CN110300112A - Block chain key tiered management approach - Google Patents
Block chain key tiered management approach Download PDFInfo
- Publication number
- CN110300112A CN110300112A CN201910591293.8A CN201910591293A CN110300112A CN 110300112 A CN110300112 A CN 110300112A CN 201910591293 A CN201910591293 A CN 201910591293A CN 110300112 A CN110300112 A CN 110300112A
- Authority
- CN
- China
- Prior art keywords
- key
- file
- user
- block chain
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
- H04L63/064—Hierarchical key distribution, e.g. by multi-tier trusted parties
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of block chain key tiered management approach, are related to the encryption management method technical field of data.Described method includes following steps: user password, logging on authentication, password key, master key and master key ciphertext in initialization block catenary system;Generate private key for user, client public key, key file and private key for user ciphertext;To file encryption key, file, file cipher text, file encryption key ciphertext and upper transmitting file carry out multi-zone supervision;Corresponding file is shared, the key multi-zone supervision of block chain is completed.The method can be improved the efficiency of key management and ensure the safety of all keys.Attacker can not distort key simultaneously, and the probability that key is illegally stolen is low.During transimission and storage, even if key is usurped by attacker, attacker can not also obtain valuable information.
Description
Technical field
The present invention relates to the encryption management method technical field of data more particularly to a kind of block chain key multi-zone supervisions
Method.
Background technique
Block chain is quoted in bit coin, is the support technology of bit coin.Block chain is substantially point-to-point
The integrated distributions of various computer technologies such as network, common recognition mechanism, Encryption Algorithm, intelligent contract, digital signature and hash chain
Database.Just because of these technologies have been used in block chain, decentralization, non-repudiation, trackability are just made it have
Etc. characteristics.To guarantee that bit coin freely circulates on the internet, the value migration in unreliable network is realized.People are logical
Various intelligent contracts of the design based on block chain are crossed, make block chain can should be in various fields, such as health care, financial technology, meter
Algorithm, audit, notarization etc..The use of block chain can not only greatly improve the efficiency and safety of trading processing, but also can be with
Reduce cost.With increasing for application scenarios, block chain relates to the running of multi-exchange.
As a kind of development technique, the application structure of block chain is complicated and in large scale, is faced with many problems.Wherein,
What masses paid close attention to the most is exactly the safety problem of key.Information on block chain is all open and clear for all participants.
It is all the private data crossed by participant's key handling that these information are most of.Once the Key Exposure of participant, accordingly
Private data will be revealed, this will cause the loss that can not be retrieved to participant.Solve key safety problem in block chain
Core be exactly be that block chain establishes feasible key managing project.
The key management of block chain includes generation, distribution, storage, use, update and the destruction of key.But present area
The key management of block chain has the disadvantage that
(1) probability that key is illegally stolen is high.
(2) key is stolen by attacker, and attacker can obtain the privacy information of user.
(3) key is not high in the process efficiencies such as recovery, generation, distribution and update and safety.
(4) direct intervention artificial in key management is relatively more.
Fan, K etc. propose key tiered management approach (key, middle key encrypt down key in upper key encryption) to protect big data net
Key safety in network cloud.Big data network, server and remaining people do not know the key of user, therefore data owner can
To realize the shared of ciphertext.But in herein described method, the key of user can be distorted by attacker's malice.And work as
Key can not restore key when losing;It can not more new key when Key Exposure.Once the username and password of user forget or
Person's leakage, it will the loss that can not be retrieved is caused to user.
Junjun Lou etc. proposes a kind of name data network key managing project of block chain.They use block
Chain technology carries out NDN key and is managed, and solves the problems, such as to trust each other between website.And herein described method contracting
Short original multilayer public key verifications chain, reduces the quantity of signature verification, improves verification efficiency.But herein described side
Method does not account for the safety of private key for user, and does not illustrate how private key for user stores.Once private key for user is attacked
The person of hitting obtains, then attacker can use the private key stolen legitimate user is pretended to be to sign or decrypt, and bring harm may
It can be catastrophic.
Liu Jinghao etc. proposes a kind of distributed public key management scheme of block chain.Herein described method passes through in block
A public key dissemination system is established on chain, establishes system using the common recognition on block chain, to ensure network in public key distribution procedure
In all nodes storage record it is consistent.Illustrate that key is generated, inquiry, updated, log off procedure in herein described method.
But the management to private key for user is had ignored, so herein described method or incomplete.
Shamir A proposes (k, n) threshold secret sharing scheme based on Lagrange interpolation formula.It is herein described
Secret D is divided into n part in method, D is easily reconstructed from any k part, but from any k-1 portion
Dividing is that cannot absolutely reconstruct secret D.And explained in herein described method using Lagrange interpolation formula and
The k partial reconfiguration of secret D goes out the process of secret D.
Yevgeniy Dodis etc. defines function Gen and Rep to construct Fuzzy extractor.They introduce fuzzy simultaneously
The conceptual description of the extractor one input B with biological characteristic extracts the process of a random train U, their this side
Formula can tolerate a certain number of mistakes.I.e. if it is B' that input B, which slightly changes, as long as meeting distance (B, B') < s
The U so extracted is the same.
In conclusion related algorithm and technology that herein described method uses can provide with maturation for this programme
Safety assurance.
Ao Lei etc. proposes the isomery intelligent transportation system New Dynamic Key Management Schemes based on block chain, herein described
Method includes key transfer and the dynamic key management between two heterogeneous networks.Block chain is referred to their side by they
To shorten the cipher key delivery time in case, and collected using dynamic transaction to optimize performance.In general, by block chain structure
It is introduced into the efficiency and robustness that key management can be improved in key managing project.
Mingxin Ma etc. proposes a kind of Internet of Things distributed key management side based on block chain towards privacy
Case, to realize hierarchical access control.On the basis of disposing domain by network split be different lateral areas block chains, to accelerate to verify
And valuable memory space is saved for internet of things equipment.And shows that muti-piece chain structure substantially increases by simulation result and be
System performance, and with the development of network, scalability is splendid.
Huawei Zhao etc. proposes a kind of efficient key Managed Solution of healthy block chain.They are by BSN and healthy area
Block chain is merged, and is backed up and is restored using the key that the biosensor node in BSN is healthy block chain.
Winter in summer etc. proposes that a kind of energy block chain private key hidden based on image information stores algorithm.They are by energy park
Private key in block chain is hidden in watermark information.Due to the complexity of solution, whole efficiency is relatively low.
In conclusion at present to the safety research of block chain key also in initial stage.The field work very
Few, there are no a relatively good key managing projects to manage the key in existing block chain.It is continuous with block chain
Development, safe and efficient key managing project are particularly important.
Summary of the invention
The technical problem to be solved by the present invention is to how provide a kind of privacy letter that can be effectively protected on block chain
The block chain key tiered management approach of breath.
In order to solve the above technical problems, the technical solution used in the present invention is: a kind of block chain key multi-zone supervision side
Method, it is characterised in that include the following steps:
Initialize user password pw, the logging on authentication uid in block catenary system, password key pwkey, master key
Mastkey and master key ciphertext mastkeyciper;
Generate private key for user prikey, client public key pubkey, key file keyfile and private key for user ciphertext
prikeyciper;
To file encryption key filekey, file f ile, file cipher text fileciper, file encryption key ciphertext
Filekeyciper and upload file f ileupload carry out multi-zone supervision;
Corresponding file is shared, the key multi-zone supervision of block chain is completed.
A further technical solution lies in the method for the initialization is as follows:
User is for the first time in use, need to input related registration information, to user password pw progress Hash operation generation login
Voucher uid=H (pw), and logging on authentication uid is uploaded on block chain node by block chain client;As next user
When login system, it can use intelligent contract and Hash operation uid1=H (pw1) carried out to the password pw1 that user inputs, according to
Can uid judgement whether consistent with uid1 log in;
After registering for the first time, encryption is carried out to user password pw using PBKDF2 algorithm and generates password key pwkey=
PBKDF2(pw);
The master key mastkey of user is generated using random number generator;
After generating password key pwkey and master key mastkey, the corresponding name note of addition into local name table
Record;
Password key pwkey and master key mastkey is stored in the local client of user, utilizes master key pwkey
The ciphertext mastkeyciper=Enc of encryption main key mastkey generation master keypwkey(mastkey)。
A further technical solution lies in the method for generating remaining key is as follows:
Private key for user prikey and client public key pubkey, private key for user prikey are generated using elliptic curve encryption algorithm
It is stored in client local, client public key pubkey is uploaded on block chain node by block chain client;
Then the ciphertext prikeyciper=of private key is obtained using password key pwkey encryption private key for user prikey
Encpwkey(prikey);
The master key mastkey and password key pwkey of user is same layer on the level of encryption, storage when
Time is stitched together to obtain key file keyfile=mastkeyciper | | prikeyciper, and pass through block chain client
Key file keyfile is uploaded on block chain node;
Pass through mine when local client generates private key for user prikey or client public key pubkey and key file keyfile
After work digging mine is stored on block chain node, name record accordingly is added into local name table record;
Conversely, user can according to<Blockhash>of the key file keyfile of local name table record and<
Txhash > pass through block chain client for the locally downloading client of key file keyfile;Keyfile is split and is led
Key ciphertext mastkeyciper and private key for user ciphertext prikeyciper recycles password key pwkey to carry out the two
Decryption obtains master key mastkey=Decpwkey(mastkeyciper) and private key for user prikey=Decpwkey
(prikeyciper)。
A further technical solution lies in the method for key multi-zone supervision is as follows:
When user is when locally uploading file f ile by block chain client, local client utilizes generating random number
Device generates file encryption key filekey at random;
File cipher text fileciper=Enc is generated using file encryption key filekey encryption file f ilefilekey
(file), while using master key mastkey encrypted file-encryption key filekey file encryption key ciphertext is generated
Filekeyciper=Encmastkey(filekey);
Since file encryption key filekey and file f ile are one-to-one, so by file cipher text
Fileciper and file encryption key ciphertext filekeyciper uploads on block chain node it by block chain client
Before, the two, which is stitched together, to generate uploads file f ileupload=filekeyciper | | fileciper is uploaded again;
Pass through when local client generates file encryption key ciphertext filekeyciper or uploads file f ileupload
After miner's digging mine is stored on block chain node, name record accordingly is added into local name table record;
Conversely, user can according to<Blockhash>of the upload file f ileupload of local name table record and
<txhash>will upload file download to local client by block chain client, will upload file f ileupload and split
Obtain file encryption key ciphertext filekeyciper and file cipher text fileciper;Recycle master key mastkey to file
Encryption key ciphertext filekeyciper is decrypted to obtain file encryption key filekey=Decmastkey
(filekeyciper), file cipher text fileciper is decrypted to obtain file using file encryption key filekey
File=Decfilekey(fileciper)。
A further technical solution lies in the method for file-sharing is as follows:
User A wants that there are two types of situations to user B transmission shared file, first is that shared file is stored in the node of block chain
On, user wants acquisition file must be first locally downloading from block chain;Second is that shared file is just in user's native client
End;For the first situation, the operation in key multi-zone supervision obtains file encryption key filekey and file cipher text
fileciper;
The public key pubkey of user B is obtained by block chain clientB;Utilize the public key pubkey of user BBTo file plus
Key filekey is encrypted to obtain file encryption key sharing file f ilekeyshare=EncpubkeyB(filekey);
Next file cipher text fileciper is shared to file f ilekeyshare splicing, and benefit with file encryption key
Signature is carried out to splicing content with the private key prikey of user A and generates signature digest sigmessage=SigprikeyA
(filekeyshare||fileciper);
Shared file fileshare=is formed before signature digest sigmessage is finally added to the field of splicing
Sigmessage | | filekeyshare | | fileciper, and send it to user B;
For second situation, the file encryption key of file f ile is generated at random using random number generator
Filekey, and encryption is carried out to file f ile and generates file cipher text fileciper=Encfilekey(file), it carries out again later
For the processing method of the first situation;
When user B, which is received, shares file f ileshare, first sharing file f ileshare is split to obtain to sign and be plucked
Sigmessage, file encryption key is wanted to share file f ilekeyshare and file cipher text fileciper, and pass through block
The public key pubkey of chain client collection user AA;
Then the public key pubkey of user A is utilizedASign test Ver is carried out to signature digest sigmessagepubkeyA
(sigmessage), verifying file is authenticity that user A is sent and file content;
Finally utilize the private key prikey of user BBShare file f ilekeyshare to file encryption key to be decrypted
Obtain file encryption key filekey=DecprikeyB(filekeyshare), using file encryption key filekey to adding
It is dense to be decrypted to obtain file f ile=Dec at file cipher text fileciperfilekey(fileciper)。
A further technical solution lies in the method also includes password recoveries:
When user registers for the first time, password can be dispersed to be stored encrypted on reliable block chain node, so as to password
It is used when recovery, the process of password dispersion storage is as follows:
1) password of user is split into n sub-password pw → (pw by user's local client1,pw2,...,pwn), wherein
n≥1;
2) information on block chain can be all checked due to owner, Cai so in order to protect password will be to sub- password encryption
It can storage;User utilizes its biological characteristic B, generates parameter using existing Fuzzy extractor and discloses parameter P and secret parameter R,
Formula are as follows: Gen (B) → (P, R);
3) the private key sk for protecting the cryptographic Hash of secret parameter R as user password1=H (R) generates user password and protects
Protect public private key pair (sk1,pk1)=(h (R), h (R) G);
4) public key pk is protected using user password1Encryption is grouped to the sub-password after being split by user password to obtain
Ciphertext group C, is denoted as (C1, C2..., Cn), whereinAs n=1, i.e., public key is protected using user password
pk1User password is integrally encrypted, is the special shape of block encryption;
5) user's local client will open parameter P, CiAnd pk1It is grouped packing and generates n secret string, be denoted as (P,
Ci,pk1), wherein i=1,2 ..., n (n >=1);
6) user's local client uploads to n reliable areas by n packed secret string of block chain client
On block chain node, and<Blockhash>and<txhash>of node is recorded;
When user restores password, will there is the password in block chain node before and backs up locally downloading client,
Then restored, the process of password recovery is as follows:
1) user's local client selects at least t node from reliable block chain node before, according to depositing before
<Blockhash>and<txhash>of storage passes through block chain client for secret string (P, the C on nodei,pk1) locally downloading
Client;
2) secret parameter R' is restored using open parameter P and user biological feature B', formula is Rep (P, B') → R';
By the concept of Fuzzy extractor, if distance (B, B') < s of biological characteristic B' and raw biometric B, then front and back is generated
R'=R, i.e., fuzzy extraction of values is identical;Wherein distance () is similarity distance function, and s provides for Fuzzy extractor
Error threshold value;
3) it according to obtained secret parameter R', calculates its cryptographic Hash and obtains the private key sk of user password protection1'=H
(R');
4) ciphertext group C' is extracted in t secret string, is denoted as (C1, C2..., Ct);The registered permanent residence is used using what is obtained
Enable protection private key sk1' decryption is grouped to ciphertext group, obtain t sub-passwordWherein 1≤i≤t;
5) t obtained sub-password pw is utilizedi', with Lagrange interpolation method recover user's user password pw' ←
(pw1',pw2',...,pwt');When B' and B meet distance (B, B') < s, R'=R, sk1'=sk1And pwi'=
pwi, then pw'=pw.
A further technical solution lies in the method also includes keys and file verification:
Using key name in<KeyHash>label carry out key and the inspection of document, the process of verifying is as follows:
1) after user receives the key or file that other users are sent, if deposited in the name of the key or file
In<Blockhash>and<txhash>label, user can will be corresponding close from block chain node by block chain client
Key or file download compare, whether inspection content is tampered to local client with the content received before;It uses simultaneously
<KeyHash>value that family can also carry out in Hash operation, with name to the key or file content that receive or download carry out pair
Than proving the key or file being true, be otherwise false if the two is identical;
2) authenticity verification of key and file can also be tested by the method for signature, use the private of sender
Key signs to key or file, generates signature digest;When recipient receives key or file, the public affairs of sender are utilized
Key carries out sign test, judges whether key or file are tampered.
A further technical solution lies in the method also includes close update steps:
Password key more new technological process is as follows:
1)<Status>label in the name of old password key is changed to " invalid ";
2) user password is divided again and is stored encrypted in block chain node;
3) re-encrypted is carried out to the private key of master key and user, generates new key file;New key file <
Version>label adds 1 on original<Version>label, and<Status>label of original cipher key file is changed to
" invalid " uploads to new and old key file in block chain network by block chain client;
4) corresponding information in local client in modification name table;
The more new technological process of master key is as follows:
1)<Status>label in the name of former master key is changed to " invalid ",<Version>label of new key exists
Add 1 on<Version>label originally;
2) file encryption key that former master key encryption is crossed is re-started into encryption, splices again with file cipher text and generates
<Status>label of original upper transmitting file is changed to " invalid " by upper transmitting file,<Version>of new upper transmitting file
Label adds 1 on original<Version>label, and new and old upper transmitting file is uploaded to block link network by block chain client
In network;
3) corresponding information in local client in modification name table;
The more new technological process of the public and private key of user is as follows:
1) new public private key pair is generated using elliptic curve,<Status>label in the name of former public key is changed to
" invalid ",<Version>label of new public key adds 1 on original<Version>label, and new and old public key is uploaded to
On block chain node;
2) private key of user is encrypted using password key, the ciphertext splicing with master key generates key file, will
<Status>label of key file originally is changed to " invalid ", and<Version>label of new key file is original
<Version>label on plus 1, new and old key file is uploaded in block chain network by block chain client;
3) corresponding information in local client in modification name table;
The more new technological process of file encryption key is as follows:
1) file encryption key is regenerated,<Status>label in the name of original encryption key is changed to
" invalid ",<Version>label of new file encryption key add 1 on original<Version>label;
2) new file cipher text is obtained using new file encryption key encryption file, utilizes the new text of master key encryption
Part encryption key generates new file encryption key ciphertext, and the two splicing is generated new upper transmitting file, transmitting file in original is ordered
<Status>label in name is changed to " invalid ", and<Version>label of new upper transmitting file is marked at original<Version>
It signs and adds 1, and new and old upper transmitting file is uploaded on block chain node.
3) corresponding information in local client in modification name table.
A further technical solution lies in, the method also includes:
When user exits, local client clears up all clear text keys, and the ciphertext of key forms key set and deposits in use
Family client;When the user desires, the key set of local client is first accessed;If do not had in key set, further according to local life
<Blockhash>and<txhash>of key or key file in famous-brand clock is downloaded to required key by block chain client
Local client.
The beneficial effects of adopting the technical scheme are that the efficiency of key management can be improved in the method
And ensure the safety of all keys.Attacker can not distort key simultaneously, and the probability that key is illegally stolen is low.It is transmitting
In storing process, even if key is usurped by attacker, attacker can not also obtain valuable information.Recovery, the life of key
At, distribution and update etc. processes be all it is efficient and random, to user and transparent.Personnel's is straight in key managing project
It is few to connect intervention.
Detailed description of the invention
The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
Fig. 1 is the key hierarchical management model architecture diagram of block chain in the method for the embodiment of the present invention;
Fig. 2 is key hierarchy figure in the method for the embodiment of the present invention;
Fig. 3 is that key generates illustraton of model in the method for the embodiment of the present invention;
Fig. 4 is naming mechanism figure in the method for the embodiment of the present invention;
Fig. 5 is Key Management Protocol figure in the method for the embodiment of the present invention;
Fig. 6 is that all keys of user generate time diagram in the method for the embodiment of the present invention;
Fig. 7 is shared file time diagram between user in the method for the embodiment of the present invention;
Specific embodiment
With reference to the attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground description, it is clear that described embodiment is only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its
His embodiment, shall fall within the protection scope of the present invention.
In the following description, numerous specific details are set forth in order to facilitate a full understanding of the present invention, but the present invention may be used also
To be implemented using other than the one described here other way, those skilled in the art can be without prejudice in the present invention
Similar popularization is done in the case where culvert, therefore the present invention is not limited by the specific embodiments disclosed below.
Fig. 1 shows that the hierarchical encryption administrative model framework that this method uses, the model framework are divided into three parts, point
It is not user, block chain client and block chain network.User data is encrypted in local client, and ciphertext passes through block
Chain client is uploaded in block chain network and is stored.Due to attacker can only be got during transimission and storage it is close
Literary information, and the corresponding secret key of solution confidential information cannot be got, therefore ciphertext can not be decrypted in they.
The core of the key management model is the generation and management of key.Data manipulation not only can be improved in the model
Flexibility can also enhance the safety of data.The most important safety for being to ensure that key of key management and key
It is not obtained in plain text by rogue attacks person during transimission and storage.As shown in Fig. 2, key is divided into three layers by this method,
First layer is password key, and the second layer is master key and public affairs-private key pair of user, and third layer is file encryption key.Password is close
The private key of key encryption main key and user, master key encryption file encryption key.Key encryption lower layer's key in upper layer ensure that institute
There is the safety of key.And password key only needs user to remember login password, so very convenient.User's steps on
Record password is dispersed to be stored encrypted in n believable block chain nodes, can restore password when user forgets Password.It is main
Key, the private key of user and file encryption key are stored in block chain network in the form of ciphertext, therefore in block link network
The key for only having user to know oneself in network.Therefore the key multi-zone supervision of herein described method may insure user in block
Data-privacy in chain network.
Since a large amount of key ciphertext and file cipher text are stored in block chain node, for convenience in these
The management of appearance, herein described method devise the naming mechanism of all keys and file and the key storage of block chain,
The schemes such as recovery and revocation.
Symbol description:
In order to more clearly from illustrate solution processes, spy does following symbol description, as shown in table 1.
1 symbol description of table
It names (Naming)
Fig. 3 intuitively reflects the structure for the key hierarchical management model that herein described method proposes very much, can be with from figure
The key management model ciphering process for finding out that herein described method proposes successively carries out, and encrypts relationship as upper layer encryption
Lower layer.On the one hand it stores for convenience, which forms key file one for the key ciphertext of some same layers
It rises and is stored in block chain;On the other hand key and file are managed for convenience, quickly position key or file
Position, the certification to key and file content authenticity, name of the herein described method to key ciphertext and file cipher text
Mechanism is designed.
Whether the naming mechanism is stored directly on block chain according to content, name format is divided into two classes: between one kind is
The name format for the key being stored on block chain is connect, this kind of key is usually to use in client, then forms key text
Part is stored on block chain, and this kind of key includes pwkey, mastkey, prikey, filekey;It is another kind of, it is directly to store
The name format of key and file on block chain, this kind of key and file include pubkey, keyfile,
fileupload。
As shown in figure 4, first kind name format is :/local/keys/<Type>/<KeyHash>/<Version>/<
Status>.Each field is explained as follows:
Prefix "/local/keys ": explanation is in the key locally used.
/<Type>: it indicates corresponding Key Tpe ,/<Pwkey>illustrate it is password key ,/<Mastkey>illustrate be
Master key ,/<Prikey>illustrate be user private key ,/<Filekey>illustrate it is file encryption key.
/<KeyHash>: it indicates the cryptographic Hash (SHA256) of corresponding content, for verifying the true of corresponding contents
Property.
/<Version>: it indicates version number, represents the version of key.
/<Status>: it indicate state, for judging whether this key can be used, this part include " valid " and
“invalid”。
Second class name format is :/blockchain/Texttype/<Type>/<KeyHash>/<Blockhash>/<
txhash>/<Version>/<Status>.Each field is explained as follows:
Prefix "/blockchain/Texttype ": "/blockchain " indicates that text is stored separately on block chain."/
Texttype " indicates the type of text, and/<keys>illustrates that corresponding is key, and/<keyfiles>illustrates that corresponding is file.
/<Type>: it indicates corresponding key or file type ,/<Pubkey>illustrate be user public key ,/<
Keyfile>explanation is key file, and/<Fileupload>illustrates it is upper transmitting file.
/<KeyHash>: it indicates the cryptographic Hash (SHA256) of corresponding content, for verifying the true of corresponding contents
Property.
/<Blockhash>/<txhash>: it indicates the position stored in block chain, close for being quickly found out correspondence
Key or file.Block Hash<0......ba04d14b0a5b97c3d773a1db2ad......>, Hash of trading
<......86689f17155681bfb4accd902d6a0......>。
/<Version>: it indicates version number, represents the version of key.
/<Status>: it indicates state, and for judging whether this key or file can be used, this part includes
" valid " and " invalid ".
The key management method of block chain proposed by the present invention is as shown in Figure 5.During regular job, key management
Process it is as follows:
It initializes (pw, uid, pwkey, mastkey, mastkeyciper)
(1) when user uses the system of this programme for the first time, need to input the registration informations such as pw.The pw of user is breathed out
Uncommon operation generates logging on authentication uid=H (pw), and uid is uploaded on block chain node with by block chain client.When
When next logging in system by user, it can use intelligent contract and Hash operation uid1=H carried out to the password pw1 that user inputs
(pw1), it can be logged according to uid judgement whether consistent with uid1.
(2) after registering for the first time simultaneously, encryption is carried out to pw using PBKDF2 algorithm and generates password key pwkey=
PBKDF2(pw)。
(3) mastkey of user is generated using random number generator.
(4) after generating pwkey and mastkey, the corresponding name record of addition into local name table, such as pwkey
Record :/local/keys/<Pwkey>/<6ef82a1052a64469fd10f......86d7426d61fca>/<V1>/<
Valid>。
(5) pwkey and mastkey is stored in the local client of user, generates master using pwkey encryption mastkey
The ciphertext mastkeyciper=Enc of keypwkey(mastkey)。
Generate remaining key (prikey, pubkey, keyfile, prikeyciper)
(6) prikey and pubkey of user are generated using elliptic curve encryption algorithm, the prikey of user is stored in visitor
Family end, pubkey are uploaded on block chain node by block chain client.
(7) the ciphertext prikeyciper=Enc of private key then is obtained using the prikey of pwkey encryption userpwkey
(prikey)。
(8) because the mastkey and pwkey of user are same layers on the level of encryption.So can when storage
To be stitched together to obtain key file keyfile=mastkeyciper | | prikeyciper, and pass through block chain client
Keyfile is uploaded on block chain node.
(9) when the pubkey and keyfile that local client generates prikey or user are stored in area by miner's digging mine
After on block chain node, the corresponding name record of addition into local name table record.Such as the record of the pubkey of user:
/blockchain/<keys>/<Pubkey>/<D0d622bac7c9a5635ad......2dc00e897c>/<
000......646d34d>/< 0000000000000000005bcba5afb......1d01b>/<V1>/<Valid>。
(10) conversely, user can be according to<Blockhash>and<txhash>of the keyfile of local name table record
By block chain client by the locally downloading client of keyfile.By keyfile split to obtain mastkeyciper and
prikeyciper.Recycle pwkey that the two is decrypted to obtain master key mastkey=Decpwkey(mastkeyciper)
With private key for user prikey=Decpwkey(prikeyciper)。
Key multi-zone supervision (filekey, file, fileciper, filekeyciper, fileupload)
(11) when user is when locally uploading file by block chain client, local client can be raw using random number
Grow up to be a useful person random generation filekey.
(12) file cipher text fileciper=Enc is generated using filekey encryption filefilekey(file), it utilizes simultaneously
Mastkey encrypts text filekey and generates file encryption key ciphertext filekeyciper=Encmastkey(filekey)。
(13) since filekey and file are one-to-one, so fileciper and filekeyciper is passed through
Before block chain client uploads on block chain node, the two, which is stitched together, to generate uploads file f ileupload
=filekeyciper | | fileciper is uploaded again.
(14) block chain is stored in by miner's digging mine when local client generates filekeyciper or fileupload
After on node, the corresponding name record of addition into local name table record, such as the record of fileupload:
/blockchain/<keyfiles>/<Fileupload>/<E38e20e843e456f......1aa59ae2b>/
<000......f1fc84a>/< 00000000000000000061bdC6ac9......9ec47>/<V1>/<Valid>。
(15) conversely, user can according to<Blockhash>of the fileupload of local name table record and<
Txhash > pass through block chain client for upload file download to local client, fileupload is split to obtain
Filekeyciper and fileciper.Recycle mastkey that filekeyciper is decrypted to obtain file encryption key
Filekey=Decmastkey(filekeyciper), fileciper is decrypted using filekey to obtain file f ile=
Decfilekey(fileciper)。
File-sharing (filekeyshare, pubkeyB, fileshare, prikeyB, sigmessage)
When user A wants that there are two types of situations to user B transmission shared file, first is that shared file is stored in the section of block chain
On point, user wants acquisition file must be first locally downloading from block chain;Second is that shared file is just in user's native client
End.
(16) it is directed to the first situation, the operation that can first carry out in step (15) obtains filekey and fileciper.
(17) pubkey of user B is obtained by block chain clientB.Utilize the pubkey of user BBTo filekey into
Row encryption obtains file encryption key and shares file f ilekeyshare=EncpubkeyB(filekey)。
(18) next fileciper and filekeyshare is spliced, and using the prikey of user A to splicing content
It carries out signature and generates signature digest sigmessage=SigprikeyA(filekeyshare||fileciper)。
(19) shared file fileshare=is formed before sigmessage to be finally added to the field of splicing
Sigmessage | | filekeyshare | | fileciper, and send it to user B.
(20) be directed to second situation, generate the filekey of file at random using random number generator, and to file into
Row encryption generates file cipher text fileciper=Encfilekey(file), step (17)~(19) operation is carried out again later.
(21) when user B receives fileshare, first by fileshare split to obtain sigmessage,
Filekeyshare and fileciper, and pass through the pubkey of block chain client collection user AA。
(22) pubkey of user A is then utilizedASign test Ver is carried out to sigmessagepubkeyA(sigmessage), it tests
Card file is authenticity that user A is sent and file content.
(23) prikey of user B is finally utilizedBFilekeyshare is decrypted to obtain file encryption key
Filekey=DecprikeyB(filekeyshare), fileciper is decrypted using filekey to obtain file f ile=
Decfilekey(fileciper)。
Password recovery: due in the key multi-zone supervision scheme of the block chain of herein described method proposition: password key
Encryption main key and private key for user, and ciphertext is spliced into generation key file and is stored on the node of block chain;The public key of user
It is also stored on the node of block chain;File encryption key encryption file obtains file cipher text, master key encryption file encryption
Key obtains file encryption key ciphertext, and two ciphertexts, which are stitched together, to be generated transmitting file and be stored on the node of block chain.Therefore
User only needs to remember that the password of user produces password key, will be close in block chain node by block chain client
Key and file download are successively decrypted to local using password key, and all keys can be obtained.When forgetting entry password,
Then can not logon account, while can not also obtain all keys.In order to solve this problem, herein described method devises
One password recovery module, the module use (t, n) Threshold key sharing method.
When user registers for the first time, password can be dispersed to be stored encrypted on reliable block chain node, so as to password
It is used when recovery.The process of password dispersion storage is as follows:
(1) password of user is split into n sub-password pw → (pw by user's local client1,pw2,...,pwn),
Middle n >=1.
(2) information on block chain can be all checked due to owner, Cai so in order to protect password will be to sub- password encryption
It can storage.User utilizes its biological characteristic B (may include fingerprint, iris etc.), and it is public to generate parameter using existing Fuzzy extractor
Open parameter P and secret parameter R, formula are as follows: Gen (B) → (P, R).
(3) the private key sk for protecting the cryptographic Hash of secret parameter R as user password1=H (R) generates user password and protects
Protect public private key pair (sk1,pk1)=(h (R), h (R) G).
(4) public key pk is protected using user password1Encryption is grouped to the sub-password after being split by user password to obtain
Ciphertext group C, is denoted as (C1, C2..., Cn), whereinAs n=1, i.e., public key is protected using user password
pk1User password is integrally encrypted, is the special shape of block encryption.
(5) user's local client will open parameter P, CiAnd pk1It is grouped packing and generates n secret string, be denoted as (P,
Ci,pk1), wherein i=1,2 ..., n (n >=1).
(6) it is a reliable by block chain client packed n secret string to upload to n for user's local client
On block chain node, and<Blockhash>and<txhash>of node is recorded.
When user restores password, will there can be before the password in block chain node and back up locally downloading client
End, is then restored.The process of password recovery is as follows:
(1) user's local client from selected in reliable block chain node before at least t node (below restore
Key selects t node), it will be on node by block chain client according to<Blockhash>and<txhash>stored before
Secret string (P, Ci,pk1) locally downloading client.
(2) restore secret parameter R' using open parameter P and user biological feature B', formula be Rep (P, B') →
R'.By the concept of Fuzzy extractor, if distance (B, B') < s of biological characteristic B' and raw biometric B, then front and back
The R'=R of generation, i.e., fuzzy extraction of values are identical.Wherein distance () is similarity distance function, and s is Fuzzy extractor rule
The error threshold value set.
(3) it according to obtained secret parameter R', calculates its cryptographic Hash and obtains the private key sk of user password protection1'=H
(R')。
(4) ciphertext group C' is extracted in t secret string, is denoted as (C1, C2..., Ct).The registered permanent residence is used using what is obtained
Enable protection private key sk1' decryption is grouped to ciphertext group, obtain t sub-passwordWherein 1≤i≤t.
(5) t obtained sub-password pw is utilizedi', with Lagrange interpolation method recover user's user password pw' ←
(pw1',pw2',...,pwt').When B' and B meet distance (B, B') < s, R'=R, sk1'=sk1And pwi'=
pwi, then pw'=pw.
Key and file verification:
Due to herein described method propose block chain key multi-zone supervision scheme in comprising user password key,
Can different types of key such as master key, private key for user, cipher-text information be decrypted correctly the authenticity depending on key.In order to
The authenticity of key is verified, user can use<KeyHash>label in key name to test, and verify
Process it is as follows:
(1) after user receives the key or file that other users are sent, if deposited in the name of the key or file
In<Blockhash>and<txhash>label, user can will be corresponding close from block chain node by block chain client
Key or file download compare, whether inspection content is tampered to local client with the content received before;It uses simultaneously
<KeyHash>value that family can also carry out in Hash operation, with name to the key or file content that receive or download carry out pair
Than.If the two is identical, proves the key or file is true, be otherwise false.
(2) authenticity verification of key and file can also be tested by the method for signature, use the private of sender
Key signs to key or file, generates signature digest.When recipient receives key or file, the public affairs of sender are utilized
Key carries out sign test, judges whether key or file are tampered.
Key revocation and update:
It is also contemplated that such situation in the key multi-zone supervision scheme for the block chain that herein described method proposes: when
When password, private key, master key, the file encryption key of user are revealed, attacker will use the content of key pair encryption to look into
It sees.Attacker can also use private key to execute signature to false content.Because corresponding public key can still be verified, this be will lead to
More wrong contents are propagated.Therefore it is necessary for key designs revocation and update mechanisms in herein described method.Block chain
In node will information formed block after to other nodes of block chain send block information, other node verifications pass through the area Hou Jiang
Block is added to block chain.Since generated block can not be changed, so user can not carry out reality to the content in block chain
It deletes.User can only re-write newest state and information.User can use the intelligent contract in block chain
Can latest edition to key or file and state inquire.
Related to the encryption number of plies where key for the update difficulty of key, the number of plies is got over Gao Gengxin and is more difficult to.For user
Password when updating, since password is the top of key, so updating the most troublesome.Password more new technological process is as follows:
(1)<Status>label in the name of old password key is changed to " invalid ".
(2) user password is divided again and is stored encrypted in block chain node.
(3) re-encrypted is carried out to the private key of master key and user, generates new key file.New key file <
Version>label adds 1 on original<Version>label, and<Status>label of original cipher key file is changed to
"invalid".New and old key file is uploaded in block chain network by block chain client.
(4) corresponding information in local client in modification name table.
The more new technological process of master key is as follows:
(1)<Status>label in the name of former master key is changed to " invalid ",<Version>label of new key
Add 1 on original<Version>label.
(2) file encryption key that former master key encryption is crossed is re-started into encryption, splices again with file cipher text and generates
<Status>label of original upper transmitting file is changed to " invalid " by upper transmitting file,<Version>of new upper transmitting file
Label adds 1 on original<Version>label.New and old upper transmitting file is uploaded into block link network by block chain client
In network.
(3) corresponding information in local client in modification name table.
The more new technological process of the public and private key of user is as follows:
(1) new public private key pair is generated using elliptic curve,<Status>label in the name of former public key is changed to
" invalid ",<Version>label of new public key adds 1 on original<Version>label, and new and old public key is uploaded to
On block chain node.
(2) private key of user being encrypted using password key, the ciphertext splicing with master key generates key file,
<Status>label of original key file is changed to " invalid ",<Version>label of new key file is in original
Add 1 on<Version>label come.New and old key file is uploaded in block chain network by block chain client.
(3) corresponding information in local client in modification name table.
The more new technological process of file encryption key is as follows:
(1) file encryption key is regenerated,<Status>label in the name of original encryption key is changed to
" invalid ",<Version>label of new file encryption key add 1 on original<Version>label.
(2) new file cipher text is obtained using new file encryption key encryption file, utilizes the new text of master key encryption
Part encryption key generates new file encryption key ciphertext.The two splicing is generated into new upper transmitting file, transmitting file in original is ordered
<Status>label in name is changed to " invalid ", and<Version>label of new upper transmitting file is marked at original<Version>
It signs and adds 1, and new and old upper transmitting file is uploaded on block chain node.
(3) corresponding information in local client in modification name table.
It should be noted that the information of the encrypted key of key can become when the key information of user leaks
It is dangerous.So need for the whole key below of layer belonging to the key to be updated in more new key, specific more new technological process
With reference to described above.
Scheme supplement:
When user log off, local client can clear up all clear text keys to guarantee safety, the ciphertext shape of key
User client is deposited at key set.When the user desires, the key set of local client is first accessed.If in key set
No, further according to<Blockhash>and<txhash>of key or key file in local name table, pass through block chain client
It holds the locally downloading client of required key.
Analysis and assessment:
Safety analysis and assessment:
The safety analysis of herein described method will be unfolded in terms of key safety, data safety, general safety three
Analysis.
Key safety analysis:
Herein described method uses multi-zone supervision, and encryption relationship is that upper layer key encrypts lower layer's key.Since password is close
Key is the top layer of key, so the safety of user password determines the safety of system.And the password of user only has user
Oneself know.So user directly determines the safety of password, and the safety of decision systems indirectly.User makes when logging in
Logging on authentication is the result handled by sha256.The unidirectional characteristic of sha256 can guarantee remaining user in block chain
The user password can not be obtained.Local client generates cryptographic key using PBKDF2 algorithm.PBKDF2 algorithm repeats on almost
The hashing operation of thousand password and salt.The difficulty inversely cracked is too big, and the time for cracking a password may need
Centuries, therefore cryptographic key only has user oneself to know.The public and private key of user is generated by elliptic curve encryption algorithm, Gu Qu
Remaining user on block chain can not crack the private key of user according to the public key of user.Master key is generated by secure random number
The random number for the sufficient length that device generates.Password key encrypts private key and master key using AESCBC mode, and ciphertext is deposited
Storage is on block chain node.There is no password key, remaining user in block chain can not crack master key and the private of user at all
Key.Therefore key file is very safe.File encryption key is generated by secure random number generator, this may insure close
The randomness of key.File encryption key is stored on block chain node by master key encryption, so file encryption key is also peace
Complete.Meanwhile the corresponding file encryption key of a file, it can prevent malicious user from knowing multiple groups file cipher text in this way
With plaintext Brute Force file encryption key.In addition to this, the characteristics such as the decentralization of block chain, anti-tamper, high transparency are utilized
It can prevent malicious user from distorting to key ciphertext.In conclusion so all keys are all in herein described method
It is very safe.
Data security analysis:
When user uploads to file on block chain node, file first passes through file encryption key encryption and uploads to again
On block chain node.Because only that user possesses file key, so the other users on block chain at all can not be in no text
File cipher text is decrypted in the case where part key.Due to all using ciphertext data during transimission and storage, so attacking
The person of hitting can only obtain file cipher text data and can not obtain any useful information.File cipher text is stored in block chain link simultaneously
It can prevent attacker from distorting on point, therefore file content is very safe.When the data sharing of user, shared data
Content be still ciphertext state.In addition, the decryption of file encryption key is completed in local client.Then it is used using shared
The public key encryption file encryption key at family.Encrypted ciphertext and file cipher text are spliced again, and using the key of participator into
Row signature is shared with shared user after forming sharing file.So sharing can be used when addressee receives and shares file
The public key of person carries out sign test, judges whether sharing contents are distorted by attacker.Simultaneously only addressee possess it is privately owned come Xie Miwen
Part encryption key ciphertext, therefore attacker can not obtain file encryption key and file cipher text is decrypted.So file data is
It is very safe.In conclusion herein described method can protect the safety of user data well.
The general safety of scheme is analyzed:
Herein described method proposes the key multi-zone supervision of block chain.These keys are divided into three layers, and encryption relationship is
Upper layer key encrypts lower layer's key.So ensure that the safety of all keys.During data transimission and storage, institute
Having data is ciphertext.And only user oneself key of knowing oneself, remaining people know nothing user key.Therefore,
Even if attacker obtains information in transmission process or on block chain, since information is ciphertext and attacker does not have the phase of user
Key is answered, they can not also decrypt ciphertext to obtain useful information.Only have user oneself to know mouth in herein described method
It enables, so user determines the safety of password and system.The password of user utilizes the biological characteristic B of user in local client
It is grouped encryption, and is dispersedly stored on n reliable block chain nodes;The key ciphertext and file cipher text of user
It is stored on block chain node.The characteristics such as can not distort using block chain can prevent attacker from distorting to it, very well
Ground ensure that the authenticity of content.It can also be authenticated by<KeyHash>label in the name to key and file simultaneously
The authenticity of content.In user log off, local client can clear up the key and file of all plaintexts.So can be with
It reduces attacker and attacks the probability that user's local client obtains the plaintext of key and file.It, can when the Key Exposure of user
Key is reset in the method using the revocation and update that are proposed in herein described method, to reduce loss;When
When user forgets password, can use proposed in herein described method password recovery operation restored, can to avoid with
Forget the case where password can not log in family.In addition related algorithm and technology used in herein described method are with maturation.It is comprehensive
Upper described, herein described method is convenient for management, safe and efficient, can very effectively protect the privacy information of user.
Efficiency analysis and assessment:
It is to be inquired using intelligent contract the storage location of key and file in traditional block chain network.
In herein described method by using in naming mechanism label<Blockhash>and<txhash>quickly determine key with
The storage location of file can significantly reduce the time.File is to be added by file encryption key using symmetrical in our scheme
What close algorithm was encrypted.And in traditional block chain network file be by user public key using rivest, shamir, adelman into
Row encryption.It is well known that more more efficient than rivest, shamir, adelman, quick when rivest, shamir, adelman encryption and decryption, occupancy money
Source is few, and thus our scheme efficiency in terms of user file encryption is relatively high.Password key is calculated using PBKDF2
Method carries out encryption generation to login password.Levent Ertaul etc. select mobile platform come measure PBKDF2, Bcrypt and
The performance of Scrypt algorithm, they are concluded that PBKDF2 is most fast, best in this 3 kinds of algorithms.Traditional block
The private key of user can only be used to key and file signature in chain network, the method for recycling public key sign test is come to key and text
The authenticity of part is verified.Iing is proposed in herein described method can also be right using the label<KeyHash>in naming mechanism
The key and file of user compares certification, it is possible to save the time.Block chain uses in herein described method simultaneously
Be PBFT consistency algorithm, it is per second to handle thousands of affairs.In conclusion herein described method is either in key
Management aspect, or in terms of file-sharing, efficiency is all relatively high.
Symbol description:
In order to more accurately describe system performance, spy does following parameter declaration, as shown in table 2.
2 parameter declaration of table
Performance evaluation:
Since the key type of herein described method is relatively more, therefore a user generates the use of all keys and name
When are as follows:
Tallkeys=Tpwkey+Tmastkey+Tpripubkey+Tfilekey·n+(n+3)·Tnaming (0-1)
In herein described method, user A wants the used time for sharing a file to user B are as follows:
Tfileshare=S (Tfileupload+Tfiletrans+Tdcwj+2·Tv)+2·Tfdcmy+Tdcmy (0-2)
In traditional block chain scheme, a user generates the used time of all keys are as follows:
Tallkeys=Tpripubkey (0-3)
In traditional block chain scheme, user A wants the used time for sharing a file to user B are as follows:
Tfileshare=S (Tfileupload+Tfiletrans+3·Tfdcwj+3·Tv)+Thycx (0-4)
Document [Fan, K., et al. (2018) " Secure and private key management scheme in
big data networking."Peer-to-Peer Networking and Applications 11(5):992-
999.] in the scheme proposed, a user generates the used time of all keys are as follows:
Tallkeys=Tpwkey+Trsa+n·Tfilekey+Tmastkey (0-5)
Document [Fan, K., et al. (2018) " Secure and private key management scheme in
big data networking."Peer-to-Peer Networking and Applications 11(5):992-999.]
In the scheme of proposition, user A wants the used time for sharing a file to user B are as follows:
Tfileshare=S (Tfilecup+Tfiletrans+Tdcwj+3·Tv)+2·Tfdcmy+Tdcmy+Tyfwcx (0-6)
Document [J.Lou, Q.Zhang, Z.Qi and K.Lei, " A Blockchain-based key Management
Scheme for Named Data Networking," 2018 1st IEEE International Conference on
Hot Information-Centric Networking (HotICN), Shenzhen, 2018, pp.141-146.] propose
In scheme, a user generates the used time of all keys are as follows:
Tallkeys=Tpripubkey+Tnaming (0-7)
Document [J.Lou, Q.Zhang, Z.Qi and K.Lei, " ABlockchain-based key Management
Scheme for Named Data Networking," 2018 1st IEEE International Conference on
Hot Information-Centric Networking (HotICN), Shenzhen, 2018, pp.141-146.] propose
In scheme, user A wants the used time for sharing a file to user B are as follows:
Tfileshare=S (Tfileupload+Tfiletrans+3·Tfdcwj+2·Tv) (0-8)
Fig. 6 shows original block chain, document [J.Lou, Q.Zhang, Z.Qi and K.Lei, " A Blockchain-
based key Management Scheme for Named Data Networking,"2018 1st IEEE
International Conference on Hot Information-Centric Networking(HotICN),
Shenzhen, 2018, pp.141-146.] and in the application user generates the time of all keys.The application known in Fig. 6
In the method when user file quantity is 90, the time for generating all keys is only 0.2 second, the influence very little to system.
Fig. 7 shows original block chain, document [J.Lou, Q.Zhang, Z.Qi and K. Lei, " A Blockchain-based
key Management Scheme for Named Data Networking,"2018 1st IEEE International
Conference on Hot Information-Centric Networking(HotICN),Shenzhen,2018,
Pp.141-146.] and in the application between user different sharing files time.It can be seen that herein described side in Fig. 7
The file-sharing time can be greatly reduced when sharing file in method, therefore the efficiency of system can be improved.And it is herein described
The safety of method is also very high.In conclusion the performance of herein described method is relatively high.
Experimental contrast analysis:
Compared to traditional block chain key managing project, the generation of key only considered, without considering key
Remaining operation.[Fan, K., et al. (2018) " the Secure and private key management scheme of document 7
in big data networking."Peer-to-Peer Networking and Applications 11(5):992-
Key ciphertext is stored in big data network by 999.] the key multi-zone supervision scheme proposed using the thought that key is layered
To protect the safety of key.Document 8 [J. Lou, Q.Zhang, Z.Qi and K.Lei, " A Blockchain-based key
Management Scheme for Named Data Networking,"2018 1st IEEE International
Conference on Hot Information-Centric Networking(HotICN),Shenzhen,2018,
Pp.141-146.] the name data network key managing project based on block chain proposed, is named to mention key
The efficiency and safety of high key management.Scheme proposed in this paper not only considered what key was generated, and restored, cancels and updated
Process also improves the safety and efficiency of key management using block chain, key demixing technology and naming mechanism.Introduce level
The key management method of change, can dynamically generate the working key of data encryption, and Multilayered encryption system has greatly reinforced password system
The reliability of system.Simultaneously as working key with the most use is usually replaced, and high-rise key is less, so that decode
Difficulty increases.Block chain technology is introduced, can ensure that data can be tracked simultaneously by Distributed Storage and common recognition mechanism
And it is not easy to be tampered.The key managing project function comparison that this programme and other documents propose is as shown in table 3 below.
The comparison of 3 key managing project function of table
Present applicant proposes a kind of key tiered management approach of block chain, are pacified with solving key in present block chain
Full problem.The advantage is that: (1) divides the key into three layers, encryption relationship is that upper layer encrypts lower layer, to ensure that all close
The safety of key.(2) user is very convenient when using system, it is only necessary to remember that login password login system and can generate
The plaintext of all keys.(3) also propose a kind of naming mechanism to facilitate all keys for the ease of managing herein described method
With the management of file, the efficiency of management is improved.(4) in order to avoid user forgets the case where login password causes damages to user
Occur.In conjunction with block chain and user characteristics encryption technology is grouped encryption to user password and dispersion stores, and utilizes (t, n)
Secret sharing mechanism is to achieve the purpose that password recovery.(5) herein described method also proposed key revocation and update simultaneously
Mechanism is to reduce user key leakage to loss caused by user security risk.(6) due to the process in key and file transimission and storage
In, entirely ciphertext format.So attacker can not obtain the clear text key of user, also it is natural can not and to corresponding close
Text is decrypted.(7) ensure that data can be tracked and be not easy using block chain Distributed Storage and common recognition mechanism
It is tampered.(8) user can also be received using signature mechanism, naming mechanism and memory mechanism in herein described method
Key and the authenticity of file authenticated.In conclusion herein described method may insure the safety of user data
And privacy.
Claims (9)
1. a kind of block chain key tiered management approach, it is characterised in that include the following steps:
Initialize block catenary system in user password pw, logging on authentication uid, password key pwkey, master key mastkey with
And master key ciphertext mastkeyciper;
Generate private key for user prikey, client public key pubkey, key file keyfile and private key for user ciphertext
prikeyciper;
To file encryption key filekey, file f ile, file cipher text fileciper, file encryption key ciphertext
Filekeyciper and upload file f ileupload carry out multi-zone supervision;
Corresponding file is shared, the key multi-zone supervision of block chain is completed.
2. block chain key tiered management approach as described in claim 1, which is characterized in that the method for the initialization is such as
Under:
User is for the first time in use, need to input related registration information, to user password pw progress Hash operation generation logging on authentication
Uid=H (pw), and logging on authentication uid is uploaded on block chain node by block chain client;It is when next user logs in
When system, can use the password pw1 that intelligent contract inputs user and carry out Hash operation uid1=H (pw1), according to uid and
Unanimously whether can judgement log in uid1;
After registering for the first time, encryption is carried out to user password pw using PBKDF2 algorithm and generates password key pwkey=PBKDF2
(pw);
The master key mastkey of user is generated using random number generator;
After generating password key pwkey and master key mastkey, the corresponding name record of addition into local name table;
Password key pwkey and master key mastkey is stored in the local client of user, is encrypted using master key pwkey
The ciphertext mastkeyciper=Enc of master key mastkey generation master keypwkey(mastkey)。
3. block chain key tiered management approach as described in claim 1, which is characterized in that generate the method for remaining key such as
Under:
Private key for user prikey and client public key pubkey, private key for user prikey storage are generated using elliptic curve encryption algorithm
In client local, client public key pubkey is uploaded on block chain node by block chain client;
Then the ciphertext prikeyciper=Enc of private key is obtained using password key pwkey encryption private key for user prikeypwkey
(prikey);
The master key mastkey and password key pwkey of user is same layer on the level of encryption, is spliced when storage
Key file keyfile=mastkeyciper is obtained together | | prikeyciper, and pass through block chain client for key
File keyfile is uploaded on block chain node;
It is dug when local client generates private key for user prikey or client public key pubkey and key file keyfile by miner
After mine is stored on block chain node, the corresponding name record of addition into local name table record;
Conversely, user can be according to<Blockhash>and<txhash>of the key file keyfile of local name table record
By block chain client by the locally downloading client of key file keyfile;Keyfile is split to obtain master key ciphertext
Mastkeyciper and private key for user ciphertext prikeyciper recycles password key pwkey that the two is decrypted and is led
Key mastkey=Decpwkey(mastkeyciper) and private key for user prikey=Decpwkey(prikeyciper)。
4. block chain key tiered management approach as described in claim 1, which is characterized in that the method for key multi-zone supervision is such as
Under:
When user is when locally uploading file f ile by block chain client, local client is random using random number generator
Generate file encryption key filekey;
File cipher text fileciper=Enc is generated using file encryption key filekey encryption file f ilefilekey(file),
File encryption key ciphertext filekeyciper is generated using master key mastkey encrypted file-encryption key filekey simultaneously
=Encmastkey(filekey);
Since file encryption key filekey and file f ile are one-to-one, thus by file cipher text fileciper and
Before file encryption key ciphertext filekeyciper is uploaded on block chain node by block chain client, the two is spelled
The generation that is connected together uploads file f ileupload=filekeyciper | | fileciper is uploaded again;
Pass through miner when local client generates file encryption key ciphertext filekeyciper or uploads file f ileupload
After digging mine is stored on block chain node, name record accordingly is added into local name table record;
Conversely, user can according to<Blockhash>of the upload file f ileupload of local name table record and<
Txhash > pass through block chain client for upload file download to local client, will upload file f ileupload and splits
To file encryption key ciphertext filekeyciper and file cipher text fileciper;Master key mastkey is recycled to add file
Key ciphertext filekeyciper is decrypted to obtain file encryption key filekey=Decmastkey
(filekeyciper), file cipher text fileciper is decrypted using file encryption key filekey to obtain file f ile
=Decfilekey(fileciper)。
5. block chain key tiered management approach as claimed in claim 4, which is characterized in that the method for file-sharing is as follows:
User A wants that there are two types of situations to user B transmission shared file, first is that shared file is stored on the node of block chain, uses
Acquisition file is wanted at family must be first locally downloading from block chain;Second is that shared file is just in user's local client;For
The first situation, the operation in key multi-zone supervision obtain file encryption key filekey and file cipher text fileciper;
The public key pubkey of user B is obtained by block chain clientB;Utilize the public key pubkey of user BBIt is close to file encryption
Key filekey is encrypted to obtain file encryption key sharing file f ilekeyshare=EncpubkeyB(filekey);
Next file cipher text fileciper is shared with file encryption key to file f ilekeyshare splicing, and utilize use
The private key prikey of family A carries out signature to splicing content and generates signature digest sigmessage=SigprikeyA
(filekeyshare||fileciper);
Shared file fileshare=sigmessage is formed before signature digest sigmessage is finally added to the field of splicing
| | filekeyshare | | fileciper, and send it to user B;
For second situation, the file encryption key filekey of file f ile is generated at random using random number generator, and right
File f ile carries out encryption and generates file cipher text fileciper=Encfilekey(file), it is carried out again later for the first feelings
The processing method of condition;
When user B, which is received, shares file f ileshare, file f ileshare will be shared first and split to obtain signature digest
Sigmessage, file encryption key share file f ilekeyshare and file cipher text fileciper, and pass through block chain visitor
The public key pubkey of family end collection user AA;
Then the public key pubkey of user A is utilizedASign test Ver is carried out to signature digest sigmessagepubkeyA
(sigmessage), verifying file is authenticity that user A is sent and file content;
Finally utilize the private key prikey of user BBShare file f ilekeyshare to file encryption key to be decrypted to obtain text
Part encryption key filekey=DecprikeyB(filekeyshare), text is generated to encryption using file encryption key filekey
Part ciphertext fileciper is decrypted to obtain file f ile=Decfilekey(fileciper)。
6. block chain key tiered management approach as described in claim 1, which is characterized in that it is extensive that the method also includes passwords
It is multiple:
When user registers for the first time, password can be dispersed to be stored encrypted on reliable block chain node, so as to password recovery
When use, password dispersion storage process it is as follows:
1) password of user is split into n sub-password pw → (pw by user's local client1,pw2,...,pwn), wherein n >=1;
2) information on block chain can be all checked due to owner, just so in order to protect password that can deposit to sub- password encryption
Storage;User utilizes its biological characteristic B, generates parameter using existing Fuzzy extractor and discloses parameter P and secret parameter R, formula
Are as follows: Gen (B) → (P, R);
3) the private key sk for protecting the cryptographic Hash of secret parameter R as user password1It is public and private to generate user password protection by=H (R)
Key is to (sk1,pk1)=(h (R), h (R) G);
4) public key pk is protected using user password1Encryption is grouped to the sub-password after being split by user password and obtains ciphertext group
C is denoted as (C1, C2..., Cn), whereinAs n=1, i.e., public key pk is protected using user password1To with
The registered permanent residence enables entirety be encrypted, and is the special shape of block encryption;
5) user's local client will open parameter P, CiAnd pk1It is grouped packing and generates n secret string, be denoted as (P, Ci,
pk1), wherein i=1,2 ..., n (n >=1);
6) user's local client uploads to n reliable block chains by n packed secret string of block chain client
On node, and<Blockhash>and<txhash>of node is recorded;
When user restores password, will there is the password in block chain node before and back up locally downloading client, then
Restored, the process of password recovery is as follows:
1) user's local client selects at least t node from reliable block chain node before, according to store before <
Blockhash>and<txhash>pass through block chain client for secret string (P, the C on nodei,pk1) locally downloading client
End;
2) secret parameter R' is restored using open parameter P and user biological feature B', formula is Rep (P, B') → R';By mould
Paste extractor concept, if distance (B, B') < s of biological characteristic B' and raw biometric B, then front and back generate R'
=R, i.e., fuzzy extraction of values are identical;Wherein distance () is similarity distance function, and s is the mistake that Fuzzy extractor provides
Accidentally limiting value;
3) it according to obtained secret parameter R', calculates its cryptographic Hash and obtains the private key sk of user password protection1'=H (R');
4) ciphertext group C' is extracted in t secret string, is denoted as (C1, C2..., Ct);It is protected using obtained user password
Private key sk1' decryption is grouped to ciphertext group, obtain t sub-passwordWherein 1≤i≤t;
5) t obtained sub-password pw is utilizedi', user's user password pw' ← (pw is recovered with Lagrange interpolation method1',
pw2',...,pwt');When B' and B meet distance (B, B') < s, R'=R, sk1'=sk1And pwi'=pwi, then
Pw'=pw.
7. block chain key tiered management approach as described in claim 1, which is characterized in that the method also includes key and
File verification:
Using key name in<KeyHash>label carry out key and the inspection of document, the process of verifying is as follows:
1) after user receives the key or file that other users are sent, if exist in the name of the key or file <
Blockhash>and<txhash>label, user can by block chain client from block chain node by corresponding key or
File download compares, whether inspection content is tampered to local client with the content received before;User may be used also simultaneously
It is compared with carrying out<KeyHash>value in Hash operation, with name to the key or file content for receiving or downloading, if
The two is identical, then proves the key or file is true, be otherwise false;
2) authenticity verification of key and file can also be tested by the method for signature, using the private key of sender to close
Key or file are signed, and signature digest is generated;When recipient receives key or file, tested using the public key of sender
Label, judge whether key or file are tampered.
8. block chain key tiered management approach as described in claim 1, which is characterized in that the method also includes close updates
Step:
Password key more new technological process is as follows:
1)<Status>label in the name of old password key is changed to " invalid ";
2) user password is divided again and is stored encrypted in block chain node;
3) re-encrypted is carried out to the private key of master key and user, generates new key file;<Version>of new key file
Label adds 1 on original<Version>label, and<Status>label of original cipher key file is changed to " invalid ", will be new and old close
Key file is uploaded in block chain network by block chain client;
4) corresponding information in local client in modification name table;
The more new technological process of master key is as follows:
1)<Status>label in the name of former master key is changed to " invalid ",<Version>label of new key is original
<Version>label on plus 1;
2) file encryption key that former master key encryption is crossed is re-started into encryption, splices again with file cipher text and generates upload text
<Status>label of original upper transmitting file is changed to " invalid " by part, and<Version>label of new upper transmitting file exists
Add 1 on<Version>label originally, new and old upper transmitting file is uploaded in block chain network by block chain client;
3) corresponding information in local client in modification name table;
The more new technological process of the public and private key of user is as follows:
1) new public private key pair is generated using elliptic curve,<Status>label in the name of former public key is changed to
" invalid ",<Version>label of new public key adds 1 on original<Version>label, and new and old public key is uploaded to
On block chain node;
2) private key of user is encrypted using password key, the ciphertext splicing with master key generates key file, will be original
<Status>label of key file be changed to " invalid ",<Version>label of new key file it is original<
Add 1 on Version > label, new and old key file is uploaded in block chain network by block chain client;
3) corresponding information in local client in modification name table;
The more new technological process of file encryption key is as follows:
1) file encryption key is regenerated,<Status>label in the name of original encryption key is changed to " invalid ",
<Version>label of new file encryption key adds 1 on original<Version>label;
2) new file cipher text is obtained using new file encryption key encryption file, utilizes the new file encryption of master key encryption
Key generates new file encryption key ciphertext, and the two splicing is generated new upper transmitting file, by it is former upload in file designation <
Status>label is changed to " invalid ", and<Version>label of new upper transmitting file adds 1 on original<Version>label,
And new and old upper transmitting file is uploaded on block chain node.
3) corresponding information in local client in modification name table.
9. block chain key tiered management approach as described in claim 1, which is characterized in that the method also includes:
When user exits, local client clears up all clear text keys, and the ciphertext of key forms key set and deposits in user visitor
Family end;When the user desires, the key set of local client is first accessed;If do not had in key set, table is named further according to local
<Blockhash>and<txhash>of middle key or key file, it is by block chain client that required key is locally downloading
Client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910591293.8A CN110300112B (en) | 2019-07-02 | 2019-07-02 | Block chain key hierarchical management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910591293.8A CN110300112B (en) | 2019-07-02 | 2019-07-02 | Block chain key hierarchical management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110300112A true CN110300112A (en) | 2019-10-01 |
| CN110300112B CN110300112B (en) | 2022-05-10 |
Family
ID=68029976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910591293.8A Active CN110300112B (en) | 2019-07-02 | 2019-07-02 | Block chain key hierarchical management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110300112B (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110798315A (en) * | 2019-11-11 | 2020-02-14 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and terminal |
| CN110852745A (en) * | 2019-10-12 | 2020-02-28 | 杭州云象网络技术有限公司 | Block chain distributed dynamic network key automatic updating method |
| CN111131254A (en) * | 2019-12-25 | 2020-05-08 | 中国联合网络通信集团有限公司 | File processing method, block chain node, block chain and storage medium |
| CN111314090A (en) * | 2020-03-25 | 2020-06-19 | 北京航空航天大学 | Secure multi-cloud password management method based on bit level threshold |
| CN111369248A (en) * | 2020-03-03 | 2020-07-03 | 南京大学 | Digital product safe transaction method and system based on block chain technology |
| CN111464301A (en) * | 2020-04-28 | 2020-07-28 | 郑州信大捷安信息技术股份有限公司 | Key management method and system |
| CN111459672A (en) * | 2020-03-30 | 2020-07-28 | 百度国际科技(深圳)有限公司 | Transaction processing method, device, equipment and medium based on block chain network |
| CN111556498A (en) * | 2020-04-27 | 2020-08-18 | 中国银行股份有限公司 | Block chain-based APP signature verification method and device |
| CN111600701A (en) * | 2020-04-28 | 2020-08-28 | 广州华工中云信息技术有限公司 | Private key storage method and device based on block chain and storage medium |
| CN111639361A (en) * | 2020-05-15 | 2020-09-08 | 中国科学院信息工程研究所 | Block chain key management method, multi-person common signature method and electronic device |
| CN111769938A (en) * | 2020-06-29 | 2020-10-13 | 福建福链科技有限公司 | Key management system and data verification system of block chain sensor |
| CN111917721A (en) * | 2020-06-28 | 2020-11-10 | 石家庄铁道大学 | Attribute encryption method based on block chain |
| CN112069263A (en) * | 2020-09-09 | 2020-12-11 | 上海万向区块链股份公司 | Process data auditing method, system and medium based on block chain |
| CN112187454A (en) * | 2020-09-14 | 2021-01-05 | 国网浙江省电力有限公司信息通信分公司 | Key management method and system based on block chain |
| CN112187456A (en) * | 2020-09-27 | 2021-01-05 | 上海万向区块链股份公司 | Key hierarchical management and collaborative recovery system and method |
| CN112231495A (en) * | 2020-10-28 | 2021-01-15 | 刘娴 | Modeling method and device for individuals and families |
| CN112765627A (en) * | 2021-01-22 | 2021-05-07 | 重庆允成互联网科技有限公司 | Business report data authority control method based on double-layer authority control |
| CN113254972A (en) * | 2021-06-10 | 2021-08-13 | 永旗(北京)科技有限公司 | Information security management method based on block chain |
| CN113591140A (en) * | 2021-07-30 | 2021-11-02 | 平安普惠企业管理有限公司 | Method, system, computer device and storage medium for preventing resource data from being tampered |
| CN113626855A (en) * | 2021-07-15 | 2021-11-09 | 杭州玖欣物联科技有限公司 | Data protection method based on block chain |
| US20220069981A1 (en) * | 2020-09-03 | 2022-03-03 | Google Llc | Distribute Encryption Keys Securely and Efficiently |
| WO2022193920A1 (en) * | 2021-03-17 | 2022-09-22 | International Business Machines Corporation | Blockchain data segregation |
| CN115208640A (en) * | 2022-06-24 | 2022-10-18 | 中通服创发科技有限责任公司 | Named data network public key management method based on block chain intelligent contract |
| CN116089984A (en) * | 2023-04-06 | 2023-05-09 | 河北科技师范学院 | Anti-disclosure management method and system for administrative files |
| CN116401715A (en) * | 2023-06-08 | 2023-07-07 | 中国移动紫金(江苏)创新研究院有限公司 | Medical data circulation privacy calculation method and system based on blockchain |
| CN116644458A (en) * | 2023-07-26 | 2023-08-25 | 泸州职业技术学院 | Electronic system information security protection system |
| US12010226B2 (en) | 2021-03-17 | 2024-06-11 | International Business Machines Corporation | Blockchain data segregation |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104917759A (en) * | 2015-05-26 | 2015-09-16 | 西安电子科技大学 | Third-party-based safety file storage and sharing system and method |
| CN105245328A (en) * | 2015-09-09 | 2016-01-13 | 西安电子科技大学 | User and file key generation and management method based on third party |
| CN107623569A (en) * | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
| US20180131511A1 (en) * | 2016-08-03 | 2018-05-10 | James Taylor | Systems and Methods for Dynamic Cypher Key Management |
| CN108229962A (en) * | 2018-01-04 | 2018-06-29 | 众安信息技术服务有限公司 | Right management method and system based on block chain |
| US20180332011A1 (en) * | 2017-05-11 | 2018-11-15 | Microsoft Technology Licensing, Llc | Secure cryptlet tunnel |
| CN109918942A (en) * | 2019-02-21 | 2019-06-21 | 领信智链(北京)科技有限公司 | A kind of decentralization identification code management system based on ether mill block chain |
-
2019
- 2019-07-02 CN CN201910591293.8A patent/CN110300112B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104917759A (en) * | 2015-05-26 | 2015-09-16 | 西安电子科技大学 | Third-party-based safety file storage and sharing system and method |
| CN105245328A (en) * | 2015-09-09 | 2016-01-13 | 西安电子科技大学 | User and file key generation and management method based on third party |
| US20180131511A1 (en) * | 2016-08-03 | 2018-05-10 | James Taylor | Systems and Methods for Dynamic Cypher Key Management |
| US20180332011A1 (en) * | 2017-05-11 | 2018-11-15 | Microsoft Technology Licensing, Llc | Secure cryptlet tunnel |
| CN107623569A (en) * | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
| CN108229962A (en) * | 2018-01-04 | 2018-06-29 | 众安信息技术服务有限公司 | Right management method and system based on block chain |
| CN109918942A (en) * | 2019-02-21 | 2019-06-21 | 领信智链(北京)科技有限公司 | A kind of decentralization identification code management system based on ether mill block chain |
Non-Patent Citations (1)
| Title |
|---|
| JUNJUN LOU: "A Blockchain-based key Management Scheme for Named Data Networking", 《2018 1ST IEEE INTERNATIONAL CONFERENCE ON HOT INFORMATION-CENTRIC NETWORKING》 * |
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110852745A (en) * | 2019-10-12 | 2020-02-28 | 杭州云象网络技术有限公司 | Block chain distributed dynamic network key automatic updating method |
| CN110852745B (en) * | 2019-10-12 | 2022-07-19 | 杭州云象网络技术有限公司 | Block chain distributed dynamic network key automatic updating method |
| CN110798315A (en) * | 2019-11-11 | 2020-02-14 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and terminal |
| CN111131254A (en) * | 2019-12-25 | 2020-05-08 | 中国联合网络通信集团有限公司 | File processing method, block chain node, block chain and storage medium |
| CN111131254B (en) * | 2019-12-25 | 2022-04-15 | 中国联合网络通信集团有限公司 | File processing method, block chain node, block chain and storage medium |
| CN111369248B (en) * | 2020-03-03 | 2023-07-04 | 南京大学 | Digital product safe transaction method and system based on blockchain technology |
| CN111369248A (en) * | 2020-03-03 | 2020-07-03 | 南京大学 | Digital product safe transaction method and system based on block chain technology |
| CN111314090A (en) * | 2020-03-25 | 2020-06-19 | 北京航空航天大学 | Secure multi-cloud password management method based on bit level threshold |
| CN111459672A (en) * | 2020-03-30 | 2020-07-28 | 百度国际科技(深圳)有限公司 | Transaction processing method, device, equipment and medium based on block chain network |
| CN111459672B (en) * | 2020-03-30 | 2023-09-29 | 百度国际科技(深圳)有限公司 | Transaction processing method, device, equipment and medium based on block chain network |
| CN111556498A (en) * | 2020-04-27 | 2020-08-18 | 中国银行股份有限公司 | Block chain-based APP signature verification method and device |
| CN111556498B (en) * | 2020-04-27 | 2022-10-21 | 中国银行股份有限公司 | Block chain-based APP signature verification method and device |
| CN111600701A (en) * | 2020-04-28 | 2020-08-28 | 广州华工中云信息技术有限公司 | Private key storage method and device based on block chain and storage medium |
| CN111464301A (en) * | 2020-04-28 | 2020-07-28 | 郑州信大捷安信息技术股份有限公司 | Key management method and system |
| CN111464301B (en) * | 2020-04-28 | 2022-02-11 | 郑州信大捷安信息技术股份有限公司 | Key management method and system |
| CN111600701B (en) * | 2020-04-28 | 2023-06-27 | 广州华工信元通信技术有限公司 | Private key storage method, device and storage medium based on blockchain |
| CN111639361A (en) * | 2020-05-15 | 2020-09-08 | 中国科学院信息工程研究所 | Block chain key management method, multi-person common signature method and electronic device |
| CN111639361B (en) * | 2020-05-15 | 2023-06-20 | 中国科学院信息工程研究所 | Block chain key management method, multi-person common signature method and electronic device |
| CN111917721A (en) * | 2020-06-28 | 2020-11-10 | 石家庄铁道大学 | Attribute encryption method based on block chain |
| CN111917721B (en) * | 2020-06-28 | 2022-04-05 | 石家庄铁道大学 | Attribute encryption method based on block chain |
| CN111769938A (en) * | 2020-06-29 | 2020-10-13 | 福建福链科技有限公司 | Key management system and data verification system of block chain sensor |
| US20220069981A1 (en) * | 2020-09-03 | 2022-03-03 | Google Llc | Distribute Encryption Keys Securely and Efficiently |
| CN112069263B (en) * | 2020-09-09 | 2023-08-25 | 上海万向区块链股份公司 | Flow data auditing method, system and medium based on block chain |
| CN112069263A (en) * | 2020-09-09 | 2020-12-11 | 上海万向区块链股份公司 | Process data auditing method, system and medium based on block chain |
| CN112187454A (en) * | 2020-09-14 | 2021-01-05 | 国网浙江省电力有限公司信息通信分公司 | Key management method and system based on block chain |
| CN112187456A (en) * | 2020-09-27 | 2021-01-05 | 上海万向区块链股份公司 | Key hierarchical management and collaborative recovery system and method |
| CN112187456B (en) * | 2020-09-27 | 2022-09-16 | 上海万向区块链股份公司 | Key hierarchical management and collaborative recovery system and method |
| CN112231495A (en) * | 2020-10-28 | 2021-01-15 | 刘娴 | Modeling method and device for individuals and families |
| CN112765627A (en) * | 2021-01-22 | 2021-05-07 | 重庆允成互联网科技有限公司 | Business report data authority control method based on double-layer authority control |
| US12010226B2 (en) | 2021-03-17 | 2024-06-11 | International Business Machines Corporation | Blockchain data segregation |
| WO2022193920A1 (en) * | 2021-03-17 | 2022-09-22 | International Business Machines Corporation | Blockchain data segregation |
| GB2619665A (en) * | 2021-03-17 | 2023-12-13 | Ibm | Blockchain data segregation |
| CN113254972A (en) * | 2021-06-10 | 2021-08-13 | 永旗(北京)科技有限公司 | Information security management method based on block chain |
| CN113626855A (en) * | 2021-07-15 | 2021-11-09 | 杭州玖欣物联科技有限公司 | Data protection method based on block chain |
| CN113591140A (en) * | 2021-07-30 | 2021-11-02 | 平安普惠企业管理有限公司 | Method, system, computer device and storage medium for preventing resource data from being tampered |
| CN113591140B (en) * | 2021-07-30 | 2023-10-03 | 安徽韬珀信息技术有限公司 | Resource data tamper-proof method, system, computer equipment and storage medium |
| CN115208640A (en) * | 2022-06-24 | 2022-10-18 | 中通服创发科技有限责任公司 | Named data network public key management method based on block chain intelligent contract |
| CN115208640B (en) * | 2022-06-24 | 2024-04-12 | 中通服创发科技有限责任公司 | Named data networking public key management method based on blockchain intelligent contract |
| CN116089984B (en) * | 2023-04-06 | 2023-06-13 | 河北科技师范学院 | Anti-disclosure management method and system for administrative files |
| CN116089984A (en) * | 2023-04-06 | 2023-05-09 | 河北科技师范学院 | Anti-disclosure management method and system for administrative files |
| CN116401715B (en) * | 2023-06-08 | 2023-08-22 | 中国移动紫金(江苏)创新研究院有限公司 | Medical data circulation privacy calculation method and system based on blockchain |
| CN116401715A (en) * | 2023-06-08 | 2023-07-07 | 中国移动紫金(江苏)创新研究院有限公司 | Medical data circulation privacy calculation method and system based on blockchain |
| CN116644458A (en) * | 2023-07-26 | 2023-08-25 | 泸州职业技术学院 | Electronic system information security protection system |
| CN116644458B (en) * | 2023-07-26 | 2023-11-21 | 泸州职业技术学院 | Electronic system information security protection system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110300112B (en) | 2022-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110300112A (en) | Block chain key tiered management approach | |
| CN111639361B (en) | Block chain key management method, multi-person common signature method and electronic device | |
| KR101974075B1 (en) | Method and system for verifying ownership of a digital asset using a distributed hash table and a peer-to-peer distributed ledger | |
| EP3361408B1 (en) | Verifiable version control on authenticated and/or encrypted electronic documents | |
| CN107851253B (en) | Contract consensus method, consensus verification method, contract consensus system, consensus verification device, contract consensus device, computer-readable recording medium | |
| KR101999188B1 (en) | Secure personal devices using elliptic curve cryptography for secret sharing | |
| Ma et al. | A new approach to secure logging | |
| CN110334175B (en) | Zero knowledge proof method, system and storage medium for medical document | |
| KR20190075772A (en) | AuthenticationSystem Using Block Chain Through Combination of Data after Separating Personal Information | |
| AU2017223133A1 (en) | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys | |
| CN116670673A (en) | Transferring cryptocurrency from a remote limited access wallet | |
| CN110289951A (en) | A kind of shared content monitoring method based on Threshold key sharing and block chain | |
| CN112906056A (en) | Cloud storage key security management method based on block chain | |
| Zhang et al. | Redactable transactions in consortium blockchain: Controlled by multi-authority CP-ABE | |
| CN113014394B (en) | Electronic data certification method and system based on alliance chain | |
| CN117454442A (en) | Anonymous security and traceable distributed digital evidence obtaining method and system | |
| CN108809996A (en) | Different popularities delete the integrality auditing method for storing data again | |
| CN114826607B (en) | Edge computing node compression method based on block chain and lightweight storage system | |
| CN109670338A (en) | A kind of method and system of data whole process encryption | |
| CN115664801A (en) | Block chain-based distributed digital identity management authentication method and system | |
| Li et al. | Anonymous, secure, traceable, and efficient decentralized digital forensics | |
| Keerthana et al. | Slicing, Tokenization, and Encryption Based Combinational Approach to Protect Data-at-Rest in Cloud Using TF-Sec Model | |
| CN111445235A (en) | Key management method based on medical block chain | |
| Shree et al. | Blockchain Based Data Security for Fog Enabled IoT Infrastructure | |
| KR20230033894A (en) | Blockchain And RSA-based Personal Information Processing Method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230615 Address after: 065000 No. 115, Xinhua Road, Guangyang District, Langfang City, Hebei Province Patentee after: Fengjie Technology Co.,Ltd. Address before: 050043 No. 17, North Second Ring Road, Hebei, Shijiazhuang Patentee before: SHIJIAZHUANG TIEDAO University |
|
| TR01 | Transfer of patent right |