CN107483198B - A kind of block catenary system supervised and method - Google Patents
A kind of block catenary system supervised and method Download PDFInfo
- Publication number
- CN107483198B CN107483198B CN201710873134.8A CN201710873134A CN107483198B CN 107483198 B CN107483198 B CN 107483198B CN 201710873134 A CN201710873134 A CN 201710873134A CN 107483198 B CN107483198 B CN 107483198B
- Authority
- CN
- China
- Prior art keywords
- node
- block chain
- key
- information
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The block catenary system and method that can be supervised the present invention relates to one kind, it include: authentication center (CA), authentication is carried out to ordinary node, generates the registration information about the node, and openly waits the registration for being written into and completing node in block chain to block chain network;Key Distribution Center (KDC) formulates regulatory rule, defines the complete property set of supervision department, distributes key according to the specific object of supervision department for it;Supervision department obtains key, monitoring block chain network transaction from KDC, once there is abnormal account, then utilizes the true identity of the Node registry acquisition of information node in the key decryption block chain of oneself;Ordinary node is interacted with CA, addition block chain operation after carrying out authentication, completing registration.The present invention constructs a kind of block chain that can be supervised using cryptological techniques such as ABE, signatures, allows different supervision departments to be supervised according to the difference of function to the data of block catenary system, thus takes precautions against the generation of illegal activities etc..
Description
Technical field
The invention belongs to computer application technologies, and in particular to the block catenary system and method that one kind can supervise are permitted
Perhaps different supervision centers supervises the behavior of block catenary system user according to the difference of function.
Background technique
Block chain originates from bit coin, and essence is a kind of distributed storage technology, has decentralization, anonymity, can chase after
It the properties such as traces back, can not distort.Using block chain technology, a set of new trust can be established in the case where non-stop layer trust authority
System.Therefore, the scenes such as financial service, shared economy, medical treatment & health, social management can be applied to.However in traditional block
In chain, the account information and transaction content of all users is all disclosed.Even if any user can read these open numbers
According to, but block chain is that the assumed name system for guaranteeing that anonymity uses can but bring great threat to social stability.For example, its nothing
Method resists the illegal activities such as money laundering.Many different accounts can be generated in one real user, and between these accounts constantly
Carry out fund transfer, becomes difficult anti money washing.In order to take precautions against such criminal offence, the present invention discloses a kind of block that can be supervised
Catenary system and method.
Encryption attribute scheme (ABE) is a kind of encryption technology that can be realized fine granularity nonreciprocal access control mechanisms.In
In ABE, the condition that user is capable of successful decryption is that one group of attribute set can satisfy access control policy, and according to function difference
Be classified as two major classes: the encryption attribute scheme (KP-ABE) of Ciphertext policy, wherein key is associated with access control policy, close
Text is associated with the attribute set of user;The encryption attribute scheme (CP-ABE) of Ciphertext policy, with KP-ABE on the contrary, key and use
The attribute set at family is related, and ciphertext is associated with access strategy.For both encryption attribute schemes, only when attribute set is full
When sufficient access control policy, user can be decrypted correctly.The main application scenarios of KP-ABE are paid for television system, and
CP-ABE is mainly used in the information sharing system with access control, such as electronic medical record system.The present invention using CP-ABE come
Realize the supervision to system user behavior.In order to improve encryption efficiency, using KEM/DEM Hybrid Encryption.I.e. by the side CP-AB-KEM
Case encrypted session key, then use session key as private key encryption data of DEM itself.Consistent with ABE scheme is only to have
The user of respective attributes can just decrypt the session key that KEM obtains encapsulation, and the part session key decryption DEM is recycled to obtain number
According to.
It is currently known a Chinese patent CN 106503994A (block chain private data access control based on encryption attribute
Method processed) it also uses attribute encryption technology block catenary system is improved.The invention proposes a kind of based on encryption attribute
Block chain private data access control method, mainly solve traditional technology only hide the true identity of user in block chain
Name protection, not to transaction privacy information encrypt and caused by privacy leakage problem.Implementation step are as follows: (1) system
Initialization;(2) user's registration obtains attribute information;(3) authoritative center is according to customer attribute information dispatch user private key;(4) it hands over
Yi Fang encryption transaction private data is simultaneously uploaded to block chain;(5) bookkeeper verifies Transaction Information and executes transaction;(6)
Authorization supervision center checks transaction ciphertext using authorization private key decryption.The invention also allows to authorize it can be seen from above-mentioned steps 6
Transaction ciphertext is checked in supervision center decryption, plays the role of certain supervision, but there is a problem of one it is serious: All Activity data
Exist with ciphertext form, can make the supervision of supervision center that will become extremely complex, especially supervision center is possibly can not
It notes abnormalities behavior in time and makes corresponding processing.Once the no longer effective property of supervision, hits criminal offence
Dynamics will weaken significantly.In addition, the invention is to be distinguished with attribute to user, but be of virtually the user of same alike result simultaneously
It is non-only one, can not know exactly which be who generate a transaction, i.e., can not criminal offence occur when confirm it
True identity is supervised very difficult.
Summary of the invention
Technology of the invention solves the problems, such as: overcome the deficiencies of the prior art and provide a kind of block catenary system that can be supervised and
Method, using cryptological techniques such as ABE, signatures, construct it is a kind of can real-time monitoring block chain, allow different supervision department's roots
The data of block catenary system are supervised according to the difference of function, thus take precautions against the generation of illegal activities etc..
The following technical solution is employed by the present invention: the block catenary system that can supervise of one kind, comprising: authentication center (CA), close
Key Distribution Center (KDC), supervision department and ordinary node;
1, authentication center (CA) possesses the private key for generating signature: carrying out authentication to ordinary node, obtains its true body
Part information and the account information (such as public key or wallet address) run for block chain;By true identity information according to given
Regulatory rule ABE algorithm for encryption, generate corresponding ciphertext;It generates about node account information and the label of ABE encrypted cipher text
Name;Encapsulating node account information, ABE encrypted cipher text, signature becomes the registration information of the node;Registration information is published to block
In chain network, waits by existing node verification and block chain is written to complete Node registry.
2, Key Distribution Center (KDC), definition describe the complete attribute set of each supervision department's function, generate ABE algorithm
Common parameter and can for supervision department distribute key main private key;Formulate the supervision department what attribute is regulatory rule-have
Gatekeeper pipe has the node of what identity;Common parameter and regulatory rule are sent at CA.Judge the category that supervision department meets
Property collection, and be that it generates corresponding private key using main private key.
3, supervision department obtains the private key of oneself from KDC.The trading activity of block chain network is monitored, if note abnormalities
A large amount of or a large sum of transaction is generated in account, such as short time, then searches for the registration information in block chain about the account, is verified
The validity of signature, decryption ABE encrypted cipher text obtain the true identity information of the account.
4, ordinary node, by with CA interact complete registration after participate in block chain operation.
The block chain method that one kind of the present invention can supervise realizes that steps are as follows:
1, system is established: CA generates signature public private key pair, and discloses the public key of oneself;KDC definition describes each supervision department
The complete attribute set of function generates the common parameter of ABE algorithm and can distribute the main private key of key for supervision department, formulates
Common parameter and regulatory rule are sent at CA by regulatory rule.
2, distribute administrative key: when there is new supervision department to be added, KDC first determines whether its property set met, then
Corresponding key is generated for it using the main private key of oneself, the key is finally sent to the supervision department in a secured manner.
3, block chain is run: being participated in jointly by ordinary node.Identical with traditional block chain is that block chain is still to have
The wound generation block of special construction then by a series of there is mutually isostructural block to form with cryptographic Hash link, save as the beginning
It can mutually transfer accounts between point, and accounting nodes be generated by common recognition mechanism, new block is written, and the block has recorded one
The All Activity data occurred in the section time;Unlike, the present invention in data structure by increasing user's registration information table
Monitoring function is realized, being contained mainly in a period of time interior all new node registration informations generated, (specific producing method is shown in
4, Node registry), which can be packaged into new block and final entry is on block chain.Therefore, by searching for block chain,
Transaction data can be not only inquired, registration information can also be inquired.
4, it Node registry: when there is new node to wish that the operation of block chain is added, is interacted with CA complete identity first
Certification, and provide oneself will be run in block chain used in account information, such as public key or wallet address.CA is utilized and this
The identity information obtained after node interaction, the regulatory rule judgement provided in conjunction with KDC have the supervision department of what attribute
The true identity information of the node can be obtained at the following a certain moment, and be obtained according to this judgement using the ABE algorithm for encryption information
Ciphertext after must encrypting;Then it is generated using the signature private key of oneself about node account information and ABE encrypted cipher text
Signature, and encapsulate the registration information of node account information, ABE encrypted cipher text, signature as the node;Finally by registration information public affairs
Cloth is into block chain network.All registered nodes can verify the validity of signature therein after receiving registration information, and
All new transaction data and registration information generated in a period of time are generated into new area by certain data structure encapsulation
Block.After registration information is written into block chain, then new node registration is completed.Later, which can then be normally added area
The operation of block chain.
5, supervise trading activity: supervision department monitors the trading activity of block chain network by the method for oneself, once there is account
The note in block chain about the node is then searched for there are a large amount of or a large sum of transaction is generated in abnormal behaviour, such as short time in family
Volume information verifies the validity wherein signed and decrypts the true identity that ABE encrypted cipher text obtains the node.
The advantages of the present invention over the prior art are that:
1, compared with traditional block chain, invention increases monitoring functions, solve existing block catenary system without supervision function
The shortcomings that energy.Using the existing password technology of existing ABE, signature, only block chain data structure and node access are modified in part
Rule can reach the purpose of supervision customer transaction behavior.To realize that the supervision behaviors such as anti money washing provide basis.
2, compared with existing patent, the present invention only encrypts user real identification, and the entity of permission can not decrypt note
Its true identity of volume acquisition of information, on the one hand protects the anonymity of ordinary user, another aspect supervision department passes through monitoring net
Transaction lockable exception account in network, once the account that notes abnormalities can be by search block chain to obtain its true body
Part, accomplish real-time monitoring.
Detailed description of the invention
Fig. 1 is present system composition block diagram;
Fig. 2 is data structure diagram, i.e. the concrete mode figure of block chain storage;
Fig. 3 is new node register flow path figure, that is, authentication and open registration information detail flowchart;
Fig. 4 is supervision flow figure.
Specific embodiment
The following describes the present invention in detail with reference to the accompanying drawings and embodiments.
As shown in Figure 1, this system all participation entities divide according to the part of function it is as follows:
1, authentication center (CA) carries out authentication to ordinary node, generates the registration information about the node, and openly
To block chain network, the registration for being written into and completing node in block chain is waited;
2, Key Distribution Center (KDC) formulates regulatory rule, the complete property set of supervision department is defined, according to supervision department
Specific object be its distribute key;
3, supervision department, obtains key from KDC, and monitoring block chain network transaction then utilizes once there is abnormal account
The true identity of Node registry acquisition of information node in the key decryption block chain of oneself;
4, ordinary node is interacted with CA, addition block chain operation after carrying out authentication, completing registration.
Further, a block chain backup can be locally stored in all ordinary nodes, supervision department, and same in real time
Walk the new data in block chain network.
Based on the above entity, present system realizes following functions:
1, system is established
CA generates the public private key pair of signature, and discloses the public key of oneself;The system that KDC runs CP-AB-KEM scheme first
Initialization algorithm, generates the open parameter PK and main private key MSK of oneself, and definition describes the complete property set of each supervision department's function
U is closed, formulation regulatory rule describes the node that there is the department of what attribute can supervise what identity, and selection is suitable symmetrically to be added
Close algorithm (AES) is used as DEM algorithm, and discloses oneself open parameter, complete attribute set, regulatory rule and the DEM of selection
Algorithm;It generating block chain and creates generation block, preselected node is chosen in the configuration (being no different with traditional block chain) including completing block chain,
Completion registration is interacted by them and with CA, generates preselected node registration table.
Specifically, the system initialization algorithm of CP-AB-KEM scheme are as follows: non-right according to default rule selection one first
Bilinear map D=(the G of title1,G2,GT, e, p), wherein G1,G2,GTIt is three different groups, p is these order of a group numbers, is taken as
Prime number, e are asymmetrical bilinear map e:G1×G2→GT, can be regarded as a function, input G respectively1In a member
Element and G2In an element, that is, exportable GTIn element.The attribute description U of system is by finite field Zp(in integer item
The residual class ring of mould p) in element constitute, i.e., by the attribute Z in all real worldspIn an element represent, and
One attribute uniquely corresponds to such element, and all corresponding relationships are also recorded in attribute description U.Then algorithm is random
Choose group G1In generation member g, h, u, v, w, randomly select crowd G2In generation member z, choose finite field ZpIn arbitrary random number
α generates G using above-mentioned asymmetrical bilinear map eTOn element e (g, z), finally e (g, z) is done using random number α
Module exponent operation obtains e (g, z)α.By the D of all above-mentioned selections or generation, g, h, u, v, w, z, e (g, z)αAs open parameter
PK is denoted as PK=(D, g, h, u, v, w, z, e (g, z)α), and it is sent to all users;Simultaneously by PK, α is as main private key
MSK, is denoted as MSK=(PK, α), is safely saved by KDC.
2, distribute administrative key
When there is new supervision department to be added, KDC first determines whether its attribute set met
Wherein A1,A2,...,AkBelong to finite field Zp, represent the supervision department and possess k attribute in total, attribute set S is above-mentioned complete
The a subset of full attribute set U;Then KDC is generated using the key of the main private key MSK operation CP-AB-KEM scheme of oneself and is calculated
Method generates corresponding key SK for it, and key is finally sent to the supervision department in a secured manner.
Specifically, the key schedule of CPA-AB-KEM scheme are as follows: the main private key MSK and user for inputting KDC meet
Attribute setFrom finite field ZpIn randomly select k+1 value r, r1,r2,...,rk, use first
Main private key cc does module exponent operation to generation member g and obtains gα, module exponent operation is done to generation member w with random number r and obtains wr, to above-mentioned
Two parts do multiplication and obtain part of key K0=gαwr;Then it is done module exponent operation with random number r to obtain part close to being generated member z
Key K1=zr, it is similar with the above process for i=1,2 ..., k, calculate separately part of keyAnd part of key(wherein-r indicates r in finite field ZpIn additive inverse), finally by S, K0,K1,{Ki,2,Ki,3, i=
1,2 ..., k is safely saved together as the private key SK of user by user oneself, and is denoted by SK=(S, K0,K1,
{Ki,2,Ki,3), i=1,2 ..., k.
3, block chain is run
It is participated in jointly by ordinary node.Identical with traditional block chain is that block chain is still with the wound with special construction
Generation block then by a series of there is mutually isostructural block to form with cryptographic Hash link as the beginning, can phase between node
It mutually transfers accounts, and accounting nodes is generated by common recognition mechanism, new block is written, and the block has recorded and occurs whithin a period of time
All Activity data;Unlike, the present invention realizes supervision function by increasing user's registration information table in data structure
Can, being contained mainly in a period of time interior all new node registration informations generated, (specific producing method is shown in that 4, new node is infused
Volume), which can be packaged into new block and final entry is on block chain.It therefore, not only can be with by searching for block chain
Transaction data is inquired, registration information can also be inquired.Specific data structure is as shown in Figure 2: block chain is that had by a series of
The block of chronological order is linked in the way of cryptographic Hash to be formed, to create generation block as the beginning.Creating generation block includes to match
Confidence breath and preselected node registration table, configuration information include the configuration information of all about block chain, as at the beginning of common recognition mechanism, POW
Beginning difficulty etc., preselected node registration table include the registration information that may participate in the node of operation at the beginning of block catenary system is established,
Its structure is consistent with the user's registration table in other blocks.In addition to creating generation block, each block includes block sequence number, block
Head, block size, block Hash, user's registration table and data set.User's registration table includes all new nodes whithin a period of time
The information of registration, each registration information by node public key PK, the ABE encrypted cipher text of true identity information (by Head,
The part AB-KEM and DEM tri- forms, and wherein Head marks in the ciphertext length of AB-KEM and DEM respectively so that guarantee can be just
Really decryption), CA connects composition to the signature of preceding two parts information with the private key of oneself.Data set includes all in a period of time
Data (orderly).Block head records father's block Hash, timestamp, Merkle root.Wherein, Merkel root be by all data by
The value of the root node of the structure composition of Merkle tree.It is rapidly tested using Merkle tree construction without downloading all data
Demonstrate,proving the block, there are some specific data.
4, new node is registered
Detailed process is as shown in Figure 3.When there is new node to wish that the operation of block chain is added, registration is initiated to CA first and is asked
It asks;Then authentication is carried out to new node by CA, obtains its true identity information;New node provides oneself to CA will be
Account information used in the operation of block chain, the present invention is using public key as example, so node needs to generate public key PKnode, and
Send it to CA;CA generates corresponding access structure (M, ρ) according to the real information of the KDC regulatory rule sent and node,
The ciphertext about session key key is generated using the Encryption Algorithm of the open parameter PK operation CP-AB-KEM received from KDC
CT, and use session key key as the true identity information of the private key encryption new node of aes algorithm, and private with the signature of oneself
Key generates the signature about PK and encapsulation ciphertext, forms registration information;Then CA needs open registration information existing to block chain
Network in;All registered nodes can verify the validity of signature therein after receiving registration information, and when by one section
All new transaction data and registration information of interior generation generate new block by certain data structure encapsulation;Work as registration
After information is written into block chain, then new node registration is completed, and by CA notice new node, it succeeds in registration.Later, the node
The operation of block chain can be then normally added.
Specifically, the Encryption Algorithm of CP-AB-KEM are as follows: input common parameter PK, linear privacy sharing access structure (M,
ρ), wherein M be a l row n column matrix, ρ be one mapping, an attribute is mapped as by any a line in matrix M.It is first
First, at random from finite field ZpMiddle selection random number s and y2,...,yn, column vector is set(T is to seek row vector
(s,y2,...,yn) transposition), calculate shared column vector about random number s It indicates matrix M
And vectorIt is multiplied, then from finite field ZpMiddle selection random number t1,t2,...,tk, session key key=e (g, z)αs(αs
Indicate that α is multiplied with s), calculating section ciphertext C0=zsPart ciphertext is calculated separately for j=1,2 ..., l
And part ciphertext(attribute of the jth row mapping of ρ (j) representing matrix M ,-tjIndicate random number tjLimited
Domain ZpIn additive inverse), calculating section ciphertextSetting ciphertext is CT=((M, ρ), C0,{Cj,1,Cj,2,Cj,3),
Wherein j=1,2 ..., l.
5, user behavior is supervised
Detailed process is as shown in Figure 4.Supervision department monitors the trading activity of block chain network by the method for oneself, once have
There are a large amount of or a large sum of transaction (a large amount of many transactions of finger, and a large sum of are generated in abnormal behaviour, such as short time for account
Refer to the with large amount of a transaction), then search for the registration information in block chain about the node.When searching out registration information,
First verify that the validity wherein signed, be verified after just according to the Head of ABE encrypted cipher text mark distinguish wherein KEM with
The part DEM, the part decipherment algorithm decryption KEM for then running CP-AB-KEM obtain session key key, and with the session key
Key as AES decrypts the true identity that the part DEM therein obtains the node.This example is not related to specific monitoring party
Method, supervision department can determine that behavior is abnormal account according to the method and rule of oneself, this example, which only provides, once to be sentenced
It is set to the method how abnormal account obtains its true identity.
Specifically, CP-AB-KEM decipherment algorithm are as follows: input and access structure (M, ρ) corresponding ciphertext CT and and property set
It closesCorresponding key SK=(S, K0,K1,{Ki,2,Ki,3), i=1,2 ..., k.If property set
Conjunction is unsatisfactory for access strategy, and algorithm terminates.Otherwise, in the attribute set that all row vectors of matrix M map, selection and attribute
The intersection of set S is I={ i: ρ (i) ∈ S }, calculates in I every i row matrix row to MiCoefficient ωiIt is set to meet following equalitiesWherein MiIt is the i-th row of matrix M, ωi·MiIndicate coefficient ωiNumber multiplies row matrix vector Mi, then
Calculate encapsulation keyWherein j is attribute ρ (i)
Index in S indicates GTIn multiplication, long horizontal line indicates group GTIn division, top is dividend, and lower section is divisor.Its
Middle divisorExpression first calculates separately all elements i in set ICalculated result is all multiplied again;And eachIt is then to calculate separately out e first with above-mentioned asymmetrical bilinear map e
(Ci,1,K1), e (Ci,2,Kj,2), e (Kj,3,Ci,3), a G is obtained after then it is all multipliedTIn element, finally utilize
ωiModule exponent operation is done to the element to obtainFinally, output encapsulation key
Key=e (g, z)αs。
Above embodiments are provided just for the sake of the description purpose of the present invention, and are not intended to limit the scope of the invention.This
The range of invention is defined by the following claims.It does not depart from spirit and principles of the present invention and the various equivalent replacements made and repairs
Change, should all cover within the scope of the present invention.
Claims (2)
1. the block catenary system that one kind can supervise, it is characterised in that: including authentication center (CA), Key Distribution Center (KDC), prison
Pipe portion door and ordinary node;
Authentication center CA, possess generate signature private key, to ordinary node carry out authentication, obtain its true identity information and
Account information for the operation of block chain;By true identity information according to given regulatory rule ABE algorithm for encryption, generate
Corresponding ciphertext;It generates about node account information and the signature of ABE encrypted cipher text;Encapsulation node account information, ABE encryption are close
Text, signature become the registration information of the node;Registration information is published in block chain network, is waited by existing node verification simultaneously
Block chain is written to complete Node registry;
Key Distribution Center KDC, definition describe the complete attribute set of each supervision department's function, generate the public ginseng of ABE algorithm
Number and the main private key that key can be distributed for supervision department;Formulating regulatory rule is supervision department's supervision tool with what attribute
There is the node of what identity;Common parameter and regulatory rule are sent at CA, judge the property set that supervision department meets, and benefit
It is that supervision department generates corresponding private key with main private key;
Supervision department obtains the private key of oneself from KDC, monitors the trading activity in block chain network, if noting abnormalities account,
If generating a large amount of or a large sum of transaction in a short time, searches in block chain network and believe about the registration of the exception account
Breath, verifies the validity of signature, and decryption ABE encrypted cipher text obtains the true identity information of the exception account;
Ordinary node, by with CA interact complete registration after participate in block chain operation.
2. the block chain method that one kind can supervise, it is characterised in that: realize that steps are as follows:
(1) system is established: authentication center CA generates signature public private key pair, and discloses the public key of oneself;Key Distribution Center KDC is fixed
Justice describes the complete attribute set of each supervision department's function, generates the common parameter of ABE algorithm and can distribute for supervision department
The main private key of key formulates regulatory rule, common parameter and regulatory rule is sent at authentication center CA;
(2) distribute administrative key: when there is new supervision department to be added, Key Distribution Center KDC first determines whether its category met
Property collection, be then that it generates corresponding key using the main private key of oneself, the key be finally sent to this in a secured manner
Supervision department;
(3) block chain is run: being participated in jointly by ordinary node, New Transaction is generated between node, it then follows common recognition mechanism generates new district
Block links all blocks according to certain data structure and forms block chain;
(4) Node registry: when there is new node to wish that the operation of block chain is added, completion is interacted with authentication center CA first
Authentication, and providing oneself will the account information used in the operation of block chain;Authentication center CA is utilized to be handed over the node
The identity information obtained after mutually, the regulatory rule judgement provided in conjunction with Key Distribution Center KDC have the supervision of what attribute
Department just can obtain the true identity information of the node at the following a certain moment, and be somebody's turn to do according to this judgement using ABE algorithm for encryption
Ciphertext after information acquisition encryption;Then it is generated using the signature private key of oneself and is encrypted about node account information and ABE
The signature of ciphertext, and encapsulate the registration information of node account information, ABE encrypted cipher text, signature as the node;It finally will registration
For information announcement into block chain network, all registered nodes can verify having for signature therein after receiving registration information
Effect property, and all new transaction data and registration information generated in a period of time are generated by certain data structure encapsulation
New block, after registration information is written into block chain, then new node registration is completed, and later, which then can be normal
The operation of block chain is added;
(5) supervise trading activity: supervision department monitors the trading activity of block chain network by the method for oneself, once there is account to deposit
In abnormal behaviour, then the registration information in block chain network about the abnormal nodes is searched for, verifies the validity wherein signed simultaneously
Decryption ABE encrypted cipher text obtains the true identity of the abnormal nodes.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710873134.8A CN107483198B (en) | 2017-09-25 | 2017-09-25 | A kind of block catenary system supervised and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710873134.8A CN107483198B (en) | 2017-09-25 | 2017-09-25 | A kind of block catenary system supervised and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107483198A CN107483198A (en) | 2017-12-15 |
CN107483198B true CN107483198B (en) | 2019-11-12 |
Family
ID=60585958
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710873134.8A Active CN107483198B (en) | 2017-09-25 | 2017-09-25 | A kind of block catenary system supervised and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107483198B (en) |
Families Citing this family (76)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981547B (en) * | 2017-12-28 | 2022-06-07 | 航天信息股份有限公司 | Logistics transmission method and device based on block chain |
CN110071898B (en) * | 2018-01-22 | 2021-06-04 | 本无链科技(深圳)有限公司 | Method for removing center to detect node validity |
GB201803706D0 (en) * | 2018-03-08 | 2018-04-25 | Nchain Holdings Ltd | Computer-implemented system and method |
CN108615144A (en) * | 2018-04-11 | 2018-10-02 | 北京奇虎科技有限公司 | Identity information processing method, device and the computing device of block chain node |
CN109146678B (en) * | 2018-04-18 | 2022-07-05 | 北京天德科技有限公司 | Cross-border supervision reporting system based on traditional block chain |
CN108876363B (en) * | 2018-04-18 | 2022-02-11 | 北京天德科技有限公司 | Cross-border supervision report system based on double-chain architecture block chain |
CN108520464B (en) * | 2018-04-18 | 2022-05-10 | 北京天德科技有限公司 | Real-time automatic supervision reporting system based on traditional block chain |
CN108460598B (en) * | 2018-04-18 | 2022-05-10 | 北京天德科技有限公司 | Real-time automatic supervision reporting system based on double-chain architecture block chain |
CN110417775B (en) * | 2018-04-27 | 2021-03-26 | 腾讯科技(深圳)有限公司 | Virtual article transaction method and device based on block chain and server |
CN108647523B (en) * | 2018-04-28 | 2020-01-17 | 华南理工大学 | Block chain-based electronic certification system and certificate storage and file recovery method |
CN108898475B (en) * | 2018-05-08 | 2021-04-06 | 众安信息技术服务有限公司 | Attribute encryption-based alliance block chain credit implementation method and system |
CN108712409B (en) * | 2018-05-09 | 2021-05-25 | 广西创轩科技有限公司 | Electronic bill transaction system based on private block chain |
CN110475249B (en) * | 2018-05-10 | 2021-08-20 | 华为技术有限公司 | Authentication method, related equipment and system |
CN111898148B (en) * | 2018-05-11 | 2024-08-20 | 创新先进技术有限公司 | Information supervision method and device based on blockchain |
CN108933778A (en) * | 2018-05-23 | 2018-12-04 | 广州西麦科技股份有限公司 | Product trading monitoring method, device and storage medium based on system for cloud computing |
WO2019227337A1 (en) * | 2018-05-30 | 2019-12-05 | 重庆小雨点小额贷款有限公司 | Security management method based on block chain, related device, and storage medium |
CN108989022B (en) * | 2018-06-08 | 2021-11-09 | 中国科学院计算技术研究所 | Intelligent object shared key establishment method and system based on block chain |
CN109064324A (en) * | 2018-06-15 | 2018-12-21 | 重庆金融资产交易所有限责任公司 | Method of commerce, electronic device and readable storage medium storing program for executing based on alliance's chain |
CN108964903B (en) * | 2018-07-12 | 2021-12-14 | 腾讯科技(深圳)有限公司 | Password storage method and device |
CN108900528B (en) * | 2018-07-24 | 2021-08-31 | 中国联合网络通信集团有限公司 | Block chain real-name authentication method, device, equipment and storage medium |
CN109190384B (en) * | 2018-07-26 | 2022-02-22 | 百色学院 | Multi-center block chain fusing protection system and method |
CN109274481B (en) * | 2018-08-01 | 2020-03-27 | 中国科学院数据与通信保护研究教育中心 | Data traceable method of block chain |
CN110827029A (en) * | 2018-08-09 | 2020-02-21 | 普华云创科技(北京)有限公司 | User management method, system and computer readable storage medium based on block chain |
CN109241016B (en) * | 2018-08-14 | 2020-07-07 | 阿里巴巴集团控股有限公司 | Multi-party security calculation method and device and electronic equipment |
CN109005186B (en) * | 2018-08-20 | 2020-12-11 | 杭州复杂美科技有限公司 | Method, system, equipment and storage medium for isolating user identity information |
CN109194487A (en) * | 2018-09-13 | 2019-01-11 | 全链通有限公司 | Construction method and system are traded or communicated to my real name based on block chain |
CN109242467B (en) * | 2018-09-17 | 2021-01-01 | 金蝶软件(中国)有限公司 | Block chain-based networking method and device, computer equipment and storage medium |
CN109361738A (en) * | 2018-09-25 | 2019-02-19 | 安徽灵图壹智能科技有限公司 | A kind of identity authorization system and method based on block chain network |
US11263630B2 (en) * | 2018-10-12 | 2022-03-01 | Blackberry Limited | Method and system for single purpose public keys for public ledgers |
CN109447742A (en) * | 2018-10-16 | 2019-03-08 | 广东工业大学 | A kind of order processing method and relevant apparatus |
CN111106930B (en) * | 2018-10-25 | 2023-03-14 | 北京国盾量子信息技术有限公司 | Block chain network construction method and device and block chain network system |
CN109949882A (en) * | 2018-11-15 | 2019-06-28 | 陕西医链区块链集团有限公司 | Medical block chain data storage system |
CN111192044A (en) * | 2018-11-15 | 2020-05-22 | 富邦金融控股股份有限公司 | Block chain network system with supervision mechanism and implementation method thereof |
CN109558742B (en) * | 2018-11-16 | 2021-05-18 | 海南新软软件有限公司 | Information validity detection method and device based on block chain |
CN109472601A (en) * | 2018-11-21 | 2019-03-15 | 北京蓝石环球区块链科技有限公司 | The block chain framework of privacy transaction can be supervised |
CN109784918A (en) * | 2018-12-15 | 2019-05-21 | 深圳壹账通智能科技有限公司 | Information measure of supervision, device, equipment and storage medium based on block chain |
CN109697670B (en) * | 2018-12-29 | 2021-06-04 | 杭州趣链科技有限公司 | Public link information shielding method without influence on credibility |
CN109741482B (en) * | 2019-01-08 | 2022-01-25 | 京东方科技集团股份有限公司 | Information sharing method and device |
CN109714173B (en) * | 2019-01-25 | 2020-09-29 | 北京邮电大学 | Block chain-based Internet of things authentication method and device |
CN110611647A (en) * | 2019-03-06 | 2019-12-24 | 张超 | Node joining method and device on block chain system |
CN109981675B (en) * | 2019-04-04 | 2021-10-26 | 西安电子科技大学 | Identity information protection method for digital identity authentication and attribute encryption |
CN109993659A (en) * | 2019-04-17 | 2019-07-09 | 上海沄界信息科技有限公司 | A kind of internet trading system, method and apparatus |
CN110289951B (en) * | 2019-06-03 | 2022-09-13 | 杭州电子科技大学 | Shared content supervision method based on threshold key sharing and block chain |
CN110288480B (en) * | 2019-06-28 | 2023-06-09 | 深圳前海微众银行股份有限公司 | Private transaction method and device for blockchain |
CN112152982B (en) * | 2019-06-28 | 2022-01-07 | 华为技术有限公司 | Processing method, device and medium of block chain information |
CN110503560A (en) * | 2019-09-27 | 2019-11-26 | 深圳市网心科技有限公司 | Data trade method, data trade apparatus and system based on block chain |
CN110570313A (en) * | 2019-09-27 | 2019-12-13 | 深圳市网心科技有限公司 | data transaction method, data transaction device and system based on block chain |
CN110809000B (en) * | 2019-11-12 | 2022-02-18 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | Service interaction method, device, equipment and storage medium based on block chain network |
CN111010280B (en) * | 2019-12-09 | 2021-07-30 | 中山大学 | Group signature-based construction method for monitorable block chain |
CN112131615B (en) * | 2020-02-10 | 2021-04-13 | 北京天德科技有限公司 | Data storage mechanism supporting supervision |
CN111277412B (en) * | 2020-02-18 | 2023-03-24 | 暨南大学 | Data security sharing system and method based on block chain key distribution |
CN111355578B (en) * | 2020-03-16 | 2023-04-11 | 麦希科技(北京)有限公司 | Public key encryption and decryption method and system with double monitoring parties |
CN111586010B (en) * | 2020-04-29 | 2022-04-01 | 中国联合网络通信集团有限公司 | Key distribution method and device |
CN111598701B (en) * | 2020-05-22 | 2023-09-19 | 深圳市迅雷网络技术有限公司 | Information monitoring method, system, equipment and storage medium |
CN111797427B (en) * | 2020-06-04 | 2024-07-30 | 中国科学院信息工程研究所 | Blockchain user identity supervision method and system giving consideration to privacy protection |
CN111709053B (en) * | 2020-06-11 | 2024-04-05 | 中国工商银行股份有限公司 | Operation method and operation device based on loose coupling transaction network |
CN111859444B (en) * | 2020-06-12 | 2022-03-01 | 中国科学院信息工程研究所 | Block chain data supervision method and system based on attribute encryption |
CN111797164A (en) * | 2020-06-24 | 2020-10-20 | 北京荷月科技有限公司 | Cross-chain transaction supervision method and system based on block chain |
CN112085502B (en) * | 2020-09-09 | 2023-10-13 | 江苏大学 | Lightweight block chain supervision method and system based on edge calculation |
CN112115199A (en) * | 2020-09-16 | 2020-12-22 | 安徽长泰信息安全服务有限公司 | Data management system based on block chain technology |
CN112364387B (en) * | 2020-10-23 | 2024-04-02 | 华南理工大学 | Identity authentication method and device based on blockchain network, medium and equipment |
CN112532584B (en) * | 2020-10-30 | 2022-08-19 | 重庆恢恢信息技术有限公司 | Construction site information security encryption working method according to block chain network |
CN112511309B (en) * | 2020-11-19 | 2022-07-08 | 从法信息科技有限公司 | Method and device for directionally sharing supervision-oriented information on block chain and electronic equipment |
CN112565412B (en) * | 2020-12-03 | 2022-11-04 | 重庆新致金服信息技术有限公司 | Data transaction method, system and equipment based on block chain |
CN112596957A (en) * | 2020-12-29 | 2021-04-02 | 东软集团股份有限公司 | Method and device for block chain, storage medium and electronic equipment |
CN112765650B (en) * | 2021-01-05 | 2023-11-10 | 西安电子科技大学 | Attribute-based searchable encrypted blockchain medical data sharing method |
CN113206744B (en) * | 2021-04-29 | 2024-04-02 | 杭州趣链科技有限公司 | Cross-chain transaction supervision method, device, equipment and storage medium |
CN113507511B (en) * | 2021-06-25 | 2022-08-19 | 中标慧安信息技术股份有限公司 | Internet of things data interaction trace-keeping method and system based on block chain |
CN113538042B (en) * | 2021-06-30 | 2023-09-22 | 杭州电子科技大学 | Block chain-based online advertisement click fraud monitoring and preventing method |
CN113570373B (en) * | 2021-09-23 | 2022-02-11 | 北京理工大学 | Responsibility pursuing transaction method and system based on block chain |
CN114329610B (en) * | 2021-12-29 | 2024-08-27 | 浙江吉利控股集团有限公司 | Block chain privacy identity protection method, device, storage medium and system |
CN114663234A (en) * | 2022-03-25 | 2022-06-24 | 广东启链科技有限公司 | System and method for supervising abnormal transactions on block chain |
CN114884702A (en) * | 2022-04-19 | 2022-08-09 | 海南大学 | Identity registration method, identity authentication method and identity management system |
CN115118751B (en) * | 2022-07-15 | 2024-04-19 | 广东浪潮智慧计算技术有限公司 | Blockchain-based supervision system, method, equipment and medium |
CN116720839B (en) * | 2023-08-07 | 2023-10-17 | 成都创一博通科技有限公司 | Financial information management method based on blockchain technology and supervision system thereof |
CN117540432B (en) * | 2024-01-05 | 2024-03-19 | 河北数港科技有限公司 | Data privacy protection method and system for Internet |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017027900A1 (en) * | 2015-08-14 | 2017-02-23 | Identitii Pty Ltd | A computer implemented method for processing a financial transaction and a system therefor |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106503994B (en) * | 2016-11-02 | 2020-07-28 | 西安电子科技大学 | Block chain private data access control method based on attribute encryption |
CN107171806B (en) * | 2017-05-18 | 2020-04-10 | 北京航空航天大学 | Mobile terminal network key negotiation method based on block chain |
CN107301521A (en) * | 2017-06-26 | 2017-10-27 | 深圳前海华深安信物联技术有限公司 | Strengthen the method for warehouse receipt transaction security in a kind of warehouse receipt system based on block chain |
-
2017
- 2017-09-25 CN CN201710873134.8A patent/CN107483198B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017027900A1 (en) * | 2015-08-14 | 2017-02-23 | Identitii Pty Ltd | A computer implemented method for processing a financial transaction and a system therefor |
Also Published As
Publication number | Publication date |
---|---|
CN107483198A (en) | 2017-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107483198B (en) | A kind of block catenary system supervised and method | |
Garman et al. | Accountable privacy for decentralized anonymous payments | |
Sun | Privacy protection and data security in cloud computing: a survey, challenges, and solutions | |
Zhu et al. | TBAC: Transaction-based access control on blockchain for resource sharing with cryptographically decentralized authorization | |
CN107864139A (en) | A kind of cryptography attribute base access control method and system based on dynamic rules | |
CN109417478A (en) | Multilink cryptologic block chain | |
CA2808369C (en) | System for protecting an encrypted information unit | |
CN109559117A (en) | Block chain contract method for secret protection and system based on the encryption of attribute base | |
CN110474893A (en) | A kind of isomery is across the close state data safety sharing method of trust domain and system | |
CN111008836A (en) | Privacy safe transfer payment method, device and system based on monitorable block chain and storage medium | |
CN108881314A (en) | Mist calculates the method and system for realizing secret protection under environment based on CP-ABE ciphertext access control | |
CN103401839B (en) | A kind of many authorization center encryption method based on attribute protection | |
US20080267394A1 (en) | Identity-Based Key Generating Methods and Devices | |
CN110011781A (en) | A kind of homomorphic cryptography method encrypting and support zero-knowledge proof for transaction amount | |
Yuan et al. | Blockchain with accountable CP-ABE: How to effectively protect the electronic documents | |
John et al. | Provably secure data sharing approach for personal health records in cloud storage using session password, data access key, and circular interpolation | |
Wang et al. | A regulation scheme based on the ciphertext-policy hierarchical attribute-based encryption in bitcoin system | |
CN114866289B (en) | Privacy credit data security protection method based on alliance chain | |
CN115964751A (en) | Data security storage and access control method based on attribute classification and grading | |
Gajmal et al. | Blockchain-based access control and data sharing mechanism in cloud decentralized storage system | |
CN113938281B (en) | Quantum security identity issuing system, issuing method and using method | |
Wu et al. | The survey on the development of secure multi-party computing in the blockchain | |
Gou et al. | A novel quantum E-payment protocol based on blockchain | |
Luo et al. | Accountable data sharing scheme based on blockchain and SGX | |
Shen et al. | BMSE: Blockchain-based multi-keyword searchable encryption for electronic medical records |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |