CN109660485A - A kind of authority control method and system based on the transaction of block chain - Google Patents

A kind of authority control method and system based on the transaction of block chain Download PDF

Info

Publication number
CN109660485A
CN109660485A CN201710934427.2A CN201710934427A CN109660485A CN 109660485 A CN109660485 A CN 109660485A CN 201710934427 A CN201710934427 A CN 201710934427A CN 109660485 A CN109660485 A CN 109660485A
Authority
CN
China
Prior art keywords
node
key
transaction
transaction data
decrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710934427.2A
Other languages
Chinese (zh)
Inventor
陈双
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201710934427.2A priority Critical patent/CN109660485A/en
Publication of CN109660485A publication Critical patent/CN109660485A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Abstract

The invention discloses a kind of authority control methods and system based on the transaction of block chain, it is related to block chain and technical field of cryptology, its method includes: each node in block chain by registering to certificate authority, the public key and decrypted private key of the node are obtained, and acquired public key and decrypted private key are sent to the certificate authority and saved;After the public key of random symmetric key and the second transaction node that the first transaction node in block chain is generated using it encrypts transaction data, each node for encrypted ciphertext transaction data being sent in block chain;When monitoring party checks the ciphertext transaction data, after being decrypted from the decrypted private key that the certificate authority obtains second transaction node, plaintext transaction data is obtained.

Description

A kind of authority control method and system based on the transaction of block chain
Technical field
The present invention relates to block chain and technical field of cryptology, in particular to a kind of permission control based on the transaction of block chain Method and system.
Background technique
Block chain is substantially a kind of distributed data base, and transaction account book is distributed in all nodes in block chain network On, in practical commercial online transaction, the participant of each transaction can not be related to all nodes in block chain network completely, To meet on all nodes for being stored in account book distribution in block chain network while trading privacy, and avoid because of account book Account book caused by distribution discloses problem, has the right to decrypt account book progress account to reach the node only participated in business or be authorized to Originally check, no authorization node can not ciphertext data purpose, and then realize do not cause transaction data external because of account book distribution Visible function.
Meanwhile in the case where meeting transaction privacy, to consider to meet regulatory requirements, can allow auditing party or supervision side The decrypted transaction data in the case where being not required to authorization.Since supervision or auditing party lower without permission can decrypt account book, it is necessary into A possibility that one step prevents monitoring party from distorting transaction data, to realize the safety of transaction data.
Summary of the invention
The technical issues of scheme provided according to embodiments of the present invention solves is to solve block chain by authority control method Middle transaction data can only be from trade agreement side or authorization node, it is ensured that transaction privacy, and ensuring data privacy In the case of meet supervision needs.
A kind of authority control method based on the transaction of block chain provided according to embodiments of the present invention, comprising:
Each node in block chain obtains the public private key pair of the node by registering to certificate authority, and by institute The public key and decrypted private key of acquisition are sent to the certificate authority and are saved;
The first transaction node in block chain utilizes the random symmetric key of its generation and the public key pair of the second transaction node After transaction data is encrypted, each node for encrypted ciphertext transaction data being sent in block chain;
When monitoring party checks the ciphertext transaction data, by obtaining second transaction from the certificate authority After the decrypted private key of node is decrypted, plaintext transaction data is obtained.
Preferably, the random symmetric key and the second transaction that the first transaction node in the block chain is generated using it save After the public key of point encrypts transaction data, each node packet for encrypted ciphertext transaction data being sent in block chain It includes:
First transaction node carries out generated random symmetric key using the public key of second transaction node Encryption obtains encryption random symmetric key;
First transaction node generates random symmetric key using its public key and decrypted private key, and using it is generated with Transaction data is encrypted in machine symmetric key, obtains encrypting transactions data;
Obtained encryption random symmetric key is superimposed by first transaction node with obtained encrypting transactions data After processing, ciphertext transaction data is obtained, and obtained ciphertext transaction data is sent to each node in block chain.
Preferably, described when monitoring party checks the ciphertext transaction data, by being obtained from the certificate authority After the decrypted private key of second transaction node is decrypted, obtaining plaintext transaction data includes:
When monitoring party checks the ciphertext transaction data, certificate authority described in the supervision direction is sent comprising prison The decrypted private key application of pipe side's signature key is requested, after being verified the certificate authority to monitoring party signature key, The second transaction node decrypted private key is sent to the monitoring party;
After the monitoring party receives the second transaction node decrypted private key, decrypted using second transaction node private The encryption random symmetric key in the ciphertext transaction data is decrypted in key, obtains random symmetric key;
The monitoring party is using obtained random symmetric key to the encrypting transactions data in the ciphertext transaction data It is decrypted, obtains plaintext transaction data.
Preferably, further includes:
When second transaction node checks the ciphertext transaction data, traded using its decrypted private key to the ciphertext Encryption random symmetric key in data is decrypted, and obtains random symmetric key, and utilize obtained random symmetric Encrypting transactions data in ciphertext transaction data described in key pair is decrypted, and obtains plaintext transaction data.
Preferably, further include the steps that any nontransaction node in the block chain checks the ciphertext transaction data, It specifically includes:
First transaction node receives the checking comprising nontransaction node signature key that the nontransaction node is sent Application request;
First transaction node carries out verification processing to the nontransaction node signature key, and after being verified, Its random symmetric key is encrypted using the nontransaction node public key, obtains nontransaction node encrytion random symmetric Key;
Obtained nontransaction node encrytion random symmetric key is sent to described nontransaction by first transaction node The nontransaction node is decrypted to nontransaction node encrytion random symmetric key using its decrypted private key in node Afterwards, random symmetric key is obtained, and the encrypting transactions data that it is saved is decrypted using obtained random symmetric key Processing, obtains plaintext transaction data.
A kind of authority control system based on the transaction of block chain provided according to embodiments of the present invention, comprising:
Certificate authority returns to the public affairs of each node for receiving registration request that each node is sent respectively to each node Key and decrypted private key, and the public key of each node and decrypted private key are saved;
First transaction node, the public key of random symmetric key and the second transaction node for being generated using it is to number of deals After being encrypted, each node for encrypted ciphertext transaction data being sent in block chain;
