CN109218291B - Data transfer method, system and related equipment based on block chain - Google Patents
Data transfer method, system and related equipment based on block chain Download PDFInfo
- Publication number
- CN109218291B CN109218291B CN201810921971.8A CN201810921971A CN109218291B CN 109218291 B CN109218291 B CN 109218291B CN 201810921971 A CN201810921971 A CN 201810921971A CN 109218291 B CN109218291 B CN 109218291B
- Authority
- CN
- China
- Prior art keywords
- data
- key
- node
- block chain
- producer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
Abstract
The embodiment of the invention provides a data circulation method, a system and related equipment based on a block chain, which are used for realizing the secret circulation of data in the block chain. In the embodiment of the invention, the data producer node can encrypt the original data and synchronize the encrypted data after encryption into the block chain, thereby not only ensuring the fairness of the data, but also ensuring the confidentiality of the data. If the corresponding original data needs to be inquired by the alliance node in the block chain, the data producer node is needed to judge whether the alliance chain node meets the preset authorization condition, and the data producer node and the corresponding alliance chain node negotiate a common key only if the preset condition is met, so that the alliance chain node can obtain the original data based on the common key, namely the safe and confidential circulation of the data is realized based on the block chain.
Description
Technical Field
The invention relates to the technical field of information processing, in particular to a data transfer method, a data transfer system and related equipment based on a block chain.
Background
A Block chain is a distributed-storage data structure disclosed for all Block chain nodes accessing a server, comprising several blocks (blocks). Other block chain nodes accessed to the block chain server form a P2P network, block chain data can be stored in the P2P network, and any one or more block chain nodes of the P2P network are broken down, so that the block chain data cannot be lost, and the block chain data has strong safety and can be permanently stored and cannot be tampered.
In the existing scheme, data in a block chain is not encrypted, and nodes accessing a block chain alliance can store the data in the block chain, so that plaintext data stored in the block chain can be acquired. The block chain realizes distributed storage, the stored data can not be tampered, the fairness of the data is guaranteed, the data is made to be public without confidentiality, and the individual requirements of users cannot be met.
Therefore, a new method for data stream forwarding in a blockchain is needed.
Disclosure of Invention
The embodiment of the invention provides a data circulation method, a system and related equipment based on a block chain, which are used for realizing the secret circulation of data in the block chain.
The first aspect of the embodiments of the present invention provides a data stream forwarding method based on a block chain, which is applied to a data producer node, and the method includes:
synchronizing the encrypted data to the blockchain;
receiving an information query request sent by a alliance link node, wherein the information query request comprises a key negotiation parameter and a first encryption algorithm identifier of the alliance link node;
judging whether the alliance link node meets preset authorization conditions, if so, sending a key negotiation parameter of the data producer to the alliance link node;
calculating a common shared key according to the key negotiation parameters of the alliance link nodes and the key negotiation private key of the data producer;
acquiring the encrypted data from a block chain, and decrypting the encrypted data to obtain corresponding original data;
encrypting the original data by adopting the common secret key and the first encryption algorithm to obtain target data;
and synchronizing the target data to the block chain, so that the alliance chain node acquires the target data from the block chain and decrypts the target data according to the common key to obtain original data.
Optionally, as a possible implementation manner, in an embodiment of the present invention, before synchronizing the encrypted data to the blockchain, the method further includes:
acquiring original data to be encrypted;
randomly generating a symmetric key;
encrypting the original data by adopting a second encryption algorithm and the symmetric key to obtain first encrypted data;
taking the symmetric key and the second encryption algorithm identification as first data, and encrypting the first data by adopting a block chain public key of the data producer to obtain second encrypted data;
and storing the first encrypted data and the second encrypted data in an associated manner as encrypted data.
Optionally, as a possible implementation manner, in an embodiment of the present invention, the obtaining the encrypted data from the block chain, and decrypting the encrypted data to obtain corresponding original data includes:
acquiring the first encrypted data and the second encrypted data from a block chain;
decrypting the second encrypted data by using a block chain private key of the data producer to obtain the first data;
and decrypting the first encrypted data by adopting the symmetric key in the first data and the second encryption algorithm to obtain corresponding original data.
Optionally, as a possible implementation manner, in an embodiment of the present invention, the sending the key agreement parameter of the data producer to the federation link node includes:
directly sending the key negotiation parameters of the data producer to the alliance link node based on the internet;
or synchronizing the key negotiation parameter of the data producer to the blockchain, so that the alliance chain node obtains the key negotiation parameter of the data producer from the blockchain.
A second aspect of the present invention provides a data flow system based on a block chain, including:
a data producer node and at least two federation chain nodes, wherein,
the data producer node is used for synchronizing the encrypted data to the block chain;
the alliance link node is used for sending an information query request to the data producer node, and the information query request comprises a key negotiation parameter and a first encryption algorithm identifier of the alliance link node;
if the data producer agrees with the information inquiry request of the alliance link node, the data producer node is also used for sending the key negotiation parameter of the data producer to the alliance link node;
the data producer node is also used for calculating a common shared key according to the key negotiation parameter of the alliance link node and the key negotiation private key of the data producer;
the data producer node is also used for acquiring the encrypted data from the block chain and decrypting the encrypted data to obtain corresponding original data;
the data producer node is also used for encrypting the original data by adopting the common secret key and the first encryption algorithm to obtain target data, and synchronizing the target data to a block chain;
and the alliance link node is also used for acquiring the target data from the block chain and decrypting the target data according to the common key to obtain original data.
A third aspect of an embodiment of the present invention provides a block link point device, including:
a first synchronization module for synchronizing the encrypted data to the block chain;
the system comprises a receiving module, a first encryption algorithm identification and a second encryption algorithm identification, wherein the receiving module is used for receiving an information query request sent by a alliance link node, and the information query request comprises a key negotiation parameter and a first encryption algorithm identification of the alliance link node;
a sending module, configured to send a key agreement parameter of the data producer to the alliance link node if the data producer agrees with the information query request of the alliance link node;
the computing module is used for computing a common shared key according to the key negotiation parameters of the alliance link nodes and the key negotiation private key of the data producer;
the first decryption module is used for acquiring the encrypted data from the block chain and decrypting the encrypted data to obtain corresponding original data;
the first encryption module is used for encrypting the original data by adopting the common secret key and the first encryption algorithm to obtain target data;
and the second synchronization module is used for synchronizing the target data to the block chain, so that the alliance chain node obtains the target data from the block chain and decrypts the target data according to the common key to obtain original data.
Optionally, as a possible implementation manner, the block link point device in the embodiment of the present invention further includes:
the acquisition module is used for acquiring original data to be encrypted;
the generating module is used for randomly generating a symmetric key;
the second encryption module is used for encrypting the original data by adopting a second encryption algorithm and the symmetric key to obtain first encrypted data;
the third encryption module is used for taking the symmetric key and the second encryption algorithm identification as first data and encrypting the first data by adopting a block chain public key of the data producer to obtain second encrypted data;
and the storage module is used for storing the first encrypted data and the second encrypted data as encrypted data in an associated manner.
Optionally, as a possible implementation manner, in the block link node device in the embodiment of the present invention, the first decryption module includes:
an obtaining unit, configured to obtain the first encrypted data and the second encrypted data from a blockchain;
the first decryption unit is used for decrypting the second encrypted data by adopting a block chain private key of the data producer to obtain the first data;
and the second decryption unit is used for decrypting the first encrypted data by adopting the symmetric key in the first data and the second encryption algorithm to obtain corresponding original data.
Optionally, as a possible implementation manner, in the block link node device in the embodiment of the present invention, the sending module includes:
the first sending unit is used for directly sending the key negotiation parameters of the data producer to the alliance link node based on the Internet;
a second sending unit, configured to synchronize the key agreement parameter of the data producer to the blockchain, so that the federation link node obtains the key agreement parameter of the data producer from the blockchain.
A third aspect of an embodiment of the present invention provides a server, where the server includes a processor, and the processor is configured to implement the steps in any one of the possible implementations of the first aspect and the first aspect when executing a computer program stored in a memory.
According to the technical scheme, the embodiment of the invention has the following advantages:
in the embodiment of the invention, the data producer node can encrypt the original data and synchronize the encrypted data after encryption into the block chain, thereby not only ensuring the fairness of the data, but also ensuring the confidentiality of the data. If the corresponding original data needs to be inquired by the alliance node in the block chain, the data producer node is needed to judge whether the alliance chain node meets the preset authorization condition, and the data producer node and the corresponding alliance chain node negotiate a common key only if the preset condition is met, so that the alliance chain node can obtain the original data based on the common key, namely the safe and confidential circulation of the data is realized based on the block chain.
Drawings
Fig. 1 is a schematic diagram of an embodiment of a block chain-based data streaming method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of another embodiment of a block chain-based data streaming method according to an embodiment of the present invention;
FIG. 3 is a diagram of an embodiment of a data flow system based on a block chain according to an embodiment of the present invention;
FIG. 4 is a schematic view of one embodiment of a block link point device in accordance with embodiments of the present invention;
FIG. 5 is a schematic view of another embodiment of a block link point device in accordance with an embodiment of the present invention;
FIG. 6 is a functional detailed diagram of a first decryption module in a block-link node apparatus according to an embodiment of the present invention;
fig. 7 is a detailed functional diagram of a transmitting module in a block link node device according to an embodiment of the present invention;
fig. 8 is a schematic diagram of an embodiment of a server in an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a data circulation method, a system and related equipment based on a block chain, which are used for realizing the secret circulation of data in the block chain.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
A blockchain federation is maintained by a plurality of federation members, each member having the ability to place its own invoice data onto the chain, but the producer of the data wishes to have control over the data, i.e. although the invoice data has been placed onto the blockchain, each member has access to the data, but the data is encrypted and, without authorization from the producer of the data, has no access to the clear data. For example, the block chain alliance is composed of four companies, namely P1, P2, P3 and P4, the P1 company encrypts some invoice data and puts the invoice data into a chain, and now the P2 and P3 companies want to take the plaintext of the data, and the problem to be solved by the embodiment of the invention is that the encrypted data can be decrypted by the P2 and the P3, but cannot be decrypted by the P4.
For convenience of understanding, a specific flow in the embodiment of the present invention is described below, and referring to fig. 1, an embodiment of a data streaming method based on a block chain in the embodiment of the present invention may include:
101. the encrypted data is synchronized to the blockchain.
In order to ensure the confidentiality and fairness of data in the blockchain, the data producer node needs to encrypt the original data to generate corresponding encrypted data before synchronizing the original data to the blockchain. The specific encryption algorithm used for encrypting the original data may be a symmetric encryption algorithm, such as DES, 3DES, AES, SM4, or an asymmetric encryption algorithm, such as RSA, ECC, SM2, or a combination of the symmetric encryption algorithm and the asymmetric encryption algorithm, and the specific encryption algorithm and the encryption method are not limited herein as long as the requirements of the user for confidentiality can be satisfied.
102. And receiving an information query request sent by the alliance link node, wherein the information query request comprises the key negotiation parameter and the first encryption algorithm identifier of the alliance link node.
When the alliance link node needs to inquire the original data, the alliance link node can send an information inquiry request to the data producer node. In order to ensure the confidentiality of data, the data in the blockchain in the embodiment of the invention needs to be encrypted, and in order to enable the federation chain node to obtain the original data, the data producer node needs to transfer the encryption key to the corresponding federation chain node. However, there is obviously a greater risk in directly sending the key to the alliance node, and in view of this, the embodiment of the present invention employs a key agreement algorithm, such as DH (Diffie-Hellman) key agreement algorithm or ECDH key agreement algorithm, and it can be known from the principle of the DH key agreement algorithm or ECDH key agreement algorithm that the same common key can be calculated only by the two communicating parties acquiring the key agreement parameter of the other party and their own key agreement private key.
In order to negotiate out the common key, when the alliance link node sends an information query request to the data producer node, the information query request may be added with the key negotiation parameter and the first encryption algorithm identifier of the alliance link node.
103. And judging whether the alliance link node meets preset authorization conditions, and if so, sending the key negotiation parameters of the data producer to the alliance link node.
After receiving the request of the alliance link node, the data producer node may manually or automatically determine whether the alliance link node meets the preset authorization condition, for example, the data producer node may set an authorization white list according to the operation of the user, and if the alliance link node is within the authorization white list, it may be determined that the alliance link node meets the preset authorization condition. And then, the data producer node sends the key negotiation parameter of the data producer to the alliance chain node, so that the alliance chain node can calculate a common key based on the key negotiation parameter of the data producer and the own key negotiation private key.
104. Calculating a common shared key according to the key negotiation parameters of the alliance link nodes and the key negotiation private key of the data producer;
according to the principle of DH key agreement algorithm or ECDH key agreement algorithm, the same common key can be calculated only by the two communication parties acquiring the key agreement parameters of the other party and the key agreement private key of the two communication parties. And the key is calculated based on the key negotiation algorithm, and the key does not need to be sent in the communication process, so that the risk of information leakage is reduced, and the data confidentiality is improved.
105. And acquiring the encrypted data from the block chain, and decrypting the encrypted data to obtain corresponding original data.
After the common key is calculated, the data producer node obtains the encrypted data from the block chain and decrypts the encrypted data to obtain the corresponding original data.
106. And encrypting the original data by adopting a common secret key and a first encryption algorithm to obtain target data.
In order to enable authorized alliance link nodes to obtain original data, the data producer nodes need to encrypt the original data by adopting a common secret key and a first encryption algorithm to obtain target data.
107. And synchronizing the target data to the block chain so that the alliance chain node obtains the target data from the block chain and decrypts the target data according to the common secret key to obtain the original data.
And the data producer node synchronizes the encrypted target data to the block chain, so that the alliance chain node acquires the target data from the block chain and decrypts the target data according to the common secret key to obtain the original data.
In the embodiment of the invention, the data producer node can encrypt the original data and synchronize the encrypted data after encryption into the block chain, thereby not only ensuring the fairness of the data, but also ensuring the confidentiality of the data. If the corresponding original data needs to be inquired by the alliance node in the block chain, the data producer node is needed to judge whether the alliance chain node meets the preset authorization condition, and the data producer node and the corresponding alliance chain node negotiate a common key only if the preset condition is met, so that the alliance chain node can obtain the original data based on the common key, namely the safe and confidential circulation of the data is realized based on the block chain.
On the basis of the embodiment shown in fig. 1, before synchronizing the encrypted data to the blockchain, the data producer node needs to encrypt the original data, preferably, in an embodiment of the present invention, the original data is encrypted by using a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm, referring to fig. 2, another embodiment of a data streaming method based on a blockchain in an embodiment of the present invention may include:
201. original data to be encrypted is obtained.
In the embodiment of the present invention, the data producer node may obtain data generated by itself or uploaded by the user as the original data, which is not limited herein.
202. A symmetric key is randomly generated.
In order to ensure the confidentiality of data, the original data needs to be encrypted, and under the same condition, the calculation amount of the symmetric encryption algorithm is relatively less compared with that of the asymmetric encryption algorithm. Thus, embodiments of the present invention prefer a symmetric encryption algorithm to encrypt the original data. Specifically, the data producer node may randomly generate a symmetric key for each piece of raw data.
203. And encrypting the original data by adopting a second encryption algorithm and a symmetric key to obtain first encrypted data.
In the embodiment of the present invention, it is preferable that the symmetric encryption algorithm encrypts the original data, and after the symmetric key is generated, the data producer node may encrypt the original data by using a second encryption algorithm (one of the symmetric encryption algorithms, for example, DES, 3DES, AES, SM4, etc.) to obtain the first encrypted data.
204. And taking the symmetric key and the second encryption algorithm identification as first data, and encrypting the first data by adopting a block chain public key of a data producer to obtain second encrypted data.
For the first data composed of the symmetric key and the identifier of the second encryption algorithm (e.g., the identifier of characters such as DES, 3DES, AES, SM4, etc.), the data size of the first data is small, and in the embodiment of the present invention, the first data is preferably encrypted by an asymmetric encryption algorithm, and the specific asymmetric encryption algorithm includes, but is not limited to, RSA, ECC, SM2, etc. The data producer node may encrypt the first data using a block chain public key of the data producer and a corresponding asymmetric encryption algorithm to obtain second encrypted data. Further, the data producer node may store the first encrypted data and the second encrypted data in association as encrypted data.
205. The encrypted data is synchronized to the blockchain.
The data producer node may synchronize the encrypted data composed of the first encrypted data and the second encrypted data to the block chain, and a specific block chain synchronization method is the prior art and is not described herein.
206. And receiving an information query request sent by the alliance link node, wherein the information query request comprises the key negotiation parameter and the first encryption algorithm identifier of the alliance link node.
207. And judging whether the alliance link node meets preset authorization conditions, and if so, sending the key negotiation parameters of the data producer to the alliance link node.
After receiving the request of the alliance link node, the data producer node may manually or automatically determine whether the alliance link node meets the preset authorization condition, for example, the data producer node may set an authorization white list according to the operation of the user, and if the alliance link node is within the authorization white list, it may be determined that the alliance link node meets the preset authorization condition. And then, the data producer node sends the key negotiation parameter of the data producer to the alliance chain node, so that the alliance chain node can calculate a common key based on the key negotiation parameter of the data producer and the own key negotiation private key.
Specifically, the data producer node may directly send the key agreement parameter of the data producer to the alliance link node based on the internet; or, the data producer node may synchronize the key agreement parameter of the data producer to the blockchain, so that the federation link node obtains the key agreement parameter of the data producer from the blockchain. Specifically, the manner in which the data producer node sends the key agreement parameter of the data producer is not limited here.
208. Calculating a common shared key according to the key negotiation parameters of the alliance link nodes and the key negotiation private key of the data producer;
209. and acquiring the encrypted data from the block chain, and decrypting the encrypted data to obtain corresponding original data.
Specifically, the data producer node needs to obtain first encrypted data and second encrypted data from the blockchain, decrypt the second encrypted data by using a blockchain private key of the data producer to obtain the first data, and decrypt the first encrypted data by using a symmetric key in the first data and a second encryption algorithm to obtain corresponding original data.
210. And encrypting the original data by adopting a common secret key and a first encryption algorithm to obtain target data.
211. And synchronizing the target data to the block chain so that the alliance chain node obtains the target data from the block chain and decrypts the target data according to the common secret key to obtain the original data.
The content described in steps 210 to 211 in this embodiment is similar to the content described in steps 106 to 107 in the embodiment shown in fig. 1, and please refer to steps 106 to 107 specifically, which is not described herein again.
In the embodiment of the invention, the data producer node can encrypt the original data and synchronize the encrypted data after encryption into the block chain, thereby not only ensuring the fairness of the data, but also ensuring the confidentiality of the data. If the corresponding original data needs to be inquired by the alliance node in the block chain, the data producer node is needed to judge whether the alliance chain node meets the preset authorization condition, and the data producer node and the corresponding alliance chain node negotiate a common key only if the preset condition is met, so that the alliance chain node can obtain the original data based on the common key, namely the safe and confidential circulation of the data is realized based on the block chain. Secondly, the implementation adopts a mode of combining a symmetric encryption algorithm and an asymmetric encryption algorithm to encrypt the original data, thereby improving the safety and the practicability of data circulation.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the above steps do not mean the execution sequence, and the execution sequence of each step should be determined by its function and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
The foregoing embodiment describes a data streaming method based on a block chain in the embodiment of the present invention, and referring to fig. 3, a data streaming system based on a block chain in the embodiment of the present invention is described below, where an embodiment of a data streaming system based on a block chain in the embodiment of the present invention may include:
a data producer node 301 and at least two federation chain nodes 302, wherein,
the data producer node 301 is configured to synchronize the encrypted data to the blockchain;
the alliance link node 302 is used for sending an information query request to a data producer node, wherein the information query request comprises a key negotiation parameter and a first encryption algorithm identifier of the alliance link node;
if the data producer agrees with the information query request of the alliance link node 302, the data producer node 301 is further configured to send a key agreement parameter of the data producer to the alliance link node 302;
the data producer node 301 is further configured to calculate a common key according to the key agreement parameter of the alliance link node 302 and the key agreement private key of the data producer;
the data producer node 301 is further configured to obtain encrypted data from the block chain, and decrypt the encrypted data to obtain corresponding original data;
the data producer node 301 is further configured to encrypt the original data by using the common key and the first encryption algorithm to obtain target data, and synchronize the target data to the block chain;
the federation link node 302 is further configured to obtain target data from the blockchain, and decrypt the target data according to the common key to obtain original data.
In the embodiment of the invention, the data producer node can encrypt the original data and synchronize the encrypted data after encryption into the block chain, thereby not only ensuring the fairness of the data, but also ensuring the confidentiality of the data. If the corresponding original data needs to be inquired by the alliance node in the block chain, the data producer node is needed to judge whether the alliance chain node meets the preset authorization condition, and the data producer node and the corresponding alliance chain node negotiate a common key only if the preset condition is met, so that the alliance chain node can obtain the original data based on the common key, namely the safe and confidential circulation of the data is realized based on the block chain.
Referring to fig. 4, an embodiment of a block link point device according to an embodiment of the present invention may include:
a first synchronization module 401, configured to synchronize encrypted data to a blockchain;
a receiving module 402, configured to receive an information query request sent by a federation link node, where the information query request includes a key negotiation parameter and a first encryption algorithm identifier of the federation link node;
a sending module 403, configured to send a key agreement parameter of the data producer to the alliance link node if the data producer agrees with the information query request of the alliance link node;
a calculating module 404, configured to calculate a common shared key according to the key agreement parameter of the federation link node and the key agreement private key of the data producer;
a first decryption module 405, configured to obtain encrypted data from the block chain, and decrypt the encrypted data to obtain corresponding original data;
the first encryption module 406 is configured to encrypt the original data by using a common key and a first encryption algorithm to obtain target data;
and a second synchronization module 407, configured to synchronize the target data to the blockchain, so that the federation link node obtains the target data from the blockchain and decrypts the target data according to the common key to obtain the original data.
Optionally, referring to fig. 5, as a possible implementation manner, the block link point device in the embodiment of the present invention may further include:
an obtaining module 408, configured to obtain original data to be encrypted;
a generating module 409, configured to randomly generate a symmetric key;
the second encryption module 410 is configured to encrypt the original data by using a second encryption algorithm and a symmetric key to obtain first encrypted data;
the third encryption module 411 is configured to use the symmetric key and the second encryption algorithm identifier as the first data, and encrypt the first data by using the block chain public key of the data producer to obtain second encrypted data;
the storage module 412 is configured to store the first encrypted data and the second encrypted data as encrypted data in an associated manner.
Optionally, referring to fig. 6, as a possible implementation manner, in the block link node apparatus in the embodiment of the present invention, the first decryption module 405 includes:
an obtaining unit 4051, configured to obtain the first encrypted data and the second encrypted data from the block chain;
the first decryption unit 4052 is configured to decrypt the second encrypted data with the block chain private key of the data producer to obtain first data;
the second decryption unit 4053 is configured to decrypt the first encrypted data by using the symmetric key in the first data and the second encryption algorithm to obtain corresponding original data.
Optionally, referring to fig. 7, as a possible implementation manner, in the block link point device in the embodiment of the present invention, the sending module 403 includes:
a first sending unit 4031, which directly sends the key agreement parameter of the data producer to the alliance link point based on the internet;
a second sending unit 4032, configured to synchronize the key negotiation parameter of the data producer to the blockchain, so that the federation link node obtains the key negotiation parameter of the data producer from the blockchain.
In the embodiment of the invention, the data producer node can encrypt the original data and synchronize the encrypted data after encryption into the block chain, thereby not only ensuring the fairness of the data, but also ensuring the confidentiality of the data. If the corresponding original data needs to be inquired by the alliance node in the block chain, the data producer node is needed to judge whether the alliance chain node meets the preset authorization condition, and the data producer node and the corresponding alliance chain node negotiate a common key only if the preset condition is met, so that the alliance chain node can obtain the original data based on the common key, namely the safe and confidential circulation of the data is realized based on the block chain.
The block link node device in the embodiment of the present invention is described above from the perspective of the modular functional entity, and the server in the embodiment of the present invention is described below from the perspective of hardware processing:
the embodiment of the present invention further provides a server 8, as shown in fig. 8, for convenience of description, only the part related to the embodiment of the present invention is shown, and details of the specific technology are not disclosed, please refer to the method part of the embodiment of the present invention. The server 8 generally refers to a computer device with a high processing capability, such as a server.
Referring to fig. 8, the server 8 includes: a power supply 810, a memory 820, a processor 830, a wired or wireless network interface 840, and computer programs stored in the memory and executable on the processor. The processor, when executing the computer program, implements the steps in each of the above embodiments of the block chain based data streaming method, such as steps 101 to 107 shown in fig. 1. Alternatively, the processor, when executing the computer program, implements the functions of each module or unit in the above-described device embodiments.
In some embodiments of the present invention, the processor is specifically configured to implement the following steps:
synchronizing the encrypted data to the blockchain;
receiving an information query request sent by a alliance link node, wherein the information query request comprises a key negotiation parameter and a first encryption algorithm identifier of the alliance link node;
judging whether the alliance link node meets preset authorization conditions, if so, sending a key negotiation parameter of a data producer to the alliance link node;
calculating a common shared key according to the key negotiation parameters of the alliance link nodes and the key negotiation private key of the data producer;
acquiring encrypted data from the block chain, and decrypting the encrypted data to obtain corresponding original data;
encrypting the original data by adopting a common secret key and a first encryption algorithm to obtain target data;
and synchronizing the target data to the block chain so that the alliance chain node obtains the target data from the block chain and decrypts the target data according to the common secret key to obtain the original data.
Optionally, in some embodiments of the present invention, the processor may be further configured to implement the following steps:
acquiring original data to be encrypted;
randomly generating a symmetric key;
encrypting the original data by adopting a second encryption algorithm and a symmetric key to obtain first encrypted data;
the symmetric key and the second encryption algorithm identification are used as first data, and the first data are encrypted by adopting a block chain public key of a data producer to obtain second encrypted data;
and storing the first encrypted data and the second encrypted data in an associated manner as encrypted data.
Optionally, in some embodiments of the present invention, the processor may be further configured to implement the following steps:
acquiring first encrypted data and second encrypted data from a block chain;
decrypting the second encrypted data by adopting a block chain private key of a data producer to obtain first data;
and decrypting the first encrypted data by adopting a symmetric key in the first data and a second encryption algorithm to obtain corresponding original data.
Optionally, in some embodiments of the present invention, the processor may be further configured to implement the following steps:
directly sending key negotiation parameters of a data producer to the alliance link points based on the Internet;
or synchronizing the key negotiation parameters of the data producer to the blockchain, so that the alliance chain node obtains the key negotiation parameters of the data producer from the blockchain.
The server 8 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing device. Illustratively, a computer program may be partitioned into one or more modules/units, which are stored in a memory and executed by a processor. One or more modules/units may be a series of computer program instruction segments capable of performing certain functions, the instruction segments being used to describe the execution of a computer program in a computer device.
Those skilled in the art will appreciate that the configuration shown in fig. 8 does not constitute a limitation of the server 8, that the server 8 may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components, e.g., the server may also include input-output devices, buses, etc.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, the processor being the control center of the computer device and the various interfaces and lines connecting the various parts of the overall computer device.
The memory may be used to store computer programs and/or modules, and the processor may implement various functions of the computer device by executing or executing the computer programs and/or modules stored in the memory, as well as by invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (8)
1. A data stream transfer method based on a block chain is applied to a data producer node, and the method comprises the following steps:
synchronizing the encrypted data to the blockchain;
receiving an information query request sent by a alliance link node, wherein the information query request comprises a key negotiation parameter and a first encryption algorithm identifier of the alliance link node;
judging whether the alliance chain node meets preset authorization conditions or not, if so, sending the key negotiation parameter of the data producer to the alliance chain node, wherein the key negotiation parameter of the data producer is synchronized to the block chain, so that the alliance chain node obtains the key negotiation parameter of the data producer from the block chain;
calculating a common shared key according to the key negotiation parameters of the alliance link nodes and the key negotiation private key of the data producer;
acquiring the encrypted data from a block chain, and decrypting the encrypted data to obtain corresponding original data;
encrypting the original data by adopting the common secret key and the first encryption algorithm to obtain target data;
and synchronizing the target data to the block chain, so that the alliance chain node acquires the target data from the block chain and decrypts the target data according to the common key to obtain original data.
2. The method of claim 1, wherein prior to said synchronizing the encrypted data to the blockchain, the method further comprises:
acquiring original data to be encrypted;
randomly generating a symmetric key;
encrypting the original data by adopting a second encryption algorithm and the symmetric key to obtain first encrypted data;
taking the symmetric key and the second encryption algorithm identification as first data, and encrypting the first data by adopting a block chain public key of the data producer to obtain second encrypted data;
and storing the first encrypted data and the second encrypted data in an associated manner as encrypted data.
3. The method according to claim 2, wherein the obtaining the encrypted data from the blockchain and decrypting the encrypted data to obtain corresponding original data comprises:
acquiring the first encrypted data and the second encrypted data from a block chain;
decrypting the second encrypted data by using a block chain private key of the data producer to obtain the first data;
and decrypting the first encrypted data by adopting the symmetric key in the first data and the second encryption algorithm to obtain corresponding original data.
4. A data flow system based on a blockchain, comprising:
a data producer node and at least two federation chain nodes, wherein,
the data producer node is used for synchronizing the encrypted data to the block chain;
the alliance link node is used for sending an information query request to the data producer node, and the information query request comprises a key negotiation parameter and a first encryption algorithm identifier of the alliance link node;
if the data producer agrees with the information query request of the alliance link node, the data producer node is further configured to send a key agreement parameter of the data producer to the alliance link node, where the key agreement parameter of the data producer is synchronized to the block chain, so that the alliance link node obtains the key agreement parameter of the data producer from the block chain;
the data producer node is also used for calculating a common shared key according to the key negotiation parameter of the alliance link node and the key negotiation private key of the data producer;
the data producer node is also used for acquiring the encrypted data from the block chain and decrypting the encrypted data to obtain corresponding original data;
the data producer node is also used for encrypting the original data by adopting the common secret key and the first encryption algorithm to obtain target data, and synchronizing the target data to a block chain;
and the alliance link node is also used for acquiring the target data from the block chain and decrypting the target data according to the common key to obtain original data.
5. A block link point device, comprising:
a first synchronization module for synchronizing the encrypted data to the block chain;
the system comprises a receiving module, a first encryption algorithm identification and a second encryption algorithm identification, wherein the receiving module is used for receiving an information query request sent by a alliance link node, and the information query request comprises a key negotiation parameter and a first encryption algorithm identification of the alliance link node;
a sending module, configured to send a key agreement parameter of the data producer to the alliance link node if the data producer agrees with the information query request of the alliance link node; the sending module comprises a second sending unit, and the second sending unit is used for synchronizing the key negotiation parameter of the data producer to the block chain, so that the alliance chain node obtains the key negotiation parameter of the data producer from the block chain;
the computing module is used for computing a common shared key according to the key negotiation parameters of the alliance link nodes and the key negotiation private key of the data producer;
the first decryption module is used for acquiring the encrypted data from the block chain and decrypting the encrypted data to obtain corresponding original data;
the first encryption module is used for encrypting the original data by adopting the common secret key and the first encryption algorithm to obtain target data;
and the second synchronization module is used for synchronizing the target data to the block chain, so that the alliance chain node obtains the target data from the block chain and decrypts the target data according to the common key to obtain original data.
6. The apparatus of claim 5, further comprising:
the acquisition module is used for acquiring original data to be encrypted;
the generating module is used for randomly generating a symmetric key;
the second encryption module is used for encrypting the original data by adopting a second encryption algorithm and the symmetric key to obtain first encrypted data;
the third encryption module is used for taking the symmetric key and the second encryption algorithm identification as first data and encrypting the first data by adopting a block chain public key of the data producer to obtain second encrypted data;
and the storage module is used for storing the first encrypted data and the second encrypted data as encrypted data in an associated manner.
7. The apparatus of claim 6, wherein the first decryption module comprises:
an obtaining unit, configured to obtain the first encrypted data and the second encrypted data from a blockchain;
the first decryption unit is used for decrypting the second encrypted data by adopting a block chain private key of the data producer to obtain the first data;
and the second decryption unit is used for decrypting the first encrypted data by adopting the symmetric key in the first data and the second encryption algorithm to obtain corresponding original data.
8. A server, characterized in that the server comprises a processor for implementing the steps of the method according to any one of claims 1 to 3 when executing a computer program stored in a memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810921971.8A CN109218291B (en) | 2018-08-14 | 2018-08-14 | Data transfer method, system and related equipment based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810921971.8A CN109218291B (en) | 2018-08-14 | 2018-08-14 | Data transfer method, system and related equipment based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109218291A CN109218291A (en) | 2019-01-15 |
| CN109218291B true CN109218291B (en) | 2021-02-09 |
Family
ID=64987977
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810921971.8A Active CN109218291B (en) | 2018-08-14 | 2018-08-14 | Data transfer method, system and related equipment based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109218291B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111835687B (en) * | 2019-04-19 | 2022-08-23 | 百度在线网络技术(北京)有限公司 | Block chain-based security coordination system and security coordination method |
| CN110311787B (en) * | 2019-06-21 | 2022-04-12 | 深圳壹账通智能科技有限公司 | Authorization management method, system, device and computer readable storage medium |
| CN111062058B (en) * | 2019-12-26 | 2022-04-15 | 深圳天玑数据有限公司 | Block chain-based key pair processing method and device, terminal and readable storage medium |
| CN111342967B (en) * | 2020-03-06 | 2021-03-19 | 北京中宇万通科技股份有限公司 | Method and device for solving block chain user certificate loss or damage |
| CN113761543B (en) * | 2020-06-01 | 2024-04-02 | 菜鸟智能物流控股有限公司 | Data processing method, device, equipment and machine-readable medium based on alliance chain |
| CN111723385B (en) * | 2020-06-01 | 2024-02-09 | 清华大学 | Data information processing method, device, electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107294709A (en) * | 2017-06-27 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of block chain data processing method, apparatus and system |
| CN108282334A (en) * | 2018-04-13 | 2018-07-13 | 济南浪潮高新科技投资发展有限公司 | It is a kind of based on the multi-party key agreement device of block chain, method and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101052033B (en) * | 2006-04-05 | 2012-04-04 | 华为技术有限公司 | Certifying and key consulting method and its device based on TTP |
| CN107124268B (en) * | 2017-04-01 | 2020-08-11 | 中国人民武装警察部队工程大学 | Privacy set intersection calculation method capable of resisting malicious attacks |
| CN107040383B (en) * | 2017-04-24 | 2018-01-30 | 中山大学 | A kind of blind Verifiable Encryptosystem endorsement method based on block chain |
| CN107196919B (en) * | 2017-04-27 | 2021-01-01 | 北京小米移动软件有限公司 | Data matching method and device |
| CN107277061B (en) * | 2017-08-08 | 2020-06-30 | 四川长虹电器股份有限公司 | IOT (Internet of things) equipment based end cloud secure communication method |
-
2018
- 2018-08-14 CN CN201810921971.8A patent/CN109218291B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107294709A (en) * | 2017-06-27 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of block chain data processing method, apparatus and system |
| CN108282334A (en) * | 2018-04-13 | 2018-07-13 | 济南浪潮高新科技投资发展有限公司 | It is a kind of based on the multi-party key agreement device of block chain, method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109218291A (en) | 2019-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109218291B (en) | Data transfer method, system and related equipment based on block chain | |
| US10785019B2 (en) | Data transmission method and apparatus | |
| CN111797415A (en) | Block chain based data sharing method, electronic device and storage medium | |
| US9197410B2 (en) | Key management system | |
| CN104094267B (en) | Method, apparatus and system for secure sharing of media content from a source device | |
| CN107294709A (en) | A kind of block chain data processing method, apparatus and system | |
| CN109891423B (en) | Data encryption control using multiple control mechanisms | |
| US11424913B2 (en) | Key exchange system and key exchange method | |
| CN106411504B (en) | Data encryption system, method and device | |
| CN110661748B (en) | Log encryption method, log decryption method and log encryption device | |
| US10063655B2 (en) | Information processing method, trusted server, and cloud server | |
| CN108810022A (en) | A kind of encryption method, decryption method and device | |
| WO2020082226A1 (en) | Method and system for transferring data in a blockchain system | |
| Thilakanathan et al. | Secure multiparty data sharing in the cloud using hardware-based TPM devices | |
| CN114465803A (en) | Object authorization method, device, system and storage medium | |
| CN105681253A (en) | Data encryption transmission method, equipment and gateway in centralized network | |
| US9473471B2 (en) | Method, apparatus and system for performing proxy transformation | |
| CN110598427B (en) | Data processing method, system and storage medium | |
| JP2006279269A (en) | Information management device, information management system, network system, user terminal, and their programs | |
| CN109600631B (en) | Video file encryption and publishing method and device | |
| CN110750326A (en) | Disk encryption and decryption method and system for virtual machine | |
| CN116346318A (en) | Data sharing method, sharing device, processor and system thereof | |
| CN113452514B (en) | Key distribution method, device and system | |
| KR101812311B1 (en) | User terminal and data sharing method of user terminal based on attributed re-encryption | |
| TW202304172A (en) | Location-key encryption system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 27D, building 2, building 1, Dachong Business Center (phase II), 9678 Shennan Avenue, Dachong community, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province Applicant after: Shenzhen Gaodeng Computer Technology Co., Ltd Address before: 571900 Hainan provincial high-tech industrial demonstration zone Hainan Ecological Software Park Applicant before: HAINAN GAODENG TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |