CN110020547A - A kind of data hiding method, device and equipment - Google Patents
A kind of data hiding method, device and equipment Download PDFInfo
- Publication number
- CN110020547A CN110020547A CN201910100157.4A CN201910100157A CN110020547A CN 110020547 A CN110020547 A CN 110020547A CN 201910100157 A CN201910100157 A CN 201910100157A CN 110020547 A CN110020547 A CN 110020547A
- Authority
- CN
- China
- Prior art keywords
- data
- cryptographic hash
- block
- data block
- data record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000000903 blocking effect Effects 0.000 claims description 21
- 238000012163 sequencing technique Methods 0.000 claims description 9
- 241001269238 Data Species 0.000 claims description 5
- 238000003860 storage Methods 0.000 abstract description 16
- 230000001419 dependent effect Effects 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 15
- 238000004891 communication Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 9
- 238000007792 addition Methods 0.000 description 6
- 230000008859 change Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 238000010926 purge Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 241000406668 Loxodonta cyclotis Species 0.000 description 1
- 208000027418 Wounds and injury Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011059 hazard and critical control points analysis Methods 0.000 description 1
- 208000014674 injury Diseases 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2255—Hash tables
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
Disclose a kind of data hiding method, device and equipment.By generating the data block including certain amount data record, and record the cryptographic Hash of data block, the cryptographic Hash of latter data block is dependent on the data record of itself and the cryptographic Hash of last data block, under scene to realize the storage for carrying out centralization to data record in a manner of data block chain, data record comprising sensitive content is deleted or replaced, and retain the cryptographic Hash of the data record, on the one hand sensitive information has been hidden, on the other hand the normal authentication that other data blocks will not be influenced, ensure that the normal operation of database.
Description
Technical field
This specification embodiment is related to information technology field more particularly to a kind of data hiding method, device and equipment.
Background technique
By generating the data block including certain amount data record, and the cryptographic Hash of data block is recorded, latter number
According to the cryptographic Hash of block dependent on the data record of itself and the cryptographic Hash of last data block, to realize in a manner of data block chain
The storage of centralization is carried out to data record.But at this point, the provider of data service can not easily do the data of storage
Change out.
However, on the one hand, in practical applications, some data (herein referred to as sensitive data) are once written into data
Block will result in the hazard analysis and HACCP for being difficult to eliminate.For example, Zhang San calumniates Li Si, and the text file that will calumniate speech
In upload service side, this article this document is caused to be written into data block, this, which is equivalent to, causes injury to the fame of Li Si.It is another
Aspect, it is assumed that above-mentioned sensitive data is deleted from data block, is tested then being easy to influence for other data blocks
Accuracy when card, to influence being normally carried out for operational data storage.
Based on this, a kind of more convenient data concealment scheme for a user is needed.
Summary of the invention
In order to enable the content in writing data blocks will not be disclosed, and will not influence for other described data blocks just
Often operation, and the problem of can not verify, this specification embodiment provides a kind of data hiding method, device and equipment, described
Method is applied in the database service provider by the centralization of multiple data block storing datas, specifically includes:
Secret information instruction is received, includes the location information to secret information in the secret information instruction;
It is determined according to the positional information to secret information, determines the Hash to data record locating for secret information
Value;
By described to data record locating for secret information, concealmentization data record, the concealmentization data note are replaced with
It include the cryptographic Hash to data record locating for secret information in record.
Wherein, in addition to initial data block, include at least one data record in each data block, wrapped in each data block
Cryptographic Hash containing the data block that the cryptographic Hash by last data block and the data record for itself being included determine, data block
Sequencing monotonic increase of the block height based on Chunky Time.
Corresponding, this specification embodiment also provides a kind of data hiding apparatus, stores applied to by multiple data blocks
In the database service provider of the centralization of data, described device includes:
Receiving module receives secret information instruction, includes the location information to secret information in the secret information instruction;
Determining module is determined according to the positional information to secret information, is determined described to data locating for secret information
The cryptographic Hash of record;
Replacement module hides module for described and replaces with concealmentization data record to data record locating for secret information,
It include the cryptographic Hash to data record locating for secret information in the concealmentization data record.
Wherein, in addition to initial data block, include at least one data record in each data block, wrapped in each data block
Cryptographic Hash containing the data block that the cryptographic Hash by last data block and the data record for itself being included determine, data block
Sequencing monotonic increase of the block height based on Chunky Time.
By generation including the data block of certain amount data record, and is recording the cryptographic Hash of data block, it is latter
The cryptographic Hash of data block is dependent on the data record of itself and the cryptographic Hash of last data block, to realize with the side of data block chain
Formula carries out data record the data record comprising sensitive content is deleted or replaced under the scene of the storage of centralization
It changes, and retains the cryptographic Hash of the data record, on the one hand hidden sensitive information, on the other hand will not influence other data blocks
Normal authentication, ensure that the normal operation of database.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
This specification embodiment can be limited.
In addition, any embodiment in this specification embodiment does not need to reach above-mentioned whole effects.
Detailed description of the invention
In order to illustrate more clearly of this specification embodiment or technical solution in the prior art, below will to embodiment or
Attached drawing needed to be used in the description of the prior art is briefly described, it should be apparent that, the accompanying drawings in the following description is only
The some embodiments recorded in this specification embodiment for those of ordinary skill in the art can also be attached according to these
Figure obtains other attached drawings.
Fig. 1 is the schematic diagram of system architecture involved in current techniques;
Fig. 2 is a kind of flow diagram for data hiding method that this specification embodiment provides;
Fig. 3 is the flow diagram that the illustrative part of one kind provided by this specification embodiment is removed;
Fig. 4 is a kind of process schematic for construction concealmentization data record that this specification embodiment provides;
Fig. 5 is the schematic diagram of another system framework involved in this specification embodiment;
Fig. 6 is a kind of structural schematic diagram for data hiding apparatus that this specification embodiment provides;
Fig. 7 shows one kind provided by this specification embodiment and more specifically calculates device hardware structural schematic diagram;
Fig. 8 is the specific schematic diagram for generating time service certificate of one kind that this specification embodiment provides.
Specific embodiment
In order to make those skilled in the art more fully understand the technical solution in this specification embodiment, below in conjunction with this
Attached drawing in specification embodiment is described in detail the technical solution in this specification embodiment, it is clear that described
Embodiment is only a part of the embodiment of this specification, instead of all the embodiments.The embodiment of base in this manual,
Those of ordinary skill in the art's every other embodiment obtained, all should belong to the range of protection.
Firstly the need of explanation, in current server architecture, database server can be the visitor directly docked
Family end personal user is also possible to dock client personal user by some application servers, and database server then docks
The application server.As shown in Figure 1, the schematic diagram of system architecture involved in Fig. 1 current techniques.
Therefore, in this specification embodiment, when user is application server, database service provider can be figure
Database server shown in 1;And when user is client personal user, database service provider is also possible to by answering
The server-side constituted with server and database server is whole.But no matter in that case, all it is for the storage of data
It is completed in database service provider, and the instruction for being also based on user for the operation of data (change including additions and deletions look into etc.) exists
Database service provider carries out, and user data and is stored in database service provider to the operating result of data, uses
The data cannot be stored in family and other equipment.In other words, the database service provider in this specification be with
The form of centralization provides data service.
In practical applications, some data (herein referred to as sensitive data) will result in once being written into data block
Harmfulness consequence.For example, having the content in data record is " leaf XX, gender male, identity card in the data that company A uploads
It number is 123456 ", the identification card number in the data record is related to having revealed privacy of user, needs to hide it.
As the modification or removing while meeting in the scheme provided by specification embodiment, for any data record
Lead to the validation failure to other data blocks, be based on this, this specification embodiment also provides a kind of side for hiding sensitive data
Case, specifically, core technology means are that data record locating for the information that will need to be concealed in data block is substituted for the number
According to the cryptographic Hash of record.In this way, can not only stop disclosing the sensitive information, but also the steady fortune of data block system is not affected
Row.
Below in conjunction with attached drawing, the technical solution that each embodiment of this specification provides is described in detail.As shown in Fig. 2, Fig. 2 is this
A kind of flow diagram for data hiding method that specification embodiment provides, the process specifically comprise the following steps:
S201 receives secret information instruction, includes the location information to secret information in the secret information instruction.
Specifically, user can directly specify the position to secret information, alternatively, in practical applications, user can also
To issue the secret information instruction for carrying location information.Here location information includes that data block block is high, data are recorded in block height
In offset, to offset of the secret information in data record, to length of secret information etc..
For example, a kind of illustrative secret information instruction can be DELETE (blkheight, txoff), in this instruction
Under, concealment is the data record as corresponding to the specified high blkheight of the block and amount of specifying Offsets txoff, in this finger
Under order, whole data can be deleted;
In another example another illustrative secret information instruction can be DELETE (blkheight, txoff, offset,
Length), under this instruction, determine that a data records by block high blkheight and offset txoff, hide the data
Starting length at the offset specified in record is information determined by length, can be to instruction institute really under this instruction
Fixed partial information is replaced.
S203 is determined according to the positional information to secret information, is determined described to data record locating for secret information
Cryptographic Hash.
After the block height and offset that data record has been determined, it can directly inquiry obtains the data record, and
And the cryptographic Hash of the data record can be calculated according to the content of data record.
S205 replaces with concealmentization data record, the concealmentization number by described to data record locating for secret information
According to including cryptographic Hash to data record locating for secret information in record.
Specific concealment includes two kinds: deletion or partial replacement completely.For example, in aforementioned exemplary ' " leaf XX,
Gender male, in identification card number 123456 " for, what it is due to leakage is ID card information, can only replace ID card information,
It can also delete completely.Specifically execute which kind of parameter as included in instruction determines.
The information obtained after secret information is replaced or is removed has not been re-used as data record use, for
There is still a need for the information retained in data record, it is properly termed as remark information, certainly, there can also be it in remark information at this time
Its content, for example, it is also possible to include the timestamp hidden to the data.
During secret information, a kind of feasible concealment mode is to determine to data record locating for secret information
Cryptographic Hash, preset preceding tab character is spliced to the stem of the cryptographic Hash, generates concealmentization data record and is simultaneously replaced
It changes;Further, preset rear tab character can also be spliced to the tail portion of the cryptographic Hash, also, remark information is spelled
Be connected to it is described after tab character tail portion, then, will the preceding tab character, the transaction Hash, it is described afterwards tab character with
And the data that the remark information is spliced into are determined as the concealmentization data record, and are replaced.As shown in figure 4, Fig. 4 is
A kind of process schematic for construction concealmentization data record that this specification embodiment provides.
It should be noted that above-mentioned preceding tab character can be specified according to actual needs with rear tab character.Example
Such as, the preceding tab character can be " 0E ", and the rear tab character can be " 0F ".The effect of above-mentioned preceding tab character
It is, when needing to read the data record when being verified later, then, preceding tab character reveals out information to node at this time:
" clear content for the not instead of data record that the storage location is stored, the cryptographic Hash of data record ".At this point, then can be straight
Connect read the cryptographic Hash verified.And when needing to read corresponding remark information, then it can be since rear tab character " 0F "
It is read out.
After having hidden sensitive information, content can be essentially identical with the data record content before concealment in remark information
(i.e. for being replaced determined by specified to secret information, other information retain substantially), be also possible to be entirely
The content of sky, i.e., whole data record is hidden completely.
In addition, it should be noted that, being a stringenter operation for the concealment of historgraphic data recording.Its often elephant
Levy the information that certain triggering laws and regulations perhaps violate morals and disclose also tend to be it is multi-party adjust or trial after obtain and need
To carry out forcing the conclusion of processing to information.Therefore, when executing above-mentioned concealment operations, a kind of feasible mode are as follows: concealment behaviour
Make to need certain execution weight, before execution, weight corresponding to the participant of the secret information instruction is determined, if described
Weight is not up to secret information and instructs preset execution weight, does not execute the replacement operation.
For example, for the operational order that ordinary user is issued, backstage default signature weight is 30, and service side or its
The useful signature weight of its transaction system is then 60, and the national executing agency by force such as law court issues the signature weight of operational order
It is 120, and signature weight needed for a clear operation is preset as 100.The execution weight of one operation can be participant
The sum of weight of signing, it is however generally that, participant can be set and be no more than specified number (for example, being no more than 2).In this implementation
Under mode, the number of two authorities (such as transaction system side and database service side) related with data record is at least needed
Signature could execute.That is, it needs to which transaction system side initiates clearance order and signs, database service side receives clearance order simultaneously
Signature can be just purged.And the clearance order initiated by terminal user can database service side has carried out signature authorization
Because weight of signing is not enough without executing.
By generation including the data block of certain amount data record, and is recording the cryptographic Hash of data block, it is latter
The cryptographic Hash of data block is dependent on the data record of itself and the cryptographic Hash of last data block, to realize with the side of data block chain
Formula carries out data record the data record comprising sensitive content is deleted or replaced under the scene of the storage of centralization
It changes, and retains the cryptographic Hash of the data record, on the one hand hidden sensitive information, on the other hand will not influence other data blocks
Normal authentication, ensure that the normal operation of database.
The database service provider of the centralization involved by this specification embodiment, data block are preparatory in the following way
It generates:
Data record to be stored is received, determines the cryptographic Hash of each data record.The data record of to be stored, can herein
To be the various consumer records of client personal user, it is also possible to instruction of the application server based on user, in the business of execution
Business result, intermediate state and operation note for being generated when logic etc..Specific business scenario may include consumer record,
Audit log, supply chain, government regulation record, medical records etc..