Monitoring party, for when checking the ciphertext transaction data, by obtaining described the from the certificate authority After the decrypted private key of two transaction nodes is decrypted, plaintext transaction data is obtained.
Preferably, first transaction node includes:
First encryption unit carries out generated random symmetric key for the public key using second transaction node Encryption obtains encryption random symmetric key;
Second encryption unit, for utilizing its public key and decrypted private key to generation random symmetric key, and produced by use Random symmetric key transaction data is encrypted, obtain encrypting transactions data;
Superpositing unit is used for obtained encryption random symmetric key and obtained encrypting transactions data superposition processing Afterwards, ciphertext transaction data is obtained, and obtained ciphertext transaction data is sent to each node in block chain.
Preferably, the monitoring party includes:
Transmission unit, for when checking the ciphertext transaction data, Xiang Suoshu certificate authority to be sent comprising supervision The decrypted private key application of square signature key is requested, will after being verified the certificate authority to monitoring party signature key The second transaction node decrypted private key is sent to the monitoring party;
Decryption unit utilizes the second transaction node solution after receiving the second transaction node decrypted private key The encryption random symmetric key in the ciphertext transaction data is decrypted in close private key, obtains random symmetric key;
Unit is checked, for utilizing obtained random symmetric key to the encryption number of deals in the ciphertext transaction data According to being decrypted, plaintext transaction data is obtained.
It preferably, further include the second transaction node, for utilizing its decrypted private key when checking the ciphertext transaction data Encryption random symmetric key in the ciphertext transaction data is decrypted, obtains random symmetric key, and utilize institute The encrypting transactions data in the ciphertext transaction data is decrypted in obtained random symmetric key, obtains trading in plain text Data.
Preferably, first transaction node further include:
Receiving unit checks application comprising nontransaction node signature key for receive that the nontransaction node sends Request;
Verifying and encryption unit for carrying out verification processing to the nontransaction node signature key, and are being verified Afterwards, its random symmetric key is encrypted using the nontransaction node public key, it is random obtains nontransaction node encrytion Symmetric key;
Transmission unit, for obtained nontransaction node encrytion random symmetric key to be sent to the nontransaction section Point, after the nontransaction node is decrypted to nontransaction node encrytion random symmetric key using its decrypted private key, Random symmetric key is obtained, and place is decrypted to the encrypting transactions data that it is saved using obtained random symmetric key Reason, obtains plaintext transaction data.
The scheme provided according to embodiments of the present invention has authority control method simple, can be in protection transaction privacy Under the premise of, meet regulatory requirements, while in the case where meeting supervision situation, realize the safety of transaction, and permission control can be with Dynamic is set, and does not need to preset authorization node before system deployment, under the premise of meeting transaction privacy, meets supervision It is required that realizing the safety of transaction data.
Detailed description of the invention
Fig. 1 is a kind of flow chart of authority control method based on the transaction of block chain provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic diagram of authority control system based on the transaction of block chain provided in an embodiment of the present invention;
Fig. 3 is block catenary system schematic diagram provided in an embodiment of the present invention;
Fig. 4 is the flow diagram of the authority control method provided in an embodiment of the present invention based on the transaction of block chain;
Fig. 5 is member registration certificate provided in an embodiment of the present invention and management schematic diagram;
Fig. 6 is encryption and decryption transaction data schematic diagram provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with attached drawing to a preferred embodiment of the present invention will be described in detail, it should be understood that described below is excellent Select embodiment only for the purpose of illustrating and explaining the present invention and is not intended to limit the present invention.
Fig. 1 is a kind of flow chart of authority control method based on the transaction of block chain provided in an embodiment of the present invention, such as Fig. 1 It is shown, comprising:
Step S101: each node in block chain by being registered to certificate authority, obtain the node public key and Decrypted private key, and acquired public key and decrypted private key are sent to the certificate authority and saved;
Step S102: the random symmetric key and the second transaction node that the first transaction node in block chain utilizes it to generate Public key transaction data is encrypted after, each node for encrypted ciphertext transaction data being sent in block chain;
Step S103: when monitoring party checks the ciphertext transaction data, by obtaining institute from the certificate authority State the second transaction node decrypted private key be decrypted after, obtain plaintext transaction data.
Wherein, the random symmetric key and the second transaction node that the first transaction node in the block chain utilizes it to generate Public key transaction data is encrypted after, each node packet for encrypted ciphertext transaction data being sent in block chain Include: first transaction node carries out at encryption generated random symmetric key using the public key of second transaction node Reason obtains encryption random symmetric key;First transaction node generates random symmetric key using its public key and decrypted private key, And transaction data is encrypted using generated random symmetric key, obtain encrypting transactions data;Described first hands over Easy node obtains ciphertext transaction for after obtained encryption random symmetric key and obtained encrypting transactions data superposition processing Data, and obtained ciphertext transaction data is sent to each node in block chain.
Wherein, described when monitoring party checks the ciphertext transaction data, by obtaining institute from the certificate authority State the second transaction node decrypted private key be decrypted after, obtaining plaintext transaction data includes: when monitoring party check it is described When ciphertext transaction data, certificate authority described in the supervision direction sends the decrypted private key Shen comprising monitoring party signature key It please request, after being verified the certificate authority to monitoring party signature key, second transaction node be decrypted private Key is sent to the monitoring party;After the monitoring party receives the second transaction node decrypted private key, handed over using described second The encryption random symmetric key in the ciphertext transaction data is decrypted in easy node decryption private key, obtains random symmetric Key;The monitoring party carries out the encrypting transactions data in the ciphertext transaction data using obtained random symmetric key Decryption processing obtains plaintext transaction data.
The embodiment of the invention also includes: when second transaction node checks the ciphertext transaction data, utilize its solution The encryption random symmetric key in the ciphertext transaction data is decrypted in close private key, obtains random symmetric key, and The encrypting transactions data in the ciphertext transaction data is decrypted using obtained random symmetric key, is obtained bright Literary transaction data.
The embodiment of the invention also includes any nontransaction nodes in the block chain to check the ciphertext transaction data Step specifically includes: what first transaction node received the nontransaction node transmission includes nontransaction node signature key Check application request;First transaction node carries out verification processing to the nontransaction node signature key, and is verifying By rear, its random symmetric key is encrypted using the nontransaction node public key, obtains nontransaction node encrytion Random symmetric key;Obtained nontransaction node encrytion random symmetric key is sent to described non-by first transaction node Transaction node makes the nontransaction node that place be decrypted to nontransaction node encrytion random symmetric key using its decrypted private key After reason, random symmetric key is obtained, and solve to the encrypting transactions data that it is saved using obtained random symmetric key Close processing obtains plaintext transaction data.
Fig. 2 is a kind of schematic diagram of authority control system based on the transaction of block chain provided in an embodiment of the present invention, such as Fig. 2 It is shown, comprising: certificate authority 201 returns to each section to each node for receiving the registration request that each node is sent respectively The public key and decrypted private key of point, and the public key of each node and decrypted private key are saved;First transaction node 202, for benefit After the public key of the random symmetric key and the second transaction node that are generated with it encrypts transaction data, by encrypted ciphertext Transaction data is sent to each node in block chain;Monitoring party 203, for passing through when checking the ciphertext transaction data After the decrypted private key for obtaining second transaction node from the certificate authority is decrypted, plaintext number of deals is obtained According to.
Wherein, first transaction node 202 includes: the first encryption unit, for utilizing second transaction node Generated random symmetric key is encrypted in public key, obtains encryption random symmetric key;Second encryption unit, is used for Random symmetric key is generated using its public key and decrypted private key, and transaction data is carried out using generated random symmetric key Encryption obtains encrypting transactions data;Superpositing unit, for adding obtained encryption random symmetric key with obtained After close transaction data superposition processing, ciphertext transaction data is obtained, and obtained ciphertext transaction data is sent in block chain Each node.
Wherein, the monitoring party 203 includes: transmission unit, for when checking the ciphertext transaction data, to the card Book authorization center sends the decrypted private key application comprising monitoring party signature key and requests, and makes the certificate authority to monitoring party After signature key is verified, the second transaction node decrypted private key is sent to the monitoring party;Decryption unit, for connecing After receiving the second transaction node decrypted private key, using the second transaction node decrypted private key to the ciphertext transaction data In encryption random symmetric key be decrypted, obtain random symmetric key;Check unit, for using it is obtained with The encrypting transactions data in the ciphertext transaction data is decrypted in machine symmetric key, obtains plaintext transaction data.
The embodiment of the invention also includes the second transaction nodes, for utilizing its solution when checking the ciphertext transaction data The encryption random symmetric key in the ciphertext transaction data is decrypted in close private key, obtains random symmetric key, and The encrypting transactions data in the ciphertext transaction data is decrypted using obtained random symmetric key, is obtained bright Literary transaction data.
Wherein, first transaction node 202 further include: receiving unit, for receiving the nontransaction node transmission Application request is checked comprising nontransaction node signature key;Verifying and encryption unit, for signing to the nontransaction node Key carries out verification processing, and after being verified, is added using the nontransaction node public key to its random symmetric key Close processing obtains nontransaction node encrytion random symmetric key;Transmission unit, for by obtained nontransaction node encrytion with Machine symmetric key is sent to the nontransaction node, makes the nontransaction node using its decrypted private key to nontransaction node encrytion After random symmetric key is decrypted, random symmetric key is obtained, and protect to it using obtained random symmetric key The encrypting transactions data deposited is decrypted, and obtains plaintext transaction data.
The embodiment of the present invention user terminal register generate certificate public key and decrypted private key, signature key as user only One identification is simultaneously taken care of in local keeping, encryption key and public key by the center CA by user, and monitoring party can obtain user's Encryption key;A certain range of node is concluded the transaction in block chain, and transaction data is by encryption either in transaction and will hand over All nodes of the easy data distribution into block chain network carry out distributed storage;Transaction acceptance can pass through in block chain network Decrypted private key decrypts progress account book to transaction data and checks that unauthorized node is merely responsible for keeping accounts, can not decrypted transaction data;Transaction Fang Liyong authorization node public key carries out encryption to transaction data and realizes authorization;Monitoring party is not needing to award using member's encryption key Account book is carried out in the case of power checks realization supervision.
As shown in attached drawing 3-4, the authority control method and system of the invention based on the transaction of block chain, this method step It is:
S1: permission system is configured for each node in block chain network, and disposes encryption and decryption intelligence contract and permission intelligence It can contract;
Wherein, the permission system includes permission intelligence contract and encryption and decryption intelligence contract.The permission intelligence contract is used In access privilege control, i.e. control has lack of competence, controls whether to authorize by permission intelligence contract;The encryption and decryption intelligence contract For transmitting the encryption and decryption information between transaction node and authorization node.
S2: user terminal registration generate certificate public private key pair, signature key as user unique identities and existed by user Local keeping, encryption key and public key are taken care of by the center CA, and monitoring party obtains the encryption key of user by the center CA;
S3: after a certain range of node is concluded the transaction in block chain, transaction data either in bargaining colony by adding It is close and by transaction data by the channel RPC be distributed to all nodes in block chain network carry out distributed storage;
S4: transaction acceptance side, which uses to decrypt transaction data in the decrypted private key locally taken care of, in block chain network carries out account Originally it checks, unauthorized node is merely responsible for keeping accounts, no decrypted transaction data function;
S5: counterparty carries out encryption realization to transaction data using authorization node public key and awards to the data of nontransaction node Power;
S6: monitoring party carries out account book in the case where not needing authorization conditions from the center CA acquisition encryption key and checks realization supervision.
As shown in figure 5, user terminal registration obtains digital certificate, the key in digital certificate includes signature key and encrypts close Key, signature key are unique identifications, for trading signature and by user in local preservation in process of exchange;It encrypts close Key is used for encryption and decryption data, is stored by Key Management Center and is put on record, and monitoring party can extract the encryption and decryption private key of user, decryption Transaction data;
As shown in fig. 6, a certain range of node A, B establish channel and are individually traded in block chain, block chain network In have neither part nor lot in the block chain node of transaction and be merely responsible for storing encrypted transaction data;When A, B are traded, by user A (or User B) generate this transaction random symmetric encryption key transaction data is encrypted;
Counterparty A encrypts transaction data using the encrypted public key of counterparty B, the specific steps of which are as follows:
Step 1: either one node generates a random symmetric key in bargaining colony;
Step 2: generating the transaction node of random symmetric key respectively using the public affairs of the transaction acceptance side for agreement of concluding the transaction Key encrypts the key being randomly generated, and there are in transaction data by encrypted data;
Step 3: after encrypted transaction data, encryption information data being sent to by transaction acceptance side and block by intelligent contract All nodes in chain network;
Transaction acceptance side B is after receiving the transaction data of encryption in block chain network, using in the encryption locally taken care of The random symmetric key for obtaining and generating when encryption is decrypted in private key pair encryption data, and uses random symmetric key decrypted transaction Data obtain transaction in plain text;
Counterparty A carries out encryption realization to transaction data using the public key of authorized user C and awards to the data of nontransaction node Power, specific steps include:
Counterparty A in bargaining colony receive user C check transaction data request after, tested by encryption and decryption intelligence contract The identity of user C is demonstrate,proved, if authentication fails, refuses to authorize, and refusal information is broadcast to block link network by the channel RPC Node in network;Otherwise authorization is decrypted, is sent to authorized party for confidential information is solved using intelligent contract;And authorization message is led to It crosses the channel RPC and carries out the whole network broadcast, write into block;
Step 2: after the identity of counterparty's A confirmation request node C, using requesting party C public key being carried out to data asymmetric add It is close, confidential information will be solved by intelligent contract after encryption and be distributed to authorization node C, authorization node C is solved after obtaining decruption key It is close to check data;
Monitoring party is carried out account book in the case where not needing authorization conditions using user encryption key and checks realization supervision;Monitoring party is logical It crosses permission intelligence contract to initiate to obtain key request to the center CA, after CA central authentication monitoring party signature key, passes through the channel RPC Decruption key is sent to monitoring party, monitoring party carries out account book using decruption key and checks;After monitoring party obtains encryption and decryption private key It is only able to achieve account book look facility, transaction data cannot be distorted;To prevent monitoring party from distorting transaction data using dual key to mould It is quasi- to realize, dual key to comprising signature key to add title key pair, i.e., monitoring party cannot be obtained locally is being saved by user Signature private key.
The scheme provided according to embodiments of the present invention, by being encrypted to transaction data, to effectively utilize block The characteristics of chain Distributed Storage transaction data, and guarantee transaction privacy, and not because of data distributed storage caused by The problem that data disclose, and regulatory requirements can be met in the case where meeting privacy.
Although describing the invention in detail above, but the invention is not restricted to this, those skilled in the art of the present technique It can be carry out various modifications with principle according to the present invention.Therefore, all to be modified according to made by the principle of the invention, all it should be understood as Fall into protection scope of the present invention.

Claims (10)

1. a kind of authority control method based on the transaction of block chain, comprising:
Each node in block chain obtains the public private key pair of the node, and will be acquired by registering to certificate authority Public key and decrypted private key be sent to the certificate authority and saved;
The public key of random symmetric key and the second transaction node that the first transaction node in block chain is generated using it is to transaction After data are encrypted, each node for encrypted ciphertext transaction data being sent in block chain;
When monitoring party checks the ciphertext transaction data, by obtaining second transaction node from the certificate authority Decrypted private key be decrypted after, obtain plaintext transaction data.
2. according to the method described in claim 1, the random symmetric that the first transaction node in the block chain utilizes it to generate After the public key of key and the second transaction node encrypts transaction data, encrypted ciphertext transaction data is sent to block Each node in chain includes:
First transaction node encrypts generated random symmetric key using the public key of second transaction node Processing obtains encryption random symmetric key;
First transaction node generates random symmetric key using its public key and decrypted private key, and using generated random right Claim key pair transaction data to be encrypted, obtains encrypting transactions data;
First transaction node is by obtained encryption random symmetric key and obtained encrypting transactions data superposition processing Afterwards, ciphertext transaction data is obtained, and obtained ciphertext transaction data is sent to each node in block chain.
3. according to the method described in claim 2, described when monitoring party checks the ciphertext transaction data, by from the card After the decrypted private key that book authorization center obtains second transaction node is decrypted, obtaining plaintext transaction data includes:
When monitoring party checks the ciphertext transaction data, it includes monitoring party that certificate authority described in the supervision direction, which is sent, The decrypted private key application of signature key is requested, after being verified the certificate authority to monitoring party signature key, by institute It states the second transaction node decrypted private key and is sent to the monitoring party;
After the monitoring party receives the second transaction node decrypted private key, the second transaction node decrypted private key pair is utilized Encryption random symmetric key in the ciphertext transaction data is decrypted, and obtains random symmetric key;
The monitoring party carries out the encrypting transactions data in the ciphertext transaction data using obtained random symmetric key Decryption processing obtains plaintext transaction data.
4. according to the method described in claim 1, further include:
When second transaction node checks the ciphertext transaction data, using its decrypted private key to the ciphertext transaction data In encryption random symmetric key be decrypted, obtain random symmetric key, and utilize obtained random symmetric key Encrypting transactions data in the ciphertext transaction data is decrypted, plaintext transaction data is obtained.
5. according to the method described in claim 1, further including that any nontransaction node in the block chain checks the ciphertext The step of transaction data, specifically includes:
What first transaction node received that the nontransaction node sends checks application comprising nontransaction node signature key Request;
First transaction node carries out verification processing to the nontransaction node signature key, and after being verified, utilizes Its random symmetric key is encrypted in the nontransaction node public key, and it is close to obtain nontransaction node encrytion random symmetric Key;
Obtained nontransaction node encrytion random symmetric key is sent to the nontransaction node by first transaction node, After the nontransaction node is decrypted to nontransaction node encrytion random symmetric key using its decrypted private key, obtain Random symmetric key, and the encrypting transactions data that it is saved is decrypted using obtained random symmetric key, it obtains To plaintext transaction data.
6. a kind of authority control system based on the transaction of block chain, comprising:
Certificate authority, for receive respectively registration request that each node is sent to each node return each node public key and Decrypted private key, and the public key of each node and decrypted private key are saved;
First transaction node, for using its generate random symmetric key and the second transaction node public key to transaction data into It goes after encrypting, each node encrypted ciphertext transaction data being sent in block chain;
Monitoring party, for being handed over by obtaining described second from the certificate authority when checking the ciphertext transaction data After the decrypted private key of easy node is decrypted, plaintext transaction data is obtained.
7. system according to claim 6, first transaction node include:
First encryption unit, for being encrypted using the public key of second transaction node to generated random symmetric key Processing obtains encryption random symmetric key;
Second encryption unit, for generating random symmetric key using its public key and decrypted private key, and using generated random Transaction data is encrypted in symmetric key, obtains encrypting transactions data;
Superpositing unit, for by after obtained encryption random symmetric key and obtained encrypting transactions data superposition processing, Ciphertext transaction data is obtained, and obtained ciphertext transaction data is sent to each node in block chain.
8. system according to claim 7, the monitoring party include:
Transmission unit, for when checking the ciphertext transaction data, it to include monitoring party label that Xiang Suoshu certificate authority, which is sent, The decrypted private key application request of name key will be described after being verified the certificate authority to monitoring party signature key Second transaction node decrypted private key is sent to the monitoring party;
Decryption unit is decrypted private after receiving the second transaction node decrypted private key using second transaction node The encryption random symmetric key in the ciphertext transaction data is decrypted in key, obtains random symmetric key;
Check unit, for using obtained random symmetric key to the encrypting transactions data in the ciphertext transaction data into Row decryption processing obtains plaintext transaction data.
9. system according to claim 6 further includes the second transaction node, for checking the ciphertext transaction data When, the encryption random symmetric key in the ciphertext transaction data is decrypted using its decrypted private key, is obtained random Symmetric key, and the encrypting transactions data in the ciphertext transaction data is decrypted using obtained random symmetric key Processing, obtains plaintext transaction data.
10. system according to claim 6, first transaction node further include:
Receiving unit checks that application is asked comprising nontransaction node signature key for receive that the nontransaction node sends It asks;
Verifying and encryption unit, for carrying out verification processing to the nontransaction node signature key, and after being verified, benefit Its random symmetric key is encrypted with the nontransaction node public key, it is close to obtain nontransaction node encrytion random symmetric Key;
Transmission unit makes for obtained nontransaction node encrytion random symmetric key to be sent to the nontransaction node After the nontransaction node is decrypted nontransaction node encrytion random symmetric key using its decrypted private key, obtain with Machine symmetric key, and the encrypting transactions data that it is saved is decrypted using obtained random symmetric key, it obtains Plaintext transaction data.
CN201710934427.2A 2017-10-10 2017-10-10 A kind of authority control method and system based on the transaction of block chain Withdrawn CN109660485A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710934427.2A CN109660485A (en) 2017-10-10 2017-10-10 A kind of authority control method and system based on the transaction of block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710934427.2A CN109660485A (en) 2017-10-10 2017-10-10 A kind of authority control method and system based on the transaction of block chain

Publications (1)

Publication Number Publication Date
CN109660485A true CN109660485A (en) 2019-04-19

Family

ID=66108522

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710934427.2A Withdrawn CN109660485A (en) 2017-10-10 2017-10-10 A kind of authority control method and system based on the transaction of block chain

Country Status (1)

Country Link
CN (1) CN109660485A (en)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110264200A (en) * 2019-05-29 2019-09-20 中国工商银行股份有限公司 Block chain data processing method and device
CN110458558A (en) * 2019-07-04 2019-11-15 重庆金融资产交易所有限责任公司 Data encryption method, device and computer equipment based on block chain
CN110474908A (en) * 2019-08-16 2019-11-19 微位(深圳)网络科技有限公司 Transaction monitoring and managing method and device, storage medium and computer equipment
CN110602089A (en) * 2019-09-11 2019-12-20 腾讯科技(深圳)有限公司 Block chain-based medical data storage method, device, equipment and storage medium
CN110855631A (en) * 2019-10-24 2020-02-28 南京可信区块链与算法经济研究院有限公司 Monitorable zero knowledge verification method and system in block chain and storage medium
CN110866261A (en) * 2019-10-12 2020-03-06 深圳壹账通智能科技有限公司 Data processing method and device based on block chain and storage medium
CN110955909A (en) * 2019-10-12 2020-04-03 四川九洲电器集团有限责任公司 Personal data protection method and block link point
CN111127021A (en) * 2019-12-31 2020-05-08 支付宝(杭州)信息技术有限公司 Service request method and device based on block chain
CN111191288A (en) * 2019-12-30 2020-05-22 中电海康集团有限公司 Block chain data access authority control method based on proxy re-encryption
CN111241557A (en) * 2019-12-31 2020-06-05 支付宝(杭州)信息技术有限公司 Service request method and device based on block chain
CN111259410A (en) * 2020-01-09 2020-06-09 黄皓桦 Block chain private data management method
CN111797164A (en) * 2020-06-24 2020-10-20 北京荷月科技有限公司 Cross-chain transaction supervision method and system based on block chain
CN111915302A (en) * 2020-08-05 2020-11-10 腾讯科技(深圳)有限公司 Associated data processing method and device, electronic equipment and computer readable medium
CN112016119A (en) * 2020-08-10 2020-12-01 四川九洲电器集团有限责任公司 Autonomous identity management method based on block chain
CN112182627A (en) * 2020-10-27 2021-01-05 杭州云链趣链数字科技有限公司 Block chain digital certificate management method and system based on mobile equipment
WO2021026980A1 (en) * 2019-08-13 2021-02-18 上海威尔立杰网络科技发展有限公司 Method for implementing blockchain transaction real-name system
CN112511309A (en) * 2020-11-19 2021-03-16 从法信息科技有限公司 Method and device for directionally sharing supervision-oriented information on block chain and electronic equipment
CN112765640A (en) * 2021-01-29 2021-05-07 重庆卡歌科技有限公司 Data sharing method based on block chain technology
CN112862477A (en) * 2021-02-07 2021-05-28 中国人民大学 Block chain-based digital commodity atomic transaction method and system
CN113067704A (en) * 2021-03-29 2021-07-02 安徽慧可科技有限公司 Data right determining method, system and equipment based on block chain
CN113507364A (en) * 2021-07-14 2021-10-15 中国建设银行股份有限公司 Transaction book processing method and device, electronic equipment and storage medium
CN113536388A (en) * 2020-04-16 2021-10-22 中移物联网有限公司 Data sharing method and system based on block chain
CN114866288A (en) * 2022-04-12 2022-08-05 平安国际智慧城市科技股份有限公司 Private information protection method and device based on block chain and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238000A (en) * 2010-04-21 2011-11-09 华为技术有限公司 Encrypted communication method, device and system
CN102299927A (en) * 2011-08-31 2011-12-28 四川长虹电器股份有限公司 Content security supervision system and method
CN106845960A (en) * 2017-01-24 2017-06-13 上海亿账通区块链科技有限公司 Method for secure transactions and system based on block chain
CN106934605A (en) * 2017-02-15 2017-07-07 捷德(中国)信息科技有限公司 User identity management method and system in digital cash
CN107181765A (en) * 2017-07-25 2017-09-19 光载无限(北京)科技有限公司 Network digital identity identifying method based on block chain technology

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238000A (en) * 2010-04-21 2011-11-09 华为技术有限公司 Encrypted communication method, device and system
CN102299927A (en) * 2011-08-31 2011-12-28 四川长虹电器股份有限公司 Content security supervision system and method
CN106845960A (en) * 2017-01-24 2017-06-13 上海亿账通区块链科技有限公司 Method for secure transactions and system based on block chain
CN106934605A (en) * 2017-02-15 2017-07-07 捷德(中国)信息科技有限公司 User identity management method and system in digital cash
CN107181765A (en) * 2017-07-25 2017-09-19 光载无限(北京)科技有限公司 Network digital identity identifying method based on block chain technology

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110264200A (en) * 2019-05-29 2019-09-20 中国工商银行股份有限公司 Block chain data processing method and device
CN110458558A (en) * 2019-07-04 2019-11-15 重庆金融资产交易所有限责任公司 Data encryption method, device and computer equipment based on block chain
WO2021026980A1 (en) * 2019-08-13 2021-02-18 上海威尔立杰网络科技发展有限公司 Method for implementing blockchain transaction real-name system
CN110474908A (en) * 2019-08-16 2019-11-19 微位(深圳)网络科技有限公司 Transaction monitoring and managing method and device, storage medium and computer equipment
CN110474908B (en) * 2019-08-16 2022-04-05 广东省微位数字身份科技有限公司 Transaction supervision method and device, storage medium and computer equipment
CN110602089A (en) * 2019-09-11 2019-12-20 腾讯科技(深圳)有限公司 Block chain-based medical data storage method, device, equipment and storage medium
CN110602089B (en) * 2019-09-11 2021-08-10 腾讯科技(深圳)有限公司 Block chain-based medical data storage method, device, equipment and storage medium
CN110866261A (en) * 2019-10-12 2020-03-06 深圳壹账通智能科技有限公司 Data processing method and device based on block chain and storage medium
CN110955909A (en) * 2019-10-12 2020-04-03 四川九洲电器集团有限责任公司 Personal data protection method and block link point
CN110955909B (en) * 2019-10-12 2022-08-05 四川九洲电器集团有限责任公司 Personal data protection method and block link point
CN110855631A (en) * 2019-10-24 2020-02-28 南京可信区块链与算法经济研究院有限公司 Monitorable zero knowledge verification method and system in block chain and storage medium
CN110855631B (en) * 2019-10-24 2022-05-17 南京可信区块链与算法经济研究院有限公司 Method, system and storage medium for verifying supervision-capable zero knowledge in block chain
CN111191288A (en) * 2019-12-30 2020-05-22 中电海康集团有限公司 Block chain data access authority control method based on proxy re-encryption
CN111191288B (en) * 2019-12-30 2023-10-13 中电海康集团有限公司 Block chain data access right control method based on proxy re-encryption
CN111127021A (en) * 2019-12-31 2020-05-08 支付宝(杭州)信息技术有限公司 Service request method and device based on block chain
CN111241557A (en) * 2019-12-31 2020-06-05 支付宝(杭州)信息技术有限公司 Service request method and device based on block chain
CN111127021B (en) * 2019-12-31 2020-10-30 蚂蚁区块链科技(上海)有限公司 Service request method and device based on block chain
CN112669147B (en) * 2019-12-31 2023-09-26 蚂蚁区块链科技(上海)有限公司 Service request method and device based on block chain
CN112669147A (en) * 2019-12-31 2021-04-16 蚂蚁区块链科技(上海)有限公司 Service request method and device based on block chain
CN111241557B (en) * 2019-12-31 2023-04-07 蚂蚁区块链科技(上海)有限公司 Service request method and device based on block chain
CN111259410A (en) * 2020-01-09 2020-06-09 黄皓桦 Block chain private data management method
CN113536388A (en) * 2020-04-16 2021-10-22 中移物联网有限公司 Data sharing method and system based on block chain
CN111797164A (en) * 2020-06-24 2020-10-20 北京荷月科技有限公司 Cross-chain transaction supervision method and system based on block chain
CN111915302A (en) * 2020-08-05 2020-11-10 腾讯科技(深圳)有限公司 Associated data processing method and device, electronic equipment and computer readable medium
CN112016119A (en) * 2020-08-10 2020-12-01 四川九洲电器集团有限责任公司 Autonomous identity management method based on block chain
CN112016119B (en) * 2020-08-10 2022-02-15 四川九洲电器集团有限责任公司 Autonomous identity management method based on block chain
CN112182627A (en) * 2020-10-27 2021-01-05 杭州云链趣链数字科技有限公司 Block chain digital certificate management method and system based on mobile equipment
CN112511309A (en) * 2020-11-19 2021-03-16 从法信息科技有限公司 Method and device for directionally sharing supervision-oriented information on block chain and electronic equipment
CN112765640A (en) * 2021-01-29 2021-05-07 重庆卡歌科技有限公司 Data sharing method based on block chain technology
CN112862477A (en) * 2021-02-07 2021-05-28 中国人民大学 Block chain-based digital commodity atomic transaction method and system
CN113067704B (en) * 2021-03-29 2022-08-30 安徽慧可科技有限公司 Data right determining method, system and equipment based on block chain
CN113067704A (en) * 2021-03-29 2021-07-02 安徽慧可科技有限公司 Data right determining method, system and equipment based on block chain
CN113507364A (en) * 2021-07-14 2021-10-15 中国建设银行股份有限公司 Transaction book processing method and device, electronic equipment and storage medium
CN114866288A (en) * 2022-04-12 2022-08-05 平安国际智慧城市科技股份有限公司 Private information protection method and device based on block chain and storage medium

Similar Documents

Publication Publication Date Title
CN109660485A (en) A kind of authority control method and system based on the transaction of block chain
US10979418B2 (en) Template-based distributed certificate issuance in a multi-tenant environment
CN108418680B (en) Block chain key recovery method and medium based on secure multi-party computing technology
US10243742B2 (en) Method and system for accessing a device by a user
CN100546245C (en) Stride the network authentication and the method for distributing key of security domain
CN104767731B (en) A kind of Restful move transactions system identity certification means of defence
CN107769922B (en) Block chain safety management system and method
CN101189827B (en) Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method
CN109687976A (en) Fleet's establishment and management method and system based on block chain and PKI authentication mechanism
CN109361663B (en) Method, system and device for accessing encrypted data
WO1996007256A1 (en) Certifying system
CN101547095A (en) Application service management system and management method based on digital certificate
CN101409621B (en) Multipart identification authentication method and system base on equipment
CN108683501A (en) Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number
CN101686127A (en) Novel USBKey secure calling method and USBKey device
CN108566273A (en) Identity authorization system based on quantum network
CN104683351A (en) System and method for controlling anonymous hospitalizing and security access of medical information based on property
CN103634265B (en) Method, equipment and the system of safety certification
CN109963282A (en) Secret protection access control method in the wireless sensor network that IP is supported
US20030135734A1 (en) Secure mutual authentication system
CN102769623A (en) Two-factor authentication method based on digital certificate and biological identification information
CN112565294B (en) Identity authentication method based on block chain electronic signature
CN108964897A (en) Identity authorization system and method based on group communication
Babu et al. Robust authentication protocol for dynamic charging system of electric vehicles
CN108964896A (en) A kind of Kerberos identity authorization system and method based on group key pond

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20190419