CN109600366A - The method and device of protection user data privacy based on block chain - Google Patents

The method and device of protection user data privacy based on block chain Download PDF

Info

Publication number
CN109600366A
CN109600366A CN201811485844.4A CN201811485844A CN109600366A CN 109600366 A CN109600366 A CN 109600366A CN 201811485844 A CN201811485844 A CN 201811485844A CN 109600366 A CN109600366 A CN 109600366A
Authority
CN
China
Prior art keywords
data
user
access
card data
data access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811485844.4A
Other languages
Chinese (zh)
Inventor
李锴
张艳菊
卢亦斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Lang run innovation intellectual property operation Co.,Ltd.
Original Assignee
Chain Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chain Technology Co Ltd filed Critical Chain Technology Co Ltd
Priority to CN201811485844.4A priority Critical patent/CN109600366A/en
Publication of CN109600366A publication Critical patent/CN109600366A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The method and device for the protection user data privacy based on block chain that the invention discloses a kind of, this method comprises: receiving the first user to the data access request for depositing card data;According to the data access request and the data access authority for depositing card data and authorization access list, judge whether first user meets data access condition;When first user meets data access condition, card data are deposited described in the first user of Xiang Suoshu transmission.The present invention solves the problems, such as the problem of privacy of user data protection and user's private data authorization access in block chain.

Description

The method and device of protection user data privacy based on block chain
Technical field
The present invention relates to block chain technical fields, hidden in particular to a kind of protection user data based on block chain Private method and device.
Background technique
The realization assets digitlization that block chain can be convenient, the cross-platform circulation of assets.Open and clear data the whole network is area One of most important characteristic of block chain.But under certain business application scenes such as alliance's chain, the data of user, which are divided into, to be disclosed Data and private data, can public data can be transparent with the whole network, private data only data owner can just check, but now Many block chain networks are due to that can not protect data-privacy, the data that are not able to satisfy under certain business application scenes such as alliance's chain It is required that how to access in the case where authorization for private data, there are no a kind of effective solution methods for the prior art.
Summary of the invention
The method for the protection user data privacy based on block chain that the main purpose of the present invention is to provide a kind of, to solve The problem of authorization of user's private data accesses in block chain.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of protection user based on block chain The method of data-privacy, this method comprises:
The first user is received to the data access request for depositing card data;
According to the data access request and the data access authority for depositing card data and authorization access list, judgement Whether first user meets data access condition;
When first user meets data access condition, card data are deposited described in the first user of Xiang Suoshu transmission.
To achieve the goals above, according to another aspect of the present invention, a kind of protection user based on block chain is provided The device of data-privacy, the device include:
Data access request receiving unit, for receiving the first user to the data access request for depositing card data;
Data access condition judgment unit, for being visited according to the data access request and the data for depositing card data It asks permission and authorization access list, judges whether first user meets data access condition;
Deposit card data return unit, for when first user meets data access condition, the first user of Xiang Suoshu Card data are deposited described in transmission.
To achieve the goals above, according to the another aspect of the application, a kind of computer equipment, including storage are additionally provided Device, processor and storage on a memory and the computer program that can run on a processor, the processor execution meter The step in the method for the above-mentioned protection user data privacy based on block chain is realized when calculation machine program.
To achieve the goals above, according to the another aspect of the application, a kind of computer readable storage medium is additionally provided, The computer-readable recording medium storage has computer program, real when the computer program executes in the computer processor Step in the method for the existing above-mentioned protection user data privacy based on block chain.
The invention has the benefit that in embodiments of the present invention, user deposits card number what is uploaded into block chain network According to when, deposit card data in be provided with data access authority and authorization access list.When other users, which access this, deposits card data, It needs to judge whether the user has access authority according to data access authority and authorization access list, solve with this in block In chain the problem of privacy of user data protection and the problem of user's private data authorization accesses.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.In the accompanying drawings:
Fig. 1 is the first pass figure of the method for protection user data privacy of the embodiment of the present invention based on block chain;
Fig. 2 is the application scenario diagram of the method for protection user data privacy of the embodiment of the present invention based on block chain;
Fig. 3 is the flow chart that the embodiment of the present invention verifies the first user;
Fig. 4 is the second flow chart of the method for protection user data privacy of the embodiment of the present invention based on block chain;
Fig. 5 is the third flow chart of the method for protection user data privacy of the embodiment of the present invention based on block chain;
Fig. 6 is that the embodiment of the present invention judges whether the first user meets the flow chart of the method for data access condition;
Fig. 7 is the first structure figure of the device of protection user data privacy of the embodiment of the present invention based on block chain;
Fig. 8 is the second structure chart of the device of protection user data privacy of the embodiment of the present invention based on block chain;
Fig. 9 is the third structure chart of the device of protection user data privacy of the embodiment of the present invention based on block chain.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work It encloses.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein.In addition, term " includes " and " tool Have " and their any deformation, it is intended that cover it is non-exclusive include, for example, containing a series of steps or units Process, method, system, product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include without clear Other step or units listing to Chu or intrinsic for these process, methods, product or equipment.
It should be noted that in the absence of conflict, the feature in embodiment and embodiment in the present invention can phase Mutually combination.The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
Fig. 2 is the application scenario diagram of the method for protection user data privacy of the embodiment of the present invention based on block chain.Existing Have in technology, user will first deposit the endorsement demonstrate,proving data and being sent in block chain network when uploading data into block chain network Node is verified, after being verified endorse node to deposit card data sign, be sent to after signature be packaged node into Row is packaged and cochain.
In the present invention, user will first deposit card data and upload to endorsement node when uploading data into block chain network, Wherein deposit the data access authority and authorization access list in card data including user setting.Endorsement node deposits user's upload Card data are verified, and node of endorsing after being verified is signed using node private key to card data are deposited, and will be after signature Deposit card data be sent to packing node.It is packaged node and the card data of depositing after the signature is packaged into block, and carry out cochain.? The index address that this in block chain network deposits card data can be the cryptographic Hash for depositing card data.When other in block chain network When user wants access to this and deposits card data, needs to send data access request to endorsement node, include in the data access request This deposits the card cryptographic Hash of data, the address of user, user carry out signature generation to cryptographic Hash with private key and deposit signed certificate name value.Endorsement After node receives data access request, the user is verified according to data access request, when being verified, from depositing card number According to middle extraction data access authority and authorization access list, and judge whether the user meets data access condition, if meeting This, which is returned, to the user deposits card data.
Fig. 1 is the first pass figure of the method for protection user data privacy of the embodiment of the present invention based on block chain, such as Fig. 1 Shown, the method for the protection user data privacy based on block chain of the present embodiment includes step S101 to step S103.
Step S101 receives the first user to the data access request for depositing card data.In embodiments herein, When some that user wants access in block chain network deposits card data, first obtaining the index address for depositing card data, (i.e. this is deposited Demonstrate,prove the cryptographic Hash of data), and then data access request is generated, and block is sent by way of transaction by data access request Endorsement node in chain network.It may include: to be intended to access to deposit card data in embodiments herein, in data access request Cryptographic Hash hash, the address address of the user and the user with private key to be intended to access deposit the cryptographic Hash hash of card data into What row signature generated deposits signed certificate name value sign.
Step S102 is accessed according to the data access request and the data access authority for depositing card data and authorization List, judges whether first user meets data access condition.In embodiments herein, when endorsement node receives After the data access request of user, first the data access request is verified, when being verified, extraction, which is intended to access, deposits card number According to data access authority (scope) and authorization access list (AuthList), and according to data access authority (scope) and award Power access list (AuthList) judges whether the user meets the data access condition for being intended to access and depositing card data.The application's In alternative embodiment, when data access request passes through verifying, endorsement node is according to depositing the cryptographic Hash hash for demonstrate,proving data from block This is found out in chain network and deposits card data, and the data structure found out can be with are as follows:
{
" address ": " station address ",
" data ": " data content ",
" hash ": " the hash value for depositing card data ",
" sign ": " signed certificate name value is deposited based on hash "
“scope”:”public/private/protect”,
“AuthList”:[
{
" address ": " 1 address of user ",
" ExpireTime ": " access deadline (such as: 2018-10-5 18:10:20) "
},
{
" address ": " 2 address of user ",
" ExpireTime ": " access deadline (such as: 2018-6-5 15:10:20) "
}
]
}
From inquired in block chain network this deposit card data after, extract this deposit card data data access authority (scope) and access list (AuthList) is authorized, to verify whether user to be accessed meets the access conditions for depositing card data.
Step S103 deposits card described in the first user of Xiang Suoshu transmission when first user meets data access condition Data.In embodiments herein, when user meets the data access condition for depositing card data, endorsement node is returned to the user It returns this and deposits card data.In the alternative embodiment of the application, endorsement node to the user deposit card data return value can be with are as follows:
{
" address ": " station address ",
" data ": " data content ",
" hash ": " the hash value for depositing card data ",
" sign ": " signed certificate name value is deposited based on hash "
}
Fig. 3 is the flow chart that the embodiment of the present invention verifies the first user, as shown in figure 3, in above-mentioned steps S102 The method that endorsement node verifies the data access request of user includes step S201 to step S204.
Step S201 receives the first user to the data access request for depositing card data, the data access request packet It includes: the first of signature generation being carried out to the cryptographic Hash for depositing card data using the private key of first user and deposits signed certificate name value. It may include: to be intended to access the cryptographic Hash hash for depositing card data, be somebody's turn to do in embodiments herein, in the data access request of user The address address and the user of user is deposited the cryptographic Hash hash of card data and carries out signature generation to being intended to access with private key Deposit signed certificate name value sign.
Step S202 deposits signed certificate name value to described first and verifies.In embodiments herein, when endorsement node connects When receiving the data access request of user, endorsement node finds the corresponding public affairs of address using the address address of user first Then key information is tested using the legitimacy that signed certificate name value sign is deposited in public key and cryptographic Hash hash verifying if signature is illegal Card does not pass through, data access failure.
Step S203 extracts data access from described deposit in card data when described first, which deposits signed certificate name value, passes through verifying Permission and authorization access list.In embodiments herein, when the data access that S202 verifies user through the above steps is asked Ask by when, endorsement node finds out this from block chain network and deposits card data according to the cryptographic Hash hash for depositing card data, lookup Data structure out can as shown in above-mentioned steps S102, find out deposit card data after extract this deposit card data data visit Ask permission (scope) and authorization access list (AuthList).
Step S204, according to the data access request and the data access authority of extraction and authorization Access Column Table, judges whether first user meets data access condition.In embodiments herein, endorsement node is visited according to data It asks permission (scope) and access list (AuthList) is authorized to judge whether user meets the data access condition for depositing card data.
Fig. 4 is the second flow chart of the method for protection user data privacy of the embodiment of the present invention based on block chain, such as Fig. 4 Shown, the method for the protection user data privacy based on block chain of the present embodiment includes step S301 to step S303.
Step S301, receive that second user sends described deposits card data, wherein the card data of depositing include: described the The data access authority and authorization access list of two user settings.In the embodiment of the present application, when the second user is to block Uploaded in chain network it is above-mentioned deposit card data when, will first deposit card data upload to endorsement node, wherein deposit card data in may include: Station address (address), data content (data), cryptographic Hash (hash), the institute that encryption generation is carried out to the data content It states second user and deposits signed certificate name value (sign) and described second to the cryptographic Hash carries out signature generation second using private key Data access authority (scope) set by user and authorization access list (AuthList).In embodiments herein, user The data content data for depositing card data is firstly generated, while encryption is carried out to data content data using sha256 and generates hash Value, this hash value is to verify whether data is tampered, and then user signs to hash using private key, generates hash label Name sign value, this value in chain for verifying the identity of user.In embodiments herein, user deposits card data in generation Afterwards, this is deposited into the endorsement node that card data send block chain by way of transaction.
In embodiments herein, data access authority (scope) set by user and authorization access list (AuthList) can be used as deposit card data deposit card data value deposit block chain in.In embodiments herein, Yong Hushe Fixed data access authority (scope) can be with are as follows: public (owner is accessible), private (only oneself could be accessed), One of protect (authorized user is also accessible).User can be stored in authorization access list (AuthList) to set Fixed is able to access that this deposits the station address list of card data and each station address corresponding access deadline.
Step S302 deposits signed certificate name value and verifies to the cryptographic Hash for depositing card data and second, wherein described the Two, which deposit signed certificate name value, carries out signature generation to the cryptographic Hash by using the private key of the second user.In the embodiment of the present application In, when endorse node receive user transmission deposit card data after, data is encrypted using sha256 Encryption Algorithm first Hash value is generated, and then is compared using this hash value and received hash, card failure is deposited if different.If hash value phase It is same then the corresponding public key information of address is found by station address address, then user is verified using public key and hash value The legitimacy for depositing signed certificate name value sign deposits card failure, if signature is legal, deposits and demonstrate,prove successfully if signature is illegal.When depositing When demonstrate,proving successfully, which is deposited to the index address for demonstrate,proving data as this.
If step S303 signs to the card data of depositing using local private key, pass through verifying by the institute after signature State deposit card data by be packaged node be packaged simultaneously cochain.In the embodiment of the present application, when the card data of depositing that user uploads are deposited After demonstrate,proving successfully, i.e., endorsement node endorsement after, endorsement node will use node private key to this deposit card data sign, sign After by after signature depositing card data packing node is sent to by way of broadcast.And then packing node will be after the signature It deposits card data and is packaged into block, and broadcasted in block chain network, to complete cochain.
In the alternative embodiment of the application, user can also call directly preset data deposit card interface carry out data deposit Card, the definition that data deposit card interface can be with are as follows:
" address ": " station address ",
" data ": " data content ",
" hash ": " the hash value for depositing card data ",
" sign ": " signed certificate name value is deposited based on hash "
“scope”:”public/private/protect”,
“AuthList”:[
{
" address ": " 1 address of user ",
" ExpireTime ": " access deadline (such as: 2018-10-5 18:10:20) "
},
{
" address ": " 2 address of user ",
" ExpireTime ": " access deadline (such as: 2018-6-5 15:10:20) "
}
]
It can be seen from the above description that in embodiments of the present invention, user deposits what is uploaded into block chain network When demonstrate,proving data, data access authority and authorization access list are provided in depositing card data.Card number is deposited when other users access this According to when, need according to data access authority and authorization access list judge whether the user has access authority, solved with this In block chain the problem of privacy of user data protection and the problem of user's private data authorization accesses.
Fig. 5 is the third flow chart of the method for protection user data privacy of the embodiment of the present invention based on block chain, such as Fig. 5 Shown, the method for the protection user data privacy based on block chain of the present embodiment includes step S401 to step S403.
Step S401 receives the second user to the data access condition change request for depositing card data, the number It include: authorization access list more new information and/or data access authority change information according to access conditions change request.In the application Embodiment in, when user want to deposit card data data access authority (scope) and/or authorization access list (AuthList) When being modified or updating, the change request of data access condition can be generated, and data access condition change request is passed through The mode of transaction is sent to the endorsement node of block chain network.In embodiments herein, the change request of data access condition May include: target data cryptographic Hash hash, station address address, user with private key to deposit card data cryptographic Hash Hash carry out signature generation deposit signed certificate name value sign and authorization access list more new information and/or data access authority more Convert to breath.
Step S402 changes the authorization access list for requesting that card data are deposited described in change according to the data access condition And/or data access authority, it generates to update and deposits card data.In embodiments herein, when endorsement node receives user's When the change request of data access condition, first the change request of data access conditions is verified.It is right in embodiments herein The change request of data access condition, which carries out verifying, to be, according to the station address in the change request of the data access condition of user Address is compared with the station address address stored in card data is deposited, and judges whether the user is that this deposits card data Owner.In embodiments herein, verifying to the change request of data access conditions can also be that endorsement node uses Station address address finds the corresponding public key information of address, then deposits signed certificate name using public key and cryptographic Hash hash verifying The legitimacy of value sign is verified and is not passed through if signature is illegal.If being verified, endorsement node is according to authorization Access Column Table more new information and/or data access authority change information carry out the authorization access list and data access authority of depositing card data Change updates, and generates update and deposit card data.
In the alternative embodiment of the application, it may include: three kinds of data access authorities that data access authority, which changes information, (scope), (authorized user can also be with by public (owner is accessible), private (only oneself could be accessed), protect Access) between handover information.
In the alternative embodiment of the application, endorsement node is awarded according to authorization access list more new information to card data are deposited Power access list, which is updated, to be specifically as follows, and endorsement node first extracts user all in authorization access list more new information Address address, and then station address address is searched in authorization access list, if searched less than if by user Location address is added in authorization access list, judges it is to delete or update according to state value status if finding, If it is deletion, then this station address address is removed from authorization access list, if it is update, just update this station address The access authority of address.
In the alternative embodiment of the application, to deposit card data authorization access list be updated can use it is preset Authorize access list more new interface, the definition of interface can be with are as follows:
{
" address ": " station address ",
" hash ": " the hash value for depositing card data ",
" sign ": " signed certificate name value is deposited based on hash "
“AuthList”:[
{
" status ": " 0: delete/1: updating ",
" address ": " 1 address of user ",
" ExpireTime ": " access deadline (such as: 2018-10-5 18:10:20) "
},
{
" status ": " 0: delete/1: updating ",
" address ": " 2 address of user ",
" ExpireTime ": " access deadline (such as: 2018-6-5 15:10:20) "
}
]
}
Step S403 deposits card data to the update using local private key and signs, the update after signature is deposited Card data be packaged simultaneously cochain by being packaged node.In the embodiment of the present application, when endorsement node will use node private key pair The update deposits card data and signs, and card data are deposited in updates after signature after signature and are sent to by way of broadcast dozen Packet node.And then the update after the signature is deposited card data and is packaged into block by packing node, and is carried out extensively in block chain network It broadcasts, to complete cochain.
It can be seen from the above description that the present invention realize user to deposit card data data access authority and Authorization access list is updated, and realizes protecting to private data for user flexibility, is also achieved user and is visited authorization Ask the management of data.
Fig. 6 is that the embodiment of the present invention judges whether the first user meets the flow chart of the method for data access condition, such as Fig. 6 Shown, above-mentioned steps S102 is visited according to the data access request and the data access authority for depositing card data and authorization It asks list, judges whether first user meets data access condition, can specifically include step S501 to step S504.
Step S501 determines the type of the data access authority.In embodiments herein, when the data of user are visited When asking that request passes through verifying, endorsement node is according to the data access authority (scope) and authorization access list for depositing card data (AuthList) whether verifying user meets the data access condition for depositing card data.In embodiments herein, user's setting Data access authority (scope) can be with are as follows: public (owner is accessible), private (only oneself could be accessed), One of protect (authorized user is also accessible).User can be stored in authorization access list (AuthList) to set Fixed is able to access that this deposits the station address list of card data and each station address corresponding access deadline.In this Shen In embodiment please, verify user whether meet deposit card data data access condition need to determine first deposit card data data Access authority (scope).
Step S502 is by verifying first user if to be limited to authorized user accessible for the data access rights It is no in the authorization access list, to judge whether first user meets data access condition.In the implementation of the application In example, when being protect (authorized user is also accessible) there are the data access authority of data (scope), node of endorsing The authorization access list (AuthList) for depositing card data is extracted, first determines whether the address of user whether in authorization access list (AuthList) in, if the address of user is further being judged whether within access deadline, if so, judging the use Family meets data access condition, if user in authorization access list (AuthList) or has not spent access deadline, Then judge that the user is unsatisfactory for data access condition, data access failure.
Step S503 judges that first user meets data if to be limited to owner accessible for the data access rights Access conditions.In embodiments herein, when there are the data access authority of data (scope), for public, (owner can With access) when, endorsement node directly judges that user meets data access condition.
Step S504, if the data access rights are limited to only, oneself is accessible, passes through the ground of verifying first user Location whether with it is described to deposit the address that stores in card data identical, to judge whether first user meets data query conditions. In embodiments herein, when there are the data access authority of data (scope) be private (only oneself could be accessed) When, endorsement node, which passes through, judge whether the address address of user demonstrate,proves the station address address phase that stores in data with depositing Together, judge whether user meets data access condition.If station address address in the data access request of user with When target deposits the station address address difference stored in card data, then judge that the user is unsatisfactory for data access condition, accesses Failure.
It should be noted that step shown in the flowchart of the accompanying drawings can be in such as a group of computer-executable instructions It is executed in computer system, although also, logical order is shown in flow charts, and it in some cases, can be with not The sequence being same as herein executes shown or described step.
Based on the same inventive concept, the protection user data privacy based on block chain that the embodiment of the invention also provides a kind of Device, the method that can be used to implement the described protection user data privacy based on block chain of above-described embodiment is as follows Described in the embodiment in face.The principle solved the problems, such as due to the device of the protection user data privacy based on block chain with based on block The method of the protection user data privacy of chain is similar, therefore the embodiment of the device of the protection user data privacy based on block chain It may refer to the embodiment of the method for the protection user data privacy based on block chain, overlaps will not be repeated.It is following to be made , the combination of the software and/or hardware of predetermined function may be implemented in term " unit " or " module ".Although following embodiment Described device preferably realized with software, but the combined realization of hardware or software and hardware be also may be simultaneously It is contemplated.
Fig. 7 is the first structure figure of the device of protection user data privacy of the embodiment of the present invention based on block chain, such as Fig. 7 It is shown, the device of protection user data privacy of the embodiment of the present invention based on block chain further include: data access request receives single Member 1, data access condition judgment unit 2 and deposit card data return unit 3.
Data access request receiving unit 1, for receiving the first user to the data access request for depositing card data.? In embodiments herein, when some that user wants access in block chain network deposits card data, first obtains this and deposit card data Index address (i.e. the cryptographic Hash for depositing card data), and then generate data access request, and data access request passed through into friendship Easy mode is sent to the endorsement node in block chain network.In embodiments herein, it can wrap in data access request Include: the address address and the user for being intended to access the cryptographic Hash hash, the user that deposit card data are deposited with private key to being intended to access The cryptographic Hash hash of card data carries out signature generation and deposits signed certificate name value sign.
Data access condition judgment unit 2, for according to the data access request and the data for depositing card data Access authority and authorization access list, judge whether first user meets data access condition.In embodiments herein In, after node of endorsing receives the data access request of user, first the data access request is verified, when being verified When, it extracts and is intended to access the data access authority (scope) for depositing card data and authorization access list (AuthList), and according to data Access authority (scope) and authorization access list (AuthList) judge whether the user meets the data for being intended to access and depositing card data Access conditions.
Deposit card data return unit 3, for when first user meets data access condition, the first user of Xiang Suoshu Card data are deposited described in transmission.In embodiments herein, when user meets the data access condition for depositing card data, endorsement section Point returns to this to the user and deposits card data.
Fig. 8 is the second structure chart of the device of protection user data privacy of the embodiment of the present invention based on block chain, such as Fig. 8 Shown, the device of protection user data privacy of the embodiment of the present invention based on block chain includes: to deposit card data receipt unit 4, deposit Demonstrate,prove data verification units 5 and upper chain element 6 of signing.
Card data receipt unit 4 is deposited, deposits card data for receive second user, wherein the card data of depositing include: number According to access authority and authorization access list.In embodiments herein, data access authority (scope) set by user and award Power access list (AuthList) can be used as deposit card data deposit card data value deposit block chain in.In embodiments herein In, data access authority (scope) set by user can be with are as follows: public (owner is accessible), private (only oneself Could access), one of protect (authorized user is also accessible).It can be stored up in authorization access list (AuthList) Have and set by user is able to access that this deposits the station address list of card data and the corresponding access of each station address ends Time.
Card data verification units 5 are deposited, are tested for depositing signed certificate name value to the cryptographic Hash for depositing card data and second Card, wherein described second, which deposits signed certificate name value, carries out signature generation to the cryptographic Hash by using the private key of the second user. In the embodiment of the present application, when endorse node receive user transmission deposit card data after, first use sha256 Encryption Algorithm Encryption is carried out to data and generates hash value, and then is compared using this hash value and received hash, card is deposited if different and is lost It loses.The corresponding public key information of address is found by station address address if hash value is identical, then uses public key The legitimacy that signed certificate name value sign is deposited with hash value verifying user deposits card failure if signature is illegal, if signature closes Method is then deposited and is demonstrate,proved successfully.
It chain element 6 on signature will if when for passing through verifying, being signed using local private key to the card data of depositing Card data are deposited described in after signature be packaged simultaneously cochain by being packaged node.In the embodiment of the present application, it is uploaded as user Deposit after card data deposit and demonstrate,prove successfully, i.e., after the endorsement of endorsement node, node of endorsing will use node private key this is deposited demonstrate,prove data into Row is signed, and the depositing card data after signature are sent to packing node by way of broadcast after signature.And then it is packaged node Card data of depositing after the signature are packaged into block, and are broadcasted in block chain network, to complete cochain.
Fig. 9 is the third structure chart of the device of protection user data privacy of the embodiment of the present invention based on block chain, such as Fig. 9 It is shown, the device of protection user data privacy of the embodiment of the present invention based on block chain further include: access conditions change request connects It receives unit 7 and card data generating unit 8 is deposited in update.
Access conditions changes request reception unit 7, visits for receiving the second user the data for depositing card data Ask condition change request, the data access condition change request includes: authorization access list more new information and/or data access Permission changes information.In embodiments herein, when user want to deposit card data data access authority (scope) and/or Authorization access list (AuthList) can be generated the change of data access condition and request when being modified or updating, and by the number The endorsement node of block chain network is sent to by way of transaction according to access conditions change request.In embodiments herein In, the change request of data access condition may include: the cryptographic Hash hash, station address address, user of target data private Key to deposit card data cryptographic Hash hash carry out signature generation deposit signed certificate name value sign and authorization access list more new information And/or data access authority changes information.
Card data generating unit 8 is deposited in update, requests to deposit card number described in change for being changed according to the data access condition According to authorization access list and/or data access authority, generate update deposits card data.In embodiments herein, work as endorsement When node receives the data access condition change request of user, first the change request of data access conditions is verified, if testing Card passes through, and endorsement node is according to authorization access list more new information and/or data access authority change information to depositing card data Authorization access list and data access authority are modified or update, and generate update and deposit card data.
In embodiments of the present invention, chain element 6 is also used for local private key and deposits card number to the update on the signature According to signing, card data are deposited into the update after signature and be packaged simultaneously cochain by being packaged node.Implement in the application Example in, when endorsement node will use node private key to the update deposit card data sign, after signature by after signature more It newly deposits card data and is sent to packing node by way of broadcast.And then the update after the signature is deposited card data and beaten by packing node It is bundled into block, and is broadcasted in block chain network, to complete cochain.
In an embodiment of the present invention, data access condition judgment unit 2 judges whether the first user meets and deposits card data Data access condition be specifically as follows, data access condition judgment unit 2 first extract deposit card data data access authority, sentence It is disconnected go out data access rights be limited to that owner is accessible, only oneself accessible or authorized user is accessible.If data access Permission is that authorized user is accessible, and data access condition judgment unit 2 is by verifying whether first user awards described It weighs in access list, to judge whether first user meets data access condition.In the embodiment of the present application, when data are visited When asking that permission is that authorized user is accessible, data access condition judgment unit 2 extracts the authorization access list for depositing card data (AuthList), the address of user is judged whether in authorization access list (AuthList), judges user if further if Address whether access deadline in, if then judging that the user meets data access condition, if user is not authorizing In access list (AuthList) or access deadline has been spent, then has judged that the user is unsatisfactory for data access condition.If number It is that owner is accessible according to access authority, data access condition judgment unit 2 directly judges that first user meets data Access conditions.If data access rights are limited to only, oneself is accessible, and data access condition judgment unit 2 passes through verifying described first Whether the address of user is identical as the station address address that stores in card data is deposited, to judge whether first user is full Sufficient data query conditions.
To achieve the goals above, according to the another aspect of the application, a kind of computer equipment, including storage are additionally provided Device, processor and storage on a memory and the computer program that can run on a processor, the processor execution meter The step in the method for the above-mentioned protection user data privacy based on block chain is realized when calculation machine program.
Processor can be central processing unit (Central Processing Unit, CPU).Processor can also be it His general processor, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, The combination of the chips such as discrete hardware components or above-mentioned all kinds of chips.
Memory as a kind of non-transient computer readable storage medium, can be used for storing non-transient software program, it is non-temporarily State computer executable program and unit, such as corresponding program unit in above method embodiment of the present invention.Processor passes through Non-transient software program, instruction and module stored in memory are run, thereby executing the various function application of processor And work data processing, that is, realize the method in above method embodiment.
Memory may include storing program area and storage data area, wherein storing program area can storage program area, extremely Application program required for a few function;It storage data area can the data etc. that are created of storage processor.In addition, memory can It can also include non-transient memory, for example, at least disk memory, a flash memory to include high-speed random access memory Device or other non-transient solid-state memories.In some embodiments, it includes remotely setting relative to processor that memory is optional The memory set, these remote memories can pass through network connection to processor.The example of above-mentioned network includes but is not limited to Internet, intranet, local area network, mobile radio communication and combinations thereof.
One or more of unit storages in the memory, when being executed by the processor, execute above-mentioned Method in embodiment.
Above-mentioned computer equipment detail can correspond to refering to associated description corresponding in above-described embodiment and effect into Row understands that details are not described herein again.
To achieve the goals above, according to the another aspect of the application, a kind of computer readable storage medium is additionally provided, The computer-readable recording medium storage has computer program, real when the computer program executes in the computer processor Step in the method for the existing above-mentioned protection user data privacy based on block chain.It will be understood by those skilled in the art that realizing All or part of the process in above-described embodiment method is relevant hardware can be instructed to complete by computer program, The program can be stored in a computer-readable storage medium, and the program is when being executed, it may include such as above-mentioned each method Embodiment process.Wherein, the storage medium can be magnetic disk, CD, read-only memory (Read-Only Memory, ROM), random access memory (RandomAccessMemory, RAM), flash memory (Flash Memory), Hard disk (Hard Disk Drive, abbreviation: HDD) or solid state hard disk (Solid-State Drive, SSD) etc.;The storage is situated between Matter can also include the combination of the memory of mentioned kind.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored Be performed by computing device in the storage device, perhaps they are fabricated to each integrated circuit modules or by they In multiple modules or step be fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific Hardware and software combines.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (12)

1. a kind of method of the protection user data privacy based on block chain characterized by comprising
The first user is received to the data access request for depositing card data;
According to the data access request and the data access authority for depositing card data and access list is authorized, described in judgement Whether the first user meets data access condition;
When first user meets data access condition, card data are deposited described in the first user of Xiang Suoshu transmission.
2. the method for the protection user data privacy according to claim 1 based on block chain, which is characterized in that the number It include: that the first of signature generation is carried out to the cryptographic Hash for depositing card data using the private key of first user according to access request Deposit signed certificate name value;
According to the data access request and the data access authority for depositing card data and access list is authorized, described in judgement Whether the first user meets data access condition, comprising:
Signed certificate name value is deposited to described first to verify;
When described first, which deposits signed certificate name value, passes through verifying, data access authority and authorization access are extracted in card data from described deposit List;
According to the data access request and the data access authority of extraction and authorization access list, described first is judged Whether user meets data access condition.
3. the method for the protection user data privacy according to claim 1 based on block chain, which is characterized in that described Before the first user is received to the data access request for depositing card data, further includes:
It receives the described of second user transmission and deposits card data, wherein is described to deposit the number that card data include: the second user setting According to access authority and authorization access list;
It deposits signed certificate name value to the cryptographic Hash for depositing card data and second to verify, wherein described second deposits signed certificate name value Signature generation is carried out to the cryptographic Hash by using the private key of the second user;
If pass through verifying, is signed using local private key to the card data of depositing, card data will be deposited described in after signature and are led to It crosses packing node and be packaged simultaneously cochain.
4. the method for the protection user data privacy according to claim 3 based on block chain, which is characterized in that also wrap It includes:
The second user is received to the data access condition change request for depositing card data, the data access condition change Request includes: authorization access list more new information and/or data access authority change information;
The authorization access list and/or data access rights for requesting that card data are deposited described in change are changed according to the data access condition Limit generates to update and deposits card data;
Card data are deposited to the update using local private key to sign, and card data are deposited into the update after signature and pass through packing Node be packaged and cochain.
5. the method for the protection user data privacy according to claim 1 based on block chain, which is characterized in that the number It include: that owner is accessible, only oneself accessible and authorized user is one of accessible according to access authority;
According to the data access request and the data access authority for depositing card data and access list is authorized, described in judgement Whether the first user meets data access condition, comprising:
Determine the type of the data access authority;
If it is accessible that the data access rights are limited to authorized user, by whether verifying first user in authorization visit It asks in list, to judge whether first user meets data access condition;It can if the data access rights are limited to owner With access, judge that first user meets data access condition.
6. the method for the protection user data privacy according to claim 5 based on block chain, which is characterized in that the number It include: the address of first user according to access request;
According to the data access request and the data access authority for depositing card data and access list is authorized, described in judgement Whether the first user meets data access condition, further includes:
If the data access rights are limited to only, oneself is accessible, and whether the address by verifying first user deposits with described The address stored in card data is identical, to judge whether first user meets data query conditions.
7. a kind of device of the protection user data privacy based on block chain characterized by comprising
Data access request receiving unit, for receiving the first user to the data access request for depositing card data;
Data access condition judgment unit, for according to the data access request and the data access rights for depositing card data Limit and authorization access list, judge whether first user meets data access condition;
Card data return unit is deposited, for when first user meets data access condition, the first user of Xiang Suoshu to be sent It is described to deposit card data.
8. the device of the protection user data privacy according to claim 7 based on block chain, which is characterized in that the number It include: that the first of signature generation is carried out to the cryptographic Hash for depositing card data using the private key of first user according to access request Deposit signed certificate name value;
The data access condition judgment unit is also used to: being deposited signed certificate name value to described first and is verified;It deposits when described first When signed certificate name value passes through verifying, data access authority and authorization access list are extracted in card data from described deposit;According to the number According to access request and the data access authority of extraction and authorization access list, judge whether first user meets number According to access conditions.
9. the device of the protection user data privacy according to claim 7 based on block chain, which is characterized in that also wrap It includes:
Card data receipt unit is deposited, deposits card data described in second user transmission for receiving, wherein described to deposit card data packet It includes: the data access authority and authorization access list of the second user setting;
Card data verification units are deposited, are verified for depositing signed certificate name value to the cryptographic Hash for depositing card data and second, In, described second, which deposits signed certificate name value, carries out signature generation to the cryptographic Hash by using the private key of the second user;
Chain element on signature, if when for passing through verifying, being signed using local private key to the card data of depositing, after signature Described deposit card data and be packaged simultaneously cochain by being packaged node.
10. the device of the protection user data privacy according to claim 9 based on block chain, which is characterized in that also wrap It includes:
Access conditions changes request reception unit, for receiving the second user to the data access condition for depositing card data Change request, the data access condition change request includes: to authorize access list more new information and/or data access authority more Convert to breath;
Card data generating unit is deposited in update, requests to deposit awarding for card data described in change for being changed according to the data access condition Access list and/or data access authority are weighed, generates to update and deposits card data;
Chain element is also used on the signature: being deposited card data to the update using local private key and is signed, after signature The update deposits card data and be packaged simultaneously cochain by being packaged node.
11. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, which is characterized in that the processor realizes any one of claim 1 to 6 method when executing the computer program In step.
12. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists In realization such as the step in claim 1 to 6 any one method when the computer program executes in the computer processor Suddenly.
CN201811485844.4A 2018-12-06 2018-12-06 The method and device of protection user data privacy based on block chain Pending CN109600366A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811485844.4A CN109600366A (en) 2018-12-06 2018-12-06 The method and device of protection user data privacy based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811485844.4A CN109600366A (en) 2018-12-06 2018-12-06 The method and device of protection user data privacy based on block chain

Publications (1)

Publication Number Publication Date
CN109600366A true CN109600366A (en) 2019-04-09

Family

ID=65962185

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811485844.4A Pending CN109600366A (en) 2018-12-06 2018-12-06 The method and device of protection user data privacy based on block chain

Country Status (1)

Country Link
CN (1) CN109600366A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019141290A3 (en) * 2019-05-15 2020-03-05 Alibaba Group Holding Limited Processing data elements stored in blockchain networks
CN110990804A (en) * 2020-03-03 2020-04-10 支付宝(杭州)信息技术有限公司 Resource access method, device and equipment
CN111475859A (en) * 2020-04-08 2020-07-31 珠海复旦创新研究院 Data sharing and database asynchronous verifiable query method, system and equipment based on block chain technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106992990A (en) * 2017-05-19 2017-07-28 北京牛链科技有限公司 Data sharing method and system and block catenary system and computing device
CN107103252A (en) * 2017-04-27 2017-08-29 电子科技大学 Data access control method based on block chain
CN107896213A (en) * 2017-11-16 2018-04-10 重庆忠昇数据处理服务有限公司 Electronic prescription date storage method
US20180144153A1 (en) * 2016-11-21 2018-05-24 Adobe Systems Incorporated Providing user control of shared personal information
CN108563788A (en) * 2018-04-27 2018-09-21 腾讯科技(深圳)有限公司 Data query method, apparatus, server and storage medium based on block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180144153A1 (en) * 2016-11-21 2018-05-24 Adobe Systems Incorporated Providing user control of shared personal information
CN107103252A (en) * 2017-04-27 2017-08-29 电子科技大学 Data access control method based on block chain
CN106992990A (en) * 2017-05-19 2017-07-28 北京牛链科技有限公司 Data sharing method and system and block catenary system and computing device
CN107896213A (en) * 2017-11-16 2018-04-10 重庆忠昇数据处理服务有限公司 Electronic prescription date storage method
CN108563788A (en) * 2018-04-27 2018-09-21 腾讯科技(深圳)有限公司 Data query method, apparatus, server and storage medium based on block chain

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019141290A3 (en) * 2019-05-15 2020-03-05 Alibaba Group Holding Limited Processing data elements stored in blockchain networks
US10778445B1 (en) 2019-05-15 2020-09-15 Alibaba Group Holding Limited Processing data elements stored in blockchain networks
US10917249B2 (en) 2019-05-15 2021-02-09 Advanced New Technologies Co., Ltd. Processing data elements stored in blockchain networks
CN110990804A (en) * 2020-03-03 2020-04-10 支付宝(杭州)信息技术有限公司 Resource access method, device and equipment
CN111475859A (en) * 2020-04-08 2020-07-31 珠海复旦创新研究院 Data sharing and database asynchronous verifiable query method, system and equipment based on block chain technology

Similar Documents

Publication Publication Date Title
EP3404891B1 (en) Method and system for distributing digital content in peer-to-peer network
Ali et al. IoT data privacy via blockchains and IPFS
US9307405B2 (en) Method for assigning an agent device from a first device registry to a second device registry
JP2019013009A (en) Automatic fraudulent digital certificate detection
Nikitin et al. {CHAINIAC}: Proactive software-update transparency via collectively signed skipchains and verified builds
JP6547079B1 (en) Registration / authorization method, device and system
US20190164137A1 (en) Blockchain-implemented method and system
US20170147808A1 (en) Tokens for multi-tenant transaction database identity, attribute and reputation management
TW201835784A (en) The internet of things
CN108650270B (en) Data sharing method and system based on alliance chain and incentive mechanism
CN110073353A (en) Operating system and method based on container
CA3019276A1 (en) Operating system for blockchain iot devices
CN105718782B (en) For obtaining the method and system of identification information on the mobile apparatus
CN106330865B (en) The attribute base keyword searching method efficiently cancelled and cloud computing application system are supported under cloud environment
CN102271042B (en) Certificate authorization method, system, universal serial bus (USB) Key equipment and server
Baza et al. Blockchain-based firmware update scheme tailored for autonomous vehicles
CN109196816A (en) Use the public key infrastructure of block chain
JP5747981B2 (en) System and method for remote maintenance of multiple clients in an electronic network using virtual machines
US9226143B2 (en) Controlling application access to mobile device functions
CN107171785A (en) A kind of digital copyright management method based on block chain technology
CN102405630B (en) System of multiple domains and domain ownership
JP5314016B2 (en) Information processing apparatus, encryption key management method, computer program, and integrated circuit
JP2015532561A (en) Method, system, and computer program product for determining the geographical location of a virtual disk image running on a data center server in a data center
US8997198B1 (en) Techniques for securing a centralized metadata distributed filesystem
CN102549576B (en) Examination & verification equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20210118

Address after: 215163 No. 9 Xuesen Road, Science and Technology City, Suzhou High-tech Zone, Jiangsu Province

Applicant after: Suzhou Lang run innovation intellectual property operation Co.,Ltd.

Address before: 100034 4008, 4 floor, 9 building, 56 half moon street, Xicheng District, Beijing.

Applicant before: SINOCHAIN TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right