When reaching preset blocking condition, each data record in data block to be written is determined, generating includes data block
Cryptographic Hash and data record n-th data block.
The preset blocking condition includes: that data record quantity to be stored reaches amount threshold, for example, often receiving
When 1000 datas record, a new data block is generated, 1,000 datas are recorded in write-in block;Alternatively, apart from the last time at
The time interval at block moment reaches time threshold, for example, a new data block was generated every 5 minutes, it will be inscribed at this 5 minutes
In the data record write-in block received.
N herein refers to the serial number of data block, and in other words, in this specification embodiment, data block is with block chain
Form, the sequence based on Chunky Time successively arrange, and have very strong temporal aspect.Wherein, the block height of data block is based on blocking
The sequencing monotonic increase of time.Block height can be serial number, and the block height of n-th data block is N at this time;Block height can also be with it
Its mode generates.
As N=1, i.e., data block at this time is initial data block.The cryptographic Hash and block height of initial data block are based on pre-
If mode is given.For example, not including data record in initial data block, cryptographic Hash is then any given cryptographic Hash, and block is high
Blknum=0;In another example the generation trigger condition of initial data block is consistent with the trigger condition of other data blocks, but it is initial
The cryptographic Hash of data block is by taking Hash to determine all the elements in initial data block.
As N > 1, since content and the cryptographic Hash of last data block are it has been determined that then at this point it is possible to be based on last data
The cryptographic Hash of block (i.e. the N-1 data block) generates the cryptographic Hash of current data block (n-th data block), for example, a kind of feasible
Mode be to determine that the cryptographic Hash of the data record in n-th block will be written in each, according to putting in order in block,
A Merkel tree is generated, the cryptographic Hash of the root cryptographic Hash of Merkel tree and last data block is stitched together, is used again
Hash algorithm generates the cryptographic Hash of current block.In another example can also be spliced according to the sequence of data record in block and take Kazakhstan
The uncommon cryptographic Hash for obtaining overall data record splices the cryptographic Hash of last data block and the cryptographic Hash of overall data record, and right
Splice obtained word string and carry out Hash operation, generates the cryptographic Hash of data block.
By the generating mode of data block above-mentioned, each data block is determined by cryptographic Hash, the cryptographic Hash of data block
It is determined by the cryptographic Hash of the content of the data record in data block, sequence and last data block.User can be at any time based on number
Verifying is initiated according to the cryptographic Hash of block, for content any in data block (including for data record content in data block or suitable
The modification of sequence) cryptographic Hash of the modification when cryptographic Hash of data block being calculated in verifying and data block can all be caused to generate
It is inconsistent, and lead to authentication failed, thus can not distort under realizing centralization.
After being stored to data record, some relevant index informations can also be resettled, for example, due to
What is saved in data block is data record, without the cryptographic Hash of data record.Therefore, in order to which finding of can be convenient is any
Data record, can establish using the cryptographic Hash of data record as key, and with the block of data block locating for data record, high, data are recorded in
Offset in locating data block is the index of value, is stored.Data record is inquired to more can be convenient.It needs
It is noted that the creation of above-mentioned index information is relative to blocking can be asynchronous progress, and, above-mentioned index information can be with
Backup is sent to user, thus user also can be convenient any data record is inquired or is verified according to index.
In query process, the block of data block locating for data record can be obtained based on the cryptographic Hash inquiry that user inputs
High, data are recorded in offset or data record plaintext in locating data block, alternatively, inquiry obtains the cryptographic Hash of data block
The block of corresponding data block is high, and returns to query result.
Specific inquiry mode can be realized by inquiry instruction.Include the to be checked of user's input in inquiry instruction
Cryptographic Hash.Cryptographic Hash herein can be the cryptographic Hash of data record or the cryptographic Hash of data block, database service mention
Supplier can carry out traversal queries from data block, can also be inquired from the index pre-established.
Following exemplary enumerates several inquiry modes provided by several this specification embodiments:
The first, the cryptographic Hash of input block, all data clear texts in returned data block;Alternatively, input data is remembered
The cryptographic Hash of record, returned data record in plain text, specifically, inquiry instruction SELECT (khash , &v) realization can be used, work as clothes
When business side receives corresponding inquiry instruction, i.e., query logic above-mentioned is executed to return the result based on cryptographic Hash.
Second, the block of the cryptographic Hash of input data record, the locating data block of returned data record is high, and, at this
Offset in data block, specifically, inquiry instruction SELECT (khash , &v, FULL) realization can be used;
The third, it is high to return to block according to block Hash for the cryptographic Hash of input block.Specifically, inquiry instruction can be used
SELECT (khash, BLK) Lai Shixian.
It is of course also possible to which there are users to have input a cryptographic Hash, and service side cannot inquire the feelings of corresponding result
Shape.For example, user has input the corresponding cryptographic Hash of a data record, and service side's inquiry is less than as a result, so at this point, user
Can be with reasonable doubt, data record corresponding to the Hash has occurred that variation, it may be possible to be tampered, or be possible to
Loss of data has occurred.
Cryptographic Hash due in query process, needing to rely on data record cryptographic Hash or data block is inquired.It changes
Yan Zhi, each data record have required corresponding data record Hash.Therefore when user needs storing data, can pass through
The addition instruction of dedicated addition data record, is added specific data record, service side determines described to be added
The cryptographic Hash of data record, and the block Hash of block locating for the cryptographic Hash and the data record of the data record is returned to user;
The data record to be added is stored in local cache, when to meet preset blocking condition, the data record is write
Enter in new data block.To which user can look into according to the Hash to data record when needing to inquire
It askes.The following are the instructions that record is illustratively added provided by this specification embodiment:
APPEND (v , &khash): addition data record, the cryptographic Hash of returned data record.
Further, in storing process, service side can also provide the signature of corresponding service platform, specifically include as
Under type: encrypting the data record using privacy key, generates server to the private key label of the data record
Name;The cryptographic Hash of the private key signature and data record is returned to user, so that user uses private described in corresponding public key decryptions
Key signature is verified.To which user can be confirmed that the cryptographic Hash is that service side is recognized.Specifically, user can add
Service side is required to provide the signature in instruction, the following are the additions for illustratively returning to signature provided by this specification embodiment
The instruction of record:
APPEND (v , &khash, CERT): the corresponding cryptographic Hash of returned data record, and, return to service side's signature
Certificate.
Certainly, in the other types of database manipulation provided by this specification embodiment, for example, inquiry, removing,
It can also include service side's signing certificate in returning the result in the other database manipulations of verifying and concealment etc..
Except inquiry, user actively can also initiate verifying to multiple data blocks already existing in database, specifically
For, verifying instruction can be initiated by user, need which data block to initiate verifying, example to by the way that parameter is specified in verifying instruction
Such as, a data block can be specified by cryptographic Hash or block height, multiple data blocks before or after the data block is sent out
It rises and whether correctly verifies;Alternatively, specifying a data record by cryptographic Hash, a data record is verified with the presence or absence of data
In library.It verifies obtaining the result is that one " having " perhaps metadata as "None" and " correct " or " incorrect ".Below
Illustratively give several validation testings provided by this specification embodiment:
The first, input cryptographic Hash, data block is determined by cryptographic Hash, verifying is executed to the data block, be verified as a result,
Specifically, can be realized by verifying instruction VERIFY (' khash ' , &v).
Second, cryptographic Hash is inputted, corresponding data block is determined by cryptographic Hash or determines that the corresponding data of cryptographic Hash are remembered
The locating data block of record, is verified up to initial data block forward from determining data BOB(beginning of block), specifically, can be referred to by verifying
VERIFY (' khash ', -1) is enabled to realize, it is however generally that, original block a height of " 0 " or " 1 ", therefore, therein -1 can also be with
It is other values high less than original block.
The third, inputs cryptographic Hash, determines corresponding data block by cryptographic Hash, verify forward from determining data BOB(beginning of block)
The data block of specified number, specifically, can be realized by verifying instruction VERIFY (' khash ' , &v, blknum).
4th kind, the quantity that input block height and needs are verified verifies forward specified number by the high corresponding data BOB(beginning of block) of block
The data block of amount, specifically, can be realized by verifying instruction VERIFY (blkh , &v, blknum).
It is being returned when verifying the result is that a "Yes" or "No" metadata, as previously mentioned, service side can be at this time
The signature of service side is added in this process, and the generating mode of signature is described above.Specifically, can be any
Verifying instruction end be added represent service side signature parameter " CERT ", such as: VERIFY (' khash ' , &v, blknum,
CERT), to sign in returning the result with service side.
Under another embodiment, if in the content of data block also including the timestamp or data note of data block
The timestamp of record, alternatively, when database service side has also pre-generated related index, for example, generated when blocking block it is high and at
The cryptographic Hash of the index or data block of the index of block timestamp or the cryptographic Hash of data record and logging timestamp and at
The index etc. of block time, then at this point, service side can also provide corresponding time inquiring mode, it can from data block
When perhaps inquiring the high perhaps cryptographic Hash of corresponding block by time value in index or inquiring corresponding by cryptographic Hash or block height
Between be worth, following exemplary enumerates several time-based inquiry modes provided by this specification embodiment:
The first, input block is high, the Chunky Time of the high corresponding data block of query block, specifically, can be by time inquiring
TIME (blknum , &v) is instructed to realize.
Second, cryptographic Hash is inputted, returns to timestamp corresponding to cryptographic Hash, cryptographic Hash here can be data block
Cryptographic Hash is also possible to the cryptographic Hash of data record, specifically, TIME (' khash ' , &v) can be instructed real by time inquiring
It is existing.
The third, input time value, the block for returning to the last one data block before the time value is high, alternatively, returning
The block of the cryptographic Hash of the last item data record and locating data block is high before the time value, specifically, can be by the time
Inquiry instruction LTIME (' timestamp ' , &v) it realizes.
In this specification embodiment, if user no longer needs the service, data can be carried out before terminating service
Global purge.For example, user inputs account book ID, service side removes the account book, for example, real by clearance order PURGE (lgid)
Existing, alternatively, user also inputs a time span, service side first files the account book, after reaching the time span, service side
The account book is removed, for example, being realized by clearance order PURGE (lgid, day-archive).
And since the data of user constantly increase, memory space is caused to occupy more and more or some longer
The historical data of time is no longer valuable for user at this point, database service side is also based on the demand of user, right
Data block carries out corresponding part and removes.When part is removed, it can carry out at or time point high based on block.
For example, user specifies account book ID and block high, the data block before service side determines block height based on block height is to need
Then the data block to be removed removes these and determines the data block for needing to remove, specifically, can be by clearance order PURGE
(lgid, d-a, blkbound) is realized.
In another example user specifies account book ID and time point, service side is based on time point and determines at the time point before most
The data block generated before the data block is determined as the data block for needing to remove, then clearly by the data block that the latter generates
Except these determine the data block for needing to remove, specifically, can be real by clearance order PURGE (lgid, d-a, ' timestmp ')
It is existing.
Before execution part removing, since the cryptographic Hash of first data block of the data block chain after removing is before being based on
What the cryptographic Hash of one data block generated, at this time, it is also necessary to generate a pseudo- initial data block, the cryptographic Hash etc. of pseudo- initial data block
In the cryptographic Hash of determined the last one data block for needing to remove, this way it is possible to avoid appearance when being verified afterwards
Mistake.The cryptographic Hash of the last one data block can inquire acquisition from the index pre-established, can also be from initial data block
Start the cryptographic Hash that the data block is calculated in progress sequence, or inquires and obtain from the data block.
Content in newly-generated pseudo- initial data block can be sky, some corresponding remarks can also be recorded, for example, raw
At time etc..But the content of pseudo- initial data block is unrelated with the pseudo- cryptographic Hash of initial data block.And service side is also
It can sign to the puppet initial data block.
In addition, for a user, the data that generally can all remove to part back up.Based on this, carried out in user
During part is removed, the data for needing part to remove confirmation can also be inserted into and verified.As shown in figure 3, Fig. 3 is
The flow diagram that the illustrative part of one kind provided by this specification embodiment is removed.In the schematic diagram, user's input
At time point, at the generation moment of nearest data block, be then somebody's turn to do before can specifically inquiring to obtain first at the time point
The block for generating moment corresponding data block is high, generates pseudo- initial data block and signs, performs part clear operation again later.
Further, database service side can also provide some other database service modes, such as:
During filing, user data account book is given for change, realized by giving instruction RECALL (lgid) for change, account book herein
It refers to containing the set of all data blocks;
The block for returning to the last one current data block is high, by instructing GETHEIGHT (&v) it realizes;
User's account book ID is returned to, by instructing GETLEDGER (&v) realize etc..
In addition, it should be noted that, it is provided herein to realize to provide a variety of operational orders in the above description
Database service mode.But the form of operational order is not limited to the form that this specification embodiment is proposed, in reality
In, the form of the operational order of data can be diversified, only need to may be implemented the service side that the application is proposed
Formula.And inquiry instruction itself merely provides a user-friendly external form, receives and instructs in service side
And executive mode corresponding to each instruction is still relied on when executing.
Further, after generating data block, service side can also provide each piece of corresponding timestamp.For example, introducing
National time service hub-interface carries out out block using believable timestamp in block out.It is thus possible to which relying on the timestamp carries out rope
The foundation drawn.
In one embodiment, for any data block, if having receiving time in data record in the block
Stamp is ranked up data record then can be stabbed according to receiving time, distributes to one sequence serial number of each data record;Or
Person can reset serial number according to the direct Allotment Serial Number of the sequence for receiving data record, and after blocking, so as to next
Allotment Serial Number inside a data block.
After determining serial number, it can according to the cryptographic Hash of each data record of determination, splice the serial number and Kazakhstan
Uncommon value.Specifically, can be used to place serial number in the substring that designated length is added in the head of cryptographic Hash or tail portion, number is generated
According to the timing Hash character string of record, then, according to the sequence of sequence serial number, establishes the Chunky Time comprising data block and stab sum number
According to the first concordance list of the timing Hash character string corresponding relationship of record.As shown in table 1, table 1 is mentioned by this specification embodiment
A kind of the first concordance list about data record supplied.In table 1, first 6 of the cryptographic Hash of data record are inserted accordingly
Serial number word string, " 0x " therein are serial numbers for identifying next, and " 0001 " therein is serial number, and " hash1 " is to count
According to the cryptographic Hash of the first data in block, the time in left side is the Chunky Time of data block.In this manner, timestamp has
Effect digit is fully retained.
Table 1
| 20xx-01-19 03:14:07.938576 | 0x0001Hash1 |
| 20xx-01-19 03:14:07.938576 | 0x0002Hash2 |
| 20xx-01-19 03:14:07.938576 | 0x0003Hash3 |
| 20xx-01-19 03:14:07.938576 | …… |
Under another embodiment, same mode, for any data block, if the data record in the block
In have receiving time stamp, then can according to receiving time stab data record is ranked up, distribute to each data record one
A sequence serial number;Or it can be according to the direct Allotment Serial Number of the sequence for receiving data record, and by serial number after blocking
Resetting, so as to Allotment Serial Number inside next data block.
At this point it is possible to by Chunky Time stab in last specified digit eliminate, for the serial number of data record to be written.
Further, it is also possible to the appointed sequence number that will not distribute to data record be added in the index, for storing Chunky Time stamp and data
The high corresponding relationship of the block of block, and index is written.For example, the serial number of data record is generally since 1, then it can be by serial number " 0 "
The block of block is high for storing data.As shown in table 2, table 2 is a kind of about data record provided by this specification embodiment
Second concordance list.In table 2, last three of the Chunky Time in left side are (assuming that the data record quantity stored in a block is not
More than 1000) for storing the serial number of data record.
Table 2
| 20xx-01-19 03:14:07.938000 | Blkheight |
| 20xx-01-19 03:14:07.938001 | Hash1 |
| 20xx-01-19 03:14:07.938002 | Hash2 |
| 20xx-01-19 03:14:07.938003 | Hash3 |
| 20xx-01-19 03:14:07.938004 | …… |
Under this embodiment, although sacrificing several time number of significant digit, the cryptographic Hash of data record can be with
It directly reads, and can be high by the block of specified serial number (000 i.e. in table 2) identification data block.
It can be created at once in the time of block out when above-mentioned index creation, be also possible to asynchronous creation.Index itself can
To be avoided out of data block for some lookups or statistical operation for example, counting the data record quantity in some period
Traversal counting is carried out, it is more convenient.
In addition, having generally comprised continuous multiple data blocks in one account book when using the account book storing data of block chain type.
In practical application, data block is numbered commonly using nature serial number.For example, the block of initial data block a height of 1, subsequent every increasing
Add a data block, block height adds 1.Based on this, this specification embodiment also provides a kind of piece high creation mode, specifically, really
Determine the Chunky Time of data block, then it is converted to integer data by the Chunky Time using symmetric encipherment algorithm, will be described
Integer data is high as the block of the data block, and Chunky Time is more early, and integer data is smaller.
Specifically, integer here can be a big integer data, for example, one 13 big integers.To, by
It is to be obtained based on time symmetric cryptography in big integer, it, can be similarly symmetrical thus in the Chunky Time for needing data block
Decryption obtains Chunky Time.
It, can be with after by symmetric cryptography for example, for Chunky Time " 20xx-01-19 03:14:07.938576 "
One big integer " 1547838847938 " is converted to, due to integer data monotonic increase at any time,
"1547838847938".It at this time can be as the block height of the data block, for identifying the data block.In this specification, block is high
Based on Chunky Time monotonic increase, accordingly even when use big integer data, but between them still from small to large, instead
The sequence between each data block is reflected.For example, if the Chunky Time of a following data block be " 20xx-01-19 03:16:
07.235125 ", then another bigger big integer can be converted into using preset symmetric encipherment algorithm
“1547838848125”。
Based on this, the serial number of each business diary in data block, and splicing block can also be determined as in foregoing manner
High and serial number, generates the timing information of the business diary simultaneously comprising block height and serial number, and establish the cryptographic Hash of business diary with
The third concordance list of timing information.As shown in table 3, table 3 is a kind of third concordance list provided by this specification embodiment.At this
In table, the big integer in left side is the timing information comprising block height and serial number, and block height is based on time symmetric cryptography and obtains.When blocking
Between be accurate to Millisecond it is other in the case of, 3 decimal digits are introduced in third index after block height and carrys out identification number and (limits
Block threshold value is 999), so being million grades for the hypothesis of handling capacity, to have been able to meet any real trade scene.If gulped down
The amount of spitting is higher, then only more decimal system need to be introduced after block height carrys out identification number.
Table 3
| 1547838847938000 | 1547838847938 |
| 1547838847938001 | Hash1 |
| 1547838847938002 | Hash2 |
| 1547838847938003 | Hash3 |
| 1547838847938004 | …… |
Under a kind of actual application scenarios, database service provider involved in the embodiment of this specification may be used also
To provide corresponding service for corresponding database.As shown in Figure 5, Fig. 5 is another involved in this specification embodiment
The schematic diagram of system architecture enhances service provider including Basis of Database service provider and database.For example, wherein
MySQL, PostgreSQL, MongoDB etc. be Basis of Database service provider, these Database Systems can be normal
The additions and deletions that the transaction system seen provides basis change the service for looking into etc. operation.Meanwhile also phase can be respectively locally stored in they
The business operation log for these operations answered, describes Basis of Database service provider to business in business operation log
The operation note of data.There is provided the system further serviced for this Basis of Database service provider is this specification embodiment
Provided database enhances service provider Ledger server.
Based on this, this specification embodiment, which also provides one kind, can provide further increasing for Basis of Database service provider
The mode serviced by force.Specifically, when MySQL, PostgreSQL, MongoDB etc. these databases generate business operation day
After will, both the business operation log that each generates can be sent to Ledger.Due to being had in business operation log
Timestamp is generated, Ledger system can be ranked up these business operation logs according to timestamp is generated, is blocking and deposit
Storage.To which each database can further be managed to based on System Operation Log of the mode of operation above-mentioned for oneself
Reason.Basis of Database service provider, without being sent to Ledger system at once, can be one in generation system operation log
The process of a asynchronous transmission.
