CN109033855B - Data transmission method and device based on block chain and storage medium - Google Patents
Data transmission method and device based on block chain and storage medium Download PDFInfo
- Publication number
- CN109033855B CN109033855B CN201810790624.6A CN201810790624A CN109033855B CN 109033855 B CN109033855 B CN 109033855B CN 201810790624 A CN201810790624 A CN 201810790624A CN 109033855 B CN109033855 B CN 109033855B
- Authority
- CN
- China
- Prior art keywords
- data
- transmitted
- transmission
- encrypted
- sensitive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Accounting & Taxation (AREA)
- Databases & Information Systems (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a data transmission method, a device and a storage medium based on a block chain, which can acquire data to be transmitted of a transmission node on the block chain and determine an authorized node corresponding to the data to be transmitted; dividing the data to be transmitted into sensitive data and non-sensitive data according to a preset strategy; generating a symmetric key of the sensitive data, and encrypting the sensitive data according to the symmetric key to obtain ciphertext data; acquiring a public key of the authorization node, and encrypting the symmetric key according to the public key of the authorization node to obtain an encrypted symmetric key; generating encrypted transmission data according to the ciphertext data, the encrypted symmetric key and the non-sensitive data; and transmitting the encrypted transmission data to the authorization node through the block chain. According to the scheme, the encryption of the sensitive data transmitted by the block chain is realized, the risk of sensitive data leakage is reduced, and the safety of data transmission is improved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a data transmission method and apparatus based on a block chain, and a storage medium.
Background
Blockchains are a decentralized storage and computation technique that creates persistent, non-modifiable records by stacking data blocks in chronological order and stores credits in individual nodes of a blockchain network so that a reliable database is collectively maintained in a decentralized manner.
In the prior art, since the blockchain is essentially a distributed database, data on the blockchain can be shared by the network to all nodes, so that other nodes can obtain data content, and the data sharing and transparency in the blockchain network can be effectively ensured. For example, when party a wants to issue a transaction data to party B and party C, if the transaction is conducted on the blockchain, all other nodes on the blockchain will see the transaction, which makes the transaction of the transaction party unfair, and the account of an organization may be tracked by the organizations on other nodes, thereby risking data leakage and resulting in lower security of the transaction data.
Disclosure of Invention
The embodiment of the invention provides a data transmission method, a data transmission device and a data transmission storage medium based on a block chain, and aims to improve the safety of data transmission.
In order to solve the above technical problems, embodiments of the present invention provide the following technical solutions:
a data transmission method based on a block chain comprises the following steps:
acquiring data to be transmitted of a transmission node on a block chain, and determining an authorized node corresponding to the data to be transmitted;
dividing the data to be transmitted into sensitive data and non-sensitive data according to a preset strategy;
generating a symmetric key of the sensitive data, and encrypting the sensitive data according to the symmetric key to obtain ciphertext data;
acquiring a public key of the authorization node, and encrypting the symmetric key according to the public key of the authorization node to obtain an encrypted symmetric key;
generating encrypted transmission data according to the ciphertext data, the encrypted symmetric key and the non-sensitive data;
and transmitting the encrypted transmission data to the authorization node through the block chain.
A blockchain-based data transmission apparatus, comprising:
the device comprises an acquisition unit, a transmission unit and a processing unit, wherein the acquisition unit is used for acquiring data to be transmitted of a transmission node on a block chain and determining an authorized node corresponding to the data to be transmitted;
the dividing unit is used for dividing the data to be transmitted into sensitive data and non-sensitive data according to a preset strategy;
the first encryption unit is used for generating a symmetric key of the sensitive data and encrypting the sensitive data according to the symmetric key to obtain ciphertext data;
the second encryption unit is used for acquiring the public key of the authorization node and encrypting the symmetric key according to the public key of the authorization node to obtain an encrypted symmetric key;
the generating unit is used for generating encrypted transmission data according to the ciphertext data, the encrypted symmetric key and the non-sensitive data;
and the transmission unit is used for transmitting the encrypted transmission data to the authorization node through the block chain.
Optionally, the generating unit includes:
the setting subunit is used for setting the encrypted symmetric key and the non-sensitive data as plaintext fields and setting the ciphertext data as ciphertext fields;
and the generating subunit is used for generating the encrypted transmission data according to the plaintext field and the ciphertext field.
Optionally, the generating subunit is configured to:
setting a first identifier for the plaintext field and a second identifier for the ciphertext field;
generating a data packet header according to the first identifier and the second identifier;
and generating encrypted transmission data according to the data packet header, the plaintext field and the ciphertext field.
Optionally, the obtaining unit is configured to:
acquiring data to be transmitted of transmission nodes on a block chain, and combining the data to be transmitted into a plurality of groups of data to be transmitted;
and determining authorized nodes corresponding to each group of data to be transmitted.
Optionally, the dividing unit is configured to:
acquiring data structure configuration information, and analyzing each group of data to be transmitted according to the data structure configuration information;
and dividing each group of data to be transmitted into sensitive data and non-sensitive data based on the analysis result and a preset strategy.
Optionally, the first encryption unit is configured to:
generating a symmetric key corresponding to each group of sensitive data according to a preset algorithm to obtain a symmetric key set;
and encrypting each group of sensitive data respectively according to the symmetric key set to obtain ciphertext data.
Optionally, the second encryption unit is configured to:
sending a public key acquisition request to each authorization node;
receiving a public key returned by each authorization node based on the public key acquisition request;
and encrypting the symmetric key corresponding to each authorization node according to the public key of each authorization node to obtain the encrypted symmetric key.
A data transmission method based on a block chain comprises the following steps:
receiving encrypted transmission data sent by a transmission node through a block chain;
extracting ciphertext data, an encrypted symmetric key and non-sensitive data from the encrypted transmission data, wherein the ciphertext data is obtained by encrypting the sensitive data in the data to be transmitted by using the symmetric key generated by the transmission node, and the encrypted symmetric key is obtained by encrypting the symmetric key by using a public key of an authorization node;
obtaining a private key matched with the public key in the authorization node, and decrypting the encrypted symmetric key according to the private key to obtain a symmetric key;
decrypting the ciphertext data according to the symmetric key to obtain decrypted sensitive data;
and generating decrypted data to be transmitted according to the sensitive data and the non-sensitive data.
A blockchain-based data transmission apparatus, comprising:
the receiving unit is used for receiving encrypted transmission data sent by the transmission node through the block chain;
the extraction unit is used for extracting ciphertext data, an encrypted symmetric key and non-sensitive data from the encrypted transmission data, wherein the ciphertext data is obtained by encrypting the sensitive data in the data to be transmitted by using the symmetric key generated by the transmission node, and the encrypted symmetric key is obtained by encrypting the symmetric key by using a public key of an authorized node;
the first decryption unit is used for acquiring a private key matched with the public key in the authorization node, and decrypting the encrypted symmetric key according to the private key to obtain a symmetric key;
the second decryption unit is used for decrypting the ciphertext data according to the symmetric key to obtain decrypted sensitive data;
and the data generation unit is used for generating the decrypted data to be transmitted according to the sensitive data and the non-sensitive data.
Optionally, the extracting unit is configured to:
extracting a first identifier and a second identifier from the data packet header of the encrypted transmission data;
determining a plaintext field in the encrypted transmission data according to the first identifier, and determining a ciphertext field in the encrypted transmission data according to the second identifier;
and extracting the encrypted symmetric key and the non-sensitive data from the plaintext field, and extracting the ciphertext data from the ciphertext field.
Optionally, the data generating unit is configured to:
acquiring data structure configuration information of data to be transmitted, which is formed by combining the sensitive data and the non-sensitive data;
and combining the sensitive data and the non-sensitive data into decrypted data to be transmitted according to the data structure configuration information.
A storage medium storing a plurality of instructions, the instructions being suitable for being loaded by a processor to perform the steps of any one of the data transmission methods provided by the embodiments of the present invention.
An apparatus comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of any of the data transmission methods provided by embodiments of the invention.
The method and the device can acquire the data to be transmitted of the transmission node on the block chain, determine the authorized node corresponding to the data to be transmitted, divide the data to be transmitted into sensitive data and non-sensitive data according to a preset strategy, generate a symmetric key of the sensitive data, encrypt the sensitive data according to the symmetric key to obtain ciphertext data, acquire a public key of the authorized node, encrypt the symmetric key according to the public key of the authorized node to obtain an encrypted symmetric key, generate transmission data according to the ciphertext data, the encrypted symmetric key and the non-sensitive data, and finally transmit the transmission data to the authorized node through the block chain. According to the scheme, the sensitive data transmitted through the block chain is encrypted, so that only authorized nodes can read the sensitive data content, and unauthorized nodes cannot read the sensitive data content, the risk of sensitive data leakage is reduced, and the safety of data transmission is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic view of a data transmission method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a data transmission method according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of a data transmission method according to an embodiment of the present invention;
fig. 4 is a schematic flow chart of a data transmission method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of asset circulation in a blockchain provided by an embodiment of the present invention;
FIG. 6 is a diagram illustrating a data structure of additional data provided by an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a data transmission apparatus according to an embodiment of the present invention;
fig. 8 is another schematic structural diagram of a data transmission device according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an apparatus provided in an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a data transmission method and device based on a block chain and a storage medium.
Referring to fig. 1, fig. 1 is a schematic view of a scenario of a data transmission method according to an embodiment of the present invention, where the data transmission method may be applied to a data transmission apparatus based on a block chain, and the data transmission apparatus may be specifically integrated in a network device such as a terminal or a server, for example, when the device is used as a transmission node, the data to be transmitted of a transmission node on the block chain may be obtained, and an authorized node corresponding to the data to be transmitted is determined, where the authorized node may be a device such as a terminal or a server. Then, the data to be transmitted is divided into sensitive data and non-sensitive data according to a preset strategy, for example, each group of data to be transmitted may be analyzed according to the data structure configuration information, and each group of data to be transmitted is divided into sensitive data and non-sensitive data according to the preset strategy based on the analysis result. Secondly, a symmetric key of the sensitive data can be generated according to a preset algorithm or randomly, and the sensitive data is encrypted according to the symmetric key to obtain ciphertext data. And obtaining the public key of the authorization node, for example, sending a public key obtaining request to the authorization node, and receiving the public key returned by the authorization node, where the symmetric key may be encrypted according to the public key of the authorization node, so as to obtain the encrypted symmetric key. Finally, the encrypted transmission data may be generated according to the ciphertext data, the encrypted symmetric key, and the non-sensitive data, for example, the encrypted symmetric key and the non-sensitive data may be set as plaintext fields, the ciphertext data may be set as ciphertext fields, the encrypted transmission data may be generated according to the plaintext fields and the ciphertext fields, at this time, the encrypted transmission data may be transmitted to the authorization node through the block chain, and so on.
When the device is used as an authorization node, the device may receive encrypted transmission data sent by the transmission node through the block chain, and then extract ciphertext data, an encrypted symmetric key, and non-sensitive data from the encrypted transmission data, for example, the device may extract the encrypted symmetric key and the non-sensitive data from a plaintext field of the encrypted transmission data, and extract the ciphertext data from a ciphertext field of the encrypted transmission data. Secondly, a private key matched with the public key in the authorization node is obtained, the encrypted symmetric key is decrypted according to the private key to obtain the symmetric key, and the ciphertext data is decrypted according to the symmetric key to obtain the decrypted sensitive data. Finally, the sensitive data and the non-sensitive data can be combined into decrypted data to be transmitted by the data structure configuration information, and the like.
It should be noted that the scenario diagram of the data transmission method shown in fig. 1 is only an example, and the scenario of the data transmission method described in the embodiment of the present invention is for more clearly illustrating the technical solution of the embodiment of the present invention, and does not form a limitation to the technical solution provided in the embodiment of the present invention.
The following are detailed below.
In the present embodiment, description will be made from the perspective of a data transmission apparatus, which may be specifically integrated in a device such as a server or a terminal.
A method of data transmission, comprising: acquiring data to be transmitted of a transmission node on a block chain, and determining an authorized node corresponding to the data to be transmitted; dividing data to be transmitted into sensitive data and non-sensitive data according to a preset strategy; generating a symmetric key of the sensitive data, and encrypting the sensitive data according to the symmetric key to obtain ciphertext data; acquiring a public key of the authorization node, and encrypting the symmetric key according to the public key of the authorization node to obtain an encrypted symmetric key; generating encrypted transmission data according to the ciphertext data, the encrypted symmetric key and the non-sensitive data; and transmitting the encrypted transmission data to the authorized node through the block chain.
Referring to fig. 2, fig. 2 is a flowchart illustrating a data transmission method according to an embodiment of the invention. The data transmission method may include:
in step S101, data to be transmitted of a transmission node on the block chain is obtained, and an authorized node corresponding to the data to be transmitted is determined.
The transmission node is located on the block chain, the transmission node is a server or a terminal and other equipment which need to transmit data through the block chain, and the transmission node can be a data transmission device; the authorized node is located on the block chain, the authorized node is a server or a terminal and other equipment for receiving data on the block chain, and the authorized node has the authority to view the data to be transmitted.
The data transmission device may actively acquire the data to be transmitted, or receive a data acquisition request sent by the authorization node, and acquire the data to be transmitted based on the data acquisition request, for example, the data transmission device may generate the data to be transmitted according to transaction information, or acquire the data to be transmitted from a server that stores the data, where the data to be transmitted may be transaction data such as assets, accounts, or invoices, or other types of data, and specific content is not limited here.
The authorized nodes corresponding to the data to be transmitted may include one or more authorized nodes, for example, if the transmitting node only authorizes the authorized node a to view the data to be transmitted, the authorized node corresponding to the data to be transmitted is only the authorized node a; if the transmission node authorizes the authorized node A, the authorized node B and the authorized node C to check the data to be transmitted, the authorized nodes corresponding to the data to be transmitted are the authorized node A, the authorized node B and the authorized node C.
In some embodiments, the step of acquiring, by the data transmission apparatus, data to be transmitted of a transmission node on the blockchain, and determining an authorized node corresponding to the data to be transmitted may include: the data transmission device acquires data to be transmitted of transmission nodes on a block chain and combines the data to be transmitted into a plurality of groups of data to be transmitted; and determining authorized nodes corresponding to each group of data to be transmitted.
The data transmission device may combine the acquired data to be transmitted into multiple groups of data to be transmitted, and determine authorized nodes corresponding to each group of data to be transmitted respectively, for example, the data to be transmitted may be divided into multiple groups of data to be transmitted of different types according to data content, or may be divided into multiple groups of data to be transmitted of different fields according to a digital section; and so on.
For example, the data to be transmitted is invoice data, the relevant authorized nodes of the data invoice business include tax bureau, invoicing enterprise and consumer, etc., the transmission nodes for transmitting the invoice data are reimbursement enterprise, etc., and it is desirable that these authorized nodes have different levels of decryption authority for a certain invoice data, but other nodes cannot decrypt. At this time, the reimbursement enterprise may divide the invoice data into three groups of data according to the viewing permissions of the authorization nodes of the tax bureau, the billing enterprise, the consumer and the like, where the authorization node corresponding to the first group of data is the tax bureau, the authorization node corresponding to the second group of data is the billing enterprise, and the authorization node corresponding to the third group of data is the consumer.
For another example, the data to be transmitted includes different types of data such as data a, data B, data C, and the like, and it is necessary to transmit the data a to the authorized node a, transmit the data B to the authorized node B, and transmit the data C to the authorized node C, at this time, the data to be transmitted may be combined into multiple sets of data to be transmitted, such as the data a, the data B, and the data C, and the authorized nodes corresponding to the data a, the data B, and the data C are the authorized node a, the authorized node B, and the authorized node C, respectively.
The data transmission device may further set a data identifier for each group of data to be transmitted, obtain an authority identifier corresponding to each authorization node, and establish a mapping relationship between each data identifier and each authority identifier, so that an authorization node corresponding to a certain group of data may be subsequently searched according to the mapping relationship, or data corresponding to a certain authorization node may be searched, for example, a corresponding authority identifier in the mapping relationship may be queried according to the data identifier of a certain group of data, that is, the corresponding authorization node may be determined according to the authority identifier.
In step S102, data to be transmitted is divided into sensitive data and non-sensitive data according to a preset policy.
The sensitive data can be data with privacy right, and only authorized nodes with authority on the block chain can view the sensitive data; the non-sensitive data is data which can be disclosed, and all nodes on the blockchain can view the non-sensitive data. The preset policy may be flexibly set according to actual needs, for example, the data to be transmitted may be divided into sensitive data and non-sensitive data according to the importance degree or the confidentiality degree of the data content to be transmitted corresponding to the authorized node, or the data to be transmitted may be divided into sensitive data and non-sensitive data according to the requirement of the transmission node or the authorized node.
In some embodiments, the step of dividing the data to be transmitted into sensitive data and non-sensitive data according to a preset policy may include: acquiring data structure configuration information, and analyzing each group of data to be transmitted according to the data structure configuration information; and dividing each group of data to be transmitted into sensitive data and non-sensitive data based on the analysis result and a preset strategy.
When a group of data to be transmitted exists, the data to be transmitted can be analyzed according to the data structure configuration information to obtain each composition structure of the data to be transmitted, and each group of data to be transmitted is divided into sensitive data and non-sensitive data based on an analysis result and a preset strategy. When a plurality of groups of data to be transmitted exist, analyzing each group of data to be transmitted according to the configuration information of the data structure; and dividing each group of data to be transmitted into sensitive data and non-sensitive data based on the analysis result and a preset strategy. For example, some fields in the data to be transmitted may be set as sensitive data and some fields may be set as non-sensitive data. For example, the data to be transmitted is certain transaction data, the names of both parties in the transaction data may be set as non-sensitive data, and the amount and the transaction mode in the transaction data may be set as sensitive data.
In step S103, a symmetric key of the sensitive data is generated, and the sensitive data is encrypted according to the symmetric key to obtain ciphertext data.
The Data transmission device may generate a symmetric key locally at random, or generate a symmetric key of sensitive Data according to a preset Algorithm, and the preset Algorithm may be flexibly set according to actual needs, for example, the symmetric key may be generated by a Data Encryption Standard (DES), an International Data Encryption Algorithm (IDEA), or a packet Encryption Algorithm (FEAL).
In some embodiments, the generating a symmetric key of the sensitive data, and encrypting the sensitive data according to the symmetric key to obtain the ciphertext data may include: generating a symmetric key corresponding to each group of sensitive data according to a preset algorithm to obtain a symmetric key set; and encrypting each group of sensitive data respectively according to the symmetric key set to obtain ciphertext data.
For example, when the sensitive data includes a plurality of groups, the data transmission device may determine the number of the required symmetric keys according to the number of the groups of the sensitive data, then generate the symmetric keys corresponding to each group of the sensitive data one to one according to a preset algorithm to obtain a symmetric key set, and then encrypt each group of the sensitive data according to each symmetric key in the symmetric key set to obtain ciphertext data.
Or, the data transmission device may randomly generate a preset number of symmetric keys (the preset number is greater than or equal to the number of groups of the sensitive data), then respectively allocate the preset number of symmetric keys to each group of sensitive data according to each data identifier, and respectively encrypt each group of sensitive data according to the allocated symmetric keys to obtain ciphertext data.
In step S104, the public key of the authorization node is obtained, and the symmetric key is encrypted according to the public key of the authorization node, so as to obtain the encrypted symmetric key.
The data transmission device may send a public key acquisition request to the authorization node, and receive a public key returned by the authorization node based on the public key acquisition request, or the data transmission device may receive a data acquisition request sent by the authorization node, where the data acquisition request carries the public key of the authorization node, and then acquire the data to be transmitted based on the data acquisition request. After the public key of the authorization node is obtained, the symmetric key can be encrypted according to the public key of the authorization node, so that the encrypted symmetric key is obtained.
In some embodiments, obtaining the public key of the authorization node, and encrypting the symmetric key according to the public key of the authorization node, to obtain the encrypted symmetric key may include: sending a public key acquisition request to each authorization node; receiving a public key returned by each authorization node based on the public key acquisition request; and encrypting the symmetric key corresponding to each authorization node according to the public key of each authorization node to obtain the encrypted symmetric key.
When the data to be transmitted is in multiple groups and the authorization nodes include multiple authorization nodes, a public key acquisition request can be sent to each authorization node, and a public key returned by each authorization node based on the public key acquisition request is received. After the public key of each authorization node is obtained, the symmetric key corresponding to each authorization node can be encrypted according to the public key of each authorization node, so that the encrypted symmetric key is obtained. For example, a mapping relationship between the authority identifier and the key identifier of each group of symmetric keys may be preset, the public key acquisition request may carry the authority identifier for identifying the authorized node, after the public key of each authorized node is obtained, the symmetric key of each authorized node, which needs to be encrypted, may be determined according to the mapping relationship between the authority identifier and the key identifier, so as to obtain a correspondence between the public key of each authorized node and each symmetric key, and at this time, each symmetric key may be encrypted based on the public key of each authorized node according to the correspondence, so as to obtain the encrypted symmetric key. Therefore, the data to be transmitted is encrypted in a grouping way, and different authorized nodes can be controlled to have different authorities.
In step S105, encrypted transmission data is generated from the ciphertext data, the encrypted symmetric key, and the non-sensitive data.
The encrypted transmission data comprises ciphertext data, an encrypted symmetric key, non-sensitive data and the like.
In some embodiments, the step of generating encrypted transmission data from the ciphertext data, the encrypted symmetric key, and the non-sensitive data may include: setting the encrypted symmetric key and the non-sensitive data as plaintext fields, and setting the ciphertext data as ciphertext fields; and generating encrypted transmission data according to the plaintext field and the ciphertext field.
The encrypted transmission data can comprise a plaintext field and a ciphertext field, wherein the plaintext field is a field which can be checked by all nodes on a block chain, and if an encrypted symmetric key exists in the checked field, only the encrypted symmetric key can be checked, but the content of the symmetric key cannot be checked; the ciphertext field is a field that can be viewed by an authorized node with authority on the block chain after decryption by a private key and the like. The data transmission device can set the encrypted symmetric key and the non-sensitive data as plaintext fields, the plaintext fields can also comprise other contents, the ciphertext fields can also comprise other contents, and then the encrypted transmission data is generated according to the plaintext fields, the ciphertext fields and/or other fields.
In some embodiments, generating the encrypted transmission data from the plaintext field and the ciphertext field may include: setting a first identifier for a plaintext field and a second identifier for a ciphertext field; generating a data packet header according to the first identifier and the second identifier; and generating encrypted transmission data according to the data packet header, the plaintext field and the ciphertext field.
Specifically, in order to distinguish the positions of the plaintext field and the ciphertext field in the encrypted transmission data, a first identifier may be set for the plaintext field, and a second identifier may be set for the ciphertext field, where the first identifier is used to uniquely identify the plaintext field, and may be a name or a number of the plaintext field, and the second identifier is used to uniquely identify the ciphertext field, and may be a name or a number of the ciphertext field, and the first identifier and the second identifier may be flexibly set according to actual needs, and specific content is not limited here. The first identifier and the second identifier may then be placed in a data packet header of the encrypted transmission data, that is, the data packet header may be generated according to the first identifier and the second identifier, and the data packet header may further include other content, and at this time, the encrypted transmission data may be generated according to the data packet header, a plaintext field, and a ciphertext field.
In step S106, the encrypted transmission data is transmitted to the authorized node through the blockchain.
After the encrypted transmission data is obtained, the encrypted transmission data can be uploaded to the block chain, and at this time, the authorization node can obtain the encrypted transmission data from the block chain.
After obtaining the encrypted transmission data, the authorization node may extract ciphertext data, the encrypted symmetric key, the non-sensitive data, and the like from the encrypted transmission data, for example, may extract a first identifier and a second identifier from a data packet header of the encrypted transmission data, determine a plaintext field in the encrypted transmission data according to the first identifier, determine a ciphertext field in the encrypted transmission data according to the second identifier, extract the encrypted symmetric key and the non-sensitive data from the plaintext field, and extract the ciphertext data from the ciphertext field. Then, a private key matched with the public key in the authorization node is obtained, the encrypted symmetric key is decrypted according to the private key to obtain a symmetric key, ciphertext data is decrypted according to the symmetric key to obtain decrypted sensitive data, and finally the decrypted data to be transmitted can be generated according to the sensitive data and the non-sensitive data.
It should be noted that, the process of generating the encrypted symmetric key may further include: and acquiring a public key of the transmission node, encrypting the symmetric key according to the public key of the transmission node to obtain an encrypted key of the transmission node, and uploading the ciphertext data and the encrypted key of the transmission node to the block chain. When the transmission node needs to read data to be transmitted, ciphertext data and an encrypted key of the transmission node can be obtained from the block chain, a private key matched with the public key in the transmission node is obtained, the encrypted key is decrypted according to the private key of the transmission node to obtain a symmetric key, and at the moment, the ciphertext data can be decrypted according to the symmetric key to obtain the data to be transmitted before the block chain is uploaded.
It should be noted that, in the process of practical application, the transmission node may serve as an authorization node and execute an operation corresponding to the authorization node, and the authorization node may also serve as a transmission node and execute an operation corresponding to the transmission node.
For example, the transmission node may receive target transmission data sent to the transmission node by the authorization node through the blockchain, extract target ciphertext data, a target encrypted symmetric key, and target non-sensitive data from the target transmission data, e.g., extract a third identifier and a fourth identifier from a data packet header of the target transmission data; determining a target plaintext field in the target transmission data according to the third identifier, and determining a target ciphertext field in the target transmission data according to the fourth identifier; and extracting the symmetric key and the target non-sensitive data after the target encryption from the target plaintext field, and extracting the target ciphertext data from the target ciphertext field. Then, a private key of the transmission node is obtained, the target encrypted symmetric key is decrypted according to the private key of the transmission node to obtain a target symmetric key, the target ciphertext data is decrypted according to the target symmetric key to obtain decrypted target sensitive data, at this time, the decrypted data can be generated according to the target sensitive data and the target non-sensitive data, for example, data structure configuration information of the decrypted data formed by combining the target sensitive data and the target non-sensitive data can be obtained, and the decrypted data is formed by combining the target sensitive data and the target non-sensitive data according to the data structure configuration information.
As can be seen from the above, in the embodiment of the present invention, data to be transmitted of a transmission node on a block chain may be obtained, an authorized node corresponding to the data to be transmitted is determined, the data to be transmitted is divided into sensitive data and non-sensitive data according to a preset policy, a symmetric key of the sensitive data is generated, the sensitive data is encrypted according to the symmetric key to obtain ciphertext data, at this time, a public key of the authorized node may be obtained, the symmetric key is encrypted according to the public key of the authorized node to obtain an encrypted symmetric key, transmission data is generated according to the ciphertext data, the encrypted symmetric key, and the non-sensitive data, and finally the transmission data may be transmitted to the authorized node through the block chain. According to the scheme, the sensitive data transmitted through the block chain is encrypted, so that only authorized nodes can read the sensitive data content, and unauthorized nodes cannot read the sensitive data content, the risk of sensitive data leakage is reduced, and the safety of data transmission is improved.
In the present embodiment, description will be made from the perspective of a data transmission apparatus, which may be specifically integrated in a device such as a server or a terminal.
A method of data transmission, comprising: receiving encrypted transmission data sent by a transmission node through a block chain; extracting ciphertext data, an encrypted symmetric key and non-sensitive data from the encrypted transmission data, wherein the ciphertext data is obtained by encrypting the sensitive data in the data to be transmitted by using a symmetric key generated by the transmission node, and the encrypted symmetric key is obtained by encrypting the symmetric key by using a public key of an authorized node; obtaining a private key matched with the public key in the authorization node, and decrypting the encrypted symmetric key according to the private key to obtain a symmetric key; decrypting the ciphertext data according to the symmetric key to obtain decrypted sensitive data; and generating the decrypted data to be transmitted according to the sensitive data and the non-sensitive data.
Referring to fig. 3, fig. 3 is a flowchart illustrating a data transmission method according to an embodiment of the invention. The data transmission method may include:
in step S201, the receiving transmitting node receives the encrypted transmission data sent by the blockchain.
The transmission node is positioned on the block chain, and the transmission node is a server or a terminal and other equipment which need to transmit data through the block chain; the authorization node is positioned on the block chain, the authorization node is a server or a terminal and other equipment for receiving data on the block chain, the authorization node checks the encrypted transmission data by permission, the authorization node is a data transmission device, and the data transmission device can receive the encrypted transmission data sent by the transmission node through the block chain.
In step S202, ciphertext data, an encrypted symmetric key, and non-sensitive data are extracted from the encrypted transmission data.
Because the encrypted transmission data can be generated according to the ciphertext data, the encrypted symmetric key and the non-sensitive data, the data transmission device can extract the ciphertext data, the encrypted symmetric key and the non-sensitive data from the encrypted transmission data. The ciphertext data is obtained by encrypting sensitive data in data to be transmitted by using a symmetric key generated by a transmission node, and the encrypted symmetric key is obtained by encrypting the symmetric key by using a public key of an authorization node.
In some embodiments, the step of extracting the ciphertext data, the encrypted symmetric key, and the non-sensitive data from the encrypted transmission data may include: extracting a first identifier and a second identifier from a data packet header of the encrypted transmission data; determining a plaintext field in the encrypted transmission data according to the first identifier, and determining a ciphertext field in the encrypted transmission data according to the second identifier; and extracting the encrypted symmetric key and the non-sensitive data from the plaintext field, and extracting the ciphertext data from the ciphertext field.
The encrypted transmission data can comprise a data packet header, a plaintext field, a ciphertext field and the like, the plaintext field can comprise an encrypted symmetric key and non-sensitive data, the ciphertext field can comprise ciphertext data, the plaintext field can be provided with a first identifier, the ciphertext field can be provided with a second identifier, and the first identifier and the second identifier can be arranged in the data packet header of the encrypted transmission data. The first identifier is used for uniquely identifying the plaintext field, and may be a name or a number of the plaintext field, the second identifier is used for uniquely identifying the ciphertext field, and may be a name or a number of the ciphertext field, and the first identifier and the second identifier may be flexibly set according to actual needs, and specific contents are not limited here. At this time, the encrypted symmetric key and the non-sensitive data can be extracted from the plaintext field, and the ciphertext data can be extracted from the ciphertext field.
In step S203, a private key matching the public key in the authorization node is obtained, and the encrypted symmetric key is decrypted according to the private key to obtain the symmetric key.
The encrypted symmetric key is obtained by encrypting the symmetric key generated by the transmission node according to the public key of the authorization node, so that a private key matched with the public key in the authorization node can be obtained, and the encrypted symmetric key is decrypted according to the private key of the authorization node to obtain the symmetric key.
In step S204, the ciphertext data is decrypted according to the symmetric key, so as to obtain decrypted sensitive data.
Since the ciphertext data is obtained by encrypting the sensitive data by using the symmetric key, the ciphertext data can be decrypted according to the symmetric key after the symmetric key is obtained, and the decrypted sensitive data is obtained.
In step S205, the decrypted data to be transmitted is generated according to the sensitive data and the non-sensitive data.
The sensitive data is data with privacy right, and only authorized nodes with authority on the block chain can view the sensitive data; the non-sensitive data is data which can be disclosed, and all nodes on the blockchain can view the non-sensitive data. Because the data to be transmitted comprises sensitive data, non-sensitive data and the like, the decrypted data to be transmitted can be generated according to the sensitive data and the non-sensitive data.
In some embodiments, the step of generating decrypted transmission data from the sensitive data and the non-sensitive data may comprise: acquiring data structure configuration information of data to be transmitted, which is formed by combining sensitive data and non-sensitive data; and combining the sensitive data and the non-sensitive data into decrypted data to be transmitted according to the data structure configuration information.
The data structure configuration information may include fields, sequence of each field, a header, a trailer, and the like, which constitute data, and the sensitive data and the non-sensitive data are obtained by dividing according to the data structure configuration information, so that the data structure configuration information may be obtained, and the sensitive data and the non-sensitive data are combined into decrypted data to be transmitted according to the data structure configuration information.
As can be seen from the above, in the embodiment of the present invention, encrypted transmission data sent by a transmission node through a block chain may be received, ciphertext data, an encrypted symmetric key, and non-sensitive data may be extracted from the encrypted transmission data, a private key in an authorized node that is matched with a public key may then be obtained, the encrypted symmetric key may be decrypted according to the private key to obtain the symmetric key, the ciphertext data may be decrypted according to the symmetric key to obtain decrypted sensitive data, and at this time, decrypted data to be transmitted may be generated according to the sensitive data and the non-sensitive data. According to the scheme, the sensitive data transmitted through the block chain is decrypted, so that only authorized nodes can read the sensitive data content, and unauthorized nodes cannot read the sensitive data content, the risk of sensitive data leakage is reduced, and the safety of data transmission is improved.
The method described in the above embodiments is further illustrated in detail by way of example.
In this embodiment, a transmission node sends encrypted transmission data to an authorization node through a blockchain, and the authorization node decrypts the received encrypted transmission data, where the transmission node is located on the blockchain, the transmission node is a device such as a server or a terminal that needs to transmit data through the blockchain, the authorization node is located on the blockchain, and the authorization node is a device such as a server or a terminal that receives data on the blockchain.
Referring to fig. 4, fig. 4 is another schematic flow chart of a data transmission method according to an embodiment of the present invention. The method flow can comprise the following steps:
s301, the transmission node acquires data to be transmitted and determines an authorized node corresponding to the data to be transmitted.
The transmission node may actively acquire the data to be transmitted, or receive a data acquisition request sent by the authorization node, and acquire the data to be transmitted based on the data acquisition request, for example, the transmission node may generate the data to be transmitted according to transaction information, or acquire the data to be transmitted from a server that stores the data, where the data to be transmitted may be transaction data such as assets, accounts, or invoices, or may be other types of data, and specific content is not limited here.
For example, as shown in fig. 5, in the process of the blockchain circulation of the asset, the data to be transmitted is asset data, the role a may serve as a transmission node, the role B (and/or other roles) may serve as an authorization node, the role a may issue the asset and generate additional data (i.e., encrypted transmission data) to transmit to the role B, and in the process of transmitting the additional data, change data or other asset circulation data and the like may be added according to actual needs. Of course, role B may also act as a transfer node, role a may also act as an authorization node, and role B generates additional data and transfers it to role a. When the authorization nodes comprise a plurality of roles, each role is taken as an authorization node, decryption permissions of different levels can be possessed for certain asset data, the roles corresponding to the transmission nodes can combine the data to be transmitted into a plurality of groups of data to be transmitted according to the viewing permission of each authorization node, and the authorization nodes corresponding to each group of data to be transmitted are determined.
S302, the transmission node divides the data to be transmitted into sensitive data and non-sensitive data according to a preset strategy and data structure configuration information.
The sensitive data is data with privacy right, and only authorized nodes with authority on the block chain can view the sensitive data; the non-sensitive data is data which can be disclosed, and all nodes on the blockchain can view the non-sensitive data. The preset policy may be flexibly set according to actual needs, for example, the data to be transmitted may be divided into sensitive data and non-sensitive data according to the importance degree or the confidentiality degree of the data content to be transmitted corresponding to the authorized node, or the data to be transmitted may be divided into sensitive data and non-sensitive data according to the requirement of the transmission node or the authorized node.
For example, the transmission node may obtain the data structure configuration information, analyze the data to be transmitted according to the data structure configuration information, and divide each group of data to be transmitted into sensitive data and non-sensitive data based on the analysis result and a preset policy. The data structure configuration information may include fields, sequence of each field, a header and a trailer, etc. that constitute data, for example, some fields in the data to be transmitted may be set as sensitive data, and some fields may be set as non-sensitive data. For example, the data to be transmitted is certain transaction data, the names of both parties in the transaction data may be set as non-sensitive data, and the amount and the transaction mode in the transaction data may be set as sensitive data.
S303, the transmission node generates a symmetric key of the sensitive data, and encrypts the sensitive data according to the symmetric key to obtain ciphertext data.
The transmission node can randomly generate a symmetric key locally, or generate a symmetric key of the sensitive data according to a preset algorithm, and the like, the preset algorithm can be flexibly set according to actual needs, and then encrypt the sensitive data according to the symmetric key to obtain ciphertext data.
S304, the transmission node acquires the public key of the authorization node, and encrypts the symmetric key according to the public key of the authorization node to obtain the encrypted symmetric key.
The transmission node may send a public key acquisition request to the authorization node and receive a public key returned by the authorization node based on the public key acquisition request, or the transmission node may receive a data acquisition request sent by the authorization node, where the data acquisition request carries the public key of the authorization node, and then acquire the data to be transmitted based on the data acquisition request. After the public key of the authorization node is obtained, the symmetric key can be encrypted according to the public key of the authorization node, so that the encrypted symmetric key is obtained.
S305, the transmission node sets the encrypted symmetric key and the non-sensitive data as plaintext fields, sets the encrypted data as ciphertext fields, and generates the encrypted transmission data according to the plaintext fields and the ciphertext fields.
The encrypted transmission data can comprise a plaintext field and a ciphertext field, wherein the plaintext field is a field which can be checked by all nodes on a block chain, and if an encrypted symmetric key exists in the checked field, only the encrypted symmetric key can be checked, but the content of the encrypted symmetric key cannot be checked; the ciphertext field is a field that can be viewed by an authorized node with authority on the block chain after decryption by a private key and the like.
The transmission node may set the encrypted symmetric key and the non-sensitive data as plaintext fields, the plaintext fields may further include other contents, set the ciphertext data as ciphertext fields, the ciphertext fields may further include other contents, and generate the encrypted transmission data according to the plaintext fields, the ciphertext fields, and/or other fields. In order to distinguish the positions of the plaintext field and the ciphertext field in the encrypted transmission data conveniently, a first identifier may be set for the plaintext field, and a second identifier may be set for the ciphertext field, where the first identifier is used to uniquely identify the plaintext field, and may be a name or a number of the plaintext field, and the second identifier is used to uniquely identify the ciphertext field, and may be a name or a number of the ciphertext field, and the first identifier and the second identifier may be flexibly set according to actual needs, and specific contents are not limited here. Then generating a data packet header according to the first identifier and the second identifier, wherein the data packet header can also comprise other contents; and generating encrypted transmission data according to the data packet header, the plaintext field and the ciphertext field.
For example, as shown in fig. 5, roles a, b. When role a (i.e., the transport node) issues an asset, a symmetric key aes _ key is randomly generated, for example, the symmetric key may be generated by aes encryption algorithm or des encryption algorithm. When the asset circulates in the block chain, each transaction has additional data, the additional data is transmission data after encryption, one part of the additional data is ciphertext data, the other part of the additional data is plaintext data, for example, as shown in fig. 6, a public key of each participating role is used for encrypting a symmetric key aes _ key, and the obtained ciphertext data exists in the plaintext of the additional data. For example, the symmetric key aes _ key is encrypted with the public key a.rsa _ pubkey of role a, the obtained ciphertext data is keyA rsa _ encryption (aes _ key, a.rsa _ pubkey), the symmetric key aes _ key is encrypted with the public key b.rsa _ pubkey of role B, the obtained ciphertext data is keyB rsa _ encryption (aes _ key, b.rsa _ pubkey), and so on. Sensitive data in the transaction data of the asset are encrypted and stored through a symmetric key aes _ key, and ciphertext data obtained is aes _ encryption (data, aes _ key). This implements the authorized role (i.e., authorized node) to decrypt the data on the blockchain. The decryption process comprises the following steps: each role can use the private key of the role to decrypt the corresponding field to obtain the symmetric key aes _ key, and then uses the symmetric key aes _ key to decrypt the sensitive data in the transaction data, while the unrelated role (i.e. unauthorized node) cannot decrypt the transaction data. In addition, because the symmetric key aes _ key is generated randomly, if the symmetric key aes _ key is leaked, only one asset on the block chain is affected, and other assets are not affected. By encrypting the transaction data in segments, different roles can be controlled to have different permissions.
S306, the transmission node transmits the encrypted transmission data to the authorization node through the block chain.
S307, the authorized node receives the encrypted transmission data sent by the transmission node through the block chain.
After obtaining the encrypted transmission data, the transmission node may upload the encrypted transmission data to the block chain, and at this time, the authorization node may obtain the encrypted transmission data from the block chain.
S308, the authorization node extracts the encrypted symmetric key and the non-sensitive data from the plaintext field of the encrypted transmission data and extracts the ciphertext data from the ciphertext field of the encrypted transmission data.
After the authorization node obtains the encrypted transmission data, the encrypted transmission data can be generated according to the ciphertext data, the encrypted symmetric key and the non-sensitive data, so that the authorization node can extract the ciphertext data, the encrypted symmetric key and the non-sensitive data from the encrypted transmission data.
For example, the encrypted transmission data may include a data header, a plaintext field, a ciphertext field, and the like, the plaintext field may include an encrypted symmetric key and non-sensitive data, the ciphertext field may include ciphertext data, the plaintext field may be provided with a first identifier, and the ciphertext field may be provided with a second identifier, which may be provided in the data header of the encrypted transmission data, so that the authorization node may extract the first identifier and the second identifier from the data header of the encrypted transmission data, determine the plaintext field in the encrypted transmission data according to the first identifier, and determine the ciphertext field in the encrypted transmission data according to the second identifier. The first identifier is used for uniquely identifying the plaintext field, and may be a name or a number of the plaintext field, the second identifier is used for uniquely identifying the ciphertext field, and may be a name or a number of the ciphertext field, and the first identifier and the second identifier may be flexibly set according to actual needs, and specific contents are not limited here. At this time, the encrypted symmetric key and the non-sensitive data can be extracted from the plaintext field, and the ciphertext data can be extracted from the ciphertext field.
S309, the authorization node obtains a private key matched with the public key, and decrypts the encrypted symmetric key according to the private key to obtain the symmetric key.
The encrypted symmetric key is obtained by encrypting the symmetric key generated by the transmission node according to the public key of the authorization node, so that the authorization node can obtain the private key matched with the public key in the authorization node and decrypt the encrypted symmetric key according to the private key of the authorization node to obtain the symmetric key.
S310, the authorization node decrypts the ciphertext data according to the symmetric key to obtain decrypted sensitive data.
Since the ciphertext data is obtained by encrypting the sensitive data by using the symmetric key, after the symmetric key is obtained, the authorization node can decrypt the ciphertext data according to the symmetric key to obtain the decrypted sensitive data.
S311, the authorization node combines the sensitive data and the non-sensitive data into decrypted data to be transmitted according to the data structure configuration information.
Because the data to be transmitted comprises sensitive data, non-sensitive data and the like, the decrypted data to be transmitted can be generated according to the sensitive data and the non-sensitive data. For example, the authorized node may obtain data structure configuration information in which sensitive data and non-sensitive data are combined into data to be transmitted; and combining the sensitive data and the non-sensitive data into decrypted data to be transmitted according to the data structure configuration information. The data structure configuration information may include fields, sequence of each field, a header, a trailer, and the like, which constitute data, and since the sensitive data and the non-sensitive data are obtained by dividing according to the data structure configuration information, the data structure configuration information may be obtained, and the sensitive data and the non-sensitive data are combined into decrypted data to be transmitted according to the data structure configuration information, and at this time, the data to be transmitted may be read by the authorized node.
The transmission node can divide data to be transmitted into sensitive data and non-sensitive data, encrypt the sensitive data by using the symmetric key to obtain ciphertext data, encrypt the symmetric key by using the public key of the authorization node to obtain the encrypted symmetric key, and transmit transmission data generated according to the ciphertext data, the encrypted symmetric key and the non-sensitive data to the authorization node through the block chain. At this time, the authorization node may extract ciphertext data, the encrypted symmetric key, and the non-sensitive data from the encrypted transmission data, decrypt the encrypted symmetric key using the private key of the authorization node to obtain the symmetric key, decrypt the ciphertext data according to the symmetric key to obtain decrypted sensitive data, and then generate decrypted data to be transmitted according to the sensitive data and the non-sensitive data. According to the scheme, the sensitive data transmitted through the block chain is encrypted, so that only authorized nodes can read the sensitive data content, and unauthorized nodes cannot read the sensitive data content, the risk of sensitive data leakage is reduced, and the safety of data transmission is improved. And the lightweight encryption and decryption technology in the block chain service is realized, the attribute of authority management is possessed, the hierarchical authority management of decentralized can be conveniently expanded, distributed encryption and decryption does not depend on the service of centralized deployment, the performance bottleneck can not be formed, and in addition, all information related to encryption can be circulated on the block chain by using the asymmetric encryption technology.
In order to better implement the data transmission method provided by the embodiment of the present invention, an embodiment of the present invention further provides a device based on the data transmission method. The terms are the same as those in the data transmission method, and specific implementation details can refer to the description in the method embodiment.
Referring to fig. 7, fig. 7 is a schematic structural diagram of a data transmission device according to an embodiment of the present invention, where the data transmission device may include an obtaining unit 401, a dividing unit 402, a first encrypting unit 403, a second encrypting unit 404, a generating unit 405, a transmitting unit 406, and the like.
The obtaining unit 401 is configured to obtain data to be transmitted of a transmission node on a block chain, and determine an authorized node corresponding to the data to be transmitted.
In some embodiments, the obtaining unit 401 may specifically be configured to: acquiring data to be transmitted of transmission nodes on a block chain, and combining the data to be transmitted into a plurality of groups of data to be transmitted; and determining authorized nodes corresponding to each group of data to be transmitted.
A dividing unit 402, configured to divide data to be transmitted into sensitive data and non-sensitive data according to a preset policy.
In some embodiments, the dividing unit 402 may specifically be configured to: acquiring data structure configuration information, and analyzing each group of data to be transmitted according to the data structure configuration information; and dividing each group of data to be transmitted into sensitive data and non-sensitive data based on the analysis result and a preset strategy.
The first encryption unit 403 is configured to generate a symmetric key of the sensitive data, and encrypt the sensitive data according to the symmetric key to obtain ciphertext data.
In some embodiments, the first encryption unit 403 may specifically be configured to: generating a symmetric key corresponding to each group of sensitive data according to a preset algorithm to obtain a symmetric key set; and encrypting each group of sensitive data respectively according to the symmetric key set to obtain ciphertext data.
The second encryption unit 404 is configured to obtain a public key of the authorization node, and encrypt the symmetric key according to the public key of the authorization node to obtain an encrypted symmetric key.
In some embodiments, the second encryption unit may be specifically configured to: sending a public key acquisition request to each authorization node; receiving a public key returned by each authorization node based on the public key acquisition request; and encrypting the symmetric key corresponding to each authorization node according to the public key of each authorization node to obtain the encrypted symmetric key.
And a generating unit 405, configured to generate encrypted transmission data according to the ciphertext data, the encrypted symmetric key, and the non-sensitive data.
In some embodiments, the generating unit 405 may include: the setting subunit is used for setting the encrypted symmetric key and the non-sensitive data as plaintext fields and setting the ciphertext data as ciphertext fields; and the generating subunit is used for generating the encrypted transmission data according to the plaintext field and the ciphertext field.
In some embodiments, the generating subunit may be specifically configured to: setting a first identifier for a plaintext field and a second identifier for a ciphertext field; generating a data packet header according to the first identifier and the second identifier; and generating encrypted transmission data according to the data packet header, the plaintext field and the ciphertext field.
A transmitting unit 406, configured to transmit the encrypted transmission data to the authorized node through the blockchain.
As can be seen from the above, in the embodiment of the present invention, the obtaining unit 401 may obtain data to be transmitted of a transmission node on a block chain, and determine an authorized node corresponding to the data to be transmitted, then the dividing unit 402 divides the data to be transmitted into sensitive data and non-sensitive data according to a preset policy, the first encrypting unit 403 generates a symmetric key of the sensitive data, and encrypts the sensitive data according to the symmetric key to obtain ciphertext data, at this time, the second encrypting unit 404 may obtain a public key of the authorized node, and encrypts the symmetric key according to the public key of the authorized node to obtain an encrypted symmetric key, then the generating unit 405 generates transmission data according to the ciphertext data, the encrypted symmetric key, and the non-sensitive data, and finally the transmitting unit 406 may transmit the transmission data to the authorized node through the block chain. According to the scheme, the sensitive data transmitted through the block chain is encrypted, so that only authorized nodes can read the sensitive data content, and unauthorized nodes cannot read the sensitive data content, the risk of sensitive data leakage is reduced, and the safety of data transmission is improved.
In order to better implement the data transmission method provided by the embodiment of the present invention, an embodiment of the present invention further provides a device based on the data transmission method. The terms are the same as those in the data transmission method, and specific implementation details can refer to the description in the method embodiment.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a data transmission device according to an embodiment of the present invention, where the data transmission device may include a receiving unit 501, an extracting unit 502, a first decrypting unit 503, a second decrypting unit 504, a data generating unit 505, and the like.
A receiving unit 501, configured to receive encrypted transmission data sent by a transmission node through a block chain.
An extracting unit 502, configured to extract ciphertext data, the encrypted symmetric key, and the non-sensitive data from the encrypted transmission data.
The ciphertext data is obtained by encrypting sensitive data in data to be transmitted by using a symmetric key generated by a transmission node, and the encrypted symmetric key is obtained by encrypting the symmetric key by using a public key of an authorization node.
In some embodiments, the extraction unit 502 may be specifically configured to: extracting a first identifier and a second identifier from a data packet header of the encrypted transmission data; determining a plaintext field in the encrypted transmission data according to the first identifier, and determining a ciphertext field in the encrypted transmission data according to the second identifier; and extracting the encrypted symmetric key and the non-sensitive data from the plaintext field, and extracting the ciphertext data from the ciphertext field.
The first decryption unit 503 is configured to obtain a private key in the authorization node, where the private key is matched with the public key, and decrypt the encrypted symmetric key according to the private key to obtain the symmetric key.
And a second decryption unit 504, configured to decrypt the ciphertext data according to the symmetric key, to obtain decrypted sensitive data.
And a data generating unit 505, configured to generate decrypted data to be transmitted according to the sensitive data and the non-sensitive data.
In some embodiments, the data generation unit 505 may be specifically configured to: acquiring data structure configuration information of data to be transmitted, which is formed by combining sensitive data and non-sensitive data; and combining the sensitive data and the non-sensitive data into decrypted data to be transmitted according to the data structure configuration information.
As can be seen from the above, in the embodiment of the present invention, the receiving unit 501 may receive encrypted transmission data sent by a transmission node through a block chain, and the extracting unit 502 extracts ciphertext data, an encrypted symmetric key, and non-sensitive data from the encrypted transmission data, then the first decrypting unit 503 obtains a private key in an authorized node that matches the public key, decrypts the encrypted symmetric key according to the private key to obtain the symmetric key, and the second decrypting unit 504 decrypts the ciphertext data according to the symmetric key to obtain decrypted sensitive data, at this time, the data generating unit 505 may generate decrypted data to be transmitted according to the sensitive data and the non-sensitive data. According to the scheme, the sensitive data transmitted through the block chain is decrypted, so that only authorized nodes can read the sensitive data content, and unauthorized nodes cannot read the sensitive data content, the risk of sensitive data leakage is reduced, and the safety of data transmission is improved.
The embodiment of the invention also provides equipment, which can be equipment such as a server or a terminal and the like, and can be a transmission node or an authorization node. As shown in fig. 9, it shows a schematic structural diagram of a server according to an embodiment of the present invention, specifically:
the server may include components such as a processor 601 of one or more processing cores, memory 602 of one or more computer-readable storage media, a power supply 603, and an input unit 604. Those skilled in the art will appreciate that the server architecture shown in FIG. 9 does not constitute a limitation on the servers, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components. Wherein:
the processor 601 is a control center of the server, connects various parts of the entire server using various interfaces and lines, and performs various functions of the server and processes data by running or executing software programs and/or modules stored in the memory 602 and calling data stored in the memory 602, thereby performing overall monitoring of the server. Optionally, processor 601 may include one or more processing cores; preferably, the processor 601 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 601.
The memory 602 may be used to store software programs and modules, and the processor 601 executes various functional applications and data processing by operating the software programs and modules stored in the memory 602. The memory 602 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to the use of the server, and the like. Further, the memory 602 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 602 may also include a memory controller to provide the processor 601 with access to the memory 602.
The server further includes a power supply 603 for supplying power to each component, and preferably, the power supply 603 may be logically connected to the processor 601 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system. The power supply 603 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.
The server may also include an input unit 604, which input unit 604 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.
Although not shown, the server may further include a display unit and the like, which will not be described in detail herein. Specifically, in this embodiment, the processor 601 in the server loads the executable file corresponding to the process of one or more application programs into the memory 602 according to the following instructions, and the processor 601 runs the application program stored in the memory 602, so as to implement the data transmission method provided in the embodiment of the present invention, as follows:
(1) when the device is a transmitting node, the processor 601 may run applications stored in the memory 602 to implement various functions, as follows:
acquiring data to be transmitted of a transmission node on a block chain, and determining an authorized node corresponding to the data to be transmitted; dividing data to be transmitted into sensitive data and non-sensitive data according to a preset strategy; generating a symmetric key of the sensitive data, and encrypting the sensitive data according to the symmetric key to obtain ciphertext data; acquiring a public key of the authorization node, and encrypting the symmetric key according to the public key of the authorization node to obtain an encrypted symmetric key; generating encrypted transmission data according to the ciphertext data, the encrypted symmetric key and the non-sensitive data; and transmitting the encrypted transmission data to the authorized node through the block chain.
(2) When the device is an authorized node, the processor 601 may run applications stored in the memory 602 to implement various functions, as follows:
receiving encrypted transmission data sent by a transmission node through a block chain; extracting ciphertext data, an encrypted symmetric key and non-sensitive data from the encrypted transmission data, wherein the ciphertext data is obtained by encrypting the sensitive data in the data to be transmitted by using a symmetric key generated by the transmission node, and the encrypted symmetric key is obtained by encrypting the symmetric key by using a public key of an authorized node; obtaining a private key matched with the public key in the authorization node, and decrypting the encrypted symmetric key according to the private key to obtain a symmetric key; decrypting the ciphertext data according to the symmetric key to obtain decrypted sensitive data; and generating the decrypted data to be transmitted according to the sensitive data and the non-sensitive data.
In the above embodiments, the descriptions of the embodiments have respective emphasis, and parts that are not described in detail in a certain embodiment may refer to the above detailed description of the data transmission method, and are not described herein again.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor.
To this end, the present invention provides a storage medium, in which a plurality of instructions are stored, and the instructions can be loaded by a processor to execute the steps in any one of the data transmission methods provided by the embodiments of the present invention. For example, the instructions may perform the steps of:
acquiring data to be transmitted of a transmission node on a block chain, and determining an authorized node corresponding to the data to be transmitted; dividing data to be transmitted into sensitive data and non-sensitive data according to a preset strategy; generating a symmetric key of the sensitive data, and encrypting the sensitive data according to the symmetric key to obtain ciphertext data; acquiring a public key of the authorization node, and encrypting the symmetric key according to the public key of the authorization node to obtain an encrypted symmetric key; generating encrypted transmission data according to the ciphertext data, the encrypted symmetric key and the non-sensitive data; and transmitting the encrypted transmission data to the authorized node through the block chain.
For another example, the instructions may perform the steps of:
receiving encrypted transmission data sent by a transmission node through a block chain; extracting ciphertext data, an encrypted symmetric key and non-sensitive data from the encrypted transmission data, wherein the ciphertext data is obtained by encrypting the sensitive data in the data to be transmitted by using a symmetric key generated by the transmission node, and the encrypted symmetric key is obtained by encrypting the symmetric key by using a public key of an authorized node; obtaining a private key matched with the public key in the authorization node, and decrypting the encrypted symmetric key according to the private key to obtain a symmetric key; decrypting the ciphertext data according to the symmetric key to obtain decrypted sensitive data; and generating the decrypted data to be transmitted according to the sensitive data and the non-sensitive data.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
Since the instructions stored in the storage medium can execute the steps in any data transmission method provided in the embodiments of the present invention, the beneficial effects that can be achieved by any data transmission method provided in the embodiments of the present invention can be achieved, which are detailed in the foregoing embodiments and will not be described herein again.
The above detailed description is provided for a data transmission method, device and storage medium based on a block chain according to an embodiment of the present invention, and a specific example is applied in this document to explain the principle and implementation manner of the present invention, and the description of the above embodiment is only used to help understanding the method and core idea of the present invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (7)
1. A data transmission method based on a block chain is characterized by comprising the following steps:
acquiring data to be transmitted of transmission nodes on a block chain, and combining the data to be transmitted into a plurality of groups of data to be transmitted, wherein the data to be transmitted in each group are completely different and have partial or all the same;
acquiring nodes with permission to view a certain group of data to be transmitted on a block chain to obtain authorized nodes;
acquiring data structure configuration information, and analyzing each group of data to be transmitted according to the data structure configuration information;
dividing each group of data to be transmitted into sensitive data and non-sensitive data based on the analysis result and a preset strategy, wherein the sensitive data are data with privacy rights and are used for being checked by authorized nodes with rights on a block chain, and the non-sensitive data are public data and are used for being checked by all nodes on the block chain;
generating a symmetric key of the sensitive data, and encrypting the sensitive data according to the symmetric key to obtain ciphertext data;
acquiring a public key of the authorization node, and encrypting the symmetric key according to the public key of the authorization node to obtain an encrypted symmetric key;
setting the encrypted symmetric key and the non-sensitive data as plaintext fields, and setting the ciphertext data as ciphertext fields;
generating encrypted transmission data according to the plaintext field and the ciphertext field;
and transmitting the encrypted transmission data to the authorization node through the block chain.
2. The data transmission method according to claim 1, wherein the step of generating the encrypted transmission data from the plaintext field and the ciphertext field comprises:
setting a first identifier for the plaintext field and a second identifier for the ciphertext field;
generating a data packet header according to the first identifier and the second identifier;
and generating encrypted transmission data according to the data packet header, the plaintext field and the ciphertext field.
3. A block chain-based data transmission apparatus, comprising:
the acquisition unit is used for acquiring data to be transmitted of transmission nodes on a block chain, combining the data to be transmitted into a plurality of groups of data to be transmitted, acquiring nodes which have authority to check a certain group of data to be transmitted on the block chain, and acquiring authorized nodes, wherein each group of data to be transmitted is completely different and has partial or all the same;
the dividing unit is used for acquiring data structure configuration information, analyzing each group of data to be transmitted according to the data structure configuration information, and dividing each group of data to be transmitted into sensitive data and non-sensitive data based on an analysis result and a preset strategy, wherein the sensitive data are data with privacy rights and are used for being checked by authorized nodes with authority on a block chain, and the non-sensitive data are public data and are used for being checked by all nodes on the block chain;
the first encryption unit is used for generating a symmetric key of the sensitive data and encrypting the sensitive data according to the symmetric key to obtain ciphertext data;
the second encryption unit is used for acquiring the public key of the authorization node and encrypting the symmetric key according to the public key of the authorization node to obtain an encrypted symmetric key;
the generating unit is used for setting the encrypted symmetric key and the non-sensitive data as plaintext fields, setting the encrypted data as ciphertext fields, and generating encrypted transmission data according to the plaintext fields and the ciphertext fields;
and the transmission unit is used for transmitting the encrypted transmission data to the authorization node through the block chain.
4. A data transmission method based on a block chain is characterized by comprising the following steps:
receiving encrypted transmission data sent by a transmission node through a block chain;
extracting encrypted symmetric keys and non-sensitive data from plaintext fields of encrypted transmission data, and extracting ciphertext data from ciphertext fields of the encrypted transmission data, wherein the ciphertext data is obtained by encrypting sensitive data in multiple groups of data to be transmitted by using symmetric keys generated by the transmission nodes, and the encrypted symmetric keys are obtained by encrypting the symmetric keys by using public keys of authorized nodes; the authorized nodes are obtained by obtaining nodes which have authority to view a certain group of data to be transmitted on the block chain, the multiple groups of data to be transmitted are obtained by combining the data to be transmitted of the transmission nodes in the block chain, and each group of data to be transmitted is completely different and has part or all of the same data;
obtaining a private key matched with the public key in the authorization node, and decrypting the encrypted symmetric key according to the private key to obtain a symmetric key;
decrypting the ciphertext data according to the symmetric key to obtain decrypted sensitive data, analyzing the sensitive data and the non-sensitive data to obtain an analysis result by analyzing each group of data to be transmitted based on data structure configuration information, and dividing each group of data to be transmitted according to a preset strategy, wherein the sensitive data are data with privacy rights and are used for checking authorized nodes with rights on a block chain, and the non-sensitive data are public data and are used for checking all nodes on the block chain;
and generating decrypted data to be transmitted according to the sensitive data and the non-sensitive data.
5. A block chain-based data transmission apparatus, comprising:
the receiving unit is used for receiving encrypted transmission data sent by the transmission node through the block chain;
the extraction unit is used for extracting encrypted symmetric keys and non-sensitive data from plaintext fields of encrypted transmission data and extracting ciphertext data from ciphertext fields of the encrypted transmission data, the ciphertext data is obtained by encrypting sensitive data in multiple groups of data to be transmitted by using symmetric keys generated by the transmission nodes, the encrypted symmetric keys are obtained by encrypting the symmetric keys by using public keys of authorized nodes, the authorized nodes are obtained by acquiring nodes which have authority to check a certain group of data to be transmitted on a block chain, the multiple groups of data to be transmitted are obtained by combining the data to be transmitted of the transmission nodes in the block chain, and each group of data to be transmitted is completely different and has partial or all the same data;
the first decryption unit is used for acquiring a private key matched with the public key in the authorization node, and decrypting the encrypted symmetric key according to the private key to obtain a symmetric key;
the second decryption unit is used for decrypting the ciphertext data according to the symmetric key to obtain decrypted sensitive data, analyzing the analysis result obtained by analyzing each group of data to be transmitted based on data structure configuration information by the sensitive data and the non-sensitive data, and dividing each group of data to be transmitted according to a preset strategy, wherein the sensitive data are data with a secret right and are used for checking authorized nodes with authority in a block chain, and the non-sensitive data are public data and are used for checking all nodes in the block chain;
and the data generation unit is used for generating the decrypted data to be transmitted according to the sensitive data and the non-sensitive data.
6. A storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps of the data transmission method according to any one of claims 1 to 2 or the steps of the data transmission method according to claim 4.
7. An electronic device comprising a memory and a processor, characterized in that the memory stores a computer program that, when executed by the processor, causes the processor to perform the steps in the data transmission method according to any one of claims 1 to 2 or to perform the steps in the data transmission method according to claim 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810790624.6A CN109033855B (en) | 2018-07-18 | 2018-07-18 | Data transmission method and device based on block chain and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810790624.6A CN109033855B (en) | 2018-07-18 | 2018-07-18 | Data transmission method and device based on block chain and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109033855A CN109033855A (en) | 2018-12-18 |
| CN109033855B true CN109033855B (en) | 2020-02-11 |
Family
ID=64643999
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810790624.6A Active CN109033855B (en) | 2018-07-18 | 2018-07-18 | Data transmission method and device based on block chain and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109033855B (en) |
Families Citing this family (55)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109510818B (en) * | 2018-10-29 | 2021-08-17 | 梁伟 | Data transmission system, method, device, equipment and storage medium of block chain |
| CN109688584B (en) * | 2018-12-27 | 2022-04-08 | 绍兴心越科技有限公司 | Data security storage system and method suitable for resource-limited network node |
| CN109785120A (en) * | 2018-12-28 | 2019-05-21 | 贵州蓝石科技有限公司 | A kind of personal credit system based on block chain technology |
| CN109815747B (en) * | 2019-01-17 | 2024-09-06 | 重庆金融资产交易所有限责任公司 | Block chain-based offline auditing method, electronic device and readable storage medium |
| CN109902494A (en) * | 2019-01-24 | 2019-06-18 | 北京融链科技有限公司 | Data encryption storage method, device and document storage system |
| CN109951453A (en) * | 2019-02-26 | 2019-06-28 | 符安文 | A kind of safe encryption method based on block chain |
| CN109977687A (en) * | 2019-04-02 | 2019-07-05 | 深圳智乾区块链科技有限公司 | Data sharing method, device, system and readable storage medium storing program for executing based on block chain |
| CN110138733B (en) * | 2019-04-03 | 2021-09-21 | 华南理工大学 | Block chain-based object storage system trusted evidence storage and access authority control method |
| CN110245942B (en) * | 2019-05-20 | 2021-05-04 | 创新先进技术有限公司 | Receipt storage method and node combining user type and judgment condition |
| WO2020233423A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Receipt storage method and node based on transaction type |
| CN110263088B (en) * | 2019-05-20 | 2021-04-02 | 创新先进技术有限公司 | Conditional receipt storage method and node combining code labeling and event type |
| CN110264196B (en) * | 2019-05-20 | 2021-04-23 | 创新先进技术有限公司 | Conditional receipt storage method and node combining code labeling and user type |
| CN110263086B (en) * | 2019-05-20 | 2021-04-02 | 创新先进技术有限公司 | Receipt storage method and node combining user type and event function type |
| CN110245945B (en) * | 2019-05-20 | 2021-03-23 | 创新先进技术有限公司 | Receipt storage method and node combining code marking and user type |
| CN110264193B (en) * | 2019-05-20 | 2021-05-18 | 创新先进技术有限公司 | Receipt storage method and node combining user type and transaction type |
| WO2020233424A1 (en) * | 2019-05-20 | 2020-11-26 | 创新先进技术有限公司 | Event function type-based receipt storage method and node |
| CN110245943B (en) * | 2019-05-20 | 2021-04-23 | 创新先进技术有限公司 | Receipt storage method and node based on judgment condition |
| CN110264192B (en) * | 2019-05-20 | 2021-08-06 | 创新先进技术有限公司 | Receipt storage method and node based on transaction type |
| CN110245944B (en) * | 2019-05-20 | 2021-04-27 | 创新先进技术有限公司 | Receipt storage method and node based on user type |
| CN110335651A (en) * | 2019-06-04 | 2019-10-15 | 北京纵横无双科技有限公司 | A kind of data security protection method of tele-medicine |
| CN110378135A (en) * | 2019-07-08 | 2019-10-25 | 武汉东湖大数据交易中心股份有限公司 | Intimacy protection system and method based on big data analysis and trust computing |
| CN110474886B (en) * | 2019-07-24 | 2022-04-05 | 深圳壹账通智能科技有限公司 | Block chain based data encryption method and device, electronic equipment and storage medium |
| CN110555318A (en) * | 2019-09-17 | 2019-12-10 | 山东爱城市网信息技术有限公司 | privacy data protection method based on block chain |
| CN110633580A (en) * | 2019-09-20 | 2019-12-31 | 徐州医科大学附属医院 | Secure distributed storage method oriented to XML data |
| CN110933108B (en) * | 2019-09-26 | 2021-05-11 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain network, electronic equipment and storage medium |
| CN112787976B (en) * | 2019-11-06 | 2023-04-07 | 阿里巴巴集团控股有限公司 | Data encryption, decryption and sharing method, device, system and storage medium |
| CN111062833A (en) * | 2019-11-26 | 2020-04-24 | 青岛大学 | Signature authentication method of contract data and related device |
| CN110868292B (en) * | 2019-12-03 | 2021-12-14 | 湖南国奥电力设备有限公司 | Underground cable data transmission method and device based on block chain |
| CN110995837B (en) * | 2019-12-03 | 2022-09-30 | 湖南国奥电力设备有限公司 | Underground cable collected data uploading method and system based on block chain |
| CN110954780A (en) * | 2019-12-03 | 2020-04-03 | 湖南国奥电力设备有限公司 | Underground cable fault detection method and device based on block chain |
| CN112995096B (en) * | 2019-12-13 | 2023-04-25 | 中移动信息技术有限公司 | Data encryption and decryption methods, devices and equipment |
| CN111191443A (en) * | 2019-12-19 | 2020-05-22 | 深圳壹账通智能科技有限公司 | Sensitive word detection method and device based on block chain, computer equipment and storage medium |
| CN111192050B (en) * | 2019-12-31 | 2023-08-11 | 成都库珀创新科技有限公司 | Digital asset private key storage and extraction method and device |
| CN111193755B (en) * | 2020-04-14 | 2020-08-21 | 傲林科技有限公司 | Data access method, data encryption method and data encryption and access system |
| CN111585769B (en) * | 2020-05-14 | 2023-07-25 | 天星数科科技有限公司 | Data transmission method, device and medium |
| CN111639363B (en) * | 2020-05-24 | 2020-12-25 | 深圳市诚意信科技有限公司 | Data analysis method based on block chain and edge computing server |
| CN113761543B (en) * | 2020-06-01 | 2024-04-02 | 菜鸟智能物流控股有限公司 | Data processing method, device, equipment and machine-readable medium based on alliance chain |
| CN111756522B (en) * | 2020-06-28 | 2023-06-23 | 中国平安财产保险股份有限公司 | Data processing method and system |
| CN111835511A (en) * | 2020-06-30 | 2020-10-27 | 平安国际智慧城市科技股份有限公司 | Data security transmission method and device, computer equipment and storage medium |
| CN112073467A (en) * | 2020-08-11 | 2020-12-11 | 东软集团股份有限公司 | Block chain-based data transmission method and device, storage medium and electronic equipment |
| CN111741031B (en) * | 2020-08-26 | 2020-11-20 | 深圳信息职业技术学院 | Block chain based network communication encryption method |
| CN112511350B (en) * | 2020-12-01 | 2023-04-07 | 浙商银行股份有限公司 | Alliance chain multi-level consensus method, device and storage medium |
| CN114726560A (en) * | 2020-12-22 | 2022-07-08 | 富泰华工业(深圳)有限公司 | Data protection method, computer device and readable storage medium |
| CN113094727A (en) * | 2021-04-12 | 2021-07-09 | 浙江永旗区块链科技有限公司 | Block chain node point and data transmission method thereof |
| CN113114458A (en) * | 2021-04-20 | 2021-07-13 | 中国工商银行股份有限公司 | Encryption certificate generation method, decryption method, encryption certificate generation device, decryption device and encryption certificate system |
| CN113111371A (en) * | 2021-04-30 | 2021-07-13 | 永旗(北京)科技有限公司 | Data transmission method and system based on block chain |
| CN113949552A (en) * | 2021-10-13 | 2022-01-18 | 广州广电运通金融电子股份有限公司 | Large file encryption and decryption system, method, storage medium and equipment |
| CN114285555A (en) * | 2021-12-15 | 2022-04-05 | 支付宝(杭州)信息技术有限公司 | Multicast method and device based on block chain |
| CN114567427B (en) * | 2022-01-05 | 2023-10-20 | 北京理工大学 | Block chain hidden data segmented transmission method |
| CN114567428B (en) * | 2022-01-14 | 2024-03-05 | 北京理工大学 | Block chain data hidden transmission method supporting dynamic tags |
| CN114900324A (en) * | 2022-02-11 | 2022-08-12 | 北京中电飞华通信有限公司 | Data interaction method based on ODIN and related equipment |
| CN114697077A (en) * | 2022-02-24 | 2022-07-01 | 国网江西省电力有限公司供电服务管理中心 | Electric energy data transmission method and device, storage medium and computer equipment |
| CN114826729B (en) * | 2022-04-22 | 2024-05-28 | 马上消费金融股份有限公司 | Data processing method, page updating method and related hardware |
| CN114697142B (en) * | 2022-06-01 | 2022-09-06 | 浙江大学 | Communication data encryption method and device, electronic equipment and storage medium |
| CN117834103B (en) * | 2023-12-01 | 2024-10-11 | 中国电信股份有限公司技术创新中心 | Multimedia data sharing method, system and related equipment based on block chain |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701594A (en) * | 2014-01-03 | 2014-04-02 | 天地融科技股份有限公司 | Data transmission method and system |
| CN106453362A (en) * | 2016-11-02 | 2017-02-22 | 中车株洲电力机车研究所有限公司 | Data transmission method and apparatus of vehicle-mounted device |
| WO2017145019A1 (en) * | 2016-02-23 | 2017-08-31 | nChain Holdings Limited | Registry and automated management method for blockchain-enforced smart contracts |
| CN107294709A (en) * | 2017-06-27 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of block chain data processing method, apparatus and system |
| CN107342858A (en) * | 2017-07-05 | 2017-11-10 | 武汉凤链科技有限公司 | A kind of intelligent contract guard method and system based on trusted context |
| CN107896223A (en) * | 2017-12-04 | 2018-04-10 | 山东渔翁信息技术股份有限公司 | A kind of data processing method and system, data collecting system and data receiving system |
-
2018
- 2018-07-18 CN CN201810790624.6A patent/CN109033855B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701594A (en) * | 2014-01-03 | 2014-04-02 | 天地融科技股份有限公司 | Data transmission method and system |
| WO2017145019A1 (en) * | 2016-02-23 | 2017-08-31 | nChain Holdings Limited | Registry and automated management method for blockchain-enforced smart contracts |
| CN106453362A (en) * | 2016-11-02 | 2017-02-22 | 中车株洲电力机车研究所有限公司 | Data transmission method and apparatus of vehicle-mounted device |
| CN107294709A (en) * | 2017-06-27 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of block chain data processing method, apparatus and system |
| CN107342858A (en) * | 2017-07-05 | 2017-11-10 | 武汉凤链科技有限公司 | A kind of intelligent contract guard method and system based on trusted context |
| CN107896223A (en) * | 2017-12-04 | 2018-04-10 | 山东渔翁信息技术股份有限公司 | A kind of data processing method and system, data collecting system and data receiving system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109033855A (en) | 2018-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109033855B (en) | Data transmission method and device based on block chain and storage medium | |
| CN109144961B (en) | Authorization file sharing method and device | |
| CN110033258B (en) | Service data encryption method and device based on block chain | |
| CN108259169B (en) | File secure sharing method and system based on block chain cloud storage | |
| CN110881063B (en) | Storage method, device, equipment and medium of private data | |
| US7975312B2 (en) | Token passing technique for media playback devices | |
| CN111797415A (en) | Block chain based data sharing method, electronic device and storage medium | |
| US20170244687A1 (en) | Techniques for confidential delivery of random data over a network | |
| CN110800250A (en) | Controlled distribution of encrypted private keys | |
| JP6753403B2 (en) | Information processing equipment, authentication systems, authentication methods, and computer programs | |
| CN106209739A (en) | Cloud storage method and system | |
| CN111163036B (en) | Data sharing method, device, client, storage medium and system | |
| CN110601830B (en) | Key management method, device, equipment and storage medium based on block chain | |
| CN111274599A (en) | Data sharing method based on block chain and related device | |
| KR101615137B1 (en) | Data access method based on attributed | |
| EP3185465A1 (en) | A method for encrypting data and a method for decrypting data | |
| CN106326666A (en) | Health record information management service system | |
| CN103973698B (en) | User access right revoking method in cloud storage environment | |
| KR20210058313A (en) | Data access control method and system using attribute-based password for secure and efficient data sharing in cloud environment | |
| CN114826702B (en) | Database access password encryption method and device and computer equipment | |
| CN104052592A (en) | Secret key backup and transfer method and system based on trusted computing | |
| Yan et al. | Traceable and weighted attribute-based encryption scheme in the cloud environment | |
| CN104735020A (en) | Method, device and system for acquiring sensitive data | |
| Reedy et al. | A Secure Framework for Ensuring EHR's Integrity Using Fine-Grained Auditing and CP-ABE | |
| US20240179150A1 (en) | Management of access rights to digital files with possible delegation of the rights |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |