CN109325331A - Transaction system is acquired based on the big data of block chain and credible calculating platform - Google Patents
Transaction system is acquired based on the big data of block chain and credible calculating platform Download PDFInfo
- Publication number
- CN109325331A CN109325331A CN201811069639.XA CN201811069639A CN109325331A CN 109325331 A CN109325331 A CN 109325331A CN 201811069639 A CN201811069639 A CN 201811069639A CN 109325331 A CN109325331 A CN 109325331A
- Authority
- CN
- China
- Prior art keywords
- data
- block
- chain
- voucher
- credible
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- General Health & Medical Sciences (AREA)
- Finance (AREA)
- Health & Medical Sciences (AREA)
- Accounting & Taxation (AREA)
- Marketing (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Virology (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Transaction system is acquired based on the big data of block chain and credible calculating platform the invention discloses a kind of, comprising: address verifying module, data acquisition module, data uploading module, data credibility authentication module and data recompense payment module on user's chain.The system is by merging extensive personal data isolated island to solve the problems, such as that data source is in short supply; and implement comprehensive supervision and protection by the acquisition to data, storage, packing, upload operation; the full link for realizing data is credible, and the method for using Direct Anonymous to prove makes data Collection Co., Ltd protect privacy of user in the validity of public key address on authenticating user's chain;Also, the characteristics of based on the intelligence contract decentralization of block chain and automating guarantees the open and clear of data reward payment; thus the contradiction reconciled between personal privacy protection and big data acquisition to a certain extent; and ensure the credibility of data source, while there is practicability, it is simple easily to realize.
Description
Technical field
It is the present invention relates to cloud computing security technology area, in particular to a kind of big based on block chain and credible calculating platform
Data acquire transaction system.
Background technique
Recently as the fast development of multimedia technology, software technology and memory technology, the skills such as big data, machine learning
Art has a deep effect on and changes social production life style, but reliable data source is that these technologies are implemented, operation, developed
Premise.Popularizing for internet of things equipment provides resolving ideas for big data source problem in short supply, and extensive internet of things equipment can be adopted
The personal locating and tracking record data of collection, individual health data, personal lifestyle habit and hobby data etc. are a variety of with economic analysis
The data of value, but how to guarantee fair credible and data set provider the privacy of data trade currently without mature solution
Certainly scheme.
Summary of the invention
The application is to be made based on inventor to the understanding of following problems and discovery:
Internet network application technology fast development is universal, and the development of Web2.0 leads to the network user and network number in addition
It grows at top speed according to amount, the characteristics of more stringent requirements are proposed for storage and processing ability of the user to data, cloud computing has catered to this
A little demands.The cloud computing service of centralization provides great convenience for user's storage, and user need not be concerned about complicated hardware again
Management.Although cloud computing has these attracting advantages, it also brings new security challenge and threat to data protection: first
First, since user physically has their data no longer, the encryption for being conventionally used to data protection cannot be directly used.Its
Secondary, although the equipment under cloud computing is more powerful than personal computing devices reliable, they still suffer from inside and outside number
It is threatened according to integrality, the hackers for largely coveting cloud data ceaselessly excavate service provider Web using upper loophole, with expectation
It makes a breach, obtains valuable data.Finally, that have high priority data access right is not user oneself, but cloud computing
Service provider.Due to benefits program, cloud service supplier may have dishonest conduct to the data of user.Private clound has object
Controllability, specificity and high security are managed, so being the choosing of current more and more people using private cloud storage individual privacy data
It selects.
Data demand collected of the embodiment of the present invention copes with Internet of Things from the hardware physical equipment by certification, system
Sensor device carries out authentication.Conventional authentication mode is normally based on Cryptography Principles, by key storage non-volatile
In memory, certification and protection secret information therein to physical entity are realized by modes such as digital signature, encryptions, however
This mode may suffer from the physical attacks such as Network Intrusion, half Network Intrusion, side-channel attack, be also easy to soft by virus etc.
The attack of part;Application of traditional authentication mode in the case where resource is limited, computing capability is poor can also there is a problem of many
And obstacle.Different from conventional authentication mode, the present invention uses the hardware accreditation scheme energy based on physics unclonable function
Effectively solve the problems, such as above-mentioned key storage and authentication.(Physical Unclonable Function, physics is or not PUF
Function can be cloned) it is widely used in digital circuit, usually broadly it is divided into the PUF based on the storage and PUF based on delay.Its
Principle be using certain rule by physical entity in process for making caused by random sex differernce and physics inhomogeneities
It extracts, under the premise of entity inputs an excitation, a uncertain response is exported, using the response as the physics
The unique identification of hardware entities.In the PUF scheme of digital circuit, (Challenge Response Pairs swashs corresponding CRPs
Encourage response to) can excitation input after, pass through BIST (Built-in self-test, self testing circuit) generate.PUF technology with
The excellent properties such as uniqueness, unpredictability, nonclonability and anti-tamper property can solve authentication and management, knowledge produce
Power protection and generation of encryption keys.
The network safety preventions such as traditional firewall, intrusion detection and virus defense means all lay particular emphasis on protection server
Information security, and relatively fragile terminal just increasingly becomes the Main Weak Links of information system security.For these systems
Demand for security and all kinds of attack means, trust computing are set about from Computer Architecture, establish a kind of letter from hardware security
Appoint transport system to guarantee the credible of terminal, people and program, people and machine and interpersonal trust are solved from source
Problem." credible " that industrial circle is generally accepted refers to establishes believable calculating environment based on security chips, it is ensured that system is real
Body it is anticipated that behavior execute, wherein the safety chip for being embedded in hardware platform is known as credible platform module (Trusted
Platform Module, TPM), platform is collectively referred to as credible calculating platform.Trusted Computing Group (TCG) also proposed credible meter
Calculate the related specifications of platform.The function that credible calculating platform generally has has: establishing root of trust and determines trust anchor, constructs credible
Chain makes to trust transmitting layer by layer, platform identity proves, completeness of platform proves the function of connecting with support trustable network.To prevent from disliking
Meaning user makes up a large amount of false datas and uploads transaction, and the present invention uses reliable computing technology to mention for the acquisition of data, storage, processing
For the credible of full link.
It 2008, is put forward for the first time by middle acute hearing (Satoshi Nakamoto) and the Standard Proof concept of bit coin, area
Block chain (Blockchain) technology, as a kind of information technology most crucial in bit coin transaction system, because of its transaction system
What open, not depend on any trust authority decentralization, timestamp and digital signature was guaranteed can not tamper and conjunction
Method transaction be stored in block chain it is permanent the features such as, solve the problems, such as dual consumption problem and Byzantium general, and realize one
Common recognition network system of the kind without trust.Then more and more block chain projects are come into being, and ether mill (Ethereum) is
Wherein representative one, it is the complete information system of figure spirit and supports that customized intelligent contract, intelligent contract are
One section of executable code on block chain, when a triggering condition is met, open and clear intelligent contract can go central place to hold automatically
Row.This favors ether mill by more and more developers.The present invention is based on the peaces that block chain technology completes critical data
Entirely, fair, the automatic payment with data reward is permanently stored.
Based on above-mentioned application demand and technical background, the embodiment of the present invention is that one kind is set for extensive personal Internet of things
The credible big data of standby network acquires transaction system.Private clound, PUF, trust computing, block chain are merged to the system innovation
Technology solves the problem of under the premise of guaranteeing data validity and justice of exchange while protecting data set provider privacy, right
Fused data isolated island solves the problems, such as that data are in short supply and is of great significance.
The present invention is directed to solve at least some of the technical problems in related technologies.
For this purpose, it is an object of the invention to propose that a kind of acquired based on the big data of block chain and credible calculating platform is traded
System, the contradiction which has reconciled to a certain extent between personal privacy protection and big data acquisition, and ensure data source
Credibility, and have the advantages that practical, simple easily to realize.
In order to achieve the above objectives, the embodiment of the present invention proposes a kind of big data based on block chain and credible calculating platform
Acquire transaction system, comprising: address verifying module on user's chain is used for data Collection Co., Ltd DCC, trusted third party TTP and use
Communication interaction proves (Direct Anonymous Attestation, DAA) agreement to complete Direct Anonymous between family, and will be with
DCC trade user white list is added in public key address on the block chain of credible privately owned cloud platform binding;Data acquisition module, for private
Integrity measurement (the Integrity of capture program code page is executed while having cloud platform to be acquired operation
Measurement) to obtain the first platform status, and hardware fingerprint is obtained and uploaded by Internet of things node, and described in utilization
The data deblocking of credible privately owned cloud platform safely generates data voucher (Data Credential) with encapsulation function, to obtain
The foundation of subsequent module verify data credibility;Data uploading module, for executing the integrity measurement of upload program code page
To obtain the second platform status, and data block voucher (Data is generated after linking packing with the data voucher of any time period
Block Credential), and shape of the public key address to trade on the block chain by being bound with the credible privately owned cloud platform
Formula is uploaded to System Committee's chain;Data credibility authentication module, after announcing the data type for it is expected purchase in the DCC,
The corresponding block number of user feedback and corresponding original data set are received, and the DCC is obtained under the assistance of the TTP
By legitimate device under trusted status the corresponding effective district block number of acquired data, and calculate the data block of the effective block
Credential verification value is uploaded to intelligent contract entrance;Data recompense payment module, for passing through the automatic traceability chain of the intelligent contract
It is compared the data block voucher of the effective block of upper record with the DCC validation value submitted, with according to compare at
The number of blocks of function is disclosed and is automatically recompensed to user's payment data.
The embodiment of the present invention is to acquire transaction system based on the big data of block chain and credible calculating platform, by data
Acquisition, storage, packing, upload operation implement comprehensive supervision and protection, and the full link for realizing data is credible, using direct
The method of anonymous attestation makes DCC protect privacy of user in the validity of public key address on authenticating user's chain;Also, it is based on
The characteristics of intelligence contract decentralization of block chain and automation, guarantees the open and clear of data reward payment, thus in certain journey
The contradiction reconciled on degree between personal privacy protection and big data acquisition, and ensure the credibility of data source, and have real
It is simple easily to realize with property.
In addition, according to the above embodiment of the present invention acquire transaction system based on the big data of block chain and credible calculating platform
System can also have following additional technical characteristic:
Further, in one embodiment of the invention, address verifying module is further used on user's chain: raw
At anonymous credentials issuer TTP key;The anonymous credentials are issued to user terminal by TTP and zero-knowledge proof;By described
User terminal calculates anonymity signature, to realize the DCC verifying user terminal anonymity signature correctness.
Further, in one embodiment of the invention, the data acquisition module is specifically used for: passing through what is embedded
TPM carries out integrity measurement to the capture program code page, generates PCR value and metrics logs, and integrity measurement guarantees data
Acquisition process operates in credible performing environment (Trusted Execution Environment, TEE), PCR value and measurement day
Will can be used for the credible operation of subsequent module verifying acquisition process;Any selection is concentrated from the challenge of registration by internet of things equipment
One challenge, and responded by executing BIST, challenge-response is uploaded to data, to obtain the hardware fingerprint;
Data deblocking and data encapsulation are executed by the TPM, so that data are mutually bound with credible platform module, while being tied up by PCR
Due to a kind of platform status, it is subsequent that the application of the technology will lead to the operation for distorting, making up privately owned cloud platform storing data will
The failure of data credibility verifying;According to preset data Structure Calculation each period corresponding data voucher, include by input
Sensor measurement data, timestamp, integrity measurement log, integrity measurement value, PUF challenge-response are to, previous time period
Data voucher value exports the data voucher value for this period.
Further, in one embodiment of the invention, the data uploading module is specifically used for: by the TPM
To upload data to block chain private clound scripting program code page carry out integrity measurement, generate corresponding metrics logs and
PCR value;Input the data voucher, timestamp, the measurement day that integrity measurement generation is carried out to upload program of any one period
Will and metric, and the data block voucher that the output valve obtained after link and hash operation is any time period is executed, and
In the TEE set up, script is uploaded by public key address on chain and sends the transaction comprising data block voucher, so that transaction is beaten
It is permanently recorded on alliance's chain of this system after wrapping chain.
Further, in one embodiment of the invention, the data credibility authentication module is specifically to be used for: passing through
The type of internet of things equipment data needed for DCC is announced;The corresponding number of initial data is obtained according to the data requirements that the DCC is announced
It is sent to DCC together according to the block number where block voucher, and by the block number and the initial data;The TTP's
The number of effective block is obtained under assistance and calculates the data block credential verification value of effective block, and is uploaded to block platform chain
Corresponding interface.
Further, in one embodiment of the invention, the data reward payment module is further used for the area
Intelligent contract on block chain obtains effective block according to the data block credential verification value of the DCC effective block inputted and compiles
Number, the data block evidence record value of effective block is simultaneously compared with validation value on the automatic traceability chain of contract, and according to verifying
Successful data block voucher number, the intelligence contract are not relied on by third party, automatically to the user payment number
According to reward.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partially become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Obviously and it is readily appreciated that, in which:
Fig. 1 is to acquire transaction system based on the big data of block chain and credible calculating platform according to one embodiment of the invention
The structural schematic diagram of system;
Fig. 2 is to be handed over according to being acquired based on the big data of block chain and credible calculating platform for one specific embodiment of the present invention
The structural schematic diagram of easy system;
Fig. 3 is the data structure schematic diagram according to the data voucher of one embodiment of the invention;
Fig. 4 is the data structure schematic diagram traded according to ether mill alliance's chain of one embodiment of the invention.
Specific embodiment
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, it is intended to is used to explain the present invention, and is not considered as limiting the invention.
Before introducing based on the big data of block chain and credible calculating platform acquisition transaction system, first simply introduce
The Fundamentals of Mathematics of the embodiment of the present invention.
(1) bilinear mapIf p is a Big prime,WithIt is the cyclic group of two p ranks, g
It isA generation member,It is a bilinear map.If e meets with properties, we claimWithIt is Bilinear Groups:
1. bilinear characteristics: forThere is e (ua,ub)=e (u, v)ab=e (ub,va);
2. non-degeneracy:At least there is an element g in group, so that the e (g, g) after calculating isSome generation of group
Member, i.e. e (g, g) ≠ 1;
3. computability: there are effective algorithms, so that allThe value of e (u, v) can effectively be calculated.
(2) q-SDH assumes (q-Strong Diffie-HellmanAssumption, q-SDH):
It is the cyclic group that rank is prime number p.Q-SDH assumesMiddle establishment refers to more to all probability
Item formula time algorithm A, probability:
It is insignificant.Whereinψ is from groupIt arrivesIsomorphism.ψ(g2)=g1。
(3) signatures of Knowledge: the embodiment of the present invention has used this work of signatures of Knowledge when constructing Direct Anonymous proof scheme
Tool.It allows a side to prove that he knows a secret value in the case where not revealing any useful information.This tool is substantially
It is that the zero-knowledge proof of knowledge or minimum leakage prove.Such as:
Indicate " about integer α, the zero-knowledge proof of β, δ, and y=gαhβ,It sets up, simultaneously (u≤α≤
V) ", y, g, h therein,It is groupAnd groupIn element.Meanwhile it can use
The heuristic signatures of Knowledge converted zero-knowledge proof to message m of Fiat-Shamir, can such as be denoted as SPK { (α): y=gα}
(m)。
(4) impact resistant hash algorithm:
Impact resistant hash function used in the embodiment of the present invention has two fundamental characteristics: one-way and anti-collision;
One-way, which refers to input from hash function, derives output, and cannot export from hash function and calculate input;Impact resistant
Property refers to that cannot find two different inputs simultaneously keeps its hash result identical.Hash algorithm in the present invention inputs
In plain text, it exports to be mapped to domainIn element.
The big number based on block chain and credible calculating platform proposed according to embodiments of the present invention is described with reference to the accompanying drawings
According to acquisition transaction system.
Fig. 1 is one embodiment of the invention based on the big data of block chain and credible calculating platform acquisition transaction system
Structural schematic diagram.
As shown in Figure 1, should include: user's chain based on the big data of block chain and credible calculating platform acquisition transaction system 10
Upper address verifying module 100, data acquisition module 200, data uploading module 300, data credibility authentication module 400 and data
Recompense payment module 500.