Each Basis of Database service provider can send business operation log to Ledger system by way of " plaintext "
System." plaintext " herein refers to that Ledger system is understood that or part understands business operation day transmitted by each database
Will.For example, some database and Ledger system allow Ledger system to know business by pre-establishing communication protocol
Action type, operation service object in operation log etc., so that Ledger system can further basis when blocking
Action type or operation target object progress are blocking, so that each Database Systems are preferably managed.In this manner,
If desired each database carries out inquiry to itself or statistics (for example, statistics has done how many to the data of which business object
Secondary clear operation), instruction only need to can be sent, specific statistics or query procedure can be completed in Ledger system end.
Certainly, each Basis of Database service provider can also send business operation log extremely by way of " ciphertext "
Ledger system." ciphertext " herein refers to that Ledger system cannot understand business operation log transmitted by each database.
In this manner, each database can only then carry out the reading or removing of stored business operation log to Ledger system
Etc. operation, specific inquiry or statistical work then need after reading data in Basis of Database service provider local
It executes.
Under a kind of implement scene, for example, being the cost information in relation to enterprise in data record, and need to data record
When being audited.Prevent enterprise combine with service side play tricks forge timestamp produce new account book at this point, to it is some authority
The time service certification that time just mechanism carries out data block is exactly indispensable technological means.Here time just mechanism example
It such as can be national time service center, alternatively, the authoritative time certification mechanism permitted through national time service center.Time service certification herein
I.e. are as follows: obtain the related signature of time just mechanism, the trusted time that signature packets just mechanism containing having time here is issued
Stamp, the trusted timestamp correspond to the data block for needing to authenticate.
Specifically, service side determines to need to carry out time service certification first from the data block for having generated and having stored
One section of account book wherein at least should include a data block or the multiple pieces of continuous data blocks of height.Determining mode can be with base
It is specified in user's operation, for example, user initiates time service instruction, it include the starting block height for needing to carry out time service certification in instruction
And number of blocks;It is also possible to specify without user, service side is based on preset service logic and carries out automatically.
For example, application time service can be gone from most fine granularity with each data block.In this manner, Merkel tree
Root Hash be the data block block cryptographic Hash, which can to the greatest extent carry out account book (i.e. each data block) true
The protection of property.Due to data block go out block frequency it is higher, this mode no matter for time service center, or for service side and
Speech, cost overhead all can be bigger.A kind of optional mode is that certain time service preset condition is arranged, when meeting certain award
When preset condition when, initiate time service request.It is regarded as when the data block that time service authenticates in newly-generated data block, it is described
Time service preset condition may is that time service certification data block reach amount threshold, alternatively, apart from last time service certification when
Between interval have arrived at time threshold.
Specific time service authentication mode is to play the block Hash of the data block authenticated to time service according to the high sequential series of block
Come, the block Hash based on each data block generates the Merkel tree for corresponding to the multiple data block, to confirm Merkel tree
Root Hash.Also, the relevant information for confirming the data block authenticated to time service, end block height high for example including starting block or number
Quantity according to block etc. information.Then the root Hash of Merkel tree and the relevant information of above-mentioned data block are sent to time just machine
Structure.Time just authorities provide a trusted timestamp to above- mentioned information, and carry out digital label to trusted timestamp
Name certification generates one and includes the time service certificate of trusted timestamp and digital signature, wherein can also include above-mentioned data block
Relevant information, the mode of digital signature are conventional private key encryption, public key decryptions.
To, service side can receive a series of trusted timestamp comprising time just authority signature, each
Trusted timestamp corresponds to one section of account book, also, can explicitly know it is which segment data block based on relevant information.Service side
It can be managed accordingly based on the trusted timestamp, and verifying.For example, when needing to audit to certain account book, clothes
Business side can provide the time service certificate of corresponding the data block trusted timestamp comprising time just mechanism and signature in account book, and
And the relevant information according to included in time service certificate carries out recalculating for Merkel's tree root Hash, whereby it was confirmed that the card
Data block corresponding to book is impossible to be forged in the future, and service side can be effectively prevented and include by service side's joint manufacture
The account book of false timestamp, to hide corresponding audit.As shown in figure 8, Fig. 8 is that one kind that this specification embodiment provides is specific
Generation time service certificate schematic diagram.
Corresponding, this specification embodiment also provides a kind of data hiding apparatus, stores applied to by multiple data blocks
In the database service provider of the centralization of data, as shown in fig. 6, Fig. 6 is a kind of data that this specification embodiment provides
The structural schematic diagram of hiding apparatus, comprising:
Receiving module 601 receives secret information instruction, believes in the secret information instruction comprising the position to secret information
Breath;
Determining module 603 is determined according to the positional information to secret information, is determined described to number locating for secret information
According to the cryptographic Hash of record;
Replacement module 605, concealment module, to data record locating for secret information, replace with concealmentization data note for described
It records, includes the cryptographic Hash to data record locating for secret information in the concealmentization data record.
Wherein, in addition to initial data block, include at least one data record in each data block, wrapped in each data block
Cryptographic Hash containing the data block that the cryptographic Hash by last data block and the data record for itself being included determine, data block
Sequencing monotonic increase of the block height based on Chunky Time.
Further, the receiving module 601 is also used to, and receives data record to be stored, and determines each data record
Cryptographic Hash;
Described device further includes generation module 607, when reaching preset blocking condition, is determined in data block to be written
Each data record generates the n-th data block of the cryptographic Hash comprising data block and data record, specifically includes:
As N=1, the cryptographic Hash and block height of initial data block are given based on predetermined manner;
As N > 1, N is determined according to the cryptographic Hash of each data record and the N-1 data block in data block to be written
The cryptographic Hash of a data block generates the n-th data block of the cryptographic Hash comprising n-th data block and each data record, wherein number
According to the block height of block based on the sequencing monotonic increase of Chunky Time.
Further, the preset blocking condition includes: that data record quantity to be stored reaches amount threshold;Or
The time interval of person, distance last blocking moment reach time threshold.
Further, the replacement module 605 is deleted described to data record locating for secret information;Before preset
Tab character is spliced to the stem of the cryptographic Hash to data record locating for secret information;According to the preceding tab character with
The data that the cryptographic Hash is spliced into generate concealmentization data record, and replace the data record.
Further, the replacement module 605 is also used to, will it is preset after tab character be spliced to the tail of the cryptographic Hash
Portion, also, by remark information be spliced to it is described after tab character tail portion;By the preceding tab character, trading value, described
The data that tab character and the remark information are spliced into afterwards are determined as the concealmentization data, and replace the data note
Record.
Further, described device further includes weight judgment module 609, determines the participant institute of the secret information instruction
Corresponding weight does not execute the replacement operation if the weight is not up to secret information and instructs preset execution weight.
This specification embodiment also provides a kind of computer equipment, includes at least memory, processor and is stored in
On reservoir and the computer program that can run on a processor, wherein processor realizes number shown in Fig. 2 when executing described program
According to hiding method.
Fig. 7 shows one kind provided by this specification embodiment and more specifically calculates device hardware structural schematic diagram,
The equipment may include: processor 1010, memory 1020, input/output interface 1030, communication interface 1040 and bus
1050.Wherein processor 1010, memory 1020, input/output interface 1030 and communication interface 1040 are real by bus 1050
The now communication connection inside equipment each other.
Processor 1010 can use general CPU (Central Processing Unit, central processing unit), micro- place
Reason device, application specific integrated circuit (Application Specific Integrated Circuit, ASIC) or one
Or the modes such as multiple integrated circuits are realized, for executing relative program, to realize technical side provided by this specification embodiment
Case.
Memory 1020 can use ROM (Read Only Memory, read-only memory), RAM (Random Access
Memory, random access memory), static storage device, the forms such as dynamic memory realize.Memory 1020 can store
Operating system and other applications are realizing technical solution provided by this specification embodiment by software or firmware
When, relevant program code is stored in memory 1020, and execution is called by processor 1010.
Input/output interface 1030 is for connecting input/output module, to realize information input and output.Input and output/
Module can be used as component Configuration (not shown) in a device, can also be external in equipment to provide corresponding function.Wherein
Input equipment may include keyboard, mouse, touch screen, microphone, various kinds of sensors etc., output equipment may include display,
Loudspeaker, vibrator, indicator light etc..
Communication interface 1040 is used for connection communication module (not shown), to realize the communication of this equipment and other equipment
Interaction.Wherein communication module can be realized by wired mode (such as USB, cable etc.) and be communicated, can also be wirelessly
(such as mobile network, WIFI, bluetooth etc.) realizes communication.
Bus 1050 include an access, equipment various components (such as processor 1010, memory 1020, input/it is defeated
Outgoing interface 1030 and communication interface 1040) between transmit information.
It should be noted that although above equipment illustrates only processor 1010, memory 1020, input/output interface
1030, communication interface 1040 and bus 1050, but in the specific implementation process, which can also include realizing normal fortune
Other assemblies necessary to row.In addition, it will be appreciated by those skilled in the art that, it can also be only comprising real in above equipment
Component necessary to existing this specification example scheme, without including all components shown in figure.
This specification embodiment also provides a kind of computer readable storage medium, is stored thereon with computer program, the journey
Data hiding method shown in Fig. 2 is realized when sequence is executed by processor.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
As seen through the above description of the embodiments, those skilled in the art can be understood that this specification
Embodiment can be realized by means of software and necessary general hardware platform.Based on this understanding, this specification is implemented
Substantially the part that contributes to existing technology can be embodied in the form of software products the technical solution of example in other words,
The computer software product can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are to make
It is each to obtain computer equipment (can be personal computer, server or the network equipment etc.) execution this specification embodiment
Method described in certain parts of a embodiment or embodiment.
System, method, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment
The combination of any several equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for method reality
For applying example, since it is substantially similar to the method embodiment, so describing fairly simple, related place is referring to embodiment of the method
Part explanation.Embodiment of the method described above is only schematical, wherein described be used as separate part description
Module may or may not be physically separated, can be each module when implementing this specification example scheme
Function realize in the same or multiple software and or hardware.Can also select according to the actual needs part therein or
Person's whole module achieves the purpose of the solution of this embodiment.Those of ordinary skill in the art are not the case where making the creative labor
Under, it can it understands and implements.
The above is only the specific embodiment of this specification embodiment, it is noted that for the general of the art
For logical technical staff, under the premise of not departing from this specification embodiment principle, several improvements and modifications can also be made, this
A little improvements and modifications also should be regarded as the protection scope of this specification embodiment.
Claims (13)
1. a kind of data hiding method, the database service provider applied to the centralization by multiple data block storing datas
In, which comprises
Secret information instruction is received, includes the location information to secret information in the secret information instruction;
It is determined according to the positional information to secret information, determines the cryptographic Hash to data record locating for secret information;
By described to data record locating for secret information, concealmentization data record is replaced with, in the concealmentization data record
Including the cryptographic Hash to data record locating for secret information;
Wherein, include at least one data record in each data block in addition to initial data block, in each data block comprising by
The block of the cryptographic Hash for the data block that the cryptographic Hash of last data block and the data record for itself being included determine, data block is high
Sequencing monotonic increase based on Chunky Time.
2. the method as described in claim 1, in the database service provider of centralization, data block is preparatory in the following way
It generates:
Data record to be stored is received, determines the cryptographic Hash of each data record;
When reaching preset blocking condition, each data record in data block to be written is determined, generate the Kazakhstan comprising data block
The n-th data block of uncommon value and data record, specifically includes:
As N=1, the cryptographic Hash and block height of initial data block are given based on predetermined manner;
As N > 1, n-th number is determined according to the cryptographic Hash of each data record and the N-1 data block in data block to be written
According to the cryptographic Hash of block, the n-th of the Chunky Time of the cryptographic Hash comprising n-th data block, each data record and data block is generated
Data block, wherein sequencing monotonic increase of the block height of data block based on Chunky Time.
3. method according to claim 2, the preset blocking condition include:
Data record quantity to be stored reaches amount threshold;Alternatively,
The time interval at distance last blocking moment reaches time threshold.
4. the method as described in claim 1 replaces with concealmentization data note by described to data record locating for secret information
Record, comprising:
It deletes described to data record locating for secret information;
Preset preceding tab character is spliced to the stem of the cryptographic Hash to data record locating for secret information;
According to the data that the preceding tab character and the cryptographic Hash are spliced into, concealmentization data record is generated, and described in replacement
Data record.
5. method as claimed in claim 4 generates hidden according to the data that the preceding tab character and the cryptographic Hash are spliced into
Hideing data record, further includes:
Preset rear tab character is spliced to the tail portion of the cryptographic Hash, also, remark information is spliced to the rear label
The tail portion of character;
The data that the preceding tab character, the trading value, the rear tab character and the remark information are spliced into are true
It is set to the concealmentization data, and replaces the data record.
6. the method as described in claim 1, to data record locating for secret information, is replacing with concealmentization data for described
Before record, the method also includes;
Determine weight corresponding to the participant of the secret information instruction, instruction is default if the weight is not up to secret information
Execution weight, do not execute the replacement operation.
7. a kind of data hiding apparatus, the database service provider applied to the centralization by multiple data block storing datas
In, described device includes:
Receiving module receives secret information instruction, includes the location information to secret information in the secret information instruction;
Determining module is determined according to the positional information to secret information, is determined described to data record locating for secret information
Cryptographic Hash;
Replacement module hides module for described and replaces with concealmentization data record to data record locating for secret information, described
It include the cryptographic Hash to data record locating for secret information in concealmentization data record;
Wherein, include at least one data record in each data block in addition to initial data block, in each data block comprising by
The block of the cryptographic Hash for the data block that the cryptographic Hash of last data block and the data record for itself being included determine, data block is high
Sequencing monotonic increase based on Chunky Time.
8. device as claimed in claim 7, the receiving module is also used to, and receives data record to be stored, and determines each number
According to the cryptographic Hash of record;
Described device further includes generation module, when reaching preset blocking condition, determines each data in data block to be written
Record generates the n-th data block of the cryptographic Hash comprising data block and data record, specifically includes:
As N=1, the cryptographic Hash and block height of initial data block are given based on predetermined manner;
As N > 1, n-th number is determined according to the cryptographic Hash of each data record and the N-1 data block in data block to be written
According to the cryptographic Hash of block, the n-th data block of the cryptographic Hash comprising n-th data block and each data record is generated, wherein data block
Sequencing monotonic increase of the block height based on Chunky Time.
9. device as claimed in claim 8, the preset blocking condition include:
Data record quantity to be stored reaches amount threshold;Alternatively,
The time interval at distance last blocking moment reaches time threshold.
10. device as claimed in claim 7, the replacement module are deleted described to data record locating for secret information;It will
Preset preceding tab character is spliced to the stem of the cryptographic Hash to data record locating for secret information;According to the preceding mark
The data that note character and the cryptographic Hash are spliced into generate concealmentization data record, and replace the data record.
11. device as claimed in claim 10, the replacement module is also used to, will it is preset after tab character be spliced to it is described
The tail portion of cryptographic Hash, also, by remark information be spliced to it is described after tab character tail portion;By the preceding tab character, described
The data that trading value, the rear tab character and the remark information are spliced into are determined as the concealmentization data, and replace
The data record.
12. device as claimed in claim 7 further includes weight judgment module, the participant of the secret information instruction is determined
Corresponding weight does not execute the replacement operation if the weight is not up to secret information and instructs preset execution weight.
13. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor
Calculation machine program, wherein the processor realizes method as described in any one of claims 1 to 6 when executing described program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910100157.4A CN110020547A (en) | 2019-01-31 | 2019-01-31 | A kind of data hiding method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910100157.4A CN110020547A (en) | 2019-01-31 | 2019-01-31 | A kind of data hiding method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110020547A true CN110020547A (en) | 2019-07-16 |
Family
ID=67188982
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910100157.4A Pending CN110020547A (en) | 2019-01-31 | 2019-01-31 | A kind of data hiding method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110020547A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021093462A1 (en) * | 2019-11-11 | 2021-05-20 | 蚂蚁区块链科技(上海)有限公司 | Method and apparatus for storing operation record in database, and device |
| CN116502276A (en) * | 2023-06-29 | 2023-07-28 | 极术(杭州)科技有限公司 | Method and device for inquiring trace |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107103473A (en) * | 2017-04-27 | 2017-08-29 | 电子科技大学 | A kind of intelligent contract implementation method based on block chain |
| US20180131706A1 (en) * | 2016-11-10 | 2018-05-10 | International Business Machines Corporation | Filtering and redacting blockchain transactions |
| CN108764945A (en) * | 2018-06-05 | 2018-11-06 | 武汉天喻信息产业股份有限公司 | A kind of automobile SC system and method based on block chain technology |
| CN108830602A (en) * | 2018-06-27 | 2018-11-16 | 电子科技大学 | A kind of license chain construction and management-control method based on chameleon hash function |
| CN108932433A (en) * | 2018-06-14 | 2018-12-04 | 江苏百倍云信息科技有限公司 | A kind of industrial data shared system and method based on block chain |
-
2019
- 2019-01-31 CN CN201910100157.4A patent/CN110020547A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180131706A1 (en) * | 2016-11-10 | 2018-05-10 | International Business Machines Corporation | Filtering and redacting blockchain transactions |
| CN107103473A (en) * | 2017-04-27 | 2017-08-29 | 电子科技大学 | A kind of intelligent contract implementation method based on block chain |
| CN108764945A (en) * | 2018-06-05 | 2018-11-06 | 武汉天喻信息产业股份有限公司 | A kind of automobile SC system and method based on block chain technology |
| CN108932433A (en) * | 2018-06-14 | 2018-12-04 | 江苏百倍云信息科技有限公司 | A kind of industrial data shared system and method based on block chain |
| CN108830602A (en) * | 2018-06-27 | 2018-11-16 | 电子科技大学 | A kind of license chain construction and management-control method based on chameleon hash function |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021093462A1 (en) * | 2019-11-11 | 2021-05-20 | 蚂蚁区块链科技(上海)有限公司 | Method and apparatus for storing operation record in database, and device |
| CN116502276A (en) * | 2023-06-29 | 2023-07-28 | 极术(杭州)科技有限公司 | Method and device for inquiring trace |
| CN116502276B (en) * | 2023-06-29 | 2023-09-12 | 极术(杭州)科技有限公司 | Method and device for inquiring trace |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109902086A (en) | A kind of index creation method, device and equipment | |
| CN109902071A (en) | Business diary storage method, system, device and equipment | |
| CN109951290A (en) | A kind of time service authentication method, device and the equipment of chain type account book | |
| TWI727594B (en) | Signature verification method, system, device and equipment in block chain ledger | |
| CN110059084A (en) | A kind of date storage method, device and equipment | |
| CN110061843A (en) | The high creation method of block, device and equipment in a kind of chain type account book | |
| CN110019278A (en) | A kind of data verification method, device and equipment | |
| CN110008203A (en) | A kind of data clearing method, device and equipment | |
| CN109460413B (en) | Method and system for establishing account across block chains | |
| CN110188096A (en) | A kind of index creation method, device and equipment of data record | |
| CN110008249A (en) | A kind of time-based data query method, device and equipment | |
| CN110046281A (en) | A kind of data adding method, device and equipment | |
| CN110334153B (en) | Authorization method, system, device and equipment in block chain type account book | |
| CN110457898A (en) | Operation note storage method, device and equipment based on credible performing environment | |
| CN110162662A (en) | Verification method, device and the equipment of data record in a kind of piece of chain type account book | |
| CN110266494B (en) | Time service authentication method, device and equipment in block chain type account book | |
| CN110022315A (en) | Weight management method, device and equipment in a kind of piece of chain type account book | |
| CN110147686A (en) | A kind of storage method, system, device and the equipment of personal asset change record | |
| CN110474775B (en) | User creating method, device and equipment in block chain type account book | |
| CN110162523A (en) | Date storage method, system, device and equipment | |
| CN110190963A (en) | A kind of monitoring method, device and equipment for the request of time service certificates constructing | |
| CN110347745A (en) | Time service authentication method, device and the equipment of a kind of piece of chain type account book | |
| CN110347678B (en) | Financial data storage method, system, device and equipment | |
| CN110020547A (en) | A kind of data hiding method, device and equipment | |
| CN110019373A (en) | A kind of data query method, device and equipment based on cryptographic Hash |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201015 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20201015 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Applicant before: Alibaba Group Holding Ltd. |
|
| AD01 | Patent right deemed abandoned | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20240220 |