CN107181599B - Routing position data secret storage and sharing method based on block chain - Google Patents
Routing position data secret storage and sharing method based on block chain Download PDFInfo
- Publication number
- CN107181599B CN107181599B CN201710585615.9A CN201710585615A CN107181599B CN 107181599 B CN107181599 B CN 107181599B CN 201710585615 A CN201710585615 A CN 201710585615A CN 107181599 B CN107181599 B CN 107181599B
- Authority
- CN
- China
- Prior art keywords
- data
- storage
- node
- user node
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 238000012795 verification Methods 0.000 claims abstract description 17
- 238000013500 data storage Methods 0.000 claims abstract description 14
- 230000005540 biological transmission Effects 0.000 claims abstract description 5
- 238000004891 communication Methods 0.000 claims description 7
- 239000000284 extract Substances 0.000 claims description 6
- 238000005516 engineering process Methods 0.000 abstract description 9
- 230000000694 effects Effects 0.000 abstract description 3
- 238000012423 maintenance Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
技术领域technical field
本发明涉及一种基于区块链的路由位置数据保密存储及共享方法,属于数据互联网技术领域。The invention relates to a method for confidential storage and sharing of routing location data based on blockchain, belonging to the technical field of data Internet.
背景技术Background technique
区块链是一种分布式数据存储方案,其通过点对点模式提供一种去中心化方式的集体维护策略。该技术将一段时间内的系统交流数据汇总,通过现代密码学手段把汇总数据生成数据区块,并利用时间戳产生数据指纹,将数据区块串联成链并提供有效性验证和审计。Blockchain is a distributed data storage solution that provides a decentralized approach to collective maintenance strategies through a peer-to-peer model. This technology aggregates the system communication data over a period of time, generates data blocks from the aggregated data through modern cryptography, and uses timestamps to generate data fingerprints, concatenates data blocks into chains and provides validity verification and auditing.
传统的路由位置数据存储及共享方法主要有两种:集中存储集中共享和分布式存储集中共享。集中存储集中共享的工作过程为:服务方采集所有用户的数据并集中存储,每一个共享请求都要发送到服务器中心进行审核处理;分布式存储集中共享的工作过程为:服务器采集所有用户数据并通过分布式技术分散存储,当用户发起共享请求时,通过服务中心审核处理。第一种方法采用集中存储方式,维护方便,安全性高,但由于工作量较大容易产生服务瓶颈;第二种方法采用分布式存储技术,但共享需求依然通过中心服务器处理,当处理时还要通过分布式存储寻找所需数据,增加了系统复杂度。另外,两种方式存储的数据虽都经过加密处理,但作为服务方依然可以自由利用,用户隐私得不到有效保障;用户的共享需求通过共享处理中心,一旦因某种原因而导致共享处理中心无法工作,便无法实现数据共享。There are two main methods of traditional routing location data storage and sharing: centralized storage centralized sharing and distributed storage centralized sharing. The working process of centralized storage and centralized sharing is: the server collects all user data and stores it centrally, and each sharing request is sent to the server center for review and processing; the working process of distributed storage centralized sharing is: the server collects all user data and stores it in a centralized manner. Decentralized storage through distributed technology, when a user initiates a sharing request, it will be reviewed and processed by the service center. The first method adopts a centralized storage method, which is easy to maintain and has high security, but it is easy to cause service bottlenecks due to the large workload; the second method adopts distributed storage technology, but the shared requirements are still processed by the central server, and the To find the required data through distributed storage increases the system complexity. In addition, although the data stored in the two methods are encrypted, they can still be used freely as a service provider, and user privacy cannot be effectively guaranteed; users' sharing needs are passed through the shared processing center. Without work, data sharing cannot be achieved.
发明内容SUMMARY OF THE INVENTION
为了解决上述问题,本发明的目的在于提供一种基于区块链的路由位置数据保密存储及共享方法。In order to solve the above problems, the purpose of the present invention is to provide a method for confidential storage and sharing of routing location data based on blockchain.
为了达到上述目的,本发明提供的基于区块链的路由位置数据保密存储及共享方法包括数据存储方法和数据共享方法;In order to achieve the above purpose, the blockchain-based routing location data confidential storage and sharing method provided by the present invention includes a data storage method and a data sharing method;
所述的数据存储方法包括按顺序进行的下列步骤:The described data storage method includes the following steps in order:
1)节点配置1) Node configuration
1.1)存储节点配置:1.1) Storage node configuration:
1.1.1)将服务方各存储节点配置成点对点通讯网络;1.1.1) Configure each storage node of the server as a point-to-point communication network;
1.1.2)将步骤1.1.1)中的各存储节点本地生成私钥;1.1.2) Generate a private key locally for each storage node in step 1.1.1);
1.1.3)将步骤1.1.1)中的各存储节点依据步骤1.1.2)中产生的私钥生成公钥,并将公钥在全网广播;1.1.3) Each storage node in step 1.1.1) generates a public key according to the private key generated in step 1.1.2), and broadcasts the public key on the entire network;
1.2)用户节点配置:1.2) User node configuration:
1.2.1)将连接各提供服务的路由设备的用户节点配置成点对点通讯网络;1.2.1) Configure the user nodes connected to the routing devices that provide services into a point-to-point communication network;
1.2.2)将步骤1.2.1)中的各用户节点匹配账户信息并依据此信息本地生成唯一根私钥;1.2.2) Match each user node in step 1.2.1) with account information and locally generate a unique root private key according to this information;
1.2.3)将步骤1.2.1)中的各用户节点依据步骤1.2.2)中产生的根私钥生成由私钥和公钥构成的共享密钥对,其中每个用户能够具有多个共享密钥对,并将公钥在全网广播;1.2.3) Each user node in step 1.2.1) generates a shared key pair consisting of a private key and a public key according to the root private key generated in step 1.2.2), wherein each user can have multiple shared keys key pair, and broadcast the public key on the whole network;
2)数据加密发送2) Data encrypted and sent
2.1)各用户节点生成随机密钥,并获取当前设定区间的基于路由的位置数据,然后将随机密钥和位置数据通过加密函数运算得到加密数据;2.1) Each user node generates a random key, and obtains the routing-based location data of the current set interval, and then obtains encrypted data by operating the random key and the location data through an encryption function;
2.2)各用户节点依据步骤2.1)中加密数据通过哈希函数运算得到数据摘要;2.2) Each user node obtains a data digest through a hash function operation according to the encrypted data in step 2.1);
2.3)各用户节点依据步骤1.2.3)中的私钥和步骤2.2)中的数据摘要,通过加密算法运算生成数字签名;2.3) Each user node generates a digital signature through encryption algorithm operation according to the private key in step 1.2.3) and the data digest in step 2.2);
2.4)各用户节点将步骤2.1)中的加密数据连同步骤2.3)中的数字签名打包成打包数据,并随机发送至存储子网络中某存储节点公钥地址;2.4) Each user node packages the encrypted data in step 2.1) together with the digital signature in step 2.3) into packaged data, and randomly sends it to the public key address of a storage node in the storage sub-network;
3)存储子网络验证存储3) Storage subnet verification storage
3.1)存储子网络中各存储节点按照设定时间段汇总当前时间段内接收的所有打包数据并生成数据区块;3.1) Each storage node in the storage sub-network summarizes all packaged data received in the current time period according to the set time period and generates data blocks;
3.2)存储子网络中各存储节点采用实用拜占庭容错算法,通过步骤1.2.3)中各用户节点的公钥验证上述打包数据中的数字签名,以此达成共识;3.2) Each storage node in the storage sub-network adopts a practical Byzantine fault-tolerant algorithm, and the digital signature in the above-mentioned packaged data is verified by the public key of each user node in step 1.2.3), so as to reach a consensus;
3.3)存储子网络中各存储节点将共识完成的数据区块加盖时间戳并存储到数据区块链上,然后在全网广播,完成存储过程;3.3) Each storage node in the storage sub-network timestamps the data blocks completed by the consensus and stores them on the data blockchain, and then broadcasts them on the entire network to complete the storage process;
所述的数据共享方法包括按顺序进行的下列步骤:The described data sharing method includes the following steps in order:
4)需求生成4) Requirement generation
4.1)请求方用户节点请求被请求方用户节点发送指定位置数据,生成需求信息;4.1) The requesting user node requests the requested user node to send the specified location data to generate demand information;
4.2)请求方用户节点选择本地任意一共享密钥对中的公钥作为需求发出地址,并用与之对应的私钥生成数字签名;4.2) The requester user node selects the public key in any local shared key pair as the request sending address, and uses the corresponding private key to generate a digital signature;
4.3)请求方用户节点事先得到一个被请求方用户节点的公钥,并作为目的地址,将需求信息和数字签名发送至该地址;4.3) The requesting user node obtains a public key of the requested user node in advance, and uses it as the destination address to send the demand information and digital signature to this address;
5)需求响应5) Demand Response
5.1)被请求方用户节点收到请求方用户节点的共享请求,广播到全网;5.1) The requested user node receives the sharing request from the requesting user node and broadcasts it to the entire network;
5.2)全网各用户节点通过共识机制达成该请求的合法性验证;5.2) Each user node of the whole network reaches the legality verification of the request through the consensus mechanism;
5.3)验证通过后,该需求信息被记录到共享区块链上,并广播到全网;5.3) After the verification is passed, the demand information is recorded on the shared blockchain and broadcast to the entire network;
5.4)被请求方用户节点本地提取与需求信息相对应的随机密钥和共享密钥对;5.4) The requested user node locally extracts the random key and shared key pair corresponding to the demand information;
5.5)被请求方用户节点随机选取存储子网络中一个存储节点的公钥,利用该存储节点的公钥将请求方用户节点的公钥加密,得到密文;5.5) The requested user node randomly selects the public key of a storage node in the storage sub-network, and uses the public key of the storage node to encrypt the public key of the requesting user node to obtain the ciphertext;
5.6)被请求方用户节点将步骤5.5)中的密文进行哈希运算,并通过将步骤5.4)中提取的共享密钥对中的私钥加密生成数字签名;5.6) The requested party user node performs hash operation on the ciphertext in step 5.5), and generates a digital signature by encrypting the private key in the shared key pair extracted in step 5.4);
5.7)被请求方用户节点使用请求方用户节点的公钥地址加密随机密钥得到加密后的随机密钥,然后将密文、数字签名及加密后的随机密钥打包成打包数据并一并发给存储子网络任一存储节点;5.7) The requested user node encrypts the random key with the public key address of the requesting user node to obtain the encrypted random key, and then packages the ciphertext, digital signature and encrypted random key into packaged data and sends it to Any storage node in the storage subnet;
6)共享达成6) Sharing achieved
6.1)被请求方用户节点选中的存储节点收到被请求方用户节点的请求,通过数字签名和步骤5.4)中的共享密钥对中的公钥验证身份和密文正确性;6.1) The storage node selected by the user node of the requested party receives the request of the user node of the requested party, and verifies the identity and the correctness of the ciphertext through the digital signature and the public key in the shared key pair in step 5.4);
6.2)被请求方用户节点选中的存储节点通过自己的私钥解密步骤5.5)中的密文,得到请求方用户节点的公钥地址;6.2) The storage node selected by the requesting party user node decrypts the ciphertext in step 5.5) through its own private key to obtain the public key address of the requesting party user node;
6.3)被请求方用户节点选中的存储节点根据需求信息要求摘取对应的加密数据连同加密后的随机密钥,并一并发给请求方用户节点的公钥地址,发送的该数据通过共识机制记录在数据区块链上;6.3) The storage node selected by the user node of the requesting party extracts the corresponding encrypted data together with the encrypted random key according to the requirements of the demand information, and sends it to the public key address of the user node of the requesting party, and the data sent is recorded through the consensus mechanism on the data blockchain;
6.4)请求方用户节点接收到被请求方用户节点选中的存储节点发来的数据,通过自己的私钥解密得到随机密钥,再对加密的位置数据解密,得到原始共享数据,共享完成。6.4) The requesting user node receives the data sent by the storage node selected by the requesting user node, obtains a random key by decrypting its own private key, and then decrypts the encrypted location data to obtain the original shared data, and the sharing is completed.
在步骤1.2.2)和步骤1.2.3)中,所述的生成根私钥和共享密钥对的方法包括下列步骤:In step 1.2.2) and step 1.2.3), the method for generating a root private key and a shared key pair includes the following steps:
A):节点用户依据账户信息生成根私钥,本地保存;A): The node user generates the root private key according to the account information and saves it locally;
B):节点用户依据上述根私钥生成用于共享密钥对的用户私钥;B): The node user generates the user private key for sharing the key pair according to the above-mentioned root private key;
C):节点用户依据上述用户私钥生成用户公钥,最后得到由用户私钥和用户公钥构成的共享密钥对。C): The node user generates the user public key according to the above-mentioned user private key, and finally obtains a shared key pair composed of the user private key and the user public key.
在步骤5.2)中,所述的共识机制达成方法包括下列步骤:In step 5.2), the consensus mechanism reaching method includes the following steps:
D):共享子网络中各请求方用户节点接收被请求方用户节点广播的需求信息;D): each requester user node in the shared sub-network receives the demand information broadcast by the requested party user node;
E):各被请求方用户节点通过如下公式参与共识竞争:贡献度=(最近7天内在线时长/168+最近7天内个人使用流量/最近7天内网络总流量)*最近7天内共享次数,贡献度最高的用户节点验证此次需求;E): Each requested user node participates in the consensus competition through the following formula: Contribution = (Online time in the last 7 days / 168 + Personal usage traffic in the last 7 days / Total network traffic in the last 7 days) * Share times in the last 7 days, contribution The user node with the highest degree verifies this requirement;
F)验证完成后将该需求信息存到共享区块链上,并给予流量奖励;F) After the verification is completed, the demand information is stored on the shared blockchain, and traffic rewards are given;
G)裁定当前参与验证的被请求方用户节点不得参与接下来7日之内的共识,共识完成。G) It is ruled that the requested user node currently participating in the verification shall not participate in the consensus within the next 7 days, and the consensus is completed.
本发明提供的基于区块链的路由位置数据保密存储及共享方法具有如下有益效果:The blockchain-based routing location data confidential storage and sharing method provided by the present invention has the following beneficial effects:
1、本发明使用区块链技术,采用数据加密存储,利用去中心化网络来共享数据,解决了数据存储方无权使用数据,用户方没有渠道选择性开放个人数据的问题;1. The present invention uses blockchain technology, adopts data encryption storage, and uses decentralized network to share data, which solves the problem that the data storage party has no right to use the data, and the user party has no channel to selectively open personal data;
2、本发明在数据存储过程中采用本地加密发送,服务方存储加密数据,解密密钥用户自己保存,服务方无法得到原始数据,有更好的数据保护效果;2. The present invention adopts local encryption and transmission in the data storage process, the service side stores the encrypted data, the decryption key is stored by the user himself, the service side cannot obtain the original data, and has a better data protection effect;
3、本发明在存储过程采用区块链技术,利用实用拜占庭容错算法来共识存储,一方面解决中心化存储的工作量瓶颈问题,另一方面可以保证数据防篡改,同时也可有效防止中心服务器故障带来的服务质量问题;3. The present invention adopts blockchain technology in the storage process, and utilizes a practical Byzantine fault-tolerant algorithm for consensus storage. On the one hand, it solves the workload bottleneck problem of centralized storage, on the other hand, it can ensure data tamper-proof, and also can effectively prevent the central server. Service quality problems caused by failures;
4、本发明用户共享数据采用点对点网络,结合现代密码学加密技术,只有参与双方有权得到数据,可以解决用户隐私泄漏问题,采用用户信息生成根私钥进而生成共享密钥对,只有参与双方知道彼此身份,实现匿名化共享;4. The user sharing data of the present invention adopts a point-to-point network, combined with modern cryptography encryption technology, only the participating parties have the right to obtain the data, which can solve the problem of user privacy leakage. The user information is used to generate the root private key and then generate the shared key pair. Know each other's identities and realize anonymous sharing;
5、本发明通过贡献度共识算法达成共识,使用共享区块链保存记录,一方面提供透明的记录,为审计带来便捷,同时可防止不法分子针对共享网络的恶意攻击行为。5. The present invention achieves a consensus through the contribution consensus algorithm, and uses the shared blockchain to save records. On the one hand, it provides transparent records, which brings convenience to auditing, and at the same time, it can prevent malicious attacks by criminals on the shared network.
附图说明Description of drawings
图1为本发明提供的基于区块链的路由位置数据保密存储及共享方法中存储节点配置方法流程图。FIG. 1 is a flowchart of a storage node configuration method in the blockchain-based routing location data confidential storage and sharing method provided by the present invention.
图2为本发明提供的基于区块链的路由位置数据保密存储及共享方法中用户节点配置方法流程图。FIG. 2 is a flowchart of a user node configuration method in the blockchain-based routing location data confidential storage and sharing method provided by the present invention.
图3为本发明提供的基于区块链的路由位置数据保密存储及共享方法中数据发送及验证存储方法流程图。3 is a flowchart of a method for data transmission and verification storage in the blockchain-based routing location data confidential storage and sharing method provided by the present invention.
图4为本发明提供的基于区块链的路由位置数据保密存储及共享方法中生成根私钥和共享密钥对方法流程图。FIG. 4 is a flowchart of a method for generating a root private key and a shared key pair in the method for secure storage and sharing of routing location data based on blockchain provided by the present invention.
图5为本发明提供的基于区块链的路由位置数据保密存储及共享方法中需求生成和需求响应方法流程图。FIG. 5 is a flowchart of a method for generating demand and responding to demand in the method for secure storage and sharing of routing location data based on blockchain provided by the present invention.
图6为本发明提供的基于区块链的路由位置数据保密存储及共享方法中共享达成方法流程图。FIG. 6 is a flowchart of a method for achieving sharing in the method for secure storage and sharing of routing location data based on blockchain provided by the present invention.
具体实施方式Detailed ways
下面结合附图和具体实施方式对本发明提供的基于区块链的路由位置数据保密存储及共享方法进行详细说明。The block chain-based routing location data secure storage and sharing method provided by the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
本发明依据存储和共享两种服务将网络划分成面向存储的数据区块链子网络和面向共享服务的共享区块链子网络,两个网络同为点对点网络,针对两个子网络使用两个区块链,分别为:数据区块链和共享区块链。The present invention divides the network into a storage-oriented data block chain sub-network and a shared service-oriented shared block chain sub-network according to the two services of storage and sharing. , respectively: data blockchain and shared blockchain.
其中面向存储的数据区块链网络包含多个平等的存储节点,各存储节点负责接收用户数据并汇总,通过共识机制验证数据合法性,并把加密数据以区块结构按照时间先后顺序存储到链上,生成数据区块链。通过合理分配协同工作提高并发性,解决中心服务存在的工作量瓶颈问题,数据通过用户端加密,并通过区块链技术存储,可在保证高安全性数据隐私的同时保证存储数据的高可靠性和透明性。The storage-oriented data blockchain network includes multiple equal storage nodes. Each storage node is responsible for receiving user data and summarizing it, verifying the legitimacy of the data through a consensus mechanism, and storing the encrypted data to the chain in a block structure in chronological order. , to generate a data blockchain. Improve concurrency through reasonable allocation of collaborative work, and solve the workload bottleneck problem of central services. Data is encrypted on the user side and stored through blockchain technology, which can ensure high security data privacy while ensuring high reliability of stored data. and transparency.
面向共享服务的共享区块链子网络由多个用户节点组成,各用户节点通过点对点网络特性和特定的共识机制来完成位置数据共享,在共识过程中各用户节点公平竞争,在完成共识后得到相应的奖励,以此达到各用户节点集体维护的目的,共识操作将每次合法的共享记录都记录在共享区块链上,网络中各用户节点都可查看,从而能够实现共享网络的公开透明和安全可靠性。The shared blockchain sub-network for shared services is composed of multiple user nodes. Each user node completes location data sharing through peer-to-peer network characteristics and a specific consensus mechanism. During the consensus process, each user node competes fairly, and after completing the consensus, the corresponding In order to achieve the purpose of collective maintenance of each user node, the consensus operation records each legal shared record on the shared blockchain, which can be viewed by each user node in the network, thus realizing the openness, transparency and reliability of the shared network. Safety and reliability.
本发明提供的基于区块链的路由位置数据保密存储及共享方法包括数据存储方法和数据共享方法;The blockchain-based routing location data confidential storage and sharing method provided by the present invention includes a data storage method and a data sharing method;
如图1—图3所示,所述的数据存储方法包括按顺序进行的下列步骤:As shown in Figure 1-Figure 3, the described data storage method comprises the following steps in order:
1)节点配置1) Node configuration
1.1)存储节点配置:1.1) Storage node configuration:
1.1.1)将服务方各存储节点配置成点对点通讯网络;1.1.1) Configure each storage node of the server as a point-to-point communication network;
1.1.2)将步骤1.1.1)中的各存储节点本地生成私钥;1.1.2) Generate a private key locally for each storage node in step 1.1.1);
1.1.3)将步骤1.1.1)中的各存储节点依据步骤1.1.2)中产生的私钥生成公钥,并将公钥在全网广播;1.1.3) Each storage node in step 1.1.1) generates a public key according to the private key generated in step 1.1.2), and broadcasts the public key on the entire network;
1.2)用户节点配置:1.2) User node configuration:
1.2.1)将连接各提供服务的路由设备的用户节点配置成点对点通讯网络;1.2.1) Configure the user nodes connected to the routing devices that provide services into a point-to-point communication network;
1.2.2)将步骤1.2.1)中的各用户节点匹配账户信息并依据此信息本地生成唯一根私钥;1.2.2) Match each user node in step 1.2.1) with account information and locally generate a unique root private key according to this information;
1.2.3)将步骤1.2.1)中的各用户节点依据步骤1.2.2)中产生的根私钥生成由私钥和公钥构成的共享密钥对,其中每个用户能够具有多个共享密钥对,并将公钥在全网广播;1.2.3) Each user node in step 1.2.1) generates a shared key pair consisting of a private key and a public key according to the root private key generated in step 1.2.2), wherein each user can have multiple shared keys key pair, and broadcast the public key on the whole network;
2)数据加密发送2) Data encrypted and sent
2.1)各用户节点生成随机密钥,并获取当前设定区间的基于路由的位置数据,然后将随机密钥和位置数据通过加密函数运算得到加密数据;2.1) Each user node generates a random key, and obtains the routing-based location data of the current set interval, and then obtains encrypted data by operating the random key and the location data through an encryption function;
2.2)各用户节点依据步骤2.1)中加密数据通过哈希函数运算得到数据摘要;2.2) Each user node obtains a data digest through a hash function operation according to the encrypted data in step 2.1);
2.3)各用户节点依据步骤1.2.3)中的私钥和步骤2.2)中的数据摘要,通过加密算法运算生成数字签名;2.3) Each user node generates a digital signature through encryption algorithm operation according to the private key in step 1.2.3) and the data digest in step 2.2);
2.4)各用户节点将步骤2.1)中的加密数据连同步骤2.3)中的数字签名打包成打包数据,并随机发送至存储子网络中某存储节点公钥地址;2.4) Each user node packages the encrypted data in step 2.1) together with the digital signature in step 2.3) into packaged data, and randomly sends it to the public key address of a storage node in the storage sub-network;
3)存储子网络验证存储3) Storage subnet verification storage
3.1)存储子网络中各存储节点按照设定时间段汇总当前时间段内接收的所有打包数据并生成数据区块;3.1) Each storage node in the storage sub-network summarizes all packaged data received in the current time period according to the set time period and generates data blocks;
3.2)存储子网络中各存储节点采用实用拜占庭容错算法,通过步骤1.2.3)中各用户节点的公钥验证上述打包数据中的数字签名,以此达成共识;3.2) Each storage node in the storage sub-network adopts a practical Byzantine fault-tolerant algorithm, and the digital signature in the above-mentioned packaged data is verified by the public key of each user node in step 1.2.3), so as to reach a consensus;
3.3)存储子网络中各存储节点将共识完成的数据区块加盖时间戳并存储到数据区块链上,然后在全网广播,完成存储过程;3.3) Each storage node in the storage sub-network timestamps the data blocks completed by the consensus and stores them on the data blockchain, and then broadcasts them on the entire network to complete the storage process;
如图4所示,在步骤1.2.2)和步骤1.2.3)中,所述的生成根私钥和共享密钥对的方法包括下列步骤:As shown in Figure 4, in step 1.2.2) and step 1.2.3), the method for generating a root private key and a shared key pair includes the following steps:
A):节点用户依据账户信息生成根私钥,本地保存;A): The node user generates the root private key according to the account information and saves it locally;
B):节点用户依据上述根私钥生成用于共享密钥对的用户私钥;B): The node user generates the user private key for sharing the key pair according to the above-mentioned root private key;
C):节点用户依据上述用户私钥生成用户公钥,最后得到由用户私钥和用户公钥构成的共享密钥对。C): The node user generates the user public key according to the above-mentioned user private key, and finally obtains a shared key pair composed of the user private key and the user public key.
如图4—图5所示,所述的数据共享方法包括按顺序进行的下列步骤:As shown in Figure 4-Figure 5, the data sharing method includes the following steps in order:
4)需求生成4) Requirement generation
4.1)请求方用户节点请求被请求方用户节点发送指定位置数据,生成需求信息;4.1) The requesting user node requests the requested user node to send the specified location data to generate demand information;
4.2)请求方用户节点选择本地任意一共享密钥对中的公钥作为需求发出地址,并用与之对应的私钥生成数字签名;4.2) The requester user node selects the public key in any local shared key pair as the request sending address, and uses the corresponding private key to generate a digital signature;
4.3)请求方用户节点事先得到一个被请求方用户节点的公钥,并作为目的地址,将需求信息和数字签名发送至该地址;4.3) The requesting user node obtains a public key of the requested user node in advance, and uses it as the destination address to send the demand information and digital signature to this address;
5)需求响应5) Demand Response
5.1)被请求方用户节点收到请求方用户节点的共享请求,广播到全网;5.1) The requested user node receives the sharing request from the requesting user node and broadcasts it to the entire network;
5.2)全网各用户节点通过共识机制达成该请求的合法性验证;5.2) Each user node of the whole network reaches the legality verification of the request through the consensus mechanism;
5.3)验证通过后,该需求信息被记录到共享区块链上,并广播到全网;5.3) After the verification is passed, the demand information is recorded on the shared blockchain and broadcast to the entire network;
5.4)被请求方用户节点本地提取与需求信息相对应的随机密钥和共享密钥对;5.4) The requested user node locally extracts the random key and shared key pair corresponding to the demand information;
5.5)被请求方用户节点随机选取存储子网络中一个存储节点的公钥,利用该存储节点的公钥将请求方用户节点的公钥加密,得到密文;5.5) The requested user node randomly selects the public key of a storage node in the storage sub-network, and uses the public key of the storage node to encrypt the public key of the requesting user node to obtain the ciphertext;
5.6)被请求方用户节点将步骤5.5)中的密文进行哈希运算,并通过将步骤5.4)中提取的共享密钥对中的私钥加密生成数字签名;5.6) The requested party user node performs hash operation on the ciphertext in step 5.5), and generates a digital signature by encrypting the private key in the shared key pair extracted in step 5.4);
5.7)被请求方用户节点使用请求方用户节点的公钥地址加密随机密钥得到加密后的随机密钥,然后将密文、数字签名及加密后的随机密钥打包成打包数据并一并发给存储子网络任一存储节点;5.7) The requested user node encrypts the random key with the public key address of the requesting user node to obtain the encrypted random key, and then packages the ciphertext, digital signature and encrypted random key into packaged data and sends it to Any storage node in the storage subnet;
6)共享达成6) Sharing achieved
6.1)被请求方用户节点选中的存储节点收到被请求方用户节点的请求,通过数字签名和步骤5.4)中的共享密钥对中的公钥验证身份和密文正确性;6.1) The storage node selected by the user node of the requested party receives the request of the user node of the requested party, and verifies the identity and the correctness of the ciphertext through the digital signature and the public key in the shared key pair in step 5.4);
6.2)被请求方用户节点选中的存储节点通过自己的私钥解密步骤5.5)中的密文,得到请求方用户节点的公钥地址;6.2) The storage node selected by the requesting party user node decrypts the ciphertext in step 5.5) through its own private key to obtain the public key address of the requesting party user node;
6.3)被请求方用户节点选中的存储节点根据需求信息要求摘取对应的加密数据连同加密后的随机密钥,并一并发给请求方用户节点的公钥地址,发送的该数据通过共识机制记录在数据区块链上;6.3) The storage node selected by the user node of the requesting party extracts the corresponding encrypted data together with the encrypted random key according to the requirements of the demand information, and sends it to the public key address of the user node of the requesting party, and the data sent is recorded through the consensus mechanism on the data blockchain;
6.4)请求方用户节点接收到被请求方用户节点选中的存储节点发来的数据,通过自己的私钥解密得到随机密钥,再对加密的位置数据解密,得到原始共享数据,共享完成。6.4) The requesting user node receives the data sent by the storage node selected by the requesting user node, obtains a random key by decrypting its own private key, and then decrypts the encrypted location data to obtain the original shared data, and the sharing is completed.
在步骤5.2)中,所述的共识机制达成方法包括下列步骤:In step 5.2), the consensus mechanism reaching method includes the following steps:
D):共享子网络中各请求方用户节点接收被请求方用户节点广播的需求信息;D): each requester user node in the shared sub-network receives the demand information broadcast by the requested party user node;
E):各被请求方用户节点通过如下公式参与共识竞争:贡献度=(最近7天内在线时长/168+最近7天内个人使用流量/最近7天内网络总流量)*最近7天内共享次数,贡献度最高的用户节点验证此次需求;E): Each requested user node participates in the consensus competition through the following formula: Contribution = (Online time in the last 7 days / 168 + Personal usage traffic in the last 7 days / Total network traffic in the last 7 days) * Share times in the last 7 days, contribution The user node with the highest degree verifies this requirement;
F)验证完成后将该需求信息存到共享区块链上,并给予流量奖励;F) After the verification is completed, the demand information is stored on the shared blockchain, and traffic rewards are given;
G)裁定当前参与验证的被请求方用户节点不得参与接下来7日之内的共识,共识完成。G) It is ruled that the requested user node currently participating in the verification shall not participate in the consensus within the next 7 days, and the consensus is completed.
Claims (3)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710585615.9A CN107181599B (en) | 2017-07-18 | 2017-07-18 | Routing position data secret storage and sharing method based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710585615.9A CN107181599B (en) | 2017-07-18 | 2017-07-18 | Routing position data secret storage and sharing method based on block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107181599A CN107181599A (en) | 2017-09-19 |
CN107181599B true CN107181599B (en) | 2020-01-21 |
Family
ID=59838321
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710585615.9A Active CN107181599B (en) | 2017-07-18 | 2017-07-18 | Routing position data secret storage and sharing method based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107181599B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111277549B (en) * | 2018-12-05 | 2022-05-03 | 杭州希戈科技有限公司 | Security service method and system adopting block chain |
Families Citing this family (53)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109309650B (en) * | 2017-07-27 | 2020-12-08 | 华为技术有限公司 | Method, terminal device and network device for processing data |
CN107770182B (en) * | 2017-10-30 | 2020-09-08 | 中国联合网络通信集团有限公司 | Data storage method of home gateway and home gateway |
CN108287661A (en) * | 2017-12-05 | 2018-07-17 | 兴业数字金融服务(上海)股份有限公司 | A kind of chain store system verified in central authority |
CN108092982B (en) * | 2017-12-22 | 2020-10-23 | 广东工业大学 | A data storage method and system based on alliance chain |
CN108055274B (en) * | 2017-12-22 | 2020-09-11 | 广东工业大学 | A method and system for encrypting and sharing data based on consortium chain storage |
CN109981547B (en) * | 2017-12-28 | 2022-06-07 | 航天信息股份有限公司 | Logistics transmission method and device based on block chain |
CN109981551A (en) * | 2017-12-28 | 2019-07-05 | 航天信息股份有限公司 | A kind of data transmission system based on block chain, method and relevant device |
CN109995715A (en) * | 2017-12-29 | 2019-07-09 | 百度在线网络技术(北京)有限公司 | Private data encipher-decipher method, device, equipment and the storage medium of block chain |
CN108269064A (en) * | 2018-01-26 | 2018-07-10 | 广东工业大学 | A kind of Collaborative Manufacturing information sharing method based on intelligent contract |
CN108346110B (en) * | 2018-01-26 | 2021-04-02 | 广东工业大学 | An information exchange system based on manufacturing blockchain |
KR101880175B1 (en) * | 2018-02-13 | 2018-07-19 | 주식회사 마크로젠 | Bio-information data providing method, bio-information data storing method and bio-information data transferring system based on multiple block-chain |
CN108566375A (en) * | 2018-03-12 | 2018-09-21 | 深圳壹账通智能科技有限公司 | The method, terminal and storage medium of message communicating between multiterminal based on block chain |
CN110290094B (en) | 2018-03-19 | 2022-03-11 | 华为技术有限公司 | A method and device for controlling data access authority |
KR101893729B1 (en) * | 2018-03-28 | 2018-10-04 | 주식회사 마크로젠 | Data sharing method based on multiple block-chains |
CN108600227B (en) * | 2018-04-26 | 2022-04-26 | 众安信息技术服务有限公司 | A method and device for sharing medical data based on blockchain |
CN108664222B (en) * | 2018-05-11 | 2020-05-15 | 北京奇虎科技有限公司 | Block chain system and application method thereof |
CN108737071B (en) * | 2018-05-18 | 2021-01-05 | 成都理工大学 | WLAN (Wireless local area network) mesh secure access method based on block chain |
CN108718344A (en) * | 2018-06-11 | 2018-10-30 | 成都谛听科技股份有限公司 | A kind of electric network data storage method and distributed power grid data-storage system |
CN108932433B (en) * | 2018-06-14 | 2021-11-05 | 江苏百倍云信息科技有限公司 | Industrial data sharing system and method based on block chain |
CN109040012B (en) * | 2018-06-19 | 2021-02-09 | 西安电子科技大学 | Block chain-based data security protection and sharing method and system and application |
CN110071775B (en) * | 2018-06-25 | 2020-10-09 | 苏州黑云信息科技有限公司 | Decentralized P2P network-oriented trusted time sequence partial order calculation method |
CN109165092B (en) * | 2018-07-10 | 2021-07-20 | 矩阵元技术(深圳)有限公司 | Consensus method, device and system based on effective computing power contribution |
CN108875411A (en) * | 2018-07-11 | 2018-11-23 | 成都理工大学 | The storage of Intelligent bracelet data and sharing method based on block chain |
CN109150968B (en) * | 2018-07-13 | 2021-09-14 | 上海大学 | Block chain distributed storage method based on secret sharing |
CN108900531A (en) * | 2018-07-31 | 2018-11-27 | 温州市图盛科技有限公司 | A kind of data confidentiality tool suitable for electric power enterprise internal network |
CN109104476B (en) * | 2018-07-31 | 2021-05-07 | 温州市图盛科技有限公司 | A blockchain-based power information security system |
CN109194614A (en) * | 2018-07-31 | 2019-01-11 | 温州市图盛科技有限公司 | A kind of electric power data processing method based on block chain |
CN109284333A (en) * | 2018-08-31 | 2019-01-29 | 中国信息通信研究院 | Blockchain-based industrial chain data maintenance method and platform |
CN109040142B (en) * | 2018-10-17 | 2021-04-13 | 杭州复杂美科技有限公司 | Private communication method, address configuration method, device and storage medium |
CN109413174B (en) * | 2018-10-18 | 2021-09-07 | 中国船舶工业系统工程研究院 | Cross-department marine data sharing method based on block chain |
CN109639753B (en) * | 2018-10-26 | 2021-08-17 | 众安信息技术服务有限公司 | A method and system for data sharing based on blockchain |
CN109542980B (en) * | 2018-11-20 | 2020-12-18 | 北京磁云数字科技有限公司 | Data processing method, device, equipment and medium for block chain |
CN110443658B (en) * | 2018-12-07 | 2023-01-24 | 深圳市智税链科技有限公司 | Tax management method, apparatus, medium and electronic device based on block chain system |
US10839411B2 (en) * | 2018-12-21 | 2020-11-17 | Noodle Technology Inc. | Validation in a decentralized network |
CN109635595B (en) * | 2018-12-29 | 2020-10-23 | 杭州趣链科技有限公司 | Block chain-based data tamper-proof method |
CN109802967B (en) * | 2019-01-25 | 2021-06-15 | 上海创景信息科技有限公司 | Block chain information tracking method and system |
CN109995781B (en) * | 2019-03-29 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Data transmission method, device, medium and equipment |
CN110096894B (en) * | 2019-05-10 | 2023-01-17 | 东北大学 | A blockchain-based data anonymous sharing system and method |
CN110516451B (en) * | 2019-07-24 | 2021-03-02 | 杭州电子科技大学 | Block chain-based derived ciphertext piece secret level change and decryption reminding notification method |
CN110690964B (en) * | 2019-10-11 | 2022-06-28 | 成都量安区块链科技有限公司 | Quantum service block chain creation method and application system |
CN111406252B (en) * | 2019-11-06 | 2022-04-15 | 支付宝(杭州)信息技术有限公司 | Consensus of error correction code based shared blockchain data storage |
CN111147263A (en) * | 2020-01-14 | 2020-05-12 | 安徽理工大学 | Mobile verification terminal of coal mine safety information based on PBFT technology |
CN112039892B (en) * | 2020-08-31 | 2022-11-29 | 中国信息通信研究院 | A data sharing method and related device |
CN112187866B (en) * | 2020-09-03 | 2021-10-15 | 山东大学 | A Novel Blockchain Consensus Method Based on Shared Storage |
CN112491904B (en) * | 2020-12-01 | 2022-05-20 | 德州职业技术学院(德州市技师学院) | Big data privacy protection sharing method and system |
CN112883419B (en) * | 2021-02-03 | 2024-04-19 | 李才美 | Data consensus method and device among nodes in distributed network and node equipment |
CN112532753B (en) * | 2021-02-09 | 2021-05-07 | 腾讯科技(深圳)有限公司 | Data synchronization method, device, medium and electronic equipment of block chain system |
CN113497827B (en) * | 2021-04-26 | 2024-04-16 | 深圳力维智联技术有限公司 | Information sharing method and device |
CN113239376B (en) * | 2021-05-14 | 2023-01-20 | 北京邮电大学 | Data sharing method, request method and device based on block chain |
CN116170368B (en) * | 2021-11-25 | 2024-08-30 | 四川大学 | Quantum key routing method based on link contribution degree |
CN114266073B (en) * | 2022-03-02 | 2022-05-17 | 环球数科集团有限公司 | Data link privacy processing system based on block chain technology |
CN115189880B (en) * | 2022-06-06 | 2025-05-13 | 北京科技大学 | A continuous identity authentication method for numerical control systems under zero trust architecture |
CN119382862A (en) * | 2024-12-27 | 2025-01-28 | 北京中电汇通科技有限公司 | A cloud host data access security processing method and system |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170140145A1 (en) * | 2012-05-14 | 2017-05-18 | Netspective Communications Llc | Computer-controlled physically distributed collaborative asynchronous digital transactions |
CN106487821B (en) * | 2017-01-04 | 2020-07-03 | 北京天云智汇科技有限公司 | Digital signature method based on Internet block chain technology |
CN106686008B (en) * | 2017-03-03 | 2019-01-11 | 腾讯科技(深圳)有限公司 | Information storage means and device |
-
2017
- 2017-07-18 CN CN201710585615.9A patent/CN107181599B/en active Active
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111277549B (en) * | 2018-12-05 | 2022-05-03 | 杭州希戈科技有限公司 | Security service method and system adopting block chain |
Also Published As
Publication number | Publication date |
---|---|
CN107181599A (en) | 2017-09-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107181599B (en) | Routing position data secret storage and sharing method based on block chain | |
CN109587132B (en) | Data transmission method and device based on alliance chain | |
CN109040045B (en) | A cloud storage access control method based on ciphertext policy attribute-based encryption | |
CN110022217B (en) | Advertisement media service data credible storage system based on block chain | |
CN106357396B (en) | Digital signature method and system and quantum key card | |
CN113556363B (en) | Data sharing method and system based on decentralized and distributed proxy re-encryption | |
CN101807991B (en) | Ciphertext policy attribute-based encryption system and method | |
EP2984782B1 (en) | Method and system for accessing device by a user | |
US7957320B2 (en) | Method for changing a group key in a group of network elements in a network system | |
CN108390891A (en) | Information protection method based on private blockchain | |
CN105516980B (en) | A kind of wireless sensor network token authentication method based on Restful frameworks | |
CN108880995A (en) | Strange social network user information and message based on block chain push encryption method | |
CN106790064A (en) | The method that both sides are communicated in credible root server cloud computing server model | |
CN104468126A (en) | Safety communication system and method | |
CN108964897A (en) | Identity authorization system and method based on group communication | |
CN108881240B (en) | Member privacy data protection method based on block chain | |
CN108600152A (en) | Modified Kerberos identity authorization systems based on quantum communication network and method | |
CN116346318B (en) | Data sharing method, sharing device, processor and system thereof | |
CN116527279A (en) | Verifiable federal learning device and method for secure data aggregation in industrial control network | |
CN115664629A (en) | Homomorphic encryption-based data privacy protection method for intelligent Internet of things platform | |
CN114866244A (en) | Controllable anonymous authentication method, system and device based on ciphertext block chaining encryption | |
CN101471771B (en) | Method and system for transmitting and enciphering medium based on P2P network | |
Sultan et al. | A secure access and accountability framework for provisioning services in named data networks | |
CN113886781B (en) | Multi-authentication encryption method, system, electronic equipment and medium based on block chain | |
CN114679261B (en) | On-chain anonymous communication method and system based on key derivation algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |