CN110245117A - The credible delet method of data and system on a kind of cloud based on block chain - Google Patents
The credible delet method of data and system on a kind of cloud based on block chain Download PDFInfo
- Publication number
- CN110245117A CN110245117A CN201910508543.7A CN201910508543A CN110245117A CN 110245117 A CN110245117 A CN 110245117A CN 201910508543 A CN201910508543 A CN 201910508543A CN 110245117 A CN110245117 A CN 110245117A
- Authority
- CN
- China
- Prior art keywords
- file
- key
- data
- contract
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
- G06F16/162—Delete operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/182—Distributed file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The credible delet method of data and system on a kind of cloud based on block chain.Include: 1. uploads: client uses symmetric key encryption file, uses the public key encryption file key of unsymmetrical key centering;File cipher text is uploaded to cloud storage service device, key ciphertext gives file corresponding intelligent contract, and asymmetric key pair locally retains in client.2. downloading: client obtains file cipher text from cloud storage service device, obtains key ciphertext from contract;Using the private key decruption key ciphertext locally saved, file cipher text is decrypted using obtained file key, obtains original.3. deleting: client requirements cloud storage service device deletes file cipher text, calls the key ciphertext in intelligent contract covering contract, and trigger contract self-destruction;It is performed to contract calling, delete operation is completed.4. verifying: the corresponding contract of client call file proves that file key ciphertext therein can not be obtained, that is, has been deleted if contract can not be called.
Description
[technical field]
The invention belongs to technical field of the block chain in conjunction with cloud computing, in particular to a kind of credible deletion side of cloud data
Method.
[background technique]
Cloud storage is a kind of storage mode by data outsourcing on-line storage, and the data of outsourcing are generally placed upon cloud service offer
In the storage server that quotient provides, by cloud service provider come organization and management data, correspondingly, user only need to be storage branch
Payment is used, and can be greatlyd save the cost of maintenance management server, be conveniently realized multiple terminals data sharing.
But when user need outsourcing data it is more secret when, it is higher right just to propose to cloud service service provider
The requirement of customer privacy data protection.But the manager as data, cloud service provider are had ready conditions the number of client's outsourcing
According to takeing forcible possession of.For example, on the one hand cloud service provider may peep the confidential data of client's upload, it on the other hand may be in visitor
Family requires still to retain initial data after deleting data.Moreover, in current cloud storage technology, it is that data are deleted as a result, often only
It is to be returned with the result of success or failure, cloud service provider proves that data have been deleted really on cloud without normal direction client.
In this case, there is a kind of credible deletion mode based on trusted third party.This technology is using encryption
Technology will need the data encryption of outsourcing, and encryption key is then applied to trusted third party, and it is close that trusted third party plays encryption
The distributor of key and manager's identity, realize believable deletion by making third party abrogate encryption key, by the task of deletion from
Cloud storage service device is transferred to key management third party.This mode, which is breached, deletes the inefficient of big file by data cover,
It ensure that deletion data are irrecoverable simultaneously.But, since the safety of scheme depends critically upon third-party credible, third party
Honest degree by the safety of restricted version, once there is malicious act in the third party of distribution and management key, file can
Letter is deleted and is difficult to guarantee.
Block chain is a kind of distributed database, has decentralization, can not distort and the characteristics such as credibility.It is all to add
The information of entire chain can be possessed by entering the node in block chain network, and miner's node can participate in knowing together on chain, to determine chain
State, common recognition mechanism guarantee chain on data be finally reached correct stable state, it ensure that the implementing result of contract pass through miner
Common recognition, it is believed that be to meet the result for executing logic.Once data become in block chain database admitted one by cochain
Point, this partial data is difficult to be modified again, unless attacker possesses the calculation power of the whole network 51%, for using ether mill as representative
It supports to scheme for the block platform chain of clever completeness, it is meant that the contract code disposed is almost impossible to be modified.Therefore, chain
On the operation of intelligent contract can be considered complete believable operation.The data stored in contract can only by contract code access, therefore,
Different from the data outsourcing in conventional cloud memory technology, although the data being stored in inside the contract of client's creation are by client's outsourcing
It goes out, but as long as the calling to contract limits slightly, these outer controls for contracting out the data being stored in inside contract are practical
Also in client's hand, it is difficult to be obtained by other people.
[summary of the invention]
The problem of present invention aim to address the protection of cloud storage data and credible deletions.In view of block chain technology itself
It is credible with can not tamper the characteristics of, cloud service provider can be not necessarily to block chain technical application into cloud storage
It is established between client under conditions of trusting completely and realizes the protection of client's confidential data and the credible deletion of data.
The present invention proposes the credible delet method of data on a kind of cloud based on block chain, comprising:
1) contract is disposed: client disposes an intelligent contract corresponding with file, intelligence first before file is uploaded
It can include one piece of memory space and one group of data management function in contract;Data management function includes that function, number is written in data
Function is deleted according to function reading and data.Block link network is just no longer monitored in the transaction that client initiates to create intelligent contract later
Implementation procedure in network is only locally remaining with transaction Hash, and corresponding with filename;It then needs to access intelligent contract every time
When, it all uses respective file name as index, finds the Hash of corresponding transaction first, then find corresponding intelligence using transaction Hash
The address of energy contract, reuses the call by location intelligence contract of intelligent contract;The intelligent contract is using ether mill as representative
Block chain technology in executable contract;Memory space includes the address type of 160bits for remembering in intelligent contract
Byte32 [8] type of the deployer address and 256bytes of recording the contract is close by the file after public key encryption for saving
Key;
2) file upload procedure, client locally possess asymmetric key pair;For the file generated symmetric key to be uploaded,
File cipher text is obtained using the symmetric key encryption file of generation;Key is obtained using the public key encryption file key locally possessed
Ciphertext;The data write-in function in the corresponding intelligent contract of file is called to deposit key ciphertext using key ciphertext as input data
It stores up in intelligent contract;File cipher text is uploaded to cloud storage service device;The symmetric key encryption algorithm used is AES-256;
The asymmetric-key encryption algorithm used is RSA-2048;
It is contracted out to cloud again after local encrypts confidential data using file key, cloud is prevented to obtain the secret letter of client
Breath will be stored in intelligent contract after file key encryption, save local storage space, reduce the possibility of file key damage
Property, while key ciphertext administrative power remains in client's hand;
3) file download process, client are downloaded to obtain file cipher text from cloud storage service device, call the corresponding intelligence of file
The Data Read Function of energy contract obtains file key ciphertext;Client uses the private key decryption file key ciphertext locally saved
File key is obtained, obtains plaintext document, i.e. original using obtained file key decryption file cipher text;
4) file deletes process, and client initiates file deletion requests to cloud storage service device, it is desirable that deletes cloud storage clothes
The respective file ciphertext possessed in business device;The data in the intelligent contract of respective file are called to delete function, it is desirable that intelligent contract
Delete the file key ciphertext wherein possessed;When data in the intelligent contract of respective file delete function execution, first by intelligence
The space covering of storage file ciphertext, then calls self-destruction function, contract self-destruction in energy contract, and memory space is released, file
Key is difficult to restore, then is difficult to be cracked using the file that file key encrypts, is considered as file and has been deleted;
5) verification process is deleted, client calls the intelligent contract of respective file again, if contract can not be called,
Prove that the file key ciphertext of respective file cannot be acquired, it is believed that plaintext document has been unable to get, i.e., file has been
It is deleted.
Present invention also provides the credible deletion systems of data on a kind of cloud based on block chain, including client part and intelligence
Energy Contract Design realizes part:
Client part: the main file upload for completing client's control, deletes and deletes the function of verifying at downloading, including
Crypto module, communication module, management module and top layer realization module is locally stored in data encoding and decoder module;
The data encoding and decoder module, the JSON formatted data construction and solution needed when for being communicated with ether mill
Analysis, and the ABI said shank construction of parameter and parsing when calling intelligence contract function;
The crypto module, for the generation of file key, the encryption of file key and decryption, the encryption of classified papers with
Decryption;
The communication module, for carrying out telecommunication with ether mill and being communicated with long-distance cloud storage server,
It sends and requests and obtain response, which calls data encoding and decoder module, constructs request message when sending request, is connecing
Decoding obtains response results after being responded;
It is described that management module is locally stored, for managing the classified papers being locally stored and filename and Hash of trading
The management of respective file;
The top layer realizes that module, the module call crypto module, ether mill communication module and management mould are locally stored
Block, for completing contract deployment, file uploads, downloading, delete, the logical AND function of verifying is realized.
Intelligent Contract Design realizes part: main intelligence contract internal logic of completing is arranged, including function, number is written in data
Storage and management of the file key ciphertext in contract is realized in the design and realization that function is deleted according to function reading, data, and
The deletion and contract self-destruction of file key ciphertext, and simple access control is provided.
The advantages and benefits of the present invention are:
It prevents cloud service provider from obtaining client's classified papers original text, reduces cloud service provider and illegally use client's confidential data
A possibility that;It using intelligent contract storage file key ciphertext, prevents from being tampered, prevents file key ciphertext from damaging, avoid removing
Client except contract deployer calls contract, and file key ciphertext is protected not to be stolen;It is saved and is managed using intelligent contract
File key ciphertext, the control of this partial data return in client's hand, since data need to use this part of key on cloud
Decryption is equivalent to and the control of data on cloud is given back client again, realizes the unification of data owner and data manager.
[Detailed description of the invention]
Attached drawing is only used for helping to understand scheme and system design in the present invention, can't cause improperly to limit to the present invention
It is fixed.
Fig. 1 is the flow chart of client operation of the invention;
Fig. 2 is the relational graph between client in the present invention, block chain and cloud;
Fig. 3 is the implementation procedure figure that file is uploaded, downloaded in the present invention;
Fig. 4 is the composition figure of system in the present invention;
Fig. 5 is the transmission time figure that system realizes under the test of different file sizes in the present invention, wherein (a) is file
It uploads, (b) is file download.
[specific embodiment]
Embodiment 1, a kind of credible delet method of cloud storage data based on block chain technology
Method more specifically to introduce the credible deletion of data on the cloud proposed in the present invention with reference to the accompanying drawing.Following
Schematical embodiment is only used for helping to understand the scheme and design cycle in the present invention, does not cause improperly to limit to the present invention
It is fixed.
In embodiment, client distrusts cloud service provider to return the result oneself confidential data deletion, cloud service
Provider be it is curious, will not malicious sabotage customer data it is likely that checking client's confidential data.
As shown in Figure 1, life cycle and operational flowchart for classified papers in the present invention.As shown in figure 3, for this
The implementation procedure that file uploads and downloads in invention.
Step 101: intelligent contract deployment: assuming that user USER has the demand of the protection credible deletion of data, needing to create first
Build one and the protected file F of needssecretCorresponding intelligence and about CFIf file FsecretThe entitled F of filename.Client
The transaction T of construction creation contract firstFdeploy, important field can be as shown in Table 1 in transaction.Client fills necessary transaction
Field calls ether mill remote function call eth_ using it as parameter by data organization in table 1 at JSON format
sendTransaction.After calling successfully, contract creation transaction is submitted.Function returns to transaction Hash H immediatelyFdeploy,
Corresponding relationship [F is locally storedname, HFdeploy].Trade TFdeployAfter being packaged and executed by miner, intelligence and about CFIt is created,
Address CFaddressIn the presence of transaction TFdeployReceipt among.
Optionally, simple corresponding relationship is realized using corresponding one intelligent contract of a file in the present embodiment;It is optional
Ground chooses ether mill in the present embodiment as block chain technology and realizes platform, and field shown in table 1 also uses in the transaction of ether mill
Method of Data Organization.
The intelligent contract creation transaction construction of table 1
Field | Explanation |
from | The address of transaction initiator, serial data and the contract founder address for being 160bit |
data | Contract creates bytecode, obtains after the success of contract code compilation |
nonce | The serial number that transaction is initiated by transaction initiator allows covering to be not carried out transaction |
Step 102: file uploads: still with file FsecretFor, its corresponding intelligence and about CFIt is already present on block chain
In network.In order to complete file upload operation, client need respectively with cloud storage service device and and about CFInteraction.Wherein,
With with about CFInteraction is exactly to call the disclosed data in the contract that function Func is writtenFset.In order to call FuncFset, need structure
It makes contract and calls transaction.Important field is as shown in table 2 in transaction.Client obtains F by search local filenameIt is corresponding
Trade Hash HFdeploy.Remote function call eth_getTransactionReceipt is called, with HFdeployAs parameter, return
Include CFContract address CFaddressJSON string, parsing JSON data obtain contract address CFaddress.Then, symmetrical text is generated
Part key KF, use KFEncryption file obtains file cipher textUsing generated, locally possess
Public key pk in asymmetric key pair (pk, sk) encrypts file key KFObtain key ciphertext EncK=Encpk(KF);Client will
File cipher text EncFIt is uploaded to cloud storage service device.JSON data needed for trading then are constructed according to 2 field of table, wherein data word
The ABI of the signified function of section is encoded to data write-in function FuncFsetCoded data and supplemental characteristic.It is obtained with construction
JSON serial data is that parameter calls eth_sendTransaction function, issues transaction.During transaction executes, FuncFsetIt is held
Row, by incoming parameters distribution in the memory space of specified byte32 [8], after being finished, key ciphertext EncKIt is placed
In intelligence and about CFInternal storage space in.
Table 2 calls contract transaction construction
Field | Explanation |
from | The address of transaction initiator, serial data and the contract caller address for being 160bit |
to | Called contract address is the serial data namely C of 160bitFaqdress |
data | The ABI coding of called function and the ABI coding of parameter |
nonce | The serial number that transaction is initiated by transaction initiator allows covering to be not carried out transaction |
Since the present embodiment medium cloud is curious, and user USER wishes that the data of outsourcing are secret, therefore in order to
The confidential data of USER is prevented to be leaked as far as possible, file FsecretEncryption and file key KFEncryption is all in visitor
Family machine locally carries out.Encryption Algorithm can be generally divided into two kinds, and one is encryption key symmetric cryptographies identical with decruption key
Algorithm, another kind are the encryption key asymmetric key algorithms or public key algorithm different from decruption key.The former encrypts
Time is short, but is easy under attack, and the latter's encryption times are long, but safety is higher.It is encrypted the safety of file in order to balance
The method of public key encryption file key is then used using symmetric key encryption classified papers are used first with encryption efficiency.
Client generates file key, illustratively, generates symmetrical file key K using AES-256 cryptographic algorithmF, add
Ciphertext part.The generation of unsymmetrical key (pk, sk) uses RSA-2048.
Due to EncFVolume is larger, it is contracted out to cloud service provider, gives cloud storage service device and carrys out organization and management.
It, can not be from Enc even odd cloud very well but due to having already passed through encryptionFIn obtain useful information.EncKBody
Product is smaller, and is EncFIt is able to be restored to plaintext FsecretImportant tie, therefore be contracted out to access control, only permit
Perhaps the intelligence and about C that deployer callsF.So CFThe storage location of middle file key ciphertext just can only be by CFOneself access,
And CFThen can only be by USER access control, therefore actually EncKControl be still held in USER hand, it is directly right by USER
It is managed.
Further optionally, the public private key pair substitution of local account can be used in asymmetric key pair (pk, sk).In this way, can
To reduce the case where classified papers caused by due to local asymmetric key pair is lost are lost to a certain extent.
Optionally, it needs to upload classified papers F againsecretWhen, it can choose and do not regenerate file key, still use
KF, or regenerate file key KF′.If regenerating file key KF', then it needs to re-call intelligent contract, according to
Preceding method is to CFNew file key ciphertext Enc is writtenK'=Encpk(KF'), but more new key can also increase file
FsecretSafety.
Step 103: file download: still with file FsecretFor, its corresponding intelligence and about CFIt is already present on block chain
In network, file cipher text EncFIt is already present in cloud storage service device, key ciphertext EncFIt is already present on CFIt deposits inside
It stores up in space.Client is downloaded to obtain file cipher text Enc from cloud storage service deviceF, from intelligence and about CFIn obtain key ciphertext
EncK.In order to from CFMiddle acquisition key ciphertext EncK, it needs to construct contract calling and trades, important field such as 2 institute of table in transaction
Show.Client obtains F by search local filenameCorresponding transaction Hash HFdeploy.Call remote function call eth_
GetTransactionReceipt, with HFdeployAs parameter, returning includes CFContract address CFaddressJSON string, solution
It analyses JSON data and obtains contract address CFaddress.JSON data needed for being traded according to 2 field of table construction, wherein data field is signified
The ABI of function is encoded to data write-in function FuncFgetCoded data.It is called using constructing obtained JSON serial data as parameter
Eth_sendTransaction function issues transaction.During transaction executes, FuncFgetIt is performed, only allows contract founder
USER obtains key ciphertext EncF.Client obtains file key K using the private key sk decruption key ciphertext locally savedF=
Decsk(EncK)=Decsk(Encpk(KF)), original is obtained in plain text using file key decryption file cipher text
In order to bring back classified papers Fsecret, client needs to collect neat three necessary conditions: successfully taking the close of classified papers
Literary EncF, successfully take the ciphertext Enc of file keyK, successfully take encryption file key unsymmetrical key centering private key
sk.Lack any one, all cannot successfully give F for changesecret。
In the present embodiment, intelligence and about CFNon- USER user is not allowed to call FuncFgetRead file key ciphertext
EncK, and CFThen fully according in contract code logic execute execution, therefore be it is believable, non-USER user is difficult to from CF?
To EncK;USER is uploaded to the confidential data Enc of cloudFClient is needed to select suitable access control mechanisms on cloud, in addition to cloud
Attacker be difficult to obtain EncF;Private key sk for decrypting file key be stored in client it is local unless USER oneself leakage or
Storage medium is lost, and sk cannot be obtained by attacker.As shown in Fig. 2, cloud can not be with CFGeneration relationship, even cloud, due to nothing
Method obtains CFIn file key ciphertext EncK, it is even more impossible to decrypt EncKObtain file key KF, therefore can not also see client computer
The plaintext F of ciphertext datasecret。
Step 104: file is deleted: still with file FsecretFor, its corresponding intelligence and about CFIt is already present on block chain
In network, file cipher text EncFIt is already present in cloud storage service device, key ciphertext EncFIt is already present on CFIt deposits inside
It stores up in space.Client sends request to cloud storage service device and requires to delete the Enc in cloud storageF, call CFIt is required that covering EncK
The simultaneously self-destruction of the memory space at place.In order to delete CFMiddle key ciphertext EncK, it needs to construct contract calling and trades, it is important in transaction
Field it is as shown in table 2.With described in step 102, C is obtainedFAddress CFaddress.JSON number needed for being traded according to 2 field of table construction
According to wherein the ABI of data field meaning function is encoded to data and deletes function FuncFdelCoded data.It is obtained with construction
JSON serial data is that parameter calls eth_sendTransaction function, issues transaction.During transaction executes, only contract is allowed to create
The person of building USER calls FuncFdel.When USER is called, FuncFdelIt is performed, first storage EncKSpace covered by extraneous data,
Then triggering contract self-destruction function, C after the completion of contract executesFSelf-destruction takes up space and is released, CFIt can not be called again,
EncKIt can not be acquired.
In the present embodiment, as long as EncF、FncKOr in the private key sk of client local any one be deleted and can not be extensive
It is multiple, the classified papers plaintext F of USERsecretCan not just it restore.Specifically, due to public private key pair a pair of of in the present invention correspond to it is multiple
File, therefore cannot achieve the purpose that credible deletion by deleting private key, and cloud service provider does not obtain the letter of client
Appoint, and Enc can not be providedFDeleted evidence, therefore can not be EncFIt deletes as the credible standard deleted and completed, therefore,
In the present embodiment, being stored in CFIn EncKDeletion as it is credible delete completion standard.On the one hand, CFIn data only
By USER, that is, data owner's control, trust problem is not present;Another aspect CFExecution fully according to pre-set code logic, it is difficult
To distort implementing result;Finally, CFIt just can not be called again after self-destruction, be stored in CFIn EncKAlso it cannot be accessed again
?.
Specifically, client requires cloud storage service device to delete Enc respectivelyF, call CFIn function FuncFdel, covering deposits
In CFIn EncK, then call CFSelf-destruction program.Client can not mind the implementing result of cloud storage service device at this time,
Because of CFIn EncKAfter being deleted, FsecretIt can not just be acquired again.
Step 105: file deletes verifying: still with file FsecretFor, it is contemplated that in, its corresponding intelligence and about CF?
It can not be called.In order to call CF, need to construct contract calling and trade, important field is as shown in table 2 in transaction.Same step
Described in 102, C is obtainedFAddress CFaddress.JSON data needed for trading are constructed according to 2 field of table, wherein data field meaning function
ABI coding can be FuncFget、FuncFset、FuncFdel.Eth_ is called as parameter to construct obtained JSON serial data
SendTransaction function issues transaction.If CFIt can not be called, effective key ciphertext Enc can not be readK, then demonstrate,prove
Bright deletion work has been completed, and otherwise, then proves CFThe operation of middle deletion is not yet completed, FsecretStill in accessiable state.
In the present embodiment, FsecretDeletion be equal to encryption FsecretKey ciphertext EncKDeletion, i.e. CFMiddle EncK
Covering and CFSelf-destruction.C after self-destructionF, which is characterized in that the Enc of storageKSpace can not be accessed again, CFIn all letter
Number can not be called again.The verifying that distinct feature is deleted to data brings great convenience.
It in the present embodiment, is not in that contract can due to the certainty of intelligent contract code implementing result and credibility
Call the situation that still file key ciphertext has been capped.Therefore verification result is only possible to there are two types of happening: CFCertainly
It ruins, can not call or CFDeletion calling be not yet completed, call normal.In view of the situation, it is alternatively possible to select CF
In any function come verify data delete the case where, in the case that believable data delete, any one be directed to CFIn any letter
Number FuncFget、FuncFset、FuncFdelCalling all should be to call in vain.
The credible deletion system of data in embodiment 2, a kind of cloud based on block chain
On the other hand, as shown in figure 4, the invention also provides a kind of credible deletion system of the data based on block chain, packet
It includes client part and intelligent Contract Design realizes part.
According to the construction module of system, client part is divided into data encoding and decoder module, crypto module, communicates mould
Management module and top layer realization module is locally stored in block.Wherein:
Data encoding and decoder module: the coding of the JSON formatted data for being interacted with ether mill and decryption, and adjust
ABI said shank and decoding with parameter when intelligent contract.The module needs to be called in communication module, needs whenever having to trade
When to be constructed, parameter needed for which receives the transaction building such as table 1 or table 2 transmitted by communication module and transaction class
Type.Type transactions are created for contract shown in table 1, which obtains data field data, from Field Count from communication module
According to, nonce field data, JSON serial data is constructed, and returns to communication module;Contract call type shown in table 2 is handed over
Easily, which obtains data field data, parameter information, nonce data and contract address from communication module, first by parameter
It is encoded into ABI format, these data organizations are then returned into communication module at JSON serial data form.Specifically, to each
The file F of a determinationsecretWith corresponding operation OP, such as file upload operation, above-mentioned field is replaced by specific number respectively
According to.For example, contract address is replaced with CFaddress, data field data is replaced with into function FuncFgetABI coding.
Crypto module: encryption and decryption for Various types of data.The module is realized in module in top layer and is called, for giving birth to
At file key, the encryption and decryption of file encryption decryption and file key.For example, to file FsecretFor, need generation pair
The file key K answeredF, encrypt file and obtain file cipher textIt is close that encryption file key obtains key
Literary EncK=Encpk(KF);Decruption key ciphertext is needed to obtain key KF=Decsk(EncK)=Decsk(Encpk(KF)), decryption
File cipher text obtains plaintext document Optionally, the present embodiment
It is middle to use AES-256 as the cryptographic algorithm for generating file key, encrypting file, use RSA-2048 asymmetric close as generating
Key pair, the algorithm of encrypting and decrypting file key.
Communication module: the module completes the interaction with ether mill, cloud.Long-range adjust is sent to ether mill by construction http packet
With request, and the http packet in ether mill is obtained as responding.The module needs to call data coding module, to construct and ether mill
Interactive JSON formatted data simultaneously parses the JSON formatted data that ether mill returns.The module realizes that module is called by top layer, tool
Body, the interaction with ether mill mainly include that transaction is initiated: create the transaction of intelligent contract, call transaction of intelligent contract etc. with
And account list acquisition etc..It is called using the JSONAPI that ether mill is reserved.Specifically, to specific file Fsecret, should
Module function mode is as described in step 101,102,103,104.The access that the module uses client to be arranged in cloud service provider
Storage service SDK that key and cloud service provider provide accesses the file in cloud storage service device.
Management module is locally stored: completing the management of local file, reading and preservation including classified papers, and it is local
The maintenance etc. of the respective file of the filename and transaction Hash of storage.Specifically, to specific file Fsecret, filename and transaction
Hash corresponding relationship is obtained as described in step 101, after obtaining the corresponding relationship, this module new new-added item in relationship safeguard file
[Fname, HFdeploy].When file updates, since contract address is constant, there is no need to be update behaviour to the item in relationship safeguard file
Make.When file is deleted, need to delete item [F in relationship safeguard filename, HFdeploy].When judging specific file Fsecret' whether
It, can also be by whether there is item [F in inquiry relationship safeguard file when being outsourcedname', HFdeploy'] Lai Shixian.
Top layer realizes that module calls the communication module of crypto module and ether mill, management module is locally stored to realize top
Layer function: contract deployment, file upload, file download, file are deleted and delete five parts of verifying.Contract disposes functional module
It is main to complete content described in step 101;File upload is partially completed content described in step 102, the i.e. outsourcing of client data;Text
Part download part completes content described in step 103, i.e. document text restores;File deletion is partially completed content described in step 104,
Delete the file cipher text on file key ciphertext and cloud;The deletion verifying of step 105 is completed by deletion verification portion, this part
Each function of corresponding contract is called respectively, and ether mill returns to call error then checking success.
Intelligent Contract Design realizes part: main intelligence contract internal logic of completing is arranged, including function, number is written in data
Storage and management of the file key ciphertext in contract is realized in the design and realization that function is deleted according to function reading, data, and
The deletion and contract self-destruction of file key ciphertext, and simple access control is provided.Specifically, for about CF, wherein including
Data management function FuncFget、FuncFset、FuncFdel.To FuncFget, when function is called, use incoming parameters distribution
Original parameter present in byte32 [8] space.To FuncFset, return to the data Enc in byte32 [8]K.To FuncFdel, first
Using original data present in independent parameter covering byte32 [8] space, contract self-destruction function is then triggered.To above-mentioned each
A function, all addition access control function require, judge whether contract caller address address is equal to conjunction before execution
About founder address msg.sender, only the two are identical, just allow function call.
The application also tests the credible deletion system of data on cloud provided herein under experimental situation, such as Fig. 5 institute
Show, is that file of this system under private chain uploads and downloads time-tendency graph.It can be seen that conventional cloud storage mode is compared, this
Embodiment ensure that the credible deletion of data on cloud, but not influence file transmission performance substantially.
Claims (9)
1. the credible delet method of data, the steps include: on a kind of cloud based on block chain
1) contract is disposed: client disposes an intelligent contract corresponding with file first before file is uploaded, and intelligence is closed
It include one piece of memory space and one group of data management function in about;Data management function includes that function is written in data, data are read
Function and data is taken to delete function;Record transaction Hash after the transaction of the intelligent contract of creation is submitted;
2) file uploads: client locally possesses asymmetric key pair;For the file generated symmetric key to be uploaded, generation is used
Symmetric key encryption file obtain file cipher text;Key ciphertext is obtained using the public key encryption file key locally possessed;It adjusts
Function is written with the data in the corresponding intelligent contract of file, using key ciphertext as input data, by key ciphertext storage to intelligence
In energy contract;File cipher text is uploaded to cloud storage service device;
3) file download: client is downloaded to obtain file cipher text from cloud storage service device, calls the corresponding intelligent contract of file
Data Read Function obtains file key ciphertext;Client obtains file using the private key decryption file key ciphertext locally saved
Key obtains plaintext document, i.e. original using obtained file key decryption file cipher text;
4) file is deleted: client initiates file deletion requests to cloud storage service device, it is desirable that deletes and protects in cloud storage service device
Some respective file ciphertexts;The data in the intelligent contract of respective file are called to delete function, it is desirable that intelligent contract is deleted wherein
The file key ciphertext possessed;
5) delete verifying: client calls the intelligent contract of respective file again, if contract can not be called, proves to correspond to
The file key ciphertext of file cannot be acquired, it is believed that plaintext document has been unable to get, i.e., file is deleted.
2. the method as described in claim 1, which is characterized in that wherein the intelligent contract is using ether mill as the area of representative
Executable contract in block chain technology.
3. the method as described in claim 1, which is characterized in that each document entity being uploaded has corresponding intelligence to close
About entity, and the ciphertext for encrypting the file key of file is stored in the internal storage space of corresponding intelligent contract.
4. the method as described in claim 1, which is characterized in that the symmetric key encryption algorithm used is AES-256;It uses
Asymmetric-key encryption algorithm is RSA-2048.
5. the method as described in claim 1, which is characterized in that memory space includes 160bits's in intelligent contract
Address type be used for record the contract deployer address and 256bytes byte32 [8] type for save it is public
The encrypted file key of key.
6. the method as described in claim 1, which is characterized in that require that access control language is added in each data management function
Sentence only allows the deployer of intelligent contract to call these three disclosed functions.
7. method as claimed in claim 1 or 3, which is characterized in that client is initiated just no longer to monitor block chain after transaction
Implementation procedure in network is only locally remaining with transaction Hash, and corresponding with filename;It then needs to access intelligence every time and close
When about, all uses respective file name as index, find the Hash of corresponding transaction first, then find correspondence using transaction Hash
The address of intelligent contract reuses the call by location intelligence contract of intelligent contract.
8. the credible deletion system of data on a cloud based on block chain technology, which is characterized in that system specifically includes that
Client part: the main file upload for completing client's control, deletes and deletes the function of verifying, including data at downloading
Crypto module, communication module, management module and top layer realization module is locally stored in coding and decoder module;
Intelligent Contract Design realizes part: main intelligence contract internal logic of completing is arranged, including data write-in function, data are read
Function, data is taken to delete the design and realization of function.
9. the credible deletion system of data on the cloud according to claim 8 based on block chain technology, which is characterized in that
The data encoding and decoder module, the JSON formatted data construction needed when for being communicated with ether mill and parsing, with
And the ABI said shank construction of parameter and parsing when calling intelligent contract function;
The crypto module, for the generation of file key, the encryption of file key and decryption, the encryption of classified papers and solution
It is close;
The communication module is sent for carrying out telecommunication with ether mill and being communicated with long-distance cloud storage server
Response is requested and obtains, which calls data encoding and decoder module, constructs request message when sending request, is receiving sound
Should after decode acquisition response results;
It is described that management module is locally stored, for managing the classified papers being locally stored and filename and the corresponding of Hash of trading
The management of file;
The top layer realizes that module, the module call crypto module, ether mill communication module and management module are locally stored, use
In completing, contract is disposed, file uploads, downloading, is deleted, the realization of the logical AND function of verifying.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910508543.7A CN110245117A (en) | 2019-06-13 | 2019-06-13 | The credible delet method of data and system on a kind of cloud based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910508543.7A CN110245117A (en) | 2019-06-13 | 2019-06-13 | The credible delet method of data and system on a kind of cloud based on block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110245117A true CN110245117A (en) | 2019-09-17 |
Family
ID=67886763
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910508543.7A Pending CN110245117A (en) | 2019-06-13 | 2019-06-13 | The credible delet method of data and system on a kind of cloud based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110245117A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111127021A (en) * | 2019-12-31 | 2020-05-08 | 支付宝(杭州)信息技术有限公司 | Service request method and device based on block chain |
CN111400743A (en) * | 2020-04-07 | 2020-07-10 | 百度国际科技(深圳)有限公司 | Transaction processing method and device based on block chain network, electronic equipment and medium |
CN111600701A (en) * | 2020-04-28 | 2020-08-28 | 广州华工中云信息技术有限公司 | Private key storage method and device based on block chain and storage medium |
CN112187767A (en) * | 2020-09-23 | 2021-01-05 | 上海万向区块链股份公司 | Multi-party contract consensus system, method and medium based on block chain |
CN113592639A (en) * | 2021-05-21 | 2021-11-02 | 上海佩俪信息科技有限公司 | Block chain transaction deletion method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107342858A (en) * | 2017-07-05 | 2017-11-10 | 武汉凤链科技有限公司 | A kind of intelligent contract guard method and system based on trusted context |
CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
CN109493017A (en) * | 2018-11-05 | 2019-03-19 | 江苏大学 | Credible outsourcing storage method based on block chain |
CN109615372A (en) * | 2018-11-08 | 2019-04-12 | 立旃(上海)科技有限公司 | Block chain data mask method and device based on intelligent contract |
CN109768987A (en) * | 2019-02-26 | 2019-05-17 | 重庆邮电大学 | A kind of storage of data file security privacy and sharing method based on block chain |
CN109857724A (en) * | 2019-02-12 | 2019-06-07 | 众安信息技术服务有限公司 | The method and apparatus for supporting multitype database is realized based on block chain |
-
2019
- 2019-06-13 CN CN201910508543.7A patent/CN110245117A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107342858A (en) * | 2017-07-05 | 2017-11-10 | 武汉凤链科技有限公司 | A kind of intelligent contract guard method and system based on trusted context |
CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
CN109493017A (en) * | 2018-11-05 | 2019-03-19 | 江苏大学 | Credible outsourcing storage method based on block chain |
CN109615372A (en) * | 2018-11-08 | 2019-04-12 | 立旃(上海)科技有限公司 | Block chain data mask method and device based on intelligent contract |
CN109857724A (en) * | 2019-02-12 | 2019-06-07 | 众安信息技术服务有限公司 | The method and apparatus for supporting multitype database is realized based on block chain |
CN109768987A (en) * | 2019-02-26 | 2019-05-17 | 重庆邮电大学 | A kind of storage of data file security privacy and sharing method based on block chain |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111127021A (en) * | 2019-12-31 | 2020-05-08 | 支付宝(杭州)信息技术有限公司 | Service request method and device based on block chain |
CN111127021B (en) * | 2019-12-31 | 2020-10-30 | 蚂蚁区块链科技(上海)有限公司 | Service request method and device based on block chain |
CN111400743A (en) * | 2020-04-07 | 2020-07-10 | 百度国际科技(深圳)有限公司 | Transaction processing method and device based on block chain network, electronic equipment and medium |
CN111400743B (en) * | 2020-04-07 | 2023-08-15 | 百度国际科技(深圳)有限公司 | Transaction processing method, device, electronic equipment and medium based on blockchain network |
CN111600701A (en) * | 2020-04-28 | 2020-08-28 | 广州华工中云信息技术有限公司 | Private key storage method and device based on block chain and storage medium |
CN111600701B (en) * | 2020-04-28 | 2023-06-27 | 广州华工信元通信技术有限公司 | Private key storage method, device and storage medium based on blockchain |
CN112187767A (en) * | 2020-09-23 | 2021-01-05 | 上海万向区块链股份公司 | Multi-party contract consensus system, method and medium based on block chain |
CN113592639A (en) * | 2021-05-21 | 2021-11-02 | 上海佩俪信息科技有限公司 | Block chain transaction deletion method and system |
CN113592639B (en) * | 2021-05-21 | 2023-10-13 | 上海简苏网络科技有限公司 | Block chain transaction deleting method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111191286B (en) | HyperLegger Fabric block chain private data storage and access system and method thereof | |
CN108768988B (en) | Block chain access control method, block chain access control equipment and computer readable storage medium | |
CN110245117A (en) | The credible delet method of data and system on a kind of cloud based on block chain | |
CN105426775B (en) | A kind of method and system for protecting smart mobile phone information security | |
CN111523133A (en) | Block chain and cloud data collaborative sharing method | |
US20220014367A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
Kim et al. | Puf based iot device authentication scheme | |
CN109274837B (en) | Telephone source traceable method and device based on block chain technology | |
CN113420319A (en) | Data privacy protection method and system based on block chain and permission contract | |
CN105022966A (en) | Database data encryption and decryption method and system | |
CN109245894A (en) | A kind of distributed cloud storage system based on intelligent contract | |
CN104484628B (en) | It is a kind of that there is the multi-application smart card of encrypting and decrypting | |
CN114826703B (en) | Block chain-based data search fine granularity access control method and system | |
CN110489996A (en) | A kind of database data method for managing security and system | |
WO2022206453A1 (en) | Method and apparatus for providing cross-chain private data | |
US11323489B1 (en) | Scalable auditability of monitoring process using public ledgers | |
Kim et al. | Client‐Side Deduplication to Enhance Security and Reduce Communication Costs | |
CN113609221A (en) | Data storage method, data access device and storage medium | |
CN110442654A (en) | Promise breaking information query method, device, computer equipment and storage medium | |
Tang | Towards blockchain-enabled searchable encryption | |
Qin et al. | A privacy-preserving blockchain-based tracing model for virus-infected people in cloud | |
CN105208017B (en) | A kind of memorizer information acquisition methods | |
CN100561913C (en) | A kind of method of access code equipment | |
CN115514470A (en) | Storage method and system for community correction data security | |
CN114553557A (en) | Key calling method, key calling device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190917 |