Embodiment
In order that those skilled in the art more fully understand the technical scheme in the application, it is real below in conjunction with the application
The accompanying drawing in example is applied, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described implementation
Example only some embodiments of the present application, rather than whole embodiments.Based on the embodiment in the application, this area is common
The every other embodiment that technical staff is obtained under the premise of creative work is not made, should all belong to the application protection
Scope.
Fig. 2 is a kind of schematic flow sheet of herein described block chain data processing method embodiment.Although the application is carried
Supply such as following embodiments or method operating procedure shown in the drawings or apparatus structure, but based on conventional or without creative
More or operating procedure partly less after merging or modular unit can be included in methods described or device by working.Patrolling
Collect in the step of necessary causality is not present in property or structure, the execution sequence of these steps or the modular structure of device are not limited
In the embodiment of the present application or execution sequence shown in the drawings or modular structure.Described method or modular structure in practice
When device, server or end product are applied, it can be carried out according to embodiment or method shown in the drawings or modular structure suitable
Sequence is performed or parallel perform (environment of such as parallel processor or multiple threads, even includes distributed treatment, service
The implementation environment of device cluster).
A kind of specific embodiment is as shown in Fig. 2 a kind of one kind for block chain data processing method that the application is provided is real
Apply in example, methods described can include:
S2:Whether the block information that first node identification is received needs to carry out secret protection processing.
General, block chain data can be in block chain in the way of increment with multiple nodes, each node
Add block chain data.When some transaction need carry out secret protection processing when, block chain participate in the transaction a node or
The multiple nodes of person can recognize according to the information of transaction and confirm that the Transaction Information being stored in block chain needs to carry out privacy guarantor
Shield processing.
For example, being related to businessman A sensitive information, it is necessary to carry out secret protection processing in the transaction B1 that A nodes are participated in, then may be used
To add the mark of similar " private " in transaction B1, the transaction for needing to carry out secret protection processing is expressed as.Client will
When A nodes are arrived in B1 circulations of merchandising, A nodes can need to carry out secret protection according to the identity validation of " private " transaction B1
Processing, and then confirm that the corresponding block informations of transaction B1 need to carry out secret protection processing.
It is, of course, also possible to including other embodiments for recognizing the need for carry out secret protection processing.Such as client
End can also directly notify A nodes, and transaction odd numbers is the corresponding block information of Transaction Information of " B1 " in block chain is stored in
When need carry out secret protection processing, then first node can according to transaction odd numbers identification at transaction " B1 " block information need
Carry out secret protection processing.
First node described in the present embodiment can be understood as including specifically carrying out secret protection to information in block
The side of processing, accordingly, Section Point described below can be understood as including having carried out secret protection in decryption block chain
The side of the block chain data of processing.In the present embodiment, described first node cryptographic block information and secret protection is carried out
It is some specific node that the description of processing, which is not limited, be also not necessarily limited to be a node processing.For example, A nodes need
Secret protection processing is carried out to block information, then A nodes belong to described first node, node C is to block when handling next time
Information carries out secret protection processing, then now node C belongs to described first node.A nodes and C are to corresponding block information
Secret protection processing is carried out, then now A nodes and node C can belong to described first node.Similarly, described second section
It is some specific node that point, which is not limited, yet, be also not necessarily limited to be a node processing, especially the application realizes and saved at one
In point encryption, the embodiment of the technique effect of many places node decryption.
In addition, it is necessary to explanation, if the Section Point that first node is not associated, such as first node secret protection
Block information only first node client or operating personnel can check, then now it is considered that carrying out block information interface
Section Point and first node be same node, the first node and Section Point should not be interpreted as to two physics
Upper different node.
S4:If so, the key of plaintext AES is then generated, using the plaintext AES using the key to described
Block information is encrypted, the block information after generation encryption.
First node determines that block information needs to carry out after secret protection processing, then utilizes the plaintext AES chosen
Block information is encrypted, the block information after generation encryption.Plaintext AES described in the present embodiment can include
A variety of cipher modes, such as OpenPGP AESs or similar AES processing methods.To ensure the security of secret protection processing,
Plaintext AES described here can use at least one key, therefore, can first generate add in plain text in the present embodiment
The key of close algorithm, then plaintext AES block information is encrypted using the key of generation.
Generate in the specific implementation process of key, key can be sequentially generated according to default mode, such as originated from some
Key starts to generate different key every time according to pre- fixed step size or generates corresponding key etc. using some algorithm.The application
In a kind of embodiment provided, described key is given birth to when can be random string data, so each secret protection processing
Into key disguise it is stronger, it is difficult to be cracked, the security of block information secret protection can be effectively improved.Specifically, this
In the described a kind of one embodiment of block chain data processing method for applying for offer, the key can include:
The string data randomly generated.
In a specific example, during for example with OpenPGP AESs, one group is randomly generated before can encrypting every time
Data, such as UUID (Universally Unique Identifier, general unique identifier).This can be used as using UUID
Store the Session key (session key) of the Dialog processing of the block information of secret protection.Then plaintext AES is utilized
Such as AES, block information (specific content can include Transaction Information) tx1 is encrypted according to the UUID of the generation, generated
Block information after encryption.Block information data after encryption are as shown in figure 3, Fig. 3 is a scene of herein described method
Schematic diagram data after middle cryptographic block information.
In the present embodiment, when first node identifies that the block information currently merchandised needs to carry out secret protection processing
When, the key of plaintext AES can be generated, then the block is believed using using the plaintext AES of the key
Breath is encrypted, the block information after generation encryption.
S6:The key is encrypted using stipulated form, key ciphertext is generated, the stipulated form includes making the first segment
In point and block chain the Section Point that is associated with the first node according to key ciphertext described in predetermined manner encrypting and decrypting calculation
Method.
, can be further to encrypting the block information institute after cryptographic block information in the embodiment of the present embodiment
The key used is encrypted.In the implement scene of the present embodiment, first node is used after key cryptographic block information, can be with
Enable to decrypt acquisition block information with the Section Point that the first node is associated, realize encryption at one, the effect of many places decryption
Really.The specific mode used to key encryption can arrange with associated nodes in advance, and such as first node uses some
After encryption-decryption algorithm M1 encryption keys, algorithm M1 can be notified to the Section Point to association, or first node and institute
Related Section Point arranges key to be encrypted decryption using M1 encryption-decryption algorithms jointly.Specifically, the application
A kind of embodiment of the specific stipulated form in methods described is provided, can be included:
S301:Unsymmetrical key pair corresponding to the first node and Section Point is set;
Accordingly, during the encryption key, respectively using the unsymmetrical key pair of the first node and Section Point
Key described in public key encryption, generates corresponding first key ciphertext, the second key ciphertext.
In the embodiment that the present embodiment is taken, each node can be respectively arranged with the unsymmetrical key of oneself node
It is right, including public key (PubKey) and private key (PriKey), or only can also be set in the node for needing to carry out secret protection processing
Asymmetric privacy keys pair are put, the unsymmetrical key pair of first node and Section Point as described in setting and correspond to.To same block
Each associated node that information carries out secret protection processing can be stored with mutually other node public keys, so, to institute
When stating key and being encrypted, it can be encrypted respectively using the public key of each node, and produce accordingly corresponding close
Key ciphertext.
OpenPGP uses a non-proprietary protocol of public key encryption algorithm privacy enhanced mail, is that one kind is obtained in recent years
Widely use the end-by-end security mail standards of shaping.OpenPGP defines private to the encrypting and decrypting, signature, public key of information
The form such as key and digital certificate, by providing safe and secret to information to the operation such as the encryption of information, signature and transcoding, coding transform
Service.OpenPGP digital signature is often referred to user and the digital finger-print of message (is produced by hash function with the privacy key of oneself
Summary) be encrypted the data of rear gained, digital signature technically identifies signer to the digital finger-print of the text
Responsibility.Because the privacy key of signer only himself is possessed, he once completes signature and just ensure that signer
It can not deny and once send out the information (i.e. non repudiation), so being also to be closed for describing data and the binding of some public-key cryptography
System, is exactly the process of signature using the process of secret key encryption data, this signature can be by corresponding with signature key
Public-key cryptography and raw information are verified together.Originator needs private key to sign one piece of data or document, can
To calculate one piece of data using a kind of algorithm, and this segment data represents the unique feature of document, once document has any change
Becoming this segment data can all change, and this signature will be ineffective.In one embodiment that the application is provided, described utilize uses
The plaintext AES of the key is encrypted to the block information and can included:
The block information is encrypted based on the session key generated at random in OpenPGP algorithms.
A specific example is as shown in figure 4, Fig. 4 is a kind of number of utilization rivest, shamir, adelman encryption key of the application
It is believed that breath schematic diagram.First node is A nodes, and A nodes take part in one jointly with node C needs the transaction tx1 of secret protection,
Now node C is the Section Point associated with the first A nodes.Tx1 is sent to after A nodes by client, and A nodes recognize the friendship
Easily need carry out secret protection, then can based on OpenPGP AES first at random generation one UUID as this to hand over
Easy tx1 carries out the session key session key of secret protection processing.Then it can be saved respectively using A in first node side
The public key A_PubKey and node C of point public key C_PubKey carry out encrypted session key session key, and generation respectively corresponds to
The first key ciphertext of A nodes and node C the second key ciphertext.So, due to having used first node and having associated section
The public key of point carrys out encryption key, and the key ciphertext ultimately generated equally using the private key of A nodes can decrypt first by A nodes
Key ciphertext, and associated nodes C can also directly decrypt the second key ciphertext using the private key of the node of oneself.For other
Node such as B node, although the key ciphertext after encryption can be acquired, but can not obtain session key, thus also without
Method obtains tx1 content information., then can be in first node similarly it is known that when the associated nodes of first node are more
Carry out encryption key using the public key of each associated nodes respectively, generate corresponding 3rd key ciphertext, the 4th key ciphertext ....This
Sample, is encrypted at first node one, and many places associated nodes are decrypted using corresponding algorithm, it is possible to achieve encryption, many places solution at one
It is close, and this processing mode is simple, efficient, encrypting and decrypting can be handled while ensureing secret protection processing security
Design is simple, and system treatment effeciency is more efficient.
Certainly, further, in other embodiments, described stipulated form can also be included for different blocks letter
Breath or different types of block information set the algorithm of key described in different encrypting and decryptings respectively.For example according to transaction tx1
Type of transaction confirm it is to carry out encryption key using public key A_PubKey, or using specific transformation rule by session key
Be converted to the character string (such as adding scrambler) of other data formats.Or, operating personnel can adopt according to data processing needs
Other stipulated forms are taken to confirm the algorithm of encrypted decryption key.
S8:Using the data including the block information after the encryption and key ciphertext as block chain data storage in block
In the corresponding block of chain.
After aforesaid operations, the key of block information and key encryption after the encryption that can encrypt block information is close
Text is fitted together, as shown in figure 5, Fig. 5 is that encryption at one, the secret protection of many places decryption are realized in the application one embodiment
Block chain data after processing.Then the Transaction Information that first node can fit together this is used as block chain data storage
In corresponding block.If likewise, node C identification receive Transaction Information tx2 need carry out secret protection processing, and
Tx2 participant includes tri- nodes of B, C, D, then C nodes now can first generate a session at random as first node
Key2, is then encrypted using B node, C, D public key B_PriKey, C_PriKey, D_PriKey to session key2 respectively,
It is stored in after being assembled together with the block information after tx2 encryption in the corresponding block of block chain.
Such as the public key A_PubKey rivest, shamir, adelmans of A nodes, such as RSA encrypts session key, this encryption
Information only A nodes can be decrypted with A_PriKey.C nodes ibid, the step of the above two operation terminate after by ciphertext and encryption after transaction
Information is fitted together, as shown in Figure 5.
A, C node can obtain session key using the private key of this node, and friendship can be decrypted using session key
Easy information tx1.Other nodes can not obtain session key, therefore can not learn tx1 content.Session key add every time
It is close to randomly generate, good secrecy effect can be reached.
General, the block chain for participating in the different nodes of same block chain should be identical, and such as A, B, C, D node are total to
With same block chain is used, then the data for needing to ensure the block chain of each node are consistent.Therefore, in some applied fields
Jing Zhong, when block chain includes multiple nodes, when some node increases block chain data newly, can be sent to it by way of broadcast
His node.For example in above-mentioned example, the identification transaction of A nodes needs secret protection and completed after corresponding encryption, will encrypt
Transaction Information afterwards is broadcast to B, C, D node, and the situation of the account book (block chain) of each node is as shown in Figure 5 after the completion of broadcast.
S10:During the block chain data that secret protection is handled in Section Point decryption block chain, using the stipulated form solution
The close key obtained in the block chain data.
The block chain data for the secret protection processing being stored in block chain, are obtained wherein if some node needs to inquire about
Block information (can be specifically Transaction Information therein), then can using described in abovementioned steps S3 it is corresponding about
Determine mode to be decrypted, obtain the key in block chain data.Stored after can obtaining A nodes secret protection processing such as node C
Block chain data, then can decrypting " C_PubKey (session key) " using node C private key C_PriKey, this is close
Key ciphertext, and used key session key when obtaining encryption tx1.
It is to be appreciated that if A nodes oneself check the block chain data of the secret protection processing of A nodes storage,
Then A nodes now can be understood as belonging to the category of the Section Point, i.e., the node associated with first node can be certainly
Oneself node (or being interpreted as the degree of association 100%).
S12:The block information after encryption in block chain data described in the secret key decryption obtained based on the decryption, is obtained
Block information after decryption.
Decryption is obtained after key, it is possible to use the secret key decryption obtains the block information after encryption, obtains original plaintext
Block information after decryption.
A kind of embodiment of the application can the block chain secret protection scheme based on OpenPGP, by will be by privacy
The transaction of protection is by OpenPGP algorithm for encryption, and the data after encryption are stored in above block chain as the information of transaction.Below
It is the data processing example of block chain secret protection of specific one of the application based on OpenPGP, with tetra- nodes of A, B, C, D
Exemplified by, each node can have a pair of unsymmetrical key pair, such as A nodes have A_PubKey and A_PriKey, A_PubKey
External disclosure, A_PriKey secrecy.The transaction tx1 of privacy is sent the need for client (client) participates in an A and C node
A nodes are given, A nodes, which recognize transaction, to be needed after secret protection, using OpenPGP AESs, by transaction encryption and then broadcast
B, C, D node are given, each node account book situation is as shown in fig. 6, Fig. 6 is individual node in the application one embodiment after the completion of broadcast
Complete secret protection and the block chain schematic diagram data being broadcast to after other nodes.
Further, client sends a general transaction tx2 and gives D nodes, and last client sends B, C, a D and participated in
The need for secret protection transaction tx3 to B node.Above-mentioned two transaction is handled and complete according to any one foregoing embodiment successively
Into after broadcast, each node account book situation as shown in fig. 7, Fig. 7 is that multinode processing in the application one embodiment merchandise after
Each block chain data structure schematic diagram.
After the completion of three transactions, all node account books are completely the same, and wherein tx2 is disclosed general transaction, all nodes
It can be seen that.And tx1 only AC nodes can be decrypted, B, D node are While it can be seen that tx1 after encryption, but can not be decrypted
Its content.Same A nodes can not also decrypt tx3.So, by above-mentioned example as can be seen that the embodiment that the application is provided
The information data encryption that will be stored in block chain can just be decrypted for special member and checked, be embodied as the offer of special deal information
The purpose of safe and reliable secret protection.
A kind of block chain data processing method that the application is provided, can will be passed through spy by the Transaction Information of secret protection
Determine algorithm for encryption, and the encryption of stipulated form also used to key used in AES, transaction data after encryption and
Key ciphertext data are stored in above block chain as block chain data.Present node and some associations can be used in the application
The mode that node is arranged jointly is encrypted.After present node is encrypted and is stored, realize that associated nodes can be with base in block chain
Decrypted in the mode of agreement to the block information after the encryption in block chain data, and the node of dereferenced is only capable of obtaining block chain
Data but original block information can not be checked, reach the purpose of secret protection.Also, the application employs at one encryption, many
Locate the embodiment of decryption, the node handled in block information secret protection carries out encryption at one, data after encryption can be
Multiple associated nodes are directly decrypted, not only safe to protect privacy to merchandise, and encryption and decryption process mode is simpler
It is single, quick, efficient.And only key can be encrypted when realizing secret protection processing, reduce system design complexity
With data processing amount, transmission consumption etc., improve data processing performance of the whole system in block information secret protection.
Method described above from block chain data-privacy protect when encryption storage, read and decrypt block chain data
Application scenarios describe application scheme.Specifically, for the individual node in block chain, the application provides a kind of be applicable
Individual node carries out the implementation of the privacy preservation processing of block information in block chain, and this individual node can be foregoing
The first node for needing to carry out secret protection is determined after described identification transaction.Fig. 8 is a kind of block chain number that the application is provided
According to the method flow schematic diagram of another embodiment of processing method, as shown in figure 8, can include:
S20:For needing to carry out secret protection block information, first node generates the key of plaintext AES, utilizes
The block information is encrypted using the plaintext AES of the key, the block information after generation encryption;
S40:The key is encrypted using stipulated form, key ciphertext is generated, the stipulated form includes making described first
The Section Point associated in node and block chain with the first node is according to key ciphertext described in predetermined manner encrypting and decrypting
Algorithm;
S60:Using the data including the block information after the encryption and key ciphertext as block chain data storage in area
In the corresponding block of block chain.
In the other embodiment of methods described, receive need to store to block information in block chain when, Ke Yixian
Recognize whether the block information needs to carry out secret protection.Therefore, it is described for needing in another embodiment of methods described
Secret protection block information is carried out, first node generates the key of plaintext AES, can included:
Whether the block information that first node identification is received needs to carry out secret protection processing;
If so, then generating the key of plaintext AES.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment
Divide mutually referring to what each embodiment was stressed is the difference with other embodiment.Especially for above-mentioned area
For individual node embodiment in block chain, encryption when being protected with reference to foregoing block chain data-privacy stores, reads and decrypt
The embodiment of the application scenarios of block chain data can also include other embodiment, and key includes as described:Randomly generate
String data, or, the stipulated form includes:Unsymmetrical key corresponding to the first node and Section Point is set
It is right;Accordingly, during the encryption key, added respectively using the public key of the first node and the unsymmetrical key pair of Section Point
The close key, generates corresponding first key ciphertext, second key ciphertext etc..Concrete implementation mode can be with foregoing related side
The description of method embodiment, will not be described here.
Likewise, the application can also provide methods described another embodiment, i.e., stored in the first node
After the block chain data of secret protection processing, other nodes (including first node) need to decrypt the area for obtaining secret protection processing
During block message, the block chain data processing scheme of the decryption processing of embodiment can be handled using the foregoing secret protection of correspondence.
Specifically, Fig. 9 is a kind of method flow schematic diagram for another embodiment of block chain data processing method that the application is provided, such as
Shown in Fig. 9, it can include:
S30:Obtain first node and be stored in the block chain data that secret protection is handled in block chain;
S32:The key obtained in the block chain data is decrypted using stipulated form, the stipulated form includes making area
First node in block chain is with Section Point according to the algorithm of key ciphertext described in predetermined manner encrypting and decrypting, the Section Point
It is associated with the first node;
S34:The block information after encryption in block chain data described in the secret key decryption obtained based on the decryption, is obtained
Block information after decryption.
The application scenarios for encrypting storage, reading and decrypting block chain data when being protected such as foregoing block chain data-privacy
Described in embodiment, in the other embodiment of methods described, the stipulated form can include:
Unsymmetrical key pair corresponding to the first node and Section Point is set;During encryption key, respectively using institute
Key described in the public key encryption for the unsymmetrical key pair for stating first node and Section Point, the corresponding first key ciphertext of generation,
Second key ciphertext;
Accordingly, it is described that institute is obtained to decrypt using stipulated form used in the key encrypted in the block chain data
The key stated in block chain data includes:
The second key ciphertext is decrypted using the private key of the unsymmetrical key pair of Section Point, the block chain number is obtained
Key in.
Based on block chain data processing method described above, the application also provides a kind of block chain data processing equipment.
Described device can include the use of the system (including distributed system) of herein described method, software (application), module,
Component, server, client etc. and the device for combining necessary implementation hardware.Based on same innovation thinking, what the application was provided
A kind of device in embodiment is as described in the following examples.Because the implementation that device solves problem is similar to method, because
The implementation of the specific device of this application may refer to the implementation of preceding method, repeats part and repeats no more.It is used below,
Term " unit " or " module " can realize the combination of the software and/or hardware of predetermined function.Although following examples are retouched
The device stated preferably is realized with software, but hardware, or the realization of the combination of software and hardware is also possible and by structure
Think.Specifically, Figure 10 is a kind of modular structure schematic diagram for block chain data processing equipment embodiment that the application is provided, such as
Shown in Figure 10, described device can include:
Plaintext encrypting module 102, can be used for for needing to carry out secret protection block information, first node generation is in plain text
The key of AES, the block information is encrypted using using the plaintext AES of the key, generation encryption
Block information afterwards;
Cipher key encryption block 104, can be used for encrypting the key using stipulated form, generate key ciphertext, it is described about
Determining mode includes making the Section Point associated with the first node in the first node and block chain according to predetermined manner add
The algorithm of the close decryption key ciphertext;
Node data memory module 106, can be used for the number including the block information after the encryption and key ciphertext
According to as block chain data storage in the corresponding block of block chain.
In the other embodiment for the described device that the application is provided, the cipher key encryption block 104 can include:
Key production module 1040, can be used for randomly generating string data, and key is used as using the string data.
And, with reference to described in preceding method embodiment, the plaintext encrypting module 102 can include:
Encrypting module is recognized, whether can be used for the block information of first node identification reception needs to carry out at secret protection
Reason;If so, then generating the key of plaintext AES.
In another embodiment, the cipher key encryption block 104 can include:
Unsymmetrical key memory module 1042, can be used for the unsymmetrical key pair and second section for storing the first node
The public key of the unsymmetrical key pair of point;
Encrypting module 1044, can be used for the public affairs respectively using the first node and the unsymmetrical key pair of Section Point
Key encrypts the key, generates corresponding first key ciphertext, the second key ciphertext.
As shown in figure 11, Figure 11 is a kind of embodiment modular structure of cipher key encryption block 104 in herein described device
Schematic diagram, key production module 1040, unsymmetrical key memory module 1042, encrypting module 1044 can be included simultaneously
In the other embodiment of described device, the plaintext encrypting module 102 can include:
OpenPGP encrypting modules, can be used for based on the session key generated at random in OpenPGP algorithms to the block
Information is encrypted.
Figure 12 is a kind of modular structure schematic diagram for block chain data processing equipment embodiment that the application is provided, such as Figure 12
Shown, in other embodiments, described device can also include:
Cipher key decryption block 108, can be used for obtaining the block that first node is stored in secret protection processing in block chain
Chain data, and the key obtained in the block chain data is decrypted using the stipulated form;
Plaintext decryption module 110, can be used in block chain data described in the secret key decryption based on the decryption acquisition
Block information after encryption, block information after being decrypted.
Device described in previous embodiment can combine necessary hardware in the terminal device of node and realize.So, it is right
For individual node, it can not only realize that encryption needs the block data of secret protection processing and is stored in block chain, also
The reading block chain data from block chain can be realized, and key is obtained according to corresponding stipulated form decryption, and further
Original block information after being decrypted.So, the terminal device of described first node and associated with first node
The terminal device of two nodes can decrypt acquisition Transaction Information, and other nodes are only capable of seeing block information after encryption (such as
Transaction summarization), reach the purpose of secret protection.And encryption, many places decryption at which one, and encrypting and decrypting mode safety,
Simply, efficiently, system invasive (transformation) it is smaller, effectively reduction system privacy protection processing design complexities and provide data
Process performance.
Application description based on above-mentioned middle Section Point side, the application also provides another block chain data processing dress
Put, described device can be associated with the first node of the block chain data of storage secret protection processing, such as friendly alliance's node or friendship
Easy co-participant, it is possible to achieve check the Transaction Information of first node secret protection.Specifically, such as first node encryption is handed over
The key that easy information is used can use the public key of Section Point to be encrypted, and such Section Point then can making according to oneself
Key is obtained with decryption, the algorithm then generally acknowledged using block chain data checks Transaction Information.Specifically, Figure 13 is the application institute
Another embodiment modular structure schematic diagram of device is stated, as shown in figure 13, described device can include:
Data acquisition module 200, can be used for obtaining the block that first node is stored in secret protection processing in block chain
Chain data;
Cipher key decryption block 202, can be used for decrypting the key obtained in the block chain data using stipulated form,
The stipulated form includes making first node and Section Point in block chain close according to key described in predetermined manner encrypting and decrypting
The algorithm of text, the Section Point is associated with the first node;
Plaintext decryption module 204, can be used in block chain data described in the secret key decryption based on the decryption acquisition
Block information after encryption, block information after being decrypted.
Described in parameter preceding method embodiment, in described device others embodiment, the stipulated form can include adopting
With following embodiment:
Unsymmetrical key pair corresponding to the first node and Section Point is set;During encryption key, respectively using institute
Key described in the public key encryption for the unsymmetrical key pair for stating first node and Section Point, the corresponding first key ciphertext of generation,
Second key ciphertext;
Accordingly, the cipher key decryption block decrypts the key packet obtained in the block chain data using stipulated form
Include:The second key ciphertext is decrypted using the private key of the unsymmetrical key pair of Section Point, obtained in the block chain data
Key.
The block chain data processing method that the application is provided can be referred to by the corresponding program of computing device in a computer
Make realizing, such as realized using the c++ language of windows operating systems at PC ends, or other such as Linux, android, iOS
Realization of system respective application design language etc..A kind of another embodiment for block chain data processing equipment that the application is provided
In, go for carrying out Transaction Information the terminal device of the first node side of secret protection, specifically, described device can
It is real when being instructed described in the computing device with including processor and for storing the memory of processor-executable instruction
It is existing:
Whether the block information that identification first node is received needs to carry out secret protection processing;
If so, the key of plaintext AES is then generated, using the plaintext AES using the key to the area
Block message is encrypted, the block information after generation encryption;
The key is encrypted using stipulated form, key ciphertext is generated, the stipulated form includes making the first node
With algorithm of the Section Point associated in block chain with the first node according to key ciphertext described in predetermined manner encrypting and decrypting;
Using the data including the block information after the encryption and key ciphertext as block chain data storage in block chain
In corresponding block.
In other embodiments, it can also be realized when being instructed described in the computing device:
Obtain the block chain data that secret protection is handled in block chain;
The key obtained in the block chain data is decrypted using the stipulated form;
The block information after encryption in block chain data described in the secret key decryption obtained based on the decryption, is decrypted
Block information afterwards.
In a kind of another embodiment for block chain data processing equipment that the application is provided, go for and described the
One node association decryption and obtain Transaction Information Section Point side terminal device, specifically, the application provide one
Block chain data processing equipment is planted, processor and the memory for storing processor-executable instruction can be included, it is described
Realized when being instructed described in computing device:
Obtain first node and be stored in the block chain data that secret protection is handled in block chain;
The key obtained in the block chain data is decrypted using stipulated form, the stipulated form includes making block chain
In first node and Section Point according to the algorithm of key ciphertext described in predetermined manner encrypting and decrypting, the Section Point and institute
Stating first node is associated;
The block information after encryption in block chain data described in the secret key decryption obtained based on the decryption, is decrypted
Block information afterwards.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment
Divide mutually referring to what each embodiment was stressed is the difference with other embodiment.Especially for hardware+
For program class embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to side
The part explanation of method embodiment.
A kind of block chain data processing equipment that the application is provided, can will be passed through spy by the Transaction Information of secret protection
Determine algorithm for encryption, and the encryption of stipulated form also used to key used in AES, transaction data after encryption and
Key ciphertext data are stored in above block chain as block chain data.Present node and some associations can be used in the application
The mode that node is arranged jointly is encrypted.After present node is encrypted and is stored, realize that associated nodes can be with base in block chain
Decrypted in the mode of agreement to the block information after the encryption in block chain data, and the node of dereferenced is only capable of obtaining block chain
Data but original block information can not be checked, reach the purpose of secret protection.Also, the application employs at one encryption, many
Locate the embodiment of decryption, the node handled in block information secret protection carries out encryption at one, data after encryption can be
Multiple associated nodes are directly decrypted, not only safe to protect privacy to merchandise, and encryption and decryption process mode is simpler
It is single, quick, efficient.And only key can be encrypted when realizing secret protection processing, reduce system design complexity
With data processing amount, transmission consumption etc., improve data processing performance of the whole system in block information secret protection.
Device or method described above can be used in the system of a variety of memory block chain data, a common node
Inside can include multiple terminal installations, can be server and/or client or application therein, each device can be distinguished
The different tasks of processing, can will need to be stored in block chain in task and need to carry out secret protection processing.The application
The block chain data system provided is that can include at least one in the node to need to store transaction data (task)
In block chain and need carry out secret protection processing terminal installation, to realize to the simple, efficient, safe of Transaction Information
Secret protection.Account book can be for example stored directly on public account book using OpenPGP technologies, only special member just can be with
Decryption, reaches the purpose of secret protection.Specifically, a kind of block chain data system that the application is provided, can include processor
And for storing the memory of processor-executable instruction, realized when being instructed described in the computing device it is above-mentioned any one
The step of embodiment of the method methods described.
Figure 14 is a kind of block chain data storage system architectures schematic diagram that the application is provided.Explanation is needed, it is described above
Device or system can also include other embodiments according to the description of embodiment of the method, and concrete implementation mode is referred to
The description of related method embodiment, is not repeated one by one herein.
A kind of block chain data processing method of the application offer, apparatus and system, will can be handed over by secret protection
Easy information is encrypted by special algorithm, and the encryption of stipulated form is also used to key used in AES, after encryption
Transaction data and key ciphertext data be stored in as block chain data above block chain.It can be used in the application and work as prosthomere
The mode that point is arranged jointly with some associated nodes is encrypted.Realize and close after present node is encrypted and is stored, in block chain
Interlink point can be decrypted to the block information after the encryption in block chain data based on the mode of agreement, and the node of dereferenced is only
Block chain data can be obtained but original block information can not be checked, the purpose of secret protection is reached.Also, the application is employed
Encryption, the embodiment of many places decryption at one, the node handled in block information secret protection carries out encryption at one, after encryption
Data can be directly decrypted in multiple associated nodes, not only safe to protect privacy to merchandise, and encryption and decryption process
Mode is simpler, quick, efficient.And only key can be encrypted when realizing secret protection processing, reduce system
Design complexities and data processing amount, transmission consumption etc., improve data processing of the whole system in block information secret protection
Performance.
Although mentioning openPGP algorithms, at random generation key, AES encryption algorithm, block data storage in teachings herein
Mode, key cipher mode or the like data/mode the description, still, this Shen such as define, obtain, interacting, calculating, judging
Please be not limited to must be meet industry communication standard, standard block chain data storage, computer disposal and storage rule or
Situation described by the embodiment of the present application.Some professional standards or the practice processes described using self-defined mode or embodiment
On embodiment amended slightly can also realize above-described embodiment it is identical, equivalent or close or deformation after it is anticipated that reality
Apply effect.Using the embodiment of the acquisitions such as data acquisition, storage, judgement, the processing mode after these modifications or deformation, still may be used
To belong within the scope of the optional embodiment of the application.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims
It is interior.In some cases, the action recorded in detail in the claims or step can be come according to different from the order in embodiment
Perform and still can realize desired result.In addition, the process described in the accompanying drawings not necessarily requires show specific suitable
Sequence or consecutive order could realize desired result.In some embodiments, multitasking and parallel processing be also can
With or be probably favourable
In the 1990s, for a technology improvement can clearly distinguish be on hardware improvement (for example,
Improvement to circuit structures such as diode, transistor, switches) or software on improvement (for the improvement of method flow).So
And, with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit.
Designer nearly all obtains corresponding hardware circuit by the way that improved method flow is programmed into hardware circuit.Cause
This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, PLD
(Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate
Array, FPGA)) it is exactly such a integrated circuit, its logic function is determined by user to device programming.By designer
Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, without asking chip maker to design and make
Special IC chip.Moreover, nowadays, substitution manually makes IC chip, and this programming is also used instead mostly " patrols
Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development,
And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language
(Hardware Description Language, HDL), and HDL is also not only a kind of, but have many kinds, such as ABEL
(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description
Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL
(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby
Hardware Description Language) etc., VHDL (Very-High-Speed are most generally used at present
Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also should
This understands, it is only necessary to slightly programming in logic and be programmed into method flow in integrated circuit with above-mentioned several hardware description languages,
The hardware circuit for realizing the logical method flow can be just readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing
Device and storage can by the computer of the computer readable program code (such as software or firmware) of (micro-) computing device
Read medium, gate, switch, application specific integrated circuit (Application Specific Integrated Circuit,
ASIC), the form of programmable logic controller (PLC) and embedded microcontroller, the example of controller includes but is not limited to following microcontroller
Device:ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, are deposited
Memory controller is also implemented as a part for the control logic of memory.It is also known in the art that except with
Pure computer readable program code mode is realized beyond controller, can be made completely by the way that method and step is carried out into programming in logic
Obtain controller and come real in the form of gate, switch, application specific integrated circuit, programmable logic controller (PLC) and embedded microcontroller etc.
Existing identical function.Therefore this controller is considered a kind of hardware component, and various for realizing to including in it
The device of function can also be considered as the structure in hardware component.Or even, can be by for realizing that the device of various functions is regarded
For that not only can be the software module of implementation method but also can be the structure in hardware component.
System, device, module or unit that above-described embodiment is illustrated, can specifically be realized by computer chip or entity,
Or realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used
Think personal computer, laptop computer, vehicle-mounted human-computer interaction device, cell phone, camera phone, smart phone, individual
Digital assistants, media player, navigation equipment, electronic mail equipment, game console, tablet PC, wearable device or
The combination of any equipment in these equipment of person.
Although this application provides the method operating procedure as described in embodiment or flow chart, based on conventional or noninvasive
The means for the property made can include more or less operating procedures.The step of being enumerated in embodiment order is only numerous steps
A kind of mode in execution sequence, unique execution sequence is not represented., can be with when device in practice or end product execution
Performed according to embodiment or method shown in the drawings order or parallel execution (such as parallel processor or multiple threads
Environment, even distributed data processing environment).Term " comprising ", "comprising" or its any other variant are intended to
Nonexcludability is included, so that process, method, product or equipment including a series of key elements not only will including those
Element, but also other key elements including being not expressly set out, or also include being this process, method, product or equipment
Intrinsic key element.In the absence of more restrictions, be not precluded from the process including the key element, method, product or
Also there are other identical or equivalent elements in person's equipment.
For convenience of description, it is divided into various modules during description apparatus above with function to describe respectively.Certainly, this is being implemented
The function of each module can be realized in same or multiple softwares and/or hardware during application, can also will realize same work(
The module of energy is by combination realization of multiple submodule or subelement etc..Device embodiment described above is only schematic
, for example, the division of the unit, only a kind of division of logic function, can there is other dividing mode when actually realizing,
Such as multiple units or component can combine or be desirably integrated into another system, or some features can be ignored, or not hold
OK.It is another, shown or discussed coupling or direct-coupling or communication connection each other can be by some interfaces,
The INDIRECT COUPLING or communication connection of device or unit, can be electrical, machinery or other forms.
It is also known in the art that in addition to realizing controller in pure computer readable program code mode, it is complete
Controller can be caused with gate, switch, application specific integrated circuit, programmable by the way that method and step is carried out into programming in logic entirely
Logic controller realizes identical function with the form of embedded microcontroller etc..Therefore this controller is considered one kind
Hardware component, and the device for realizing various functions included to its inside can also be considered as the structure in hardware component.Or
Person even, not only can be able to will be the software module of implementation method but also can be hardware for realizing that the device of various functions is considered as
Structure in part.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus
Or any other non-transmission medium, the information that can be accessed by a computing device available for storage.Define, calculate according to herein
Machine computer-readable recording medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product.
Therefore, the application can be using the embodiment in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Form.Deposited moreover, the application can use to can use in one or more computers for wherein including computer usable program code
The shape for the computer program product that storage media is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
The application can be described in the general context of computer executable instructions, such as program
Module.Usually, program module includes performing particular task or realizes routine, program, object, the group of particular abstract data type
Part, data structure etc..The application can also be put into practice in a distributed computing environment, in these DCEs, by
Remote processing devices connected by communication network perform task.In a distributed computing environment, program module can be with
Positioned at including in the local and remote computer-readable storage medium including storage device.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment
Divide mutually referring to what each embodiment was stressed is the difference with other embodiment.It is real especially for system
Apply for example, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method
Part explanation.In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ",
The description of " specific example " or " some examples " etc. means to combine specific features, structure, material that the embodiment or example are described
Or feature is contained at least one embodiment of the application or example.In this manual, to the schematic of above-mentioned term
Statement is necessarily directed to identical embodiment or example.Moreover, specific features, structure, material or the feature of description can
To be combined in an appropriate manner in any one or more embodiments or example.In addition, in the case of not conflicting, ability
The technical staff in domain can be by the not be the same as Example or the feature of example and non-be the same as Example or example described in this specification
It is combined and combines.
Embodiments herein is the foregoing is only, the application is not limited to.For those skilled in the art
For, the application can have various modifications and variations.It is all any modifications made within spirit herein and principle, equivalent
Replace, improve etc., it should be included within the scope of claims hereof.