair and encoding information for the client.
The method of claim 1, further comprising:

When transmitting the obtained transaction data ciphertext and the key ciphertext to the abnormal transaction detection unit, the encoded information is transmitted.
The method of claim 1, further comprising:

Perform symmetric ciphertext retrieval on the transaction data ciphertext based on the plaintext encoding information.
An electronic device, characterized by including:

Memory, used to store computer programs;

A processor, configured to execute the computer program to implement the steps of the blockchain-based supervision method as described in claims 2-18.
A computer non-volatile readable storage medium, characterized in that a computer program is stored on the computer non-volatile readable storage medium, and when the computer program is executed by a processor, the computer program implements claims 2-18 Describe the steps of a blockchain-based regulatory approach.