Wherein, on user's chain address verifying module 100 for data Collection Co., Ltd DCC, trusted third party TTP and user it
Between communication interaction to complete Direct Anonymous identification protocol, and will add with public key address on the block chain of credible privately owned cloud platform binding
Enter DCC trade user white list.Data acquisition module 200 executes acquisition journey while being acquired operation for privately owned cloud platform
The integrity measurement of sequence code page obtains by Internet of things node and uploads hardware fingerprint to obtain the first platform status, and
Data voucher is safely generated with encapsulation function using the data deblocking of the credible privately owned cloud platform, is tested with obtaining subsequent module
Demonstrate,prove the foundation of data credibility.Data uploading module 300 is used to execute the integrity measurement of upload program code page to obtain the
Two platform status, and with the data voucher of any time period link packing after generate data block voucher, and by with credible private
The block chain public key address for having cloud platform to bind is uploaded to System Committee's chain in the form traded.Data credibility authentication module
400 for receiving the corresponding block number of user feedback and corresponding initial data after the data type that DCC announces expectation purchase
Set, and DCC obtains under the assistance of TTP by legitimate device the corresponding effective block of the acquired data under trusted status
Number, and the data block credential verification value of effective district block number is calculated, it is uploaded to intelligent contract entrance.Data recompense payment module
The 500 data block voucher for the effective block by recording on the automatic traceability chain of intelligent contract tests it with what DCC was submitted
Card value is compared, to be disclosed according to the successful number of blocks of comparison and automatically be recompensed to user's payment data.The present invention is real
The system 10 of example is applied by merging extensive personal data isolated island to solve the problems, such as that data source is in short supply, it can be achieved that fair transparent
Data trade guarantees the privacy that data set provider can also be protected while the credibility of transaction data.
It is understood that system 10 through the embodiment of the present invention, on the one hand, data Collection Co., Ltd can realize to being purchased
The verifying of data reliability, integrality;On the other hand, data set provider is while keeping anonymity, deserved data reward
Labor can be disclosed pellucidly automated payment.System proposed by the present invention includes following 3 network entities:
(1) data Collection Co., Ltd (Data Collection Company, DCC): it is desirable that buying personal Internet of things equipment note
Record data simultaneously provide the enterprise institution of credible calculating platform equipment and trade network platform;
(2) user (User): possessing smart machine and authenticates credible calculating platform and has a mind to carry out of data trade
People;
(3) trusted third party (Trusted Third Party, TTP): user's smart machine CRPs registration office, DAA association
In view the issuer (Issuer) of anonymous credential and the operating status that credible calculating platform is submitted can be carried out assessment and safety
The mechanism of audit.
Specifically, the present embodiments relate to it is a kind of based on PUF, trust computing, block chain technology credible big data
Acquire address verifying module 100 in transaction system 10, including user's chain, data acquisition module 200, data uploading module 300, number
Payment module 500 is recompensed according to Trusting eBusiness module 400 and data, system flow is as follows: 1, address validation mould on user's chain
Direct Anonymous identification protocol is completed in block 100:DCC, TTP, user's Three Party Communication interaction, by the area with credible privately owned cloud platform binding
DCC trade user white list is added in public key address on block chain, while not revealing any and subscriber identity information;2, data acquisition module
Block 200: the integrity measurement for executing capture program code page obtains the first platform status, and Internet of things node is obtained and uploaded later
Hardware fingerprint, both of the above are the foundations of subsequent module verify data credibility, later privately owned cloud platform using data deblocking with
Encapsulation function is safely completed the generation of data voucher;3, data uploading module 300: the integrality of upload program code page is executed
Measurement generates data block voucher after being packaged with the data links such as data voucher to obtain the second platform status, by with it is legal
The block chain public key address of credible privately owned cloud platform binding is uploaded to System Committee's chain in the form traded, and reaches and permanently records
Purpose;4, after data credibility authentication module 400:DCC announces the data type that expectation is bought, the corresponding block number of user feedback
With corresponding original data set, it is corresponding that DCC obtains under the assistance of TTP by legitimate device the acquired data under trusted status
Effective district block number, calculate effective district block number data block credential verification value, be uploaded to intelligent contract entrance;5, data are recompensed
Payment module 500: the data block voucher of the effective block recorded on the intelligent automatic traceability chain of contract submits it with DCC
Validation value is compared, and discloses, according to successful number of blocks is compared automatically to the reward of user's payment data.
Main thought: use PUF technology to obtain device hardware fingerprint as hardware on personal Internet of things device node and set
" pass " of standby admission authentication.The privately owned cloud platform for being embedded in credible platform module passes through the integrality degree of acquisition data code page
Amount, data decapsulation operation guarantee from having authenticated credibility of the Internet of things node equipment to data link privately owned cloud platform.Number
It is provided with public key on the block chain of certification TPM binding in such a way that Direct Anonymous proves to data Collection Co., Ltd according to supplier
Location, while the anonymity of itself can also be kept, achieve the purpose that secret protection.Finally, under the support of trusted third party, number
It can verify that the credibility of data set provider data presented according to Collection Co., Ltd, data reward is obtained by the intelligent contract on block chain
To fair and just payment.
Transaction system 10 is acquired to the big data based on block chain and credible calculating platform below in conjunction with specific embodiment
It is further elaborated.
Further, in one embodiment of the invention, address verifying module 100 is further used on user's chain: raw
At anonymous credentials issuer TTP key;Anonymous credentials are issued to user terminal by TTP and zero-knowledge proof;Pass through user terminal meter
Anonymity signature is calculated, to realize that DCC verifies user terminal anonymity signature correctness.
It is understood that user uploads data block voucher cre_blockiThe channel of (i=1,2 ..., N) is block
Chain, by held with user embed legal TPM privately owned cloud platform binding block chain on public key addressInitiation transaction,
Transaction is completed by the mode that miner is packaged cochain permanent storage.It is added that DCC can address white list will be according on trade user chain
DAA agreement is completed by user, DCC and TTP Three Party Communication interaction to realize.Wherein TTP takes on issuer, and task is to interior chimeric
The privately owned cloud platform of method TPM issues anonymous credentials;Certifier is served as at user terminal, i.e. credible private clound computing platform end, and task is
DAA signature is provided to verifier, being signed message is public key address on user's chain;DCC serves as verifier, and task is that verifying proves
The white list that can trade is added to decide whether to be signed address in the correctness of the signature of DAA provided by person.
The implementation of the module 100 is specifically divided into 4 steps and executes in order, successively are as follows:
Step 1:KeyGen: anonymous credentials issuer TTP key is generated;
Step 2:DAA-Join:TTP issues anonymous credentials to user terminal by zero-knowledge proof;
Step 3:DAA-Sign: user terminal calculates anonymity signature;
Step 4:DAA-Verify:DCC verifies user terminal anonymity signature correctness.
Specifically, step 1:KeyGen:TTP is selectedGroup's
Order is p, length k, and there are bilinear maps:ψ(g2)=g1, selection It calculatesThe key pair of TTP are as follows: (pk, sk)=((p, g1,g2,g3,Y,g,h),r)。
Step 2:DAA-Join:
(1) the embedded TPM of private clound selects secret informationRandom numberSignature identifiers
SSID (Solely Signature Identifier) calculates η=H1(SSID), it calculates Pedersen and promises to undertake C=gfht, send
To TTP, then private clound credible platform module proof possesses secret knowledge f, t': random selectionIt calculatesIt is sent to TTP;TTP random selectionIt is sent to privately owned cloud platform;TPM calculates sf=rf+cf,st'
=rt'+ ct' sends sfAnd st'To TTP;TTP verifying
(2) TTP is selectedCalculate A=(g1Cht′)1/(y+x), A, x and t " are sent to privately owned
Cloud.
(3) private clound host stores A and x, sends t " to TPM.
(4) TPM calculates t=t'+t ", stores f, t, whether true verifies following equation:
Step 3:DAA-Sign:
(1) private clound host randomly selectsCalculate T1=(Ahw),T2=gwh-x, T1And T2It is to A and x
It promises to undertake, it was demonstrated that following two equatioies are set up:
e(T1,Y)/e(g1,g2)=e (h, Y)we(h,g2)wx+te(g,g2)f/e(T1,g2)x,
T2=gwh-x,T2 -xgwxh-xx=1, T3=ηf。
(2) it proves that privately owned cloud platform possesses knowledge f, x, w and t, meets above equation.Calculate instrumental value δ1=wx, δ2=-
xx.TPM is randomly selectedIt calculatesIt willIt is sent to private clound host.
Private clound host is chosenIt calculates:
Private clound Framework computing:
ch=H (η | | g | | h | | g1||g2||g3||gT||Y||T1||T2||T3||R1||R2||R3||R4);
Send chTo TPM.
TPM selectionCalculate c=H (H (ch||nt) | | m), the message m being signed herein be with it is legal can
Believe the public key address on the user blocks chain of privately owned cloud platform binding.
Private clound Framework computing sx=rx+c(-x),sw=rw+cw,TPM calculates sf=
rf+cf,st=rt+c(-t)。
Private clound host output signature
Step 4:DAA-Verify:
(1) signature of public key address m on user blocks chain is givenAnd public affairs
Key (p, g1,g2,gT, Y, g, h), DCC is calculated:
(2) whether true DCC verifies following equalities:
Setting up then can trade user public key address white list by m addition.
Further, in one embodiment of the invention, data acquisition module 200 is specifically used for: passing through embedded TPM
Integrity measurement is carried out to capture program code page, generates PCR value and metrics logs;By internet of things equipment from the challenge of registration
One challenge of any selection is concentrated, and is responded by executing BIST, challenge-response is uploaded to data, to obtain
Hardware fingerprint;Data deblocking and data encapsulation are executed by TPM, so that data voucher and credible platform that the previous period is stored
Module is mutually bound, while being bound to a kind of platform status by PCR value;It is corresponding according to preset data Structure Calculation each period
Data voucher is chosen by input comprising sensor measurement data, timestamp, integrity measurement log, integrity measurement value, PUF
War-response exports the data voucher value of this period to the data voucher value of, previous time period.
It is understood that particular content is such as shown in Fig. 2, data acquisition module 200 divides carries out for 4 sequence of steps
Under.
Step 1: capture program code page integrity measurement: when privately owned cloud platform acquisition data, embedded TPM can be to acquisition
Code page where program carries out integrity measurement, and generation is stored in platform configuration register (Platform Configuration
Register, PCR) internal PCR value and metrics logs.Integrity measurement guarantees that data acquisition process operates in credible execution ring
In border, PCR value and metrics logs can be used for the subsequent module verifying whether credible operation of acquisition process.
Step 2: internet of things equipment hardware fingerprint obtains: the internet of things equipment of user just registers it at TTP before factory
CRPs, every time when privately owned cloud platform acquisition internet of things equipment data, internet of things equipment concentrates selection one to choose from the challenge of registration
War is responded by executing BIST, and challenge-response is uploaded to private clound to data, shows to upload data with this
Equipment is that have the equipment of corresponding hardware identity.
Step 3: data deblocking and encapsulation: after internet of things equipment data are uploaded to privately owned cloud platform, TPM executes data deblocking
Securely generating for data voucher is ensured with data encapsulation operation, and data encapsulation not only mutually ties up data with a credible platform module
It is fixed, it is bound to a kind of platform status simultaneously also by PCR, ensure that the credible of system running environment and data.The technology is answered
With making the operation for distorting, making up privately owned cloud platform storing data lead to the failure of follow-up data Trusting eBusiness, to prevent
The forgeries of internet of things equipment data.
Step 4: data voucher generates: calculating corresponding data voucher cre_ of each period according to the data structure of attached drawing 3
datai(i=1,2 ..., N).Input includes sensor measurement data, timestamp, integrity measurement log, integrity measurement
To the data voucher value of, previous time period, algorithm is the form of nested hash, is exported as this period for value, PUF challenge-response
Data voucher value.
Specifically, step 1: capture program code page integrity measurement: this step can be obtained credible privately owned cloud platform and hold
The safe condition that key code is run when row data acquisition operations guarantees subsequently through the data of Trusting eBusiness to be all credible
It is collected in performing environment.
Integrity measurement is one of function of TPM, actually calculates it to by measure object using cryptographic Hash algorithm
The process of Hash Value.The input of hash operation is the code page acquired where data program in the present invention, and the Hash Value of output is
The integrity measurement value of the code page, TPM charge to metric in specified PCR, and the method charged to is: new PCR value=hash
Cryptographic algorithm (former PCR value | | metric).When executing integrity measurement operation platform should be recorded in metrics process information by platform
In event log, content includes: measurement person's information, by measurement person's information, former PCR value, metric, new PCR value, deadline.
Before each private clound executes data acquisition operations, embedded TPM will execute an aforesaid operations, generate key procedure code page
PCR value and metrics logs, one of the input as data packaging operation.
Step 2: internet of things equipment hardware fingerprint obtains: the present invention is realized using the PUF (such as SRAM PUF) based on storage
The certificate scheme of internet of things equipment hardware identity.By causing SRAM internal symmetry using the variation during the manufacturing
The mismatch of cell parameters, after power-up, the bistable unit of SRAM node enter a unstable state, and unstable
Constantly concussion returns to 0 or 1 stable state in state, is responded accordingly.Before internet of things equipment transmits data to private clound every time,
A pair is chosen from the CRPs registered from TTP, internally self testing circuit input stimulus C, obtains the response R of PUF.It is each hard
Part equipment all relies on the embedded PUF of the equipment and generates unique Identity Code progress authentication, Identity Code (PUF
Challenge-response to) with data be uploaded to private clound, be follow-up data Trusting eBusiness preparatory condition.
Step 3: data deblocking and encapsulation: private clound is in the authentication information and sensor for receiving internet of things equipment transmission
After recording data, it is carried out to compression packing processing with the data collected before.To guarantee the data compression value generated before
Safety, the present invention using data encapsulate and solve encapsulation technique.Data encapsulation and unsealing operation are by critical data and specific
Platform status (PCR value) and credible platform module are bound together, so that data are not only bound to a credible platform module, together
When a kind of platform status is bound to by PCR.
For example, i-th of sub-period within the 1st period, generates HiIt will be first to the H that (i-1) period generatesi-1It carries out
Deblocking, the specific step of unsealing operation are as follows:
(1) H that (i-1) a sub-period encapsulation generates is read from specified PCRi-1:
Hi-1||PCR_valuei-1| | TPM_Proof=Decrypt (key, sealedDatai-1);
(2) whether identical as the PCR_value decrypted TPM compares PCR value at that time;
(3) whether identical as the numerical value of storage inside TPM compares the TPM_Proof decrypted;
(4) if comparison is identical, H is exportedi-1。
Wherein, TPM_Proof is TPM unique identification.With Hi-1With remaining related data as inputting, executes data and beat
Package operation generates the data voucher H of i-th of periodi, and to HiData encapsulation operation is executed, to guarantee i to (i+1) in the period
The secure storage of data voucher, that is, perform the following operations:
sealedDatai=Encrypt (key, (Hi||PCR_valuei||TPM_Proof))。
Step 4: data voucher generates: calculating corresponding data voucher cre_ of each period according to the data structure of attached drawing 3
datai(i=1,2 ..., N).Setting has n sub-period in each period.The H generated with i-th of sub-period of the 1st periodi
For:
Hi=h (mi||ti||PCR_logi||PCR_valuei||Ci||Ri||Hi-1) (i=1,2 ..., n),
I.e. by tiWhen moment is uploaded to the internet of things equipment data of privately owned cloud platform, real-time time stamp, capture program operation
Integrity measurement log and PCR value, the input stimulus of internet of things equipment PUF and output response and (i-1) a sub-period it is raw
At Hi-1Link, and carry out hash operation.Hi-1(wherein i=2,3 ..., n) must can just read after data unsealing operation, this
Sample guarantees that the data voucher before i-th of sub-period is not tampered with.After n sub-period, the data voucher H of first period is generatedn
(namely cre_data1)。
Further, in one embodiment of the invention, data uploading module 300 is specifically used for: by TPM to data
The scripting program code page for being uploaded to block chain carries out integrity measurement, generates corresponding metrics logs and PCR value;Input is any
The data voucher of one period timestamp, carries out the metrics logs and metric of integrity measurement generation to upload program, and holds
The output valve obtained after row link and hash operation is the data block voucher of any one period, and in the TEE set up, on
It passes script and the transaction comprising data block voucher is sent by public key address on chain, so that transaction is for good and all remembered after being packaged cochain
Record is on alliance's chain of this system.
It is understood that as shown in Fig. 2, data uploading module 300, specifically includes:
Step 1: upload program code page integrity measurement: the TPM of private clound platform built-in is uploaded to block chain to data
Scripting program code page carry out integrity measurement, generate corresponding metrics logs and PCR value, for it is subsequent can to upload procedure
The verifying of letter property.
Step 2: the generation and upload of data block voucher: data block voucher be finally be recorded on block chain with
Card.Input the data voucher, timestamp, the metrics logs and degree that integrity measurement generation is carried out to upload program of certain time period
Magnitude executes the data block voucher that the output valve obtained after link and hash operation is this period.It is setting up later
In TEE, uploads script and pass throughChain on public key address send include data block voucher transaction, transaction be packaged cochain
It is permanently recorded on alliance's chain of this system afterwards.
Specifically, step 1: upload program code page integrity measurement: assuming that user terminal upload altogether N number of data block with
Card, the scripting program code page that the TPM of private clound platform built-in is uploaded to block chain to data carry out integrity measurement, generate and close
The metrics logs PCR_log of script is uploaded in datajAnd PCR_valuej(j=1,2 ..., N), follow-up data credibility link
The credibility of upload procedure can be determined according to both information.
Step 2: the generation and upload of data block voucher: data block voucher be finally be recorded on block chain with
Card, data structure are as follows:
cre_blockj=h (tj||PCR_logj||PCR_valuej||cre_dataj) (j=1,2 ..., N),
cre_blockjFor by tjThe timestamp at moment, credible privately owned cloud platform have been executed to scripting program code page is uploaded
The cre_data that metrics logs, PCR value and j-th of the period generated after whole property metric operations generatesj(j=1,2 ..., N) chain
It connects and carries out the value generated after hash operation.Later in the TEE set up, uploads script and pass through public key address on chain
Send comprising data block voucher transaction (as shown in figure 4) to trading pit wait miner be packaged.Miner completes proof of work
The block comprising the transaction is generated afterwards and is broadcasted, when there are enough blocks to link after this block, it is believed that data
Transaction certificate is permanently recorded on block chain.
It should be noted that (1) nonce represents block number in attached drawing 4;(2) publication trades, executes tune in ether mill
It is required to consume certain expense with operations such as contract functions, with being counted as unit of gas.GasLimit is the permission of single situation
Most gas total amounts, gasPrice be setting gas price, generally with GWei (1ETH=1000000000GWei) be unit;
(3) Recipient is the collecting account of transaction, which belongs to the message call transaction in the transaction of ether mill
Type, therefore the value is to initiate the user of recorded data zone block certificate transactions itself;(4) Value is transfer amounts, because of the invention institute
Transaction is only for progress data record, therefore being worth is 0;(5) v, r, s are that miner carries out parameter necessary to ECDSA signs;
(6) data is data block voucher, and block, which is packaged after cochain, is just recorded permanently storage.
Further, in one embodiment of the invention, data credibility authentication module 400 is specifically to be used for: passing through
The type of internet of things equipment data needed for DCC is announced;The corresponding data field of initial data is obtained according to the data requirements that DCC is announced
Block number where block voucher, and block number and initial data are sent to DCC together;The block number retrospect obtained according to feedback
Corresponding transaction and data block voucher, and the number of effective block is obtained under the assistance of TTP, and then calculate effective block
Data block credential verification value, and it is uploaded to the corresponding interface of system data reward payment module.
It is understood that as shown in Fig. 2, data credibility authentication module 400 specifically includes:
Step 1:DCC announces data requirements: the type of internet of things equipment data needed for DCC is announced, such as device type, data
Meaning type etc..
Step 2: user feedback block number simultaneously sends initial data: user finds out according to the data requirements that DCC is announced to be met
It is required that the corresponding data block voucher of initial data where block number, and block number and initial data are sent to together
DCC。
Step 3: the data block credential verification value of effective block generates: the block number retrospect pair that DCC is obtained according to feedback
The transaction answered and data block voucher, and the number of effective block is obtained under the assistance of TTP, wherein effective block refer to pair
The data block voucher answered is the internet of things equipment upload by there is certification hardware identity, and executes acquisition in TEE, storage, beats
Obtained by packet, upload operation.DCC is numbered according to effective block, the uploaded initial data of user is calculated according to side of the present invention
Method calculates the data block credential verification value of effective block, and in the data of block chain payment platform interface input effective block
Block credential verification value.
Specifically, step 1:DCC announces data requirements: DCC is by establishing on block chain the provision content of intelligent contract
To announce the data type of expectation purchase.DCC issue intelligent contract public key address be it is disclosed, advertisement, official website can be passed through
The mode of bulletin tells user, and the publisher public key address of the only intelligent contract of user's comparison is identical with the account address of announcement
When, user can just execute subsequent such as feedback block number operation.
Step 2: user feedback block number simultaneously sends initial data: user finds out according to the data requirements that DCC is announced to be met
It is required that the corresponding data block voucher of initial data where block number (being assumed to be 1 ..., N), and by block number and original
Data are sent to DCC together.Initial data includes:
(1) sensor measurement data: M={ m1,...,mn;...;m(N-1)n,...,mNn};
(2) timestamp: T1={ t1,...,tn;...;t(N-1)n,...,tNnAnd T2={ tA,...,tA+N};
(3) internet of things equipment PUF challenge-response collection:
C={ C1,...,Cn;...;C(N-1)n,...,CNnAnd R={ R1,...,Rn;...;R(N-1)n,...,RNn};
(4) capture program integrity measurement log:
LOG1={ PCR_log1,...,PCR_logn;...;PCR_log(N-1)n,...,PCR_logNn};
(5) capture program integrity measurement value:
PCR1={ PCR_value1,...,PCR_valuen;...;PCR_value(N-1)n,...,PCR_valueNn};
(6) voucher upload program integrity measurement log: LOG2={ PCR_logA,...,PCR_logA+N};
(7) voucher upload program integrity measurement value: PCR2={ PCR_valueA,...,PCR_valueA+N}。
Step 3: the data block credential verification value of effective block generates: DCC is traced according to the block number that user submits
1 ..., data block voucher value recorded in block S.DCC is by the C in initial data, R, LOG1,PCR1,LOG2,PCR2Hair
Give TTP.TTP motivates C according to the PUF that receives, inquires registered corresponding response R value, if the response of registration and receiving
The Hamming distance of both responses is less than threshold epsilon, then the authentication of Internet of things node passes through.Capture program and voucher are uploaded
The integrity measurement value and metrics logs of program, TTP by analyze integrity measurement event log information judge PCR value whether come
From correct metrics process, the value of PCR is compared with the completeness of platform a reference value of registration later, if they are the same, is then shown
The privately owned cloud platform for sending data is in trusted status when executing relevant operation.If the above verifying passes through, TTP thinks this
The corresponding data of block be it is believable, the number of these effective blocks is sent to DCC by TTP.DCC uploads data using user and presses
The data block credential verification value of effective block is calculated according to the method for the invention, and is disclosed, permanently by intelligent contract-defined interface
Ground is recorded on block chain.
Further, in one embodiment of the invention, data reward payment module 500 is further used for according to block
Chain intelligence contract obtains the data block credential verification value of effective block to the interface input value of DCC and effective block is numbered, and closes
It corresponding data block evidence record value and is compared on about automatic traceability chain, and according to the data block voucher being proved to be successful
Number, intelligent contract are not relied on by third party, automatically to the reward of user's payment data.
It is understood that as shown in Fig. 2, intelligent contract on block chain is according to the data of the DCC effective block inputted
Block credential verification value obtains effective block number, corresponding data block evidence record value and is compared on the automatic traceability chain of contract
It is right, it is identical, prove that the state of platform when user uploads data is believable and sensing data is not tampered, it is on the contrary then prove
Data invalid.According to the data block voucher number being proved to be successful, intelligent contract is not relied on, by third party automatically to user's branch
Pay data reward.
Specifically, the ether mill that data reward payment module 500 is located at credible big data acquisition transaction system is intelligently closed
It about holds, intelligent contract is issued by DCC, leaves user's interface different with the end DCC for respectively, and DCC and user call the operation of contract
Realize that the call operation of all pairs of contracts finally can all enter transaction in the form of transaction by the web3 module that ether mill provides
Pond, the operation for being packaged cochain are disclosed, are permanently recorded on block chain.DCC, which is allowed to input in intelligent contract-defined interface, to be had
The data block credential verification value of block and the public key address of corresponding user are imitated, contract traces the data of Correlation block record automatically
Block voucher pays corresponding data reward, contract payment from trend client public key address according to identical number of blocks is compared
Operation enters generation after trading pit waits packing, miner to complete proof of work with transaction form and goes forward side by side comprising the block of the transaction
Row broadcast, when there is enough blocks to link after this block, it is believed that data trade voucher is permanently recorded in block
On chain, so far payment is completed.
To sum up, the embodiment of the present invention provide a kind of combination PUF technology, reliable computing technology, block chain technology it is credible big
Data acquire transaction system, can be used under the premise of guaranteeing data credibility and justice of exchange, extensive Internet of Things individual sets
Standby data silo fusion and transaction, and personal identification privacy is protected not to be leaked, advantage and effect are:
1) embodiment of the present invention combines PUF technology, reliable computing technology, block chain technology, and PUF ensures acquired data
From the hardware device being certified;Credible platform module guarantees data acquisition, stores, the safety of upload operation;Block chain generates
Anti-tamper data block evidence record account book.This system assures that acquiring, storage, being packaged, the full link of upload is credible.
2) embodiment of the present invention proves to carry out secret protection to public key address on user's chain using Direct Anonymous, and DCC can only
It proves that carry out account on the chain of data trade with it embeds the privately owned cloud platform binding of legal TPM with one really, but cannot obtain
To about other any information outside privately owned cloud platform validity, to protect the privacy of user terminal.
3) centrality and automation feature are gone based on the intelligent contract function of block chain support, this system ensure that number reward
Fair, transparent, automatic payment, solve the big worry of user.
What is proposed according to embodiments of the present invention acquires transaction system based on the big data of block chain and credible calculating platform, leads to
Cross the acquisition to data, storage, packing, upload operation implement comprehensive supervision and protection, the full link for realizing data can
Letter, the method for using Direct Anonymous to prove make DCC protect user hidden in the validity of public key address on authenticating user's chain
It is private;Also, the characteristics of based on the intelligence contract decentralization of block chain and automating guarantees the open and clear of data reward payment,
Thus the contradiction reconciled between personal privacy protection and big data acquisition to a certain extent, and ensure the credible of data source
Property, and there is practicability, simple easily realization.
In addition, term " first ", " second " are used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance
Or implicitly indicate the quantity of indicated technical characteristic.Define " first " as a result, the feature of " second " can be expressed or
Implicitly include at least one this feature.In the description of the present invention, the meaning of " plurality " is at least two, such as two, three
It is a etc., unless otherwise specifically defined.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office
It can be combined in any suitable manner in one or more embodiment or examples.In addition, without conflicting with each other, the skill of this field
Art personnel can tie the feature of different embodiments or examples described in this specification and different embodiments or examples
It closes and combines.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example
Property, it is not considered as limiting the invention, those skilled in the art within the scope of the invention can be to above-mentioned
Embodiment is changed, modifies, replacement and variant.
Claims (6)
1. a kind of acquire transaction system based on the big data of block chain and credible calculating platform characterized by comprising
Address verifying module on user's chain is used for communication interaction between data Collection Co., Ltd DCC, trusted third party TTP and user
To complete Direct Anonymous identification protocol, and DCC transaction will be added with public key address on the block chain of credible privately owned cloud platform binding
User's white list;
Data acquisition module is acquired the integrality degree that capture program code page is executed while operation for privately owned cloud platform
Amount obtains by Internet of things node and uploads hardware fingerprint to obtain the first platform status, and utilizes the credible private clound
Data deblocking and the encapsulation function of platform generate data voucher, to obtain the foundation of subsequent module verify data credibility;
Data uploading module, for executing the integrity measurement of upload program code page to obtain the second platform status, and with appoint
The data voucher link of one period generates data block voucher after being packaged, and by with the credible privately owned cloud platform binding
Public key address is uploaded to System Committee's chain in the form traded on block chain;
Data credibility authentication module, for it is corresponding to receive user feedback after the data type that the DCC announces expectation purchase
Block number and corresponding original data set, and the DCC is obtained by legitimate device under the assistance of the TTP credible
The corresponding effective district block number of lower the acquired data of state, and the data block credential verification value of the effective block is calculated, it uploads
To intelligent contract entrance;
Data recompense payment module, the data block for the effective block by recording on the automatic traceability chain of the intelligent contract
It is compared voucher with the DCC validation value submitted, with according to compare successful number of blocks disclose and automatically to
The reward of user's payment data.
2. according to claim 1 acquire transaction system, feature based on the big data of block chain and credible calculating platform
It is, address verifying module is further used on user's chain:
Generate anonymous credentials issuer TTP key;
The anonymous credentials are issued to user terminal by TTP and zero-knowledge proof;
Anonymity signature is calculated by the user terminal, to realize the DCC verifying user terminal anonymity signature correctness.
3. according to claim 1 acquire transaction system, feature based on the big data of block chain and credible calculating platform
It is, the data acquisition module is specifically used for:
Integrity measurement is carried out to the capture program code page by the TPM of private clound platform built-in, generates PCR value and measurement
Log;
One challenge of any selection is concentrated from the challenge of registration by internet of things equipment, and is responded by executing BIST, is obtained
The hardware fingerprint is taken, challenge-response is uploaded to data;
By TPM execution data deblocking and data encapsulation, so that data voucher generated of previous period is put down with credible
Platform module is mutually bound, while being bound to a kind of platform status by PCR value;
According to preset data Structure Calculation each period corresponding data voucher, input as comprising sensor measurement data, time
Stamp, integrity measurement log, integrity measurement value, PUF challenge-response export as this data voucher value of, previous time period
The data voucher value of period.
4. according to claim 1 acquire transaction system, feature based on the big data of block chain and credible calculating platform
It is, the data uploading module is specifically used for:
Integrity measurement is carried out to the scripting program code page for uploading data to block chain by the TPM, generates corresponding degree
Measure log and PCR value;
Input the data voucher, timestamp, the metrics logs that integrity measurement generation is carried out to upload program of any one period
And metric, and the data block voucher that the output valve obtained after link and hash operation is any time period is executed, and
In the credible performing environment set up, script is uploaded by public key address on chain and sends the transaction comprising data block voucher, is made
It must trade and be permanently recorded on alliance's chain of this system after being packaged cochain.
5. according to claim 1 acquire transaction system, feature based on the big data of block chain and credible calculating platform
It is, the data credibility authentication module is specifically used for:
The type of internet of things equipment data needed for being announced by DCC;
According to the data requirements that the DCC is announced, block number where the corresponding data block voucher of user query initial data,
And the block number and the initial data are sent to DCC together;
The corresponding transaction of block number retrospect obtained according to feedback and data block voucher, and obtained under the assistance of the TTP
The number of effective block and the data block credential verification value for calculating effective block, and it is uploaded to intelligent contract entrance.
6. according to claim 1 acquire transaction system, feature based on the big data of block chain and credible calculating platform
It is, the data reward payment module is further used for: the intelligent contract on the block chain has according to what the DCC was inputted
The data block credential verification value of effect block obtains effective block number, the data block of effective block on the automatic traceability chain of contract
Evidence record value is simultaneously compared with validation value, and according to the data block voucher number being proved to be successful, the intelligence contract is not
It is relied on by third party, automatically to the user payment data reward.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811069639.XA CN109325331B (en) | 2018-09-13 | 2018-09-13 | Big data acquisition transaction system based on block chain and trusted computing platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811069639.XA CN109325331B (en) | 2018-09-13 | 2018-09-13 | Big data acquisition transaction system based on block chain and trusted computing platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109325331A true CN109325331A (en) | 2019-02-12 |
| CN109325331B CN109325331B (en) | 2022-05-20 |
Family
ID=65265796
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811069639.XA Active CN109325331B (en) | 2018-09-13 | 2018-09-13 | Big data acquisition transaction system based on block chain and trusted computing platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109325331B (en) |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110059497A (en) * | 2019-02-19 | 2019-07-26 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of secret protection are realized in block chain |
| CN110278193A (en) * | 2019-05-20 | 2019-09-24 | 阿里巴巴集团控股有限公司 | It is marked and transaction, the receipt storage method of event type and node in conjunction with code |
| CN110309634A (en) * | 2019-04-04 | 2019-10-08 | 深圳大通实业股份有限公司 | A kind of credible advertisement data management system based on block chain |
| CN110324422A (en) * | 2019-07-05 | 2019-10-11 | 北京大学 | A kind of substantive approach and system of cloud application |
| CN110336663A (en) * | 2019-06-14 | 2019-10-15 | 东南大学 | A kind of PUFs based on block chain technology certificate scheme group to group |
| CN110347607A (en) * | 2019-07-16 | 2019-10-18 | 北京首汽智行科技有限公司 | A kind of data cochain test method |
| CN110442631A (en) * | 2019-08-07 | 2019-11-12 | 北京艾摩瑞策科技有限公司 | About the knowledge payment associated data processing method and its device on block chain |
| CN110809058A (en) * | 2019-11-13 | 2020-02-18 | 北京物资学院 | Block chain traceability system and method based on feature code identification and verification technology |
| CN110875930A (en) * | 2019-11-21 | 2020-03-10 | 山东超越数控电子股份有限公司 | Method, equipment and medium for monitoring trusted state |
| CN110912712A (en) * | 2019-12-18 | 2020-03-24 | 东莞市大易产业链服务有限公司 | Service operation risk authentication method and system based on block chain |
| CN111177096A (en) * | 2019-12-11 | 2020-05-19 | 招银云创(深圳)信息技术有限公司 | Log management method and device, computer equipment and storage medium |
| CN111274594A (en) * | 2020-01-20 | 2020-06-12 | 上海市大数据中心 | Block chain-based secure big data privacy protection sharing method |
| CN111428249A (en) * | 2020-01-20 | 2020-07-17 | 中国科学院信息工程研究所 | Anonymous registration method and system for protecting user privacy based on block chain |
| CN111783133A (en) * | 2020-06-02 | 2020-10-16 | 广东科学技术职业学院 | Network resource management method based on block chain technology |
| CN111950021A (en) * | 2020-07-31 | 2020-11-17 | 南京航空航天大学 | Method for solving privacy disclosure problem in data presentation of intelligent contract |
| CN112380574A (en) * | 2020-11-11 | 2021-02-19 | 杭州甘道智能科技有限公司 | Data chaining method based on block chain and SE chip |
| CN112395511A (en) * | 2020-11-04 | 2021-02-23 | 北京大学 | Rumor detection and evidence preservation system based on message propagation path in mobile application |
| FR3101991A1 (en) * | 2019-10-09 | 2021-04-16 | Pierre-Francois Casanova | Object authentication and assurance system and method |
| CN112751807A (en) * | 2019-10-31 | 2021-05-04 | 中国电信股份有限公司 | Secure communication method, apparatus, system and storage medium |
| CN113098693A (en) * | 2021-04-08 | 2021-07-09 | 太原理工大学 | Memory verification method based on physical unclonable function algorithm |
| CN113159769A (en) * | 2021-04-21 | 2021-07-23 | 中国人民解放军国防科技大学 | Block chain-based data circulation intelligent contract implementation method and system |
| CN113221089A (en) * | 2021-03-15 | 2021-08-06 | 东北大学 | Privacy protection attribute authentication system and method based on verifiable statement |
| CN113256427A (en) * | 2021-06-28 | 2021-08-13 | 北京航空航天大学 | Joint signature-based alliance block chain consensus method and system |
| CN113326527A (en) * | 2021-06-24 | 2021-08-31 | 北京八分量信息科技有限公司 | Credible digital signature system and method based on block chain |
| CN113433918A (en) * | 2021-08-25 | 2021-09-24 | 江苏荣泽信息科技股份有限公司 | Enterprise electronic standing book energy consumption data acquisition system based on block chain |
| CN114117553A (en) * | 2022-01-28 | 2022-03-01 | 北京豪尔赛智慧城域科技有限公司 | Block chain-based control method and system for Internet of things terminal |
| WO2022073212A1 (en) * | 2020-10-09 | 2022-04-14 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing blockchain-based trustable transaction services |
| CN114679284A (en) * | 2020-12-24 | 2022-06-28 | 中国移动通信有限公司研究院 | Trusted remote attestation system, storage method, verification method and storage medium thereof |
| US11443307B2 (en) | 2020-07-31 | 2022-09-13 | Alipay (Hangzhou) Information Technology Co., Ltd. | Cross-border resource transfer authenticity verification method, device and electronic equipment |
| CN115189863A (en) * | 2022-09-13 | 2022-10-14 | 图林科技(深圳)有限公司 | E-commerce transaction information management system based on block chain network architecture |
| EP4018597A4 (en) * | 2019-08-22 | 2023-04-12 | Quantumciel Pte. Ltd. | Device, system and method for providing information security |
| CN116976891A (en) * | 2023-07-21 | 2023-10-31 | 杭州易景数通科技有限公司 | Financial data security management system, device and method thereof |
| CN117349897A (en) * | 2023-12-05 | 2024-01-05 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Block chain-based carbon quota transaction privacy protection method |
| US11935048B2 (en) | 2020-10-09 | 2024-03-19 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing blockchain-based trustable transaction services |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103763315A (en) * | 2014-01-14 | 2014-04-30 | 北京航空航天大学 | Credible data access control method applied to cloud storage of mobile devices |
| CN106407481A (en) * | 2016-11-30 | 2017-02-15 | 福州微启迪物联科技有限公司 | Block chain architecture-based ecological environment monitoring system and implementation method thereof |
| CN107274184A (en) * | 2017-05-11 | 2017-10-20 | 上海点融信息科技有限责任公司 | block chain data processing based on zero-knowledge proof |
| US20170352027A1 (en) * | 2016-06-07 | 2017-12-07 | Cornell University | Authenticated data feed for blockchains |
| US20170359374A1 (en) * | 2016-06-11 | 2017-12-14 | Lntel Corporation | Blockchain System with Nucleobase Sequencing as Proof of Work |
| CN107533501A (en) * | 2015-03-20 | 2018-01-02 | 里维茨公司 | Use block chain automated validation appliance integrality |
| CN108270571A (en) * | 2017-12-08 | 2018-07-10 | 西安电子科技大学 | Internet of Things identity authorization system and its method based on block chain |
-
2018
- 2018-09-13 CN CN201811069639.XA patent/CN109325331B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103763315A (en) * | 2014-01-14 | 2014-04-30 | 北京航空航天大学 | Credible data access control method applied to cloud storage of mobile devices |
| CN107533501A (en) * | 2015-03-20 | 2018-01-02 | 里维茨公司 | Use block chain automated validation appliance integrality |
| US20170352027A1 (en) * | 2016-06-07 | 2017-12-07 | Cornell University | Authenticated data feed for blockchains |
| US20170359374A1 (en) * | 2016-06-11 | 2017-12-14 | Lntel Corporation | Blockchain System with Nucleobase Sequencing as Proof of Work |
| CN106407481A (en) * | 2016-11-30 | 2017-02-15 | 福州微启迪物联科技有限公司 | Block chain architecture-based ecological environment monitoring system and implementation method thereof |
| CN107274184A (en) * | 2017-05-11 | 2017-10-20 | 上海点融信息科技有限责任公司 | block chain data processing based on zero-knowledge proof |
| CN108270571A (en) * | 2017-12-08 | 2018-07-10 | 西安电子科技大学 | Internet of Things identity authorization system and its method based on block chain |
Non-Patent Citations (3)
| Title |
|---|
| XIAOLIAN CHEN 等: "A Blockchain Based Access Authentication Scheme of Energy Internet", 《2018 2ND IEEE CONFERENCE ON ENERGY INTERNET AND ENERGY SYSTEM INTEGRATION (EI2)》 * |
| 李大伟 等: "基于区块链的密钥更新和可信定位系统", 《密码学报》 * |
| 李彬 等: "非可信环境下基于区块链的多级DR投标安全管理及技术支撑", 《中国电机工程学报》 * |
Cited By (47)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110059497A (en) * | 2019-02-19 | 2019-07-26 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of secret protection are realized in block chain |
| CN110309634A (en) * | 2019-04-04 | 2019-10-08 | 深圳大通实业股份有限公司 | A kind of credible advertisement data management system based on block chain |
| CN110278193A (en) * | 2019-05-20 | 2019-09-24 | 阿里巴巴集团控股有限公司 | It is marked and transaction, the receipt storage method of event type and node in conjunction with code |
| CN110278193B (en) * | 2019-05-20 | 2021-06-01 | 创新先进技术有限公司 | Receipt storage method and node combining code marking with transaction and event types |
| CN110336663A (en) * | 2019-06-14 | 2019-10-15 | 东南大学 | A kind of PUFs based on block chain technology certificate scheme group to group |
| CN110336663B (en) * | 2019-06-14 | 2021-11-30 | 东南大学 | PUFs group-to-group authentication method based on block chain technology |
| CN110324422B (en) * | 2019-07-05 | 2020-08-28 | 北京大学 | Cloud application verification method and system |
| CN110324422A (en) * | 2019-07-05 | 2019-10-11 | 北京大学 | A kind of substantive approach and system of cloud application |
| CN110347607A (en) * | 2019-07-16 | 2019-10-18 | 北京首汽智行科技有限公司 | A kind of data cochain test method |
| CN110442631A (en) * | 2019-08-07 | 2019-11-12 | 北京艾摩瑞策科技有限公司 | About the knowledge payment associated data processing method and its device on block chain |
| EP4018597A4 (en) * | 2019-08-22 | 2023-04-12 | Quantumciel Pte. Ltd. | Device, system and method for providing information security |
| FR3101991A1 (en) * | 2019-10-09 | 2021-04-16 | Pierre-Francois Casanova | Object authentication and assurance system and method |
| CN112751807B (en) * | 2019-10-31 | 2023-02-03 | 中国电信股份有限公司 | Secure communication method, device, system and storage medium |
| CN112751807A (en) * | 2019-10-31 | 2021-05-04 | 中国电信股份有限公司 | Secure communication method, apparatus, system and storage medium |
| CN110809058A (en) * | 2019-11-13 | 2020-02-18 | 北京物资学院 | Block chain traceability system and method based on feature code identification and verification technology |
| CN110875930A (en) * | 2019-11-21 | 2020-03-10 | 山东超越数控电子股份有限公司 | Method, equipment and medium for monitoring trusted state |
| CN111177096A (en) * | 2019-12-11 | 2020-05-19 | 招银云创(深圳)信息技术有限公司 | Log management method and device, computer equipment and storage medium |
| CN110912712A (en) * | 2019-12-18 | 2020-03-24 | 东莞市大易产业链服务有限公司 | Service operation risk authentication method and system based on block chain |
| CN110912712B (en) * | 2019-12-18 | 2022-03-08 | 东莞市大易产业链服务有限公司 | Service operation risk authentication method and system based on block chain |
| CN111428249B (en) * | 2020-01-20 | 2022-06-28 | 中国科学院信息工程研究所 | Anonymous registration method and system for protecting user privacy based on block chain |
| CN111428249A (en) * | 2020-01-20 | 2020-07-17 | 中国科学院信息工程研究所 | Anonymous registration method and system for protecting user privacy based on block chain |
| CN111274594A (en) * | 2020-01-20 | 2020-06-12 | 上海市大数据中心 | Block chain-based secure big data privacy protection sharing method |
| CN111783133A (en) * | 2020-06-02 | 2020-10-16 | 广东科学技术职业学院 | Network resource management method based on block chain technology |
| US11443307B2 (en) | 2020-07-31 | 2022-09-13 | Alipay (Hangzhou) Information Technology Co., Ltd. | Cross-border resource transfer authenticity verification method, device and electronic equipment |
| CN111950021A (en) * | 2020-07-31 | 2020-11-17 | 南京航空航天大学 | Method for solving privacy disclosure problem in data presentation of intelligent contract |
| US11798050B2 (en) | 2020-10-09 | 2023-10-24 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing blockchain-based trustable transaction services |
| US11935048B2 (en) | 2020-10-09 | 2024-03-19 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing blockchain-based trustable transaction services |
| WO2022073212A1 (en) * | 2020-10-09 | 2022-04-14 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing blockchain-based trustable transaction services |
| CN112395511A (en) * | 2020-11-04 | 2021-02-23 | 北京大学 | Rumor detection and evidence preservation system based on message propagation path in mobile application |
| CN112380574A (en) * | 2020-11-11 | 2021-02-19 | 杭州甘道智能科技有限公司 | Data chaining method based on block chain and SE chip |
| CN114679284A (en) * | 2020-12-24 | 2022-06-28 | 中国移动通信有限公司研究院 | Trusted remote attestation system, storage method, verification method and storage medium thereof |
| CN113221089B (en) * | 2021-03-15 | 2023-11-07 | 东北大学 | Privacy protection attribute authentication system and method based on verifiable statement |
| CN113221089A (en) * | 2021-03-15 | 2021-08-06 | 东北大学 | Privacy protection attribute authentication system and method based on verifiable statement |
| CN113098693B (en) * | 2021-04-08 | 2022-08-16 | 太原理工大学 | Memory verification method based on physical unclonable function algorithm |
| CN113098693A (en) * | 2021-04-08 | 2021-07-09 | 太原理工大学 | Memory verification method based on physical unclonable function algorithm |
| CN113159769B (en) * | 2021-04-21 | 2022-07-19 | 中国人民解放军国防科技大学 | Block chain-based data circulation intelligent contract implementation method and system |
| CN113159769A (en) * | 2021-04-21 | 2021-07-23 | 中国人民解放军国防科技大学 | Block chain-based data circulation intelligent contract implementation method and system |
| CN113326527A (en) * | 2021-06-24 | 2021-08-31 | 北京八分量信息科技有限公司 | Credible digital signature system and method based on block chain |
| CN113256427A (en) * | 2021-06-28 | 2021-08-13 | 北京航空航天大学 | Joint signature-based alliance block chain consensus method and system |
| CN113256427B (en) * | 2021-06-28 | 2021-09-14 | 北京航空航天大学 | Joint signature-based alliance block chain consensus method and system |
| CN113433918A (en) * | 2021-08-25 | 2021-09-24 | 江苏荣泽信息科技股份有限公司 | Enterprise electronic standing book energy consumption data acquisition system based on block chain |
| CN113433918B (en) * | 2021-08-25 | 2021-11-16 | 江苏荣泽信息科技股份有限公司 | Enterprise electronic standing book energy consumption data acquisition system based on block chain |
| CN114117553A (en) * | 2022-01-28 | 2022-03-01 | 北京豪尔赛智慧城域科技有限公司 | Block chain-based control method and system for Internet of things terminal |
| CN115189863A (en) * | 2022-09-13 | 2022-10-14 | 图林科技(深圳)有限公司 | E-commerce transaction information management system based on block chain network architecture |
| CN116976891A (en) * | 2023-07-21 | 2023-10-31 | 杭州易景数通科技有限公司 | Financial data security management system, device and method thereof |
| CN117349897A (en) * | 2023-12-05 | 2024-01-05 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Block chain-based carbon quota transaction privacy protection method |
| CN117349897B (en) * | 2023-12-05 | 2024-03-26 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Block chain-based carbon quota transaction privacy protection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109325331B (en) | 2022-05-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109325331A (en) | Transaction system is acquired based on the big data of block chain and credible calculating platform | |
| US11842317B2 (en) | Blockchain-based authentication and authorization | |
| Zhang et al. | Blockchain-assisted public-key encryption with keyword search against keyword guessing attacks for cloud storage | |
| Vangala et al. | Smart contract-based blockchain-envisioned authentication scheme for smart farming | |
| CN111737724B (en) | Data processing method and device, intelligent equipment and storage medium | |
| Lu et al. | A secure and scalable data integrity auditing scheme based on hyperledger fabric | |
| CN113595971B (en) | Block chain-based distributed data security sharing method, system and computer readable medium | |
| Pu et al. | A lightweight and privacy-preserving mutual authentication and key agreement protocol for Internet of Drones environment | |
| CN114499895B (en) | Data trusted processing method and system fusing trusted computing and block chain | |
| CN108650077B (en) | Block chain based information transmission method, terminal, equipment and readable storage medium | |
| Cai et al. | Towards private, robust, and verifiable crowdsensing systems via public blockchains | |
| CN109639714A (en) | A kind of Internet of Things identity registration and verification method based on block chain | |
| CN109409122A (en) | File memory method and its electronic equipment, storage medium | |
| CN109472164A (en) | The verification method and its network and electronic equipment of contract dataset | |
| CN109491965A (en) | The storage method and its network and electronic equipment of purchase sale of electricity contract | |
| Azad et al. | M2m-rep: Reputation system for machines in the internet of things | |
| CN113259135B (en) | Lightweight blockchain communication authentication device and method for detecting data tamper | |
| Zhang et al. | Trust-based secure multi-cloud collaboration framework in cloud-fog-assisted IoT | |
| Jiang et al. | SearchBC: A blockchain-based PEKS framework for IoT services | |
| CN108777673A (en) | One kind carrying out Bidirectional identity authentication method in block chain | |
| Kumar et al. | Ultra-lightweight blockchain-enabled RFID authentication protocol for supply chain in the domain of 5G mobile edge computing | |
| CN107104804A (en) | A kind of platform integrity verification method and device | |
| Zhang et al. | Blockchain-based decentralized supply chain system with secure information sharing | |
| Kelkar et al. | Complete knowledge: Preventing encumbrance of cryptographic secrets | |
| Wang et al. | Crowdchain: A location preserve anonymous payment system based on permissioned blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |