CN110474886B - Block chain based data encryption method and device, electronic equipment and storage medium - Google Patents

Block chain based data encryption method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN110474886B
CN110474886B CN201910671757.6A CN201910671757A CN110474886B CN 110474886 B CN110474886 B CN 110474886B CN 201910671757 A CN201910671757 A CN 201910671757A CN 110474886 B CN110474886 B CN 110474886B
Authority
CN
China
Prior art keywords
data
field
document data
target
type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910671757.6A
Other languages
Chinese (zh)
Other versions
CN110474886A (en
Inventor
赵达悦
王梦寒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Financial Technology Co Ltd Shanghai
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN201910671757.6A priority Critical patent/CN110474886B/en
Publication of CN110474886A publication Critical patent/CN110474886A/en
Priority to PCT/CN2020/088432 priority patent/WO2021012746A1/en
Application granted granted Critical
Publication of CN110474886B publication Critical patent/CN110474886B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data encryption method, a data encryption device, electronic equipment and a storage medium based on a block chain, and belongs to the technical field of data processing, wherein the method comprises the following steps: responding to a chain winding request for winding up document data input by an employee account, acquiring the document data in the chain winding request and a document type corresponding to the document data, and acquiring an employee grade from employee information corresponding to the employee account; determining a target enterprise node with a reference authority for the document data based on field data corresponding to the field type of the enterprise name in the document data, and acquiring an industry type corresponding to the target enterprise node; and encrypting the field data corresponding to all field types contained in the document data through a specific key respectively to obtain encrypted data. The method provided by the invention meets the complex data transmission requirement between the bank and the enterprise, and can also avoid the leakage of the document data.

Description

Block chain based data encryption method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to a data encryption method and apparatus based on a block chain, an electronic device, and a storage medium.
Background
Related business relations between banks and enterprises generally need to be maintained through document data, and when the banks send the document data to the enterprises, the banks generally use the advantages of joint supervision of block chain technology and high trust to upload the block chain of the document data so that the corresponding enterprises can check the document data. However, there are many enterprises cooperating with banks, and if the document data for a certain enterprise is linked, the document data for the enterprise can be acquired by any other block link point of the enterprise cooperating with the banks, which easily causes information leakage; in addition, when the bank transmits different types of document data to corresponding enterprises, the bank has the requirement that only part of field data in the document needs to be transmitted, and for the same type of document, when the same type of document is transmitted to different enterprises, the part of field data in the document which needs to be transmitted also has difference.
Therefore, there is no method for reducing document data leakage and satisfying the complex data transmission requirement between the bank and the enterprise in the case of chaining the document data in the prior art.
Disclosure of Invention
Based on the above, the invention provides a data encryption method and device based on a block chain, an electronic device and a storage medium, which are used for solving the technical problems that the method for reducing document data leakage under the condition of chaining the document data and meeting the complex data transmission requirement between a bank and an enterprise is lacked.
In a first aspect, a method for encrypting data based on a block chain is provided, the method including:
responding to a chain winding request for winding up document data input by an employee account, acquiring the document data in the chain winding request and a document type corresponding to the document data, and acquiring an employee grade from employee information corresponding to the employee account;
determining a target enterprise node with a reference authority for the document data based on field data corresponding to the field type of the enterprise name in the document data, and acquiring an industry type corresponding to the target enterprise node;
encrypting field data corresponding to all field types contained in the document data respectively through a specific key to obtain encrypted data;
inputting the bill type, the industry type and the employee grade into a preset machine learning model to determine and obtain a target field type of the target enterprise node having the reference authority in the bill data;
chaining the encrypted data;
acquiring a key for encrypting field data corresponding to a target field type with reference permission in the document data by the target enterprise node;
and sending a key for encrypting field data corresponding to a target field type with a reference authority in the document data by the target enterprise node to the target enterprise node, so that the target enterprise node decrypts the encrypted data based on the key for encrypting the field data corresponding to the target field type with the reference authority in the document data by the target enterprise node.
In a second aspect, an apparatus for data encryption based on a blockchain is provided, the apparatus comprising:
the system comprises a first obtaining unit, a second obtaining unit and a third obtaining unit, wherein the first obtaining unit is used for responding to a chain winding request for winding the document data input by an employee account, obtaining the document data in the chain winding request and a document type corresponding to the document data, and obtaining an employee grade from employee information corresponding to the employee account;
the first processing unit is used for determining a target enterprise node with a reference authority for the document data based on field data corresponding to the field type of the enterprise name in the document data and acquiring an industry type corresponding to the target enterprise node;
the encryption unit is used for encrypting the field data corresponding to all the field types contained in the document data respectively through a specific key to obtain encrypted data;
the second processing unit is used for inputting the document type, the industry type and the employee grade into a preset machine learning model to determine and obtain a target field type of the target enterprise node with reference authority in the document data;
an uplink unit, configured to uplink the encrypted data;
the second obtaining unit is used for obtaining a key for encrypting field data corresponding to a target field type of the target enterprise node having the reference authority in the document data;
and the sending unit is used for sending a key for encrypting the field data corresponding to the target field type of the target enterprise node having the reference authority in the document data to the target enterprise node, so that the target enterprise node decrypts the encrypted data based on the key for encrypting the field data corresponding to the target field type of the target enterprise node having the reference authority in the document data.
In a third aspect, an electronic device is provided, which includes a memory and a processor, wherein the memory stores computer readable instructions, and the computer readable instructions, when executed by the processor, cause the processor to execute the steps of the above block chain based data encryption method.
In a fourth aspect, a storage medium is provided that stores computer-readable instructions which, when executed by one or more processors, cause the one or more processors to perform the above-described steps of blockchain-based data encryption.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
a server corresponding to a bank node encrypts field data corresponding to all field types contained in document data through a specific key respectively to obtain encrypted data, and sends a key for encrypting the field data corresponding to a target field type with a reference authority in the document data by an enterprise node to the enterprise node, so that the enterprise node decrypts the encrypted data based on the key, an enterprise corresponding to the enterprise node receiving the document data can find the field type of key authorization performed by the bank node in the document data, and the complex data transmission requirement between a bank and an enterprise is met; in addition, enterprise nodes corresponding to other enterprises cooperating with the bank do not have a secret key, so that only encrypted document data can be consulted, and further, the document data can be prevented from being leaked under the condition that the document data is linked.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
Fig. 1 is a flowchart illustrating an implementation of a data encryption method based on a blockchain according to an exemplary embodiment of the present invention.
Fig. 2 is a flowchart illustrating a specific implementation of step S120 in the data encryption method based on a blockchain according to an exemplary embodiment of the present invention.
Fig. 3 is a flowchart illustrating a specific implementation of step S130 in the data encryption method based on a blockchain according to an exemplary embodiment of the present invention.
Fig. 4 is a flowchart illustrating a specific implementation of step S170 in the data encryption method based on a blockchain according to an exemplary embodiment of the present invention.
Fig. 5 is a block diagram illustrating a data encryption apparatus based on a blockchain according to an exemplary embodiment of the present invention.
Fig. 6 is a block diagram illustrating an example of an electronic device for implementing the above method for encrypting data based on a blockchain according to an example embodiment of the present invention.
Fig. 7 is a computer-readable storage medium for implementing the above-described blockchain-based data encryption method according to an exemplary embodiment of the present invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations or operations have not been shown or described in detail to avoid obscuring aspects of the invention.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
Referring to fig. 1, fig. 1 is a flowchart illustrating an implementation of a data encryption method based on a block chain according to an exemplary embodiment of the present invention, where an execution subject of the data encryption method based on the block chain in this embodiment is an electronic device, and the electronic device may specifically be a server corresponding to a bank node in the data block chain, and the data encryption method based on the block chain illustrated in fig. 1 may include the following steps S110 to S170, which are described in detail as follows:
step S110, responding to a chain winding request for chain winding the document data input by the employee account, obtaining the document data in the chain winding request and a document type corresponding to the document data, and obtaining the employee grade from employee information corresponding to the employee account.
In an embodiment of the present invention, the uplink request is a request received by a server corresponding to a bank node in a data block chain, and the request is used for uploading the document data to the data block chain, and the request may be triggered by a bank employee manually operating an entity key or a virtual control provided by a client device corresponding to the bank node, where the request requires to upload document data and a document type of the document data when triggered. It should be noted that the employee of the bank needs to log in the employee account registered at the server corresponding to the bank node in the client device, so as to trigger the uplink request.
In addition, when a server corresponding to the bank node requests registration of an employee account, corresponding employee information needs to be input, wherein the employee information at least includes employee grades, the employee grades can be different job grades of employees, such as different job grades of managers, employees and the like, and the employee information can also include information such as names, ages, job numbers and the like. And the server corresponding to the bank node stores the employee account and the employee information corresponding to the employee account in an employee information base in an associated manner.
And the server corresponding to the bank node responds to a chain winding request for winding the document data in the staff account number, and obtains the document data in the chain winding request and the document type corresponding to the document data. And the server corresponding to the bank node searches the employee information corresponding to the employee account from the employee information base according to the logged employee account, and acquires the employee grade from the employee information corresponding to the employee account.
Step S120, determining a target enterprise node having a reference authority for the document data based on the field data corresponding to the field type of the enterprise name in the document data, and acquiring the industry type corresponding to the target enterprise node.
In an embodiment of the present invention, the documents may be different types of documents such as purchase orders or invoices. The data contained in the document is specifically a data set, and the data set contains field data of a plurality of different field types, for example, when the document type is a purchase order, the field types contained in the data set may contain "business name", "payment condition", "commodity name", "quantity", and "unit price".
The server corresponding to the bank node can determine a target enterprise node with reference authority for the document data based on information contained in field data corresponding to the field type of the enterprise name in the document data. In addition, the server side also acquires the industry type of the enterprise from the enterprise information corresponding to the target enterprise node based on the determined target enterprise node with the reference authority on the document data.
Referring to fig. 2, fig. 2 is a flowchart illustrating a specific implementation of step S120 in a block chain-based data encryption method according to an exemplary embodiment of the present invention, where in this embodiment, the step S120 of determining a target enterprise node having a reference right to document data based on field data corresponding to a field type of an enterprise name in the document data includes:
step S1201, acquiring enterprise name information contained in field data corresponding to the field type of the enterprise name in the document data.
In an embodiment of the present invention, a server corresponding to a bank node obtains enterprise name information included in field data corresponding to a field type of an enterprise name in document data, for example, if the enterprise name information included in the field data of the field type of the enterprise name in the document data is "XX express company", the "XX express company" is an enterprise that can view the document data.
And step S1202, determining a target enterprise node of the document data with the reference authority based on the enterprise name information and the relation table of the enterprise name and the enterprise node.
In an embodiment of the present invention, a server corresponding to a bank node prestores a relationship table between enterprise names and enterprise nodes in a local database, where the relationship table between enterprise names and enterprise nodes includes correspondence between enterprise nodes and enterprise names corresponding to all enterprises cooperating with the bank.
Continuing to refer to fig. 1, in step S130, field data corresponding to all field types included in the document data are encrypted by a specific key, respectively, to obtain encrypted data.
In an embodiment of the invention, because the document data is a data set containing a plurality of field data of different field types, when the document data is encrypted, the field data corresponding to all the field types contained in the document data can be respectively encrypted through a specific key to obtain encrypted data, and all the field types contained in the document data are encrypted through the specific key, so that a server corresponding to a bank node can adaptively authorize the field data corresponding to a part of the field types in the document data through the key according to the data transmission requirement. It should be noted that the specific key is a preset key for different field types, and the keys corresponding to different field types are generally different.
Referring to fig. 3, fig. 3 is a flowchart illustrating a specific implementation of step S130 in a block chain-based data encryption method according to an exemplary embodiment of the present invention, in this embodiment, the step S130 of encrypting field data corresponding to all field types included in the document data by using a specific key respectively to obtain encrypted data includes:
and step S1301, acquiring all field types contained in the receipt data.
And the server corresponding to the bank node acquires all field types contained in the bill data based on the bill data of all bill types and the relation table of the field types contained in the bill data of the bill types.
In step S1302, specific keys for encrypting field data corresponding to all field types are determined based on a preset relationship table between field types and keys.
And the server corresponding to the bank node prestores a relation table of all field types and keys for encrypting the field data corresponding to the field types in a local database, and the server determines specific keys for respectively encrypting the field data corresponding to all the field types according to the relation table and all the field types contained in the acquired document data.
Step S1303, based on the specific key, respectively encrypting the field data corresponding to all the field types to obtain encrypted data.
And the server corresponding to the bank node encrypts the field data corresponding to all the field types in the singular data respectively based on the determined specific key to obtain encrypted data, namely encrypting the data set in the document data to obtain encrypted document data.
Continuing to refer to fig. 1, in step S140, inputting the document type, the industry type, and the employee level into a preset machine learning model, and determining to obtain a target field type that the target enterprise node has a reference right in the document data.
In an embodiment of the present invention, when sending the same type of document data to enterprise nodes of different industry types, the staff of the bank needs to make the field data in the documents that can be viewed by different enterprises different, for example, a purchase order sent to an express company should not include field data corresponding to field types such as "unit price" and "payment condition", and thus, when sending the same document data to enterprise nodes corresponding to different enterprises, the target field types for performing key authorization in the document data will be different. In addition, when the same document data is sent to the enterprise node of the same enterprise, it is also necessary to consider that the types of target fields for key authorization are different when the staff can perform key authorization on all the field types of the document data in the same document data that can be issued by different staff levels, such as the staff level, manager, staff and the like. Therefore, a server corresponding to the bank node needs to adaptively determine the target field type with the reference authority in the document data based on document types, industry types and employee levels.
And the server corresponding to the bank node inputs the document type, the industry type and the employee grade into a preset machine learning model to obtain a target field type of the enterprise node with the reference authority in the document data. The machine learning model is obtained through training, and the machine learning model determines the field type of the enterprise node with the reference authority in the document data according to the input document type, the industry type and the employee grade, so that the field types of the document needing key authorization can be determined adaptively according to the data transmission requirement between a bank and an enterprise, and the complex data transmission requirement between the bank and the enterprise is met.
In one embodiment of the invention, the machine learning model is obtained by training through training sample data. The machine learning model may be a CNN (Convolutional Neural Network) model, or may be a deep Neural Network model, or the like.
In one embodiment of the present invention, the machine learning model may be trained by the following steps.
Obtaining the document type of the existing document data, the industry type of an enterprise corresponding to an enterprise node receiving the document data, the employee grade corresponding to a bank employee, and the target field type with the reference authority in the known document data to generate training sample data.
The method can generate the characteristic vector according to the bill type of the existing bill data, the industry type of an enterprise corresponding to an enterprise node receiving the bill data and the employee level corresponding to a bank employee, and generate training sample data by taking the target field type with the reference authority in the known bill data as a label of the characteristic vector.
And after the trained machine learning model is obtained, predicting that the bank employees with different employee grades link certain document data through the trained machine learning model, wherein the document data has the target field type of the reference authority.
Continuing with fig. 1, in step S150, the encrypted data is uplinked.
In an embodiment of the present invention, the encrypted data is specifically a data set obtained by encrypting field data corresponding to all field types included in the document data respectively through a specific key, and a server corresponding to a bank node uploads the data set to a data block chain as a whole.
And step S160, acquiring a key for encrypting field data corresponding to the target field type of the target enterprise node having the reference authority in the document data.
In an embodiment of the present invention, a server corresponding to a bank node obtains a key for encrypting field data corresponding to a target field type having a reference authority of a target enterprise node having the reference authority in the document data, so as to send the key for encrypting the field data corresponding to the target field type having the reference authority to the target enterprise node.
Step S170, sending the key for encrypting the field data corresponding to the target field type having the reference authority in the document data by the target enterprise node to the target enterprise node, so that the target enterprise node decrypts the encrypted data based on the key for encrypting the field data corresponding to the target field type having the reference authority in the document data by the target enterprise node.
In one embodiment of the invention, a server corresponding to a bank node encrypts field data corresponding to all field types contained in document data respectively through a specific key to obtain encrypted data, and sends a key for encrypting the field data corresponding to a target field type of an enterprise node having a reference authority in the document data to the enterprise node, so that the enterprise node decrypts the encrypted data based on the key, an enterprise corresponding to the enterprise node receiving the document data can find the field type of key authorization performed by the bank node in the document data, and the complex data transmission requirement between a bank and an enterprise is met; in addition, enterprise nodes corresponding to other enterprises cooperating with the bank do not have a secret key, so that only encrypted document data can be consulted, and further, the document data can be prevented from being leaked under the condition that the document data is linked.
The method has the advantages that the server side corresponding to the bank node sends the key for encrypting the field data corresponding to the target field type of the document data with the consulting authority of the enterprise node receiving the document data to the enterprise node, so that the enterprise node decrypts the encrypted data based on the key, the enterprise corresponding to the enterprise node receiving the document data can find the field type of the key authorization of the bank node in the document data, and the complex data transmission requirement between a bank and an enterprise is met; in addition, enterprise nodes corresponding to other enterprises do not have keys, so that only encrypted document data can be consulted, and further, the document data can be prevented from being leaked under the condition that the document data is linked.
Referring to fig. 4, fig. 4 is a flowchart illustrating a specific implementation of step S170 in a data encryption method based on a block chain according to an exemplary embodiment of the present invention, where in this embodiment, the step S170 of sending, to the target enterprise node, a key for encrypting field data corresponding to a target field type in which the target enterprise node has a reference right in the document data includes:
in step S1702, it is determined whether the uplink time of the encrypted data is within a preset uplink time range.
In one embodiment, in order to ensure the validity of the document data, the document data transmitted between the bank and the enterprise needs to set a corresponding valid time range according to the document type of the document data and the industry type of receiving the document data. Therefore, in order to enable the enterprise node corresponding to the enterprise to obtain effective document data, before a key for encrypting field data corresponding to a target field type of which the target enterprise node has a reference authority in the document data is required to be sent to the target enterprise node, the uplink time of the encrypted data can be compared with the preset uplink time range. When the uplink time of the encrypted data is within the preset uplink time range, the encrypted data is valid data, and key authorization can be performed; when the uplink time of the encrypted data is not in the preset uplink time range, the encrypted data is invalid data, and the key authorization cannot be carried out
Step S1703, if the uplink time of the encrypted data is within a preset uplink time range, sending a key for encrypting field data corresponding to a target field type of the target enterprise node having a reference authority in the document data to the target enterprise node.
In one embodiment, when the uplink time of the encrypted data is within the preset uplink time range, the encrypted data is valid data, and a server corresponding to the bank node sends a key for encrypting field data corresponding to a target field type, in which the target field type has a reference authority, of the target enterprise node in the document data to the target enterprise node, so that the enterprise node decrypts the encrypted data based on the key, and an enterprise corresponding to the enterprise node receiving the document data can view the field type, in which the bank node performs key authorization, in the document data, thereby satisfying the complex data transmission requirement between a bank and an enterprise.
In an embodiment of the present invention, before the step S1702 of determining whether the uplink time of the encrypted data is within a preset uplink time range, the method further includes:
step S1701, determining the preset uplink time range based on the document type, the industry type and the relation table of the document type, the industry type and the uplink time range.
In an embodiment of the present invention, when determining whether the uplink time of the encrypted data uploaded to the data block chain is within the preset valid uplink time range, the server corresponding to the bank node may determine the preset uplink time range based on the document type, the industry type, and the relationship table between the document type, the industry type, and the uplink time range, and further compare the uplink time of the encrypted data with the preset uplink time range to determine whether the encrypted data is valid data.
Referring to fig. 5, fig. 5 is a block chain-based data encryption apparatus according to an exemplary embodiment of the present invention, which may be integrated in the electronic device, and specifically includes a first obtaining unit 110, a first processing unit 120, an encrypting unit 130, a second processing unit 140, an uplink unit 150, a second obtaining unit 160, and a sending unit 170.
The first obtaining unit 110 is configured to, in response to a chain winding request for chain winding document data input by an employee account, obtain the document data and a document type corresponding to the document data in the chain winding request, and obtain an employee level from employee information corresponding to the employee account.
The first processing unit 120 is configured to determine, based on field data corresponding to a field type of an enterprise name in the document data, a target enterprise node having a reference authority for the document data, and obtain an industry type corresponding to the target enterprise node.
The encrypting unit 130 is configured to encrypt the field data corresponding to all the field types included in the document data by using a specific key, respectively, to obtain encrypted data.
The second processing unit 140 is configured to input the document type, the industry type, and the employee level into a preset machine learning model, and determine to obtain a target field type that the target enterprise node has a reference authority in the document data.
And the uplink unit 150 is configured to input the document type, the industry type, and the employee level into a preset machine learning model to determine a target field type of the target enterprise node having a reference authority in the document data.
A second obtaining unit 160, configured to obtain a key for encrypting field data corresponding to a target field type in which the target enterprise node has a reference permission in the document data;
a sending unit 170, configured to send a key used for encrypting field data corresponding to a target field type in which the target enterprise node has a reference authority in the document data to the target enterprise node, so that the target enterprise node decrypts the encrypted data based on the key used for encrypting the field data corresponding to the target field type in which the target enterprise node has the reference authority in the document data.
Optionally, the encryption unit includes:
the first obtaining subunit is used for obtaining all field types contained in the bill data;
the first processing subunit is used for determining specific keys for encrypting the field data corresponding to all the field types respectively based on a preset relationship table of the field types and the keys;
and the encryption subunit is used for respectively encrypting the field data corresponding to all the field types based on the specific key to obtain encrypted data.
Optionally, the first processing unit includes:
the second acquiring subunit is used for acquiring enterprise name information contained in field data corresponding to the field type of the enterprise name in the document data;
and the second processing subunit is used for determining a target enterprise node of the document data with the reference authority based on the enterprise name information and the relation table of the enterprise name and the enterprise node.
Optionally, the sending unit includes:
a determining subunit, configured to determine whether an uplink time of the encrypted data is within a preset uplink time range;
and the sending subunit is configured to send, if the uplink time of the encrypted data is within a preset uplink time range, a key used for encrypting field data corresponding to a target field type having a lookup right in the document data by the target enterprise node to the target enterprise node, and if the uplink time of the encrypted data is within the preset uplink time range, send, to the target enterprise node, a key used for encrypting field data corresponding to a target field type having a lookup right in the document data by the target enterprise node.
Optionally, the sending unit further includes.
And the third processing subunit is configured to determine the preset uplink time range based on the document type, the industry type and a relation table of the document type, the industry type and the uplink time range.
The implementation process of the functions and actions of each module in the above device is specifically described in the implementation process of the corresponding step in the above data encryption method based on the block chain, and is not described herein again.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer apparatus capable of implementing the above method.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
Referring to fig. 6, fig. 6 is a block diagram illustrating an example of an electronic device for implementing the above method for encrypting data based on a blockchain according to an example embodiment of the present invention. The computer device 400 shown in fig. 6 is only an example and should not bring any limitations to the functionality or scope of use of the embodiments of the present invention.
As shown in fig. 6, computer device 400 is embodied in the form of a general purpose computing device. The components of computer device 400 may include, but are not limited to: the at least one processing unit 410, the at least one memory unit 420, and a bus 430 that couples various system components including the memory unit 420 and the processing unit 410.
Wherein the storage unit stores program code that is executable by the processing unit 410 to cause the processing unit 410 to perform steps according to various exemplary embodiments of the present invention as described in the above section "exemplary methods" of the present specification. For example, the processing unit 410 may perform step S110 as shown in fig. 1: responding to a chain winding request for winding up document data input by an employee account, acquiring the document data in the chain winding request and a document type corresponding to the document data, and acquiring an employee grade from employee information corresponding to the employee account; step S120: determining a target enterprise node with a reference authority for the document data based on field data corresponding to the field type of the enterprise name in the document data, and acquiring an industry type corresponding to the target enterprise node; step S130: encrypting field data corresponding to all field types contained in the document data respectively through a specific key to obtain encrypted data; step S140: inputting the bill type, the industry type and the employee grade into a preset machine learning model to determine and obtain a target field type of the target enterprise node having the reference authority in the bill data; step S150: chaining the encrypted data; step S160: acquiring a key for encrypting field data corresponding to a target field type with reference permission in the document data by the target enterprise node; step S170: and sending a key for encrypting field data corresponding to a target field type with a reference authority in the document data by the target enterprise node to the target enterprise node, so that the target enterprise node decrypts the encrypted data based on the key for encrypting the field data corresponding to the target field type with the reference authority in the document data by the target enterprise node.
The storage unit 420 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM)4201 and/or a cache memory unit 4202, and may further include a read only memory unit (ROM) 4203.
The storage unit 420 may also include a program/utility 4204 having a set (at least one) of program modules 4205, such program modules 4205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 430 may be any bus representing one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The computer device 400 may also communicate with one or more external devices 600 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the computer device 400, and/or with any devices (e.g., router, modem, etc.) that enable the computer device 400 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 440. Moreover, computer device 400 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet) via network adapter 460. As shown, network adapter 460 communicates with the other modules of computer device 400 via bus 430. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with computer device 400, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
Referring to fig. 7, fig. 7 is a computer-readable storage medium for implementing the above-described blockchain-based data encryption method according to an exemplary embodiment of the present invention. Fig. 7 depicts a program product 500 for implementing the above-described method according to an embodiment of the invention, which may employ a portable compact disc read-only memory (CD-ROM) and include program code, and may be run on a computer device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims (7)

1. A method for encrypting data based on a blockchain, the method comprising:
responding to a chain winding request for winding up document data input by an employee account, acquiring the document data in the chain winding request and a document type corresponding to the document data, and acquiring an employee grade from employee information corresponding to the employee account;
determining a target enterprise node with a reference authority for the document data based on field data corresponding to the field type of the enterprise name in the document data, and acquiring an industry type corresponding to the target enterprise node;
encrypting field data corresponding to all field types contained in the document data respectively through a specific key to obtain encrypted data;
generating a characteristic vector according to a document type of existing document data, an industry type of an enterprise corresponding to an enterprise node receiving the existing document data, a staff grade corresponding to staff on the existing document data, and generating training sample data by taking a target field type with a reference authority in the existing document data as a label of the characteristic vector;
training a machine learning model through the generated training sample data to obtain a trained machine learning model;
inputting the bill type, the industry type and the employee grade into the trained machine learning model to determine a target field type of the target enterprise node having the reference authority in the bill data;
chaining the encrypted data;
acquiring a key for encrypting field data corresponding to a target field type with reference permission in the document data by the target enterprise node;
sending a key for encrypting field data corresponding to a target field type of the document data with the reference authority of the target enterprise node to the target enterprise node, so that the target enterprise node decrypts the encrypted data based on the key for encrypting the field data corresponding to the target field type of the document data with the reference authority of the target enterprise node;
the step of encrypting the field data corresponding to all the field types contained in the document data by a specific key respectively to obtain encrypted data includes:
acquiring all field types contained in the bill data;
determining specific keys for encrypting field data corresponding to all field types respectively based on a preset relationship table of the field types and the keys;
and respectively encrypting the field data corresponding to all the field types based on the specific key to obtain encrypted data.
2. The method according to claim 1, wherein the step of determining a target enterprise node having a reference authority for the document data based on field data corresponding to a field type of an enterprise name in the document data comprises:
acquiring enterprise name information contained in field data corresponding to the field type of the enterprise name in the document data;
and determining a target enterprise node of which the document data has the reference authority based on the enterprise name information, the enterprise name and the relation table of the enterprise nodes.
3. The method according to claim 1, wherein the step of sending the key for encrypting the field data corresponding to the target field type having the reference authority in the document data by the target enterprise node to the target enterprise node comprises:
judging whether the uplink time of the encrypted data is in a preset uplink time range;
and if the uplink time of the encrypted data is within a preset uplink time range, sending a key for encrypting field data corresponding to a target field type of the target enterprise node having the reference authority in the document data to the target enterprise node.
4. The method of claim 3, wherein the step of determining whether the uplink time of the encrypted data is within a predetermined uplink time range comprises:
and determining the preset uplink time range based on the document type, the industry type and a relation table of the document type, the industry type and the uplink time range.
5. An apparatus for data encryption based on blockchains, the apparatus comprising:
the system comprises a first obtaining unit, a second obtaining unit and a third obtaining unit, wherein the first obtaining unit is used for responding to a chain winding request for winding the document data input by an employee account, obtaining the document data in the chain winding request and a document type corresponding to the document data, and obtaining an employee grade from employee information corresponding to the employee account;
the first processing unit is used for determining a target enterprise node with a reference authority for the document data based on field data corresponding to the field type of the enterprise name in the document data and acquiring an industry type corresponding to the target enterprise node;
the encryption unit is used for encrypting the field data corresponding to all the field types contained in the document data respectively through a specific key to obtain encrypted data;
the training sample generation unit is used for generating a characteristic vector according to the document type of the existing document data, the industry type of an enterprise corresponding to an enterprise node for receiving the existing document data, the employee grade corresponding to the employee on the chain of the existing document data, and the target field type with the reference authority in the existing document data is used as a label of the characteristic vector to generate training sample data;
the model training unit is used for training the machine learning model through the generated training sample data to obtain a trained machine learning model;
the second processing unit is used for inputting the document type, the industry type and the employee grade into the trained machine learning model to determine and obtain a target field type of the target enterprise node with reference authority in the document data;
an uplink unit, configured to uplink the encrypted data;
the second obtaining unit is used for obtaining a key for encrypting field data corresponding to a target field type of the target enterprise node having the reference authority in the document data;
a sending unit, configured to send a key used for encrypting field data corresponding to a target field type in which the target enterprise node has a reference authority in the document data to the target enterprise node, so that the target enterprise node decrypts the encrypted data based on the key used for encrypting the field data corresponding to the target field type in which the target enterprise node has the reference authority in the document data;
wherein the encryption unit comprises:
the first obtaining subunit is used for obtaining all field types contained in the bill data;
the first processing subunit is used for determining specific keys for encrypting the field data corresponding to all the field types respectively based on a preset relationship table of the field types and the keys;
and the encryption subunit is used for respectively encrypting the field data corresponding to all the field types based on the specific key to obtain encrypted data.
6. The apparatus of claim 5, wherein the first processing unit comprises:
the second acquiring subunit is used for acquiring enterprise name information contained in field data corresponding to the field type of the enterprise name in the document data;
and the second processing subunit is used for determining a target enterprise node of the document data with the reference authority based on the enterprise name information and the relation table of the enterprise name and the enterprise node.
7. An electronic device comprising a memory and a processor, the memory having stored therein computer-readable instructions that, when executed by the processor, cause the processor to perform the method of any of claims 1-4.
CN201910671757.6A 2019-07-24 2019-07-24 Block chain based data encryption method and device, electronic equipment and storage medium Active CN110474886B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910671757.6A CN110474886B (en) 2019-07-24 2019-07-24 Block chain based data encryption method and device, electronic equipment and storage medium
PCT/CN2020/088432 WO2021012746A1 (en) 2019-07-24 2020-04-30 Blockchain-based data encryption method and apparatus, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910671757.6A CN110474886B (en) 2019-07-24 2019-07-24 Block chain based data encryption method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110474886A CN110474886A (en) 2019-11-19
CN110474886B true CN110474886B (en) 2022-04-05

Family

ID=68508844

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910671757.6A Active CN110474886B (en) 2019-07-24 2019-07-24 Block chain based data encryption method and device, electronic equipment and storage medium

Country Status (2)

Country Link
CN (1) CN110474886B (en)
WO (1) WO2021012746A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110474886B (en) * 2019-07-24 2022-04-05 深圳壹账通智能科技有限公司 Block chain based data encryption method and device, electronic equipment and storage medium
CN110943982B (en) * 2019-11-21 2021-07-30 深圳壹账通智能科技有限公司 Document data encryption method and device, electronic equipment and storage medium
CN114511392B (en) * 2022-01-25 2022-08-16 北京中友金审科技有限公司 Financial data acquisition standard method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108200079A (en) * 2018-01-19 2018-06-22 深圳四方精创资讯股份有限公司 Block chain method for secret protection and device based on symmetrical and asymmetric Hybrid Encryption
CN108563788A (en) * 2018-04-27 2018-09-21 腾讯科技(深圳)有限公司 Data query method, apparatus, server and storage medium based on block chain
CN108833385A (en) * 2018-06-01 2018-11-16 深圳崀途科技有限公司 User data anonymity sharing method based on the encryption of alliance's chain
CN109033855A (en) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 A kind of data transmission method based on block chain, device and storage medium
CN109462472A (en) * 2017-09-06 2019-03-12 阿里巴巴集团控股有限公司 The methods, devices and systems of data encryption and decryption
CN109995781A (en) * 2019-03-29 2019-07-09 腾讯科技(深圳)有限公司 Transmission method, device, medium and the equipment of data

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107169371B (en) * 2017-04-27 2019-11-22 北京众享比特科技有限公司 A kind of database operation method and system based on block chain
US11238543B2 (en) * 2017-05-06 2022-02-01 Adp, Llc Payroll based blockchain identity
US11132451B2 (en) * 2017-08-31 2021-09-28 Parity Technologies Ltd. Secret data access control systems and methods
CN109670321A (en) * 2018-11-30 2019-04-23 深圳灵图慧视科技有限公司 Date storage method, data query method and device
CN109977697A (en) * 2019-04-03 2019-07-05 陕西医链区块链集团有限公司 Data authorization method of block chain
CN110474886B (en) * 2019-07-24 2022-04-05 深圳壹账通智能科技有限公司 Block chain based data encryption method and device, electronic equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109462472A (en) * 2017-09-06 2019-03-12 阿里巴巴集团控股有限公司 The methods, devices and systems of data encryption and decryption
CN108200079A (en) * 2018-01-19 2018-06-22 深圳四方精创资讯股份有限公司 Block chain method for secret protection and device based on symmetrical and asymmetric Hybrid Encryption
CN108563788A (en) * 2018-04-27 2018-09-21 腾讯科技(深圳)有限公司 Data query method, apparatus, server and storage medium based on block chain
CN108833385A (en) * 2018-06-01 2018-11-16 深圳崀途科技有限公司 User data anonymity sharing method based on the encryption of alliance's chain
CN109033855A (en) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 A kind of data transmission method based on block chain, device and storage medium
CN109995781A (en) * 2019-03-29 2019-07-09 腾讯科技(深圳)有限公司 Transmission method, device, medium and the equipment of data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于区块链的电子证照管理系统的设计与实现;巢燕;《中国优秀硕士学位论文全文数据库(电子期刊)》;20180815;全文 *

Also Published As

Publication number Publication date
WO2021012746A1 (en) 2021-01-28
CN110474886A (en) 2019-11-19

Similar Documents

Publication Publication Date Title
CN110245510B (en) Method and apparatus for predicting information
US11665147B2 (en) Blockchain systems and methods for user authentication
EP3520319B1 (en) Distributed electronic record and transaction history
US11469878B2 (en) Homomorphic computations on encrypted data within a distributed computing environment
CN110474886B (en) Block chain based data encryption method and device, electronic equipment and storage medium
US20180095857A1 (en) Devices and Method for Detecting and Addressing Anomalies in Data Retrieval Requests
CN111310204B (en) Data processing method and device
CN109670803A (en) Method, apparatus, medium and the electronic equipment tested before online trading
CN107528830B (en) Account login method, system and storage medium
CN110321732A (en) Data grant method, apparatus, storage medium and the electronic equipment of block catenary system
CN109767200B (en) Electronic payment method, device, system and storage medium
CN110336787B (en) Data encryption method and device, computer equipment and storage medium
CN113034118B (en) Business auditing method, system, readable storage medium and computer program product
CN110197707A (en) Medical record information processing method, device, medium and electronic equipment based on block chain
CN112182635A (en) Method, device, equipment and medium for realizing joint modeling
CN109547406B (en) Data transmission method and device, storage medium and electronic equipment
CN113553302A (en) Credit report acquisition method, system, equipment and storage medium
US20180225479A1 (en) Personal data providing system, personal data providing method, and information processing apparatus
CN112181983B (en) Data processing method, device, equipment and medium
JP2019046262A (en) Information processing apparatus, information processing method, and information processing program
CN110233853A (en) It is a kind of to thumb up data cochain method and its equipment applied to block chain
US20230394559A1 (en) Order information for electronic devices
CN112328609B (en) Knowledge acquisition method, knowledge reading device, knowledge reading system, knowledge reading equipment and knowledge reading medium
CN117611330B (en) Credit data processing system, method, device, equipment and medium
CN114844694B (en) Information processing method, apparatus, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
CB02 Change of applicant information

Address after: 201, room 518000, building A, No. 1, front Bay Road, Qianhai Shenzhen Guangdong Shenzhen Hong Kong cooperation zone (Qianhai business secretary)

Applicant after: Shenzhen one ledger Intelligent Technology Co., Ltd.

Address before: 518000 Guangdong city of Shenzhen province Qianhai Shenzhen Hong Kong cooperation zone before Bay Road No. 1 building 201 room A

Applicant before: Shenzhen one ledger Intelligent Technology Co., Ltd.

CB02 Change of applicant information
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant