CN110224984A - A kind of multi-party authorization method and device based on block chain technology - Google Patents

A kind of multi-party authorization method and device based on block chain technology Download PDF

Info

Publication number
CN110224984A
CN110224984A CN201910374338.6A CN201910374338A CN110224984A CN 110224984 A CN110224984 A CN 110224984A CN 201910374338 A CN201910374338 A CN 201910374338A CN 110224984 A CN110224984 A CN 110224984A
Authority
CN
China
Prior art keywords
key
authorized
sub
authorization
party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910374338.6A
Other languages
Chinese (zh)
Inventor
何军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910374338.6A priority Critical patent/CN110224984A/en
Priority to PCT/CN2019/104329 priority patent/WO2020224138A1/en
Publication of CN110224984A publication Critical patent/CN110224984A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

The embodiment of the invention provides a kind of multi-party authorization method and devices based on block chain technology, and the present invention relates to block chain technical field, method includes: the authorization requests for obtaining and being authorized to and just uploading, wherein authorization requests are associated with multiple authorized parties;In response to authorization requests, the authorization data packets that the main authorized party in multiple authorized parties uploads are obtained, wherein the authorization data packets of upload are encrypted using first key, and first key includes multiple sub-keys, and each sub-key is corresponding with an authorized party;Obtain the multiple sub-keys for being authorized to and just uploading;Multiple sub-keys are spliced by preset algorithm, obtain the second key;Second key is matched with first key, works as successful match, authorization data packets, which are decrypted and licensed to, is authorized to side.Technical solution provided in an embodiment of the present invention is able to solve the low problem of Information Security of multi-party authorization involved in the prior art.

Description

A kind of multi-party authorization method and device based on block chain technology
[technical field]
The present invention relates to block chain technical field more particularly to a kind of multi-party authorization methods and dress based on block chain technology It sets.
[background technique]
Currently, the authorization of data is all usually one-to-one progress on block chain, however in individual demand, it needs more A node, which is fully completed the authorization to a certain node, just to be calculated and authorizes successfully, this when, the scheme of one-to-one authorization was then unable to satisfy It needs, therefore how to ensure that the safety of data under multi-party authorization situation becomes current urgent problem to be solved.
[summary of the invention]
In view of this, being used the embodiment of the invention provides a kind of multi-party authorization method and device based on block chain technology Information Security to solve the problems, such as multi-party authorization involved in the prior art is low.
To achieve the goals above, according to an aspect of the invention, there is provided it is a kind of based on the multi-party of block chain technology Authorization method, which comprises
Obtain the authorization requests for being authorized to and just uploading, wherein the authorization requests are associated with multiple authorized parties;In response to The authorization requests obtain the authorization data packets that the main authorized party in multiple authorized parties uploads, wherein the institute of upload It states authorization data packets to be encrypted using first key, the first key includes multiple sub-keys, and each son is close Key is corresponding with an authorized party;Obtain multiple sub-keys that the authorized side uploads;It will by preset algorithm Multiple sub-keys are spliced, and the second key is obtained;Second key is matched with the first key, when With success, the authorization data packets decrypt and license to the authorized side.
Further, described in response to the authorization requests, the main authorized party obtained in multiple authorized parties is uploaded The authorization data packets before, which comprises in response to the authorization requests, generate the first key, described One key includes multiple sub-keys, and the sub-key is that the identity information of an authorized party is obtained by Hash operation Cryptographic Hash;Each of the first key sub-key is labeled with the mark of a corresponding authorized party.
Further, the Hash operation include Message Digest 5, it is any one in safe gibberish canonical algorithm Kind.
Further, described to be spliced multiple sub-keys by preset algorithm, the method for obtaining the second key, Comprise determining that the sub-key that the authorized side uploads quantity and the first key in sub-key quantity whether It is identical;If identical, the sub-key of upload is spliced according to the mark of the authorized party, obtains the second key.
Further, before multiple sub-keys that the acquisition authorized side uploads, the method is also wrapped It includes: sub-key corresponding with the authorized party in the first key being carried out one by one using the public key of the authorized party secondary Encryption;The secondary encrypted first key is sent to each authorized party, wherein the authorized party will enough privates The sub-key of key decryption is sent to the authorized side, and the private key and a pair that the public key is the authorized party are asymmetric close Key.
Further, described in response to the authorization requests, the main authorized party obtained in multiple authorized parties is uploaded The authorization data packets before, the method also includes:
In response to the authorization requests, the first key K is generated1, the first key K1For to the main authorized party The authorization data packets uploaded are encrypted;Appoint and takes n random number a0..., an-1, and construct linear polynomial a (x) =a0+a1x+a2x2+…+an-1xn-1, wherein a0=K1, x value [1, n+1], and x, n are all the integer more than or equal to 1;It takes at random One prime number p, p > K1, remainder function f (x)=a (x) mod (p) is enabled, and successively bring x into the remainder function and obtain f (x1) ..., f (xn+1);By sub-key (x1, f (x1)) ..., sub-key (xn+1, f (xn+1)) distribute to the n+1 authorized parties.
Further, described to be spliced multiple sub-keys by preset algorithm, the method for obtaining the second key, Include: to be restored multiple sub-keys using Lagrange's interpolation formula, obtains second key.
To achieve the goals above, according to an aspect of the invention, there is provided it is a kind of based on the multi-party of block chain technology Authorization device, described device include first acquisition unit, for obtaining the authorization requests for being authorized to and just uploading, wherein described to award Power request is associated with multiple authorized parties;Second acquisition unit, for obtaining multiple authorizations in response to the authorization requests The authorization data packets that main authorized party in side uploads, wherein the authorization data packets of upload are carried out using first key Encryption, the first key include multiple sub-keys, and each sub-key is corresponding with an authorized party;Third Acquiring unit, the multiple sub-keys uploaded for obtaining the authorized side;Concatenation unit, being used for will by preset algorithm Multiple sub-keys are spliced, and the second key is obtained;Matching unit is used for second key and the first key It is matched, works as successful match, the authorization data packets decrypt and license to the authorized side.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of computer non-volatile memories are situated between Matter, the storage medium include the program of storage, control equipment where the storage medium in described program operation and execute The multi-party authorization method based on block chain technology stated.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of computer equipment, including storage Device, processor and storage in the memory and the computer program that can run on the processor, the processor The step of above-mentioned multi-party authorization method based on block chain technology is realized when executing the computer program.
In the present solution, multiple sub-keys by splitting key, and (authorized by the manager of sub-key Side) it is sent respectively to be authorized to side, when the second key that all sub-keys are spliced into can be unlocked by first key encryption When data packet, data can be obtained just now by being authorized to, to improve the safety of data in block chain.
[Detailed description of the invention]
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this field For those of ordinary skill, without any creative labor, it can also be obtained according to these attached drawings other attached Figure.
Fig. 1 is a kind of process of multi-party authorization method optionally based on block chain technology provided in an embodiment of the present invention Figure;
Fig. 2 is a kind of signal of multi-party authorization device optionally based on block chain technology provided in an embodiment of the present invention Figure;
Fig. 3 is a kind of schematic diagram of optional computer equipment provided in an embodiment of the present invention.
[specific embodiment]
For a better understanding of the technical solution of the present invention, being retouched in detail to the embodiment of the present invention with reference to the accompanying drawing It states.
It will be appreciated that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Base Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its Its embodiment, shall fall within the protection scope of the present invention.
The term used in embodiments of the present invention is only to be not intended to be limiting merely for for the purpose of describing particular embodiments The present invention.In the embodiment of the present invention and the "an" of singular used in the attached claims, " described " and "the" It is also intended to including most forms, unless the context clearly indicates other meaning.
It should be appreciated that term "and/or" used herein is only a kind of incidence relation for describing affiliated partner, indicate There may be three kinds of relationships, for example, A and/or B, can indicate: individualism A, exist simultaneously A and B, individualism B these three Situation.In addition, character "/" herein, typicallys represent the relationship that forward-backward correlation object is a kind of "or".
It will be appreciated that though terminal may be described using term first, second, third, etc. in embodiments of the present invention, But these terminals should not necessarily be limited by these terms.These terms are only used to for terminal being distinguished from each other out.For example, not departing from the present invention In the case where scope of embodiments, first acquisition unit can also be referred to as second acquisition unit, similarly, second acquisition unit First acquisition unit can be referred to as.
Depending on context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determination " or " in response to detection ".Similarly, depend on context, phrase " if it is determined that " or " if detection (condition or event of statement) " can be construed to " when determining " or " in response to determination " or " when the detection (condition of statement Or event) when " or " in response to detection (condition or event of statement) ".
Fig. 1 is a kind of flow chart of multi-party authorization method based on block chain technology according to an embodiment of the present invention, such as Fig. 1 It is shown, this method comprises:
Step S101 obtains the authorization requests for being authorized to and just uploading, wherein authorization requests are associated with multiple authorized parties.
Step S102 obtains the authorization data packets that the main authorized party in multiple authorized parties uploads in response to authorization requests, In, the authorization data packets of upload are encrypted using first key, and first key includes multiple sub-keys, each sub-key It is corresponding with an authorized party.
Step S103 obtains the multiple sub-keys for being authorized to and just uploading.
Multiple sub-keys are spliced by preset algorithm, obtain the second key by step S104.
Second key is matched with first key, works as successful match by step S105, and authorization data packets are decrypted and authorized To authorized side.
In the present solution, multiple sub-keys by splitting key, and (authorized by the manager of sub-key Side) it is sent respectively to be authorized to side, when the second key that all sub-keys are spliced into can be unlocked by first key encryption When data packet, data can be obtained just now by being authorized to, to improve the safety of data in block chain.
It is to be appreciated that in multiple sub-keys if lack a certain authorized party sub-key or a certain sub-key it is incorrect, It all will be unable to restore the second key to match with first key.Such as the calling of some contract documents needs multiple examination & approval Member is authorized, and after the main custodian authorization of contract documents, remaining examination & approval person needs one by one to license to the sub-key of oneself Called side, called side could open called contract documents after collecting neat sub-key.
Optionally, in response to authorization requests, obtain authorization data packets that main authorized party in multiple authorized parties uploads it Before, method includes: to generate first key in response to authorization requests;First key includes multiple sub-keys, and sub-key is one and awards The cryptographic Hash that the identity information of Quan Fang is obtained by Hash operation;By the corresponding authorization of each sub-key in first key The mark of side is labeled.In the present embodiment, the identity information of authorized party can be the name of authorized party, ID mark, mailbox Deng the unique identity information bound with authorized party.
Hash is also hash, is exactly the input random length, becomes the output of regular length by hashing algorithm, defeated Out be exactly hashed value.Hash operation can be divided into according to the difference of Hash operation result length it is a variety of, such as 16 Hash operation, 32 Hash operations, 128 Hash operations.In the present embodiment, the Hash that each sub-key is 32 It is close to be divided into 1~32 the first sub-key, the second of 33~64 the son for value, such as the Hash sequence that first key is 128 Key, 65~96 third sub-keys, 97~128 the 4th sub-keys.
In other embodiments, sub-key includes shared cryptographic Hash and privately owned cryptographic Hash.Such as: sub-key is 32 Kazakhstan Uncommon value, wherein preceding 16 cryptographic Hash are shared cryptographic Hash, rear 16 cryptographic Hash are that the identity information of each authorized party passes through Kazakhstan The privately owned cryptographic Hash that uncommon operation obtains.The shared cryptographic Hash is what the identity information of authorization data packets was obtained by Hash operation Cryptographic Hash.For example, the number of contract to be authorized, or the title of file to be authorized.By the way that shared cryptographic Hash is arranged, so that Later period after decryption, can carry out consistency matching with to authorization data, and authorization data is avoided to occur exchanging or grant error The case where.
Optionally, Hash operation includes Message Digest 5, any one in safe gibberish canonical algorithm, is had There are preferable compressibility, anti-collision and anti-modification, and calculates easy.It is appreciated that due to Hash operation have it is irreversible The characteristics of, i.e., by Hash sequence, can not restore to obtain the character string before script operation.Therefore, third party can not obtain authorization The identity information of multiple authorized parties of data packet cannot usurp authorization data packets, to protect authorization number by authorizing privately According to the safety of packet.
Optionally, multiple sub-keys are spliced by preset algorithm, the method for obtaining the second key, comprising:
Determine whether the quantity for the sub-key being authorized in the quantity and first key of the sub-key just uploaded is identical;If It is identical, the sub-key of upload is spliced according to the mark of authorized party, obtains the second key.
In the present embodiment, it is authorized to the sub-key just uploaded and is equipped with mark, is identified according to this by sub-key and first Sub-key in key with like-identified is matched.For example, the complete sequence of first key is A (the first sub-key)+B (the second sub-key)+C (third sub-key)+D (the 4th sub-key), then according to putting in order for the mark of sub-key that son is close Key is spliced, if lacking C, then can not splice complete Hash sequence, and if it is inconsistent to put in order, first key It can not successful match with the second key.In sub-key matching process, in the complete sequence of A (the first sub-key) and first key The sequence of part A matched, if successful match, then it represents that the authorization success of the authorized party.As tetra- authorized parties of A, B, C, D Sub-key equal successful match when, authorization data packets could decryption and authorization success.
Optionally, before obtaining the multiple sub-keys for being authorized to and just uploading, method further include:
Secondary encryption is carried out one by one to sub-key corresponding with authorized party in first key using the public key of authorized party;It will Secondary encrypted first key is sent to each authorized party, wherein authorized party will the sub-key of enough private keys decryption send To authorized side, private key is a pair of of unsymmetrical key of authorized party with public key.It is to be appreciated that system is will be in first key When sub-key is distributed, sub-key to be allocated is encrypted with the public key of recipient, then this sub-key Even if this sub-key can not be opened by the acquisition of other nodes, correct Hash sequence is obtained.Only possess and matches with public key Pair private key one just now can decryption sub-key, obtain correct Hash sequence.
In one embodiment, after multiple sub-keys of first key pass through corresponding public key encryption respectively, Ke Yijia Complete first key after close issues each authorized party, can also will identify associated sub-key with authorized party in first key Individually issue authorized party.It is to be appreciated that the above-mentioned sub-key method of salary distribution, authorized party can only decrypt one of them using private key Sub-key, to further ensure the safety of authorization data packets.
Optionally, in response to authorization requests, obtain authorization data packets that main authorized party in multiple authorized parties uploads it Before, method further include: in response to authorization requests, generate first key K1, first key K1Authorization for being uploaded to main authorized party Data packet is encrypted;Appoint and takes n random number a0..., an-1, and construct linear polynomial a (x)=a0+a1x+a2x2+…+ an-1xn-1, wherein a0=K1, x value [1, n+1], and x, n are all the integer more than or equal to 1;A prime number p, p > K are taken at random1, Remainder function f (x)=a (x) mod (p) is enabled, and successively brings x into the preset function and obtains f (x1) ..., f (xn+1);It will be sub Key (x1, f (x1)) ..., sub-key (xn+1, f (xn+1)) distribute to the n+1 authorized parties.
Wherein, remainder function is complementation to prime number p after the result for calculating linear polynomial, and each sub-key can be with It is obtained by the specific exploitation of x.Such as: x1It is 1, x2It is 2, x3It is 3, then f (x1) it is (a0+a1) mod (p), f (x2) be (a0+2a1) mod (p), f (x3) it is (a0+3a1+9a2)mod(p)。
In present embodiment, using random number, prime number and preset operation mode, by first key K1Needed for automatically generating The sub-key of quantity sub-key, generation is highly-safe, it is difficult to be cracked, to ensure the safety of authorization data packets.
Optionally, multiple sub-keys are spliced by preset algorithm, the method for obtaining the second key, comprising: utilize Lagrange's interpolation formula restores multiple sub-keys, obtains the second key.
The embodiment of the invention provides a kind of multi-party authorization device based on block chain technology, the device is above-mentioned for executing Based on the multi-party authorization method of block chain technology, as shown in Fig. 2, the device includes: first acquisition unit 10, second acquisition unit 20, third acquiring unit 30, concatenation unit 40, matching unit 50.
First acquisition unit 10, for obtaining the authorization requests for being authorized to and just uploading, wherein authorization requests and multiple authorizations Side is associated;
Second acquisition unit 20, in response to authorization requests, obtaining awarding for the upload of the main authorized party in multiple authorized parties Weigh data packet, wherein the authorization data packets of upload are encrypted using first key, and first key includes that multiple sons are close Key, each sub-key are corresponding with an authorized party;
Third acquiring unit 30, for obtaining the multiple sub-keys for being authorized to and just uploading;
Concatenation unit 40 obtains the second key for splicing multiple sub-keys by preset algorithm;
Matching unit 50 works as successful match, authorization data packets decryption for matching the second key with first key And it licenses to and is authorized to side.
In the present solution, multiple sub-keys by splitting key, and (authorized by the manager of sub-key Side) it is sent respectively to be authorized to side, when the second key that all sub-keys are spliced into can be unlocked by first key encryption When data packet, data can be obtained just now by being authorized to, to improve the safety of data in block chain.
It is to be appreciated that in multiple sub-keys if lack a certain authorized party sub-key or a certain sub-key it is incorrect, It all will be unable to restore the second key to match with first key.Such as the calling of some contract documents needs multiple examination & approval Member is authorized, and after the main custodian authorization of contract documents, remaining examination & approval person needs one by one to license to the sub-key of oneself Called side, called side could open called contract documents after collecting neat sub-key.
Optionally, device further include: the first generation unit, mark unit.
First generation unit, for generating first key in response to authorization requests, first key includes multiple sub-keys, Sub-key is the cryptographic Hash that the identity information of an authorized party is obtained by Hash operation;Unit is marked, is used for first key In each sub-key be labeled with the mark of a corresponding authorized party.In the present embodiment, the identity information of authorized party can To be unique identity information that name, ID mark, mailbox of authorized party etc. are bound with authorized party.
Hash is also hash, is exactly the input random length, becomes the output of regular length by hashing algorithm, defeated Out be exactly hashed value.Hash operation can be divided into according to the difference of Hash operation result length it is a variety of, such as 16 Hash operation, 32 Hash operations, 128 Hash operations.In the present embodiment, the Hash that each sub-key is 32 It is close to be divided into 1~32 the first sub-key, the second of 33~64 the son for value, such as the Hash sequence that first key is 128 Key, 65~96 third sub-keys, 97~128 the 4th sub-keys.
In other embodiments, sub-key includes shared cryptographic Hash and privately owned cryptographic Hash.Such as: sub-key is 32 Kazakhstan Uncommon value, wherein preceding 16 cryptographic Hash are shared cryptographic Hash, rear 16 cryptographic Hash are that the identity information of each authorized party passes through Kazakhstan The privately owned cryptographic Hash that uncommon operation obtains.The shared cryptographic Hash is what the identity information of authorization data packets was obtained by Hash operation Cryptographic Hash.For example, the number of contract to be authorized, or the title of file to be authorized.By the way that shared cryptographic Hash is arranged, so that Later period after decryption, can carry out consistency matching with to authorization data, and authorization data is avoided to occur exchanging or grant error The case where.
Optionally, Hash operation includes Message-Digest Algorithm 5, md5-challenge 4, safe gibberish canonical algorithm In any one, all have preferable compressibility, anti-collision and anti-modification, and calculate easy.It is appreciated that due to breathing out Uncommon operation has irreversible feature, i.e., by Hash sequence, can not restore to obtain the character string before script operation.Therefore, Tripartite can not obtain the identity information of multiple authorized parties of authorization data packets, cannot usurp authorization data packets by authorizing privately, To protect the safety of authorization data packets.
Optionally, concatenation unit 40 includes determining subelement, coupling subelement.
Subelement is determined, for determining the number for the sub-key being authorized in the quantity and first key of the sub-key just uploaded It whether identical measures;Coupling subelement, if being spliced according to the mark of authorized party by the sub-key of upload, being obtained for identical To the second key.
In the present embodiment, it is authorized to the sub-key just uploaded and is equipped with mark, is identified according to this by sub-key and first Sub-key in key with like-identified is matched.For example, the complete sequence of first key is A (the first sub-key)+B (the second sub-key)+C (third sub-key)+D (the 4th sub-key), then according to putting in order for the mark of sub-key that son is close Key is spliced, if lacking C, then can not splice complete Hash sequence, and if it is inconsistent to put in order, first key It can not successful match with the second key.In sub-key matching process, in the complete sequence of A (the first sub-key) and first key The sequence of part A matched, if successful match, then it represents that the authorization success of the authorized party.As tetra- authorized parties of A, B, C, D Sub-key equal successful match when, authorization data packets could decryption and authorization success.
Optionally, device further includes encryption unit, transmission unit.
Encryption unit, for using authorized party public key to sub-key corresponding with authorized party in first key one by one into The secondary encryption of row;Transmission unit, for secondary encrypted first key to be sent to each authorized party, wherein authorized party will It can be sent to the sub-key that private key is decrypted and be authorized to side, private key and public key as a pair of of unsymmetrical key of authorized party.
It is to be appreciated that system is when the sub-key in first key to be distributed, by sub-key to be allocated with connecing The public key of debit is encrypted, even if then this sub-key by the acquisition of other nodes can not to open this height close Key obtains correct Hash sequence.Only possess with public key pairing private key one just now can decryption sub-key, obtain correctly Hash sequence.
In one embodiment, after multiple sub-keys of first key pass through corresponding public key encryption respectively, Ke Yijia Complete first key after close issues each authorized party, can also will identify associated sub-key with authorized party in first key Individually issue authorized party.It is to be appreciated that the above-mentioned sub-key method of salary distribution, authorized party can only decrypt one of them using private key Sub-key, to further ensure the safety of authorization data packets.
Optionally, device further includes the second generation unit, structural unit, setting unit, allocation unit.
Second generation unit, for generating first key K in response to authorization requests1, first key K1For to main authorization The authorization data packets of Fang Shangchuan are encrypted;Structural unit takes n random number a for appointing0..., an-1, and construct linear Multinomial a (x)=a0+a1x+a2x2+…+an-1xn-1, wherein a0=K1, x value [1, n+1], n is the integer greater than 1;Setting is single Member, for taking a prime number p, p > K at random1, remainder function f (x)=a (x) mod (p) is enabled, and x is successively brought into the remainder Function obtains f (x1) ..., f (xn+1);Allocation unit is used for sub-key (x1, f (x1)) ..., sub-key (xn+1, f (xn+1)) Distribute to the n+1 authorized parties.
Wherein, remainder function is complementation to prime number p after the result for calculating linear polynomial, and each sub-key can be with It is obtained by the specific exploitation of x.Such as: x1It is 1, x2It is 2, x3It is 3, then f (x1) it is (a0+a1) mod (p), f (x2) be (a0+2a1) mod (p), f (x3) it is (a0+3a1+9a2)mod(p)。
In present embodiment, using random number, prime number and preset operation mode, by first key K1Needed for automatically generating The sub-key of quantity sub-key, generation is highly-safe, it is difficult to be cracked, to ensure the safety of authorization data packets.
Optionally, multiple sub-keys are spliced by preset algorithm, the method for obtaining the second key, comprising: utilize Lagrange's interpolation formula restores multiple sub-keys, obtains the second key.
The embodiment of the invention provides a kind of computer non-volatile memory medium, storage medium includes the program of storage, Wherein, when program is run, equipment where control storage medium executes following steps:
Obtain the authorization requests for being authorized to and just uploading, wherein authorization requests are associated with multiple authorized parties;In response to authorization Request obtains the authorization data packets that the main authorized party in multiple authorized parties uploads, wherein the authorization data packets of upload utilize first Key is encrypted, and first key includes multiple sub-keys, and each sub-key is corresponding with an authorized party;Acquisition is awarded Multiple sub-keys that Quan Fang is uploaded;Multiple sub-keys are spliced by preset algorithm, obtain the second key;By the second key It is matched with first key, works as successful match, authorization data packets, which are decrypted and licensed to, is authorized to side.
Optionally, when program is run, equipment where control storage medium executes following steps: raw in response to authorization requests At first key;First key includes multiple sub-keys, and sub-key is that the identity information of an authorized party is obtained by Hash operation The cryptographic Hash arrived;Each sub-key in first key is associated with the mark of a corresponding authorized party.
Optionally, when program is run, equipment where control storage medium executes following steps: Hash operation includes information- Digest algorithm 5, md5-challenge 4, any one in safe gibberish canonical algorithm.
Optionally, when program is run, equipment where control storage medium executes following steps: determining that being authorized to side uploads Sub-key quantity and first key in sub-key quantity it is whether identical;It, will according to the mark of authorized party if identical The sub-key of upload is spliced, and the second key is obtained.
Optionally, when program is run, equipment where control storage medium executes following steps: utilizing the public key of authorized party Secondary encryption is carried out one by one to sub-key corresponding with authorized party in first key;Secondary encrypted first key is sent To each authorized party, wherein authorized party will the sub-key of enough private keys decryption be sent to and be authorized to side, private key and public key to award A pair of secret keys of Quan Fang.
Fig. 3 is a kind of schematic diagram of computer equipment provided in an embodiment of the present invention.As shown in figure 3, the meter of the embodiment Machine equipment 100 is calculated to include: processor 101, memory 102 and storage in the memory 102 and can run on processor 101 Computer program 103, the computer program 103 by processor 101 execute when realize embodiment in based on block chain technology Multi-party authorization method do not repeated one by one herein to avoid repeating.Alternatively, real when the computer program is executed by processor 101 The function of each model/unit, different herein to avoid repeating in multi-party authorization device based on block chain technology in current embodiment One repeats.
Computer equipment 100 can be the calculating such as desktop PC, notebook, palm PC and cloud server and set It is standby.Computer equipment may include, but be not limited only to, processor 101, memory 102.It will be understood by those skilled in the art that Fig. 3 The only example of computer equipment 100 does not constitute the restriction to computer equipment 100, may include than illustrate it is more or Less component perhaps combines certain components or different components, such as computer equipment can also be set including input and output Standby, network access equipment, bus etc..
Alleged processor 101 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor Deng.
Memory 102 can be the internal storage unit of computer equipment 100, for example, computer equipment 100 hard disk or Memory.What memory 102 was also possible to be equipped on the External memory equipment of computer equipment 100, such as computer equipment 100 inserts Connect formula hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash memory Block (Flash Card) etc..Further, memory 102 can also both including computer equipment 100 internal storage unit or Including External memory equipment.Memory 102 is for storing other program sum numbers needed for computer program and computer equipment According to.Memory 102 can be also used for temporarily storing the data that has exported or will export.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided by the present invention, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or group Part can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown Or the mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer It is each that device (can be personal computer, server or network equipment etc.) or processor (Processor) execute the present invention The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read- Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various It can store the medium of program code.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the present invention.

Claims (10)

1. a kind of multi-party authorization method based on block chain technology, which is characterized in that the described method includes:
Obtain the authorization requests for being authorized to and just uploading, wherein the authorization requests are associated with multiple authorized parties;
In response to the authorization requests, the authorization data packets that the main authorized party in multiple authorized parties uploads are obtained, In, the authorization data packets of upload are encrypted using first key, and the first key includes multiple sub-keys, often A sub-key is corresponding with an authorized party;
Obtain multiple sub-keys that the authorized side uploads;
Multiple sub-keys are spliced by preset algorithm, obtain the second key;
Second key is matched with the first key, works as successful match, the authorization data packets are decrypted and authorized To the authorized side.
2. the method according to claim 1, wherein obtaining multiple institutes in response to the authorization requests described Before the authorization data packets for stating the main authorized party upload in authorized party, which comprises
In response to the authorization requests, first key is generated, the first key includes multiple sub-keys, the sub-key The cryptographic Hash obtained for the identity information of an authorized party by Hash operation;
Each of the first key sub-key is labeled with the mark of a corresponding authorized party.
3. according to the method described in claim 2, it is characterized in that, the Hash operation include Message Digest 5, safety it is miscellaneous Any one in random information standard algorithm.
4. according to the method described in claim 2, it is characterized in that, described carried out multiple sub-keys by preset algorithm Splicing, obtains the second key, comprising:
Determine the sub-key that the authorized side uploads quantity and the first key in sub-key quantity whether It is identical;
If identical, the sub-key of upload is spliced according to the mark of the authorized party, obtains the second key.
5. the method according to claim 1, wherein being uploaded in the acquisition authorized side multiple described Before sub-key, the method also includes:
Two are carried out one by one to sub-key corresponding with the authorized party in the first key using the public key of the authorized party Secondary encryption;
The secondary encrypted first key is sent to each authorized party, wherein the authorized party will enough privates The sub-key of key decryption is sent to the authorized side, and the private key and a pair that the public key is the authorized party are asymmetric close Key.
6. the method according to claim 1, wherein obtaining multiple institutes in response to the authorization requests described Before stating the authorization data packets that the main authorized party in authorized party uploads, the method also includes:
In response to the authorization requests, the first key K is generated1, the first key K1For being uploaded to the main authorized party The authorization data packets be encrypted;
Appoint and takes n random number a0..., an-1, and construct linear polynomial a (x)=a0+a1x+a2x2+…+an-1xn-1, wherein a0= K1, x value [1, n+1], and x, n are all the integer more than or equal to 1;
A prime number p, p > K are taken at random1, remainder function f (x)=a (x) mod (p) is enabled, and x is successively brought into the remainder function Obtain f (x1) ..., f (xn+1);
By sub-key (x1, f (x1)) ..., sub-key (xn+1, f (xn+1)) distribute to the n+1 authorized parties.
7. according to the method described in claim 6, it is characterized in that, described carried out multiple sub-keys by preset algorithm Splicing, the method for obtaining the second key, comprising:
Multiple sub-keys are restored using Lagrange's interpolation formula, obtain second key.
8. a kind of multi-party authorization device based on block chain technology, which is characterized in that described device includes:
First acquisition unit, for obtaining the authorization requests for being authorized to and just uploading, wherein the authorization requests and multiple authorized parties It is associated;
Second acquisition unit, in response to the authorization requests, obtaining what the main authorized party in multiple authorized parties uploaded The authorization data packets, wherein the authorization data packets of upload are encrypted using first key, the first key Including multiple sub-keys, each sub-key is corresponding with an authorized party;
Third acquiring unit, the multiple sub-keys uploaded for obtaining the authorized side;
Concatenation unit obtains the second key for splicing multiple sub-keys by preset algorithm;
Matching unit works as successful match, the authorization data for matching second key with the first key Packet is decrypted and licenses to the authorized side.
9. a kind of computer non-volatile memory medium, the storage medium includes the program of storage, which is characterized in that described Equipment perform claim requires described in 1 to 7 any one based on block chain skill program controls the storage medium when running where The multi-party authorization method of art.
10. a kind of computer equipment, including memory and processor, the memory is for storing the letter including program instruction Breath, the processor are used to control the execution of program instruction, it is characterised in that: described program instruction is loaded and executed by processor The step of multi-party authorization method based on block chain technology described in Shi Shixian claim 1 to 7 any one.
CN201910374338.6A 2019-05-07 2019-05-07 A kind of multi-party authorization method and device based on block chain technology Pending CN110224984A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910374338.6A CN110224984A (en) 2019-05-07 2019-05-07 A kind of multi-party authorization method and device based on block chain technology
PCT/CN2019/104329 WO2020224138A1 (en) 2019-05-07 2019-09-04 Blockchain technology-based multi-party authorization method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910374338.6A CN110224984A (en) 2019-05-07 2019-05-07 A kind of multi-party authorization method and device based on block chain technology

Publications (1)

Publication Number Publication Date
CN110224984A true CN110224984A (en) 2019-09-10

Family

ID=67820581

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910374338.6A Pending CN110224984A (en) 2019-05-07 2019-05-07 A kind of multi-party authorization method and device based on block chain technology

Country Status (2)

Country Link
CN (1) CN110224984A (en)
WO (1) WO2020224138A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110602089A (en) * 2019-09-11 2019-12-20 腾讯科技(深圳)有限公司 Block chain-based medical data storage method, device, equipment and storage medium
CN111131336A (en) * 2020-03-30 2020-05-08 腾讯科技(深圳)有限公司 Resource access method, device, equipment and storage medium under multi-party authorization scene
CN112272087A (en) * 2020-10-26 2021-01-26 链盟智能科技(广州)有限公司 Application method in block chain based on safe multi-party calculation
CN112307493A (en) * 2020-10-15 2021-02-02 上海东方投资监理有限公司 Project settlement data submission method, system, terminal equipment and storage medium
CN113259084A (en) * 2021-06-09 2021-08-13 江苏苏宁银行股份有限公司 Method and device for pre-warning of mortgage risk of movable property, computer equipment and storage medium
CN117097476A (en) * 2023-10-19 2023-11-21 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850221A (en) * 2017-04-10 2017-06-13 四川阵风科技有限公司 Information encryption and decryption method and device
CN108702287A (en) * 2018-04-16 2018-10-23 深圳前海达闼云端智能科技有限公司 Information publication based on block chain and acquisition methods, device and block chain node
CN108924107A (en) * 2018-06-21 2018-11-30 桂林电子科技大学 A kind of block chain tele-medicine data call can verify that method
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain
CN109697365A (en) * 2018-12-20 2019-04-30 深圳市元征科技股份有限公司 Information processing method and block chain node, electronic equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170372310A1 (en) * 2016-06-27 2017-12-28 Paypal, Inc. Secure key based trust chain among user devices
CN108632284B (en) * 2018-05-10 2021-02-23 网易(杭州)网络有限公司 User data authorization method, medium, device and computing equipment based on block chain
CN109543441A (en) * 2018-10-08 2019-03-29 北京百度网讯科技有限公司 Database authorization method, device, computer equipment and storage medium
CN109492419B (en) * 2018-11-27 2022-07-01 众安信息技术服务有限公司 Method, device and storage medium for acquiring data in block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850221A (en) * 2017-04-10 2017-06-13 四川阵风科技有限公司 Information encryption and decryption method and device
CN108702287A (en) * 2018-04-16 2018-10-23 深圳前海达闼云端智能科技有限公司 Information publication based on block chain and acquisition methods, device and block chain node
CN108924107A (en) * 2018-06-21 2018-11-30 桂林电子科技大学 A kind of block chain tele-medicine data call can verify that method
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain
CN109697365A (en) * 2018-12-20 2019-04-30 深圳市元征科技股份有限公司 Information processing method and block chain node, electronic equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
杨坚争、杨立钒: "《电子商务基础与应用(第十版)》", 《西安电子科技大学出版社》 *
肖振久,胡驰, 姜正涛,陈虹: "《AES与RSA算法优化及其混合加密体制》", 《计 算 机 应 用 研 究》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110602089A (en) * 2019-09-11 2019-12-20 腾讯科技(深圳)有限公司 Block chain-based medical data storage method, device, equipment and storage medium
CN110602089B (en) * 2019-09-11 2021-08-10 腾讯科技(深圳)有限公司 Block chain-based medical data storage method, device, equipment and storage medium
CN111131336A (en) * 2020-03-30 2020-05-08 腾讯科技(深圳)有限公司 Resource access method, device, equipment and storage medium under multi-party authorization scene
CN111131336B (en) * 2020-03-30 2020-07-17 腾讯科技(深圳)有限公司 Resource access method, device, equipment and storage medium under multi-party authorization scene
CN112307493A (en) * 2020-10-15 2021-02-02 上海东方投资监理有限公司 Project settlement data submission method, system, terminal equipment and storage medium
CN112307493B (en) * 2020-10-15 2024-02-09 上海东方投资监理有限公司 Project settlement data review sending method, system, terminal equipment and storage medium
CN112272087A (en) * 2020-10-26 2021-01-26 链盟智能科技(广州)有限公司 Application method in block chain based on safe multi-party calculation
CN112272087B (en) * 2020-10-26 2023-04-18 链盟智能科技(广州)有限公司 Application method in block chain based on safe multi-party calculation
CN113259084A (en) * 2021-06-09 2021-08-13 江苏苏宁银行股份有限公司 Method and device for pre-warning of mortgage risk of movable property, computer equipment and storage medium
CN117097476A (en) * 2023-10-19 2023-11-21 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet
CN117097476B (en) * 2023-10-19 2024-01-26 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet

Also Published As

Publication number Publication date
WO2020224138A1 (en) 2020-11-12

Similar Documents

Publication Publication Date Title
JP7295927B2 (en) Methods and systems implemented by blockchain
CN110224984A (en) A kind of multi-party authorization method and device based on block chain technology
JP6877448B2 (en) Methods and systems for guaranteeing computer software using distributed hash tables and blockchain
CN102170440B (en) Method suitable for safely migrating data between storage clouds
CN110061845A (en) Block chain data ciphering method, device, computer equipment and storage medium
CN108900533A (en) A kind of shared data method for secret protection, system, terminal and medium
CN111008863B (en) Lottery drawing method and system based on block chain
KR20180114182A (en) Secure personal devices using elliptic curve cryptography for secret sharing
CN106664202A (en) Methods, systems and computer program product for providing encryption on a plurality of devices
CN109547218B (en) Alliance link node key distribution and backup system for improving BIP (building information processing) protocol
CN110362357A (en) A kind of configuration file management method and device of application program
Asfia et al. Energy trading of electric vehicles using blockchain and smart contracts
CN111125781B (en) File signature method and device and file signature verification method and device
EP3857814A1 (en) Computer-implemented system and method for transferring access to digital resource
CN110601830A (en) Key management method, device, equipment and storage medium based on block chain
CN108199847A (en) Security processing method, computer equipment and storage medium
US20230237437A1 (en) Apparatuses and methods for determining and processing dormant user data in a job resume immutable sequential listing
CN115203749A (en) Data transaction method and system based on block chain
Zhao et al. Fuzzy identity-based dynamic auditing of big data on cloud storage
CN111212026A (en) Data processing method and device based on block chain and computer equipment
WO2020010432A1 (en) Method, system, and device for selecting a winner of a raffle based on content from raffle tickets
CN109768969A (en) Authority control method and internet-of-things terminal, electronic equipment
CN115599773B (en) Distributed resource transfer method, device and system and computer equipment
EP4287560A1 (en) Encryption and decryption of transactions of a distributed ledger
CN116506227A (en) Data processing method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190910

RJ01 Rejection of invention patent application after publication