CN110933093A - Block chain data sharing platform and method based on differential privacy protection technology - Google Patents

Block chain data sharing platform and method based on differential privacy protection technology Download PDF

Info

Publication number
CN110933093A
CN110933093A CN201911227297.4A CN201911227297A CN110933093A CN 110933093 A CN110933093 A CN 110933093A CN 201911227297 A CN201911227297 A CN 201911227297A CN 110933093 A CN110933093 A CN 110933093A
Authority
CN
China
Prior art keywords
data
module
intelligent contract
provider
visitor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911227297.4A
Other languages
Chinese (zh)
Inventor
葛丽娜
胡雨谷
张桂芬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangxi University for Nationalities
Original Assignee
Guangxi University for Nationalities
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangxi University for Nationalities filed Critical Guangxi University for Nationalities
Priority to CN201911227297.4A priority Critical patent/CN110933093A/en
Publication of CN110933093A publication Critical patent/CN110933093A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a block chain data sharing platform based on a differential privacy protection technology and a method thereof, wherein the block chain data sharing platform based on the differential privacy protection technology comprises a data uploading module, a data access module, a differential privacy data processing module and an intelligent contract module; the block chain data sharing method based on the differential privacy protection technology comprises the steps that a data provider uploads data information; a data visitor sends a required data query request; differential privacy processing of the hierarchical access control module; optimizing data of the data optimizing module; and the data access module and the data uploading module call the intelligent contract. The invention is used for solving the problem of privacy disclosure caused by the transaction process existing between a data provider and a data visitor, and the provider can obtain the corresponding benefits of the provided data value while safely sharing the self health data for collaborators such as scientific research institutions, medical institutions, government offices and the like by realizing the disintermediation operation.

Description

Block chain data sharing platform and method based on differential privacy protection technology
Technical Field
The invention relates to a data processing technology, in particular to a block chain data sharing platform and a method based on a differential privacy protection technology.
Technical Field
In the last two years, big data development has rolled across the world, with the total amount of global data expected to reach 40ZB in 2020 and the market size of global big data reaching $ 800 billion. The explosive growth of the data volume leads to the gradual embodying of the problems of data security, circulation, sharing and privacy protection, and particularly in the field of sharing economy, data technology becomes the biggest bottleneck of further development of the sharing economy. How to implement data sharing while safely managing privacy of data providers is an important issue in the current data technology field.
Disclosure of Invention
In order to solve the privacy protection problem in the existing data sharing process, the invention provides the following technical scheme:
based on one aspect of the invention, the invention provides a block chain data sharing platform based on a differential privacy protection technology, wherein the data sharing platform architecture comprises a data uploading module, a data access module, a differential privacy data processing module and an intelligent contract module, and the intelligent contract module is connected with the data access module.
Preferably, the data uploading module is connected with the intelligent contract module and is used for uploading data information to the data sharing platform by a data provider.
Preferably, the data information includes a data directory and a data format.
Preferably, the data access module is used for the data accessor to send a demand data query request and/or send a demand data transaction request.
Preferably, the intelligent contract in the intelligent contract module can be called by the data access module, the data visitor sends the request for data transaction, and calls the intelligent contract at the same time, and after the network node is verified, the intelligent contract writes part or all of the request for data transaction into the block chain and sends the request to the data provider.
Preferably, the intelligent contract in the intelligent contract module can be called by the data uploading module, and the data provider decrypts the ciphertext by using the public key of the data visitor and verifies the authenticity of the request for the data transaction; the data provider analyzes the transaction request of the demand data, encrypts the demand data by using the public key of the data visitor, calls and confirms the intelligent contract, broadcasts the provided demand data, puts the complete transaction information into the block chain after being verified, and simultaneously sends the provided demand data to the data visitor.
Preferably, the intelligent contracts in the intelligent contract module run on all nodes attempting to access the data table.
Preferably, the intelligent contract system further comprises a differential privacy data processing module, wherein the differential privacy data processing module is connected with the intelligent contract module; the differential privacy data processing module comprises a hierarchical access control module and a data optimization module, and the differential privacy data processing module adds noise to privacy data to realize differential privacy protection; the data optimization module is used for improving the precision of the noise-added data.
According to another aspect of the present invention, there is provided a method for sharing blockchain data based on a differential privacy protection technique, where the data sharing processing step includes:
the data provider uploads data information to the data sharing platform, and after the data information is verified by the network node, the data information is written into the block chain;
a data accessor sends a demand data query request, and searches and retrieves demand data in a data sharing platform;
the hierarchical access control module adds noise to the private data to realize differential privacy protection;
the data optimization module optimizes the noise-added data generated by the differential privacy processing;
the data access module calls an intelligent contract in the intelligent contract module, a data visitor sends a demand data transaction request, and calls the intelligent contract at the same time, and after the network node is verified, part or all of the demand data transaction request is written into a block chain and sent to a data provider;
the intelligent contract in the intelligent contract module is called by the data uploading module, and the data provider decrypts the ciphertext by using the public key of the data visitor and verifies the authenticity of the request for the data transaction; the data provider analyzes the transaction request of the demand data, encrypts the demand data by using the public key of the data visitor, calls and confirms the intelligent contract, broadcasts the provided demand data, puts the complete transaction information into the block chain after being verified, and simultaneously sends the provided demand data to the data visitor.
Preferably, the process of adding noise to the private data by the hierarchical access control module to realize differential privacy protection includes the following steps: setting parameters: setting initial values of credit degrees of a data provider and a data visitor, setting an initial value of role attribute authority degrees of the data visitor, and setting data privacy degrees by the data provider; quantizing the inquiry security credibility and the privacy parameters of the differential privacy according to the credibility of the data provider and the data visitor, and mapping one by one, wherein each inquiry security credibility grade corresponds to one privacy parameter; and dynamically evaluating and feeding back the credibility of the data provider.
Preferably, the data optimization module is configured to optimize the noisy data, and the process includes the following steps: the data optimization module imports the data added with noise through difference privacy into a square root unscented Kalman algorithm of data optimization; the square root unscented Kalman algorithm firstly carries out unscented transformation on a prediction function and an update function, and 2L +1 epsilon points are selected around the mean value for initialization; performing Cholesky first-order updating on the obtained prediction variance matrix to further obtain a square root matrix of the variance matrix; and the optimization processing of the data by the filtering is realized by updating the square root matrix.
Has the advantages that:
based on one aspect of the invention, the invention provides a block chain data sharing platform based on a differential privacy protection technology, which comprises a data uploading module, a data access module, a differential privacy data processing module and an intelligent contract module. The invention realizes the data sharing function by using the block chain technology, reduces the cost of the data sharing platform, improves the information security of the platform and enhances the transparency of the whole data transaction. The problem of privacy leakage caused in the data sharing process existing between a data provider and a data visitor is solved, and through the implementation of disintermediation operation, the data provider can obtain corresponding value benefits while sharing self health and other data for scientific research institutions and the like.
Based on another aspect of the present invention, the present invention provides a method for sharing blockchain data based on a differential privacy protection technology, including: the data provider uploads data information; a data visitor sends a required data query request; the hierarchical access control module performs differential privacy processing on the data; the data optimization module optimizes the data; and the data access module and the data uploading module call the intelligent contract to perform data transaction. By means of the principle of decentralized block chain technology, intelligent contracts corresponding to the authorities of a data provider and a data visitor are respectively compiled, and therefore non-falsifiable decentralized data sharing is achieved; hierarchical access control based on attributes, roles and credibility is introduced in the data query process, and reasonable distribution of gradient of differential privacy parameters is realized; introducing a dynamic feedback mechanism to realize dynamic adjustment of the credit degree of the provider; before data release, data added with noise is optimized through square root unscented Kalman filtering, data precision is improved, and data availability is guaranteed; and (4) introducing a point mechanism, namely, a user obtains points issued by the system through sharing data, and point issuing rules are written in corresponding intelligent contracts. By establishing a reward system with a scientific research institution, a data provider obtains real income and promotes data supply to a greater extent so as to meet the scientific research requirements. The method provided by the invention can better protect the privacy data of the health and the like of the individual user, realize the safe right management of the privacy and the full utilization of the scientific research value of the data.
Drawings
FIG. 1 is a diagram showing a topology of a blockchain data sharing platform based on a differential privacy protection technology according to the present invention;
FIG. 2 is a schematic diagram of a blockchain data sharing platform and method based on a differential privacy protection technology according to the present invention;
FIG. 3 shows a schematic diagram of a hierarchical access control module;
FIG. 4 shows a schematic diagram of a data optimization module.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention, it being understood that when an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may be present, including but not limited to mechanical, electrical or communication connections. The present invention will be described in detail below with reference to the accompanying drawings, which take a block chain data sharing platform based on a differential privacy protection technology and a method thereof as an embodiment.
Fig. 1 and fig. 2 show a blockchain data sharing platform based on a differential privacy protection technology, which includes a data uploading module, a data accessing module, and an intelligent contract module. The invention writes each transaction into the block of the block chain by utilizing the characteristic that the block chain can not be tampered, thereby ensuring the tampering property of the transaction, namely realizing the direct transaction of a data provider and a data visitor without the intervention of a third-party authentication center. Meanwhile, by utilizing a consensus mechanism of the block chain, point rewards can be provided for data contribution of the user; and the rebate is realized to the data provider through the point exchange service which is released by the cooperation of the data visitor (such as a scientific research institution, a government department, an insurance company, a gymnasium and the like) and the medical institution.
Preferably, the data uploading module is connected with the intelligent contract module and is used for uploading data information to the data sharing platform by a data provider.
Preferably, the data information includes a data directory and a data format.
Preferably, the data access module is connected with the intelligent contract module and is used for sending a demand data query request and/or sending a demand data transaction request by a data visitor.
Preferably, the intelligent contract in the intelligent contract module can be called by the data access module, the data visitor sends the request for data transaction, and calls the intelligent contract at the same time, and after the network node is verified, the intelligent contract writes part or all of the request for data transaction into the block chain and sends the request to the data provider. The "intelligent contract" in blockchain technology is a contract written by a program after a multi-party agreement, the code of which cannot be changed once executed. In implementation, the intelligent contracts run around all nodes attempting to access the data table, then the block is broadcast through the blockchain network, and all network nodes verify the block, agree upon according to the selected consensus algorithm, and add the block to the blockchain. The main advantages of using intelligent contracts are that any complex access rights logic can be easily encoded, with enforceable horizontal transparency, traceability and control over the clinical trial sequence.
Preferably, the intelligent contract in the intelligent contract module can be called by the data uploading module, and the data provider decrypts the ciphertext by using the public key of the data visitor and verifies the authenticity of the request for the data transaction; the data provider analyzes the transaction request of the demand data, encrypts the demand data by using the public key of the data visitor, calls and confirms the intelligent contract, broadcasts the provided demand data, puts the complete transaction information into the block chain after being verified, and simultaneously sends the provided demand data to the data visitor. The "intelligent contract" in blockchain technology is a contract written by a program after a multi-party agreement, the code of which cannot be changed once executed. In implementation, the intelligent contracts run around all nodes attempting to access the data table, then the block is broadcast through the blockchain network, and all network nodes verify the block, agree upon according to the selected consensus algorithm, and add the block to the blockchain. The main advantages of using intelligent contracts are that any complex access rights logic can be easily encoded, with enforceable horizontal transparency, traceability and control over the clinical trial sequence.
Preferably, the intelligent contracts in the intelligent contract module run on all nodes attempting to access the data table.
Preferably, the block chain data sharing platform based on the differential privacy protection technology further includes a differential privacy data processing module, and the differential privacy data processing module is connected with the intelligent contract module; the differential privacy data processing module comprises a hierarchical access control module and a data optimization module, and is used for performing differential privacy processing on transaction data; the data optimization module is used for improving the precision of the noise-added data.
Preferably, as shown in fig. 3, the hierarchical access control mechanism of the hierarchical access control module is mainly a data provider and a data visitor, and the hierarchical access control mechanism operation first needs parameter setting, including: setting initial values of credit degrees of a data provider and a data visitor, setting an initial value of role attribute authority degrees of the data visitor, and setting data privacy degrees by the data provider; secondly, the privacy parameters of the query security credibility and the differential privacy are quantized according to the credibility of the data provider and the data visitor and are mapped one by one, and each query security credibility grade corresponds to one privacy parameter. In the embodiment of the invention, Laplace (Laplace mechanism) is adopted to add noise to private data to realize differential privacy protection.
In specific implementation, the query security credibility is composed of the credibility of an accessor and the credibility of a data provider, and the calculation formula is as follows:
QT=α·VT+β·DT (1)
wherein QT is query security trustworthiness, VT is trustworthiness of data accessors, DT is trustworthiness of data providers, α and β are weights of accessor trustworthiness and provider trustworthiness, respectively, and α + β is 1, and the weights α and β are assigned according to α: β -Vrep:DrepTo set VrepIs the reputation of the visitor, DrepIs the reputation of the data provider. The credit metric, the authority metric and the privacy metric are quantized into scalars between 0 and 1, and specifically may be: when the evaluation level is "low", the reference range is "[ 0,0.2 ]]"; when the evaluation level is "general", the reference range is "[ 0.2,0.6 ]]"; when the evaluation level is "high", the reference range is "[ 0.6,1]". It is also possible to aim at different privacy protectionsThe weights of α and β are adjusted dynamically to achieve better protection of the data, as needed.
In implementation, the security and credibility of the query quantified by the hierarchical access control module is determined by the attribute values of both the data provider and the data visitor, and the attribute values comprise the credibility of both the data provider, the data privacy degree set by the data provider and the authority degree of the corresponding role attribute of the data visitor. The larger the credibility values of the two parties are, the more credible the credibility is; the higher the authority of the role or corresponding attribute of the visitor is, the more credible the obtained data is; the lower the privacy the provider has set on the data, the more trustworthy the data is.
Visitor trustworthiness VT the degree of reputation V of a visitorrepAnd corresponding role attribute weight limit VperThe authority degree and the credit degree are random variables which obey normal distribution between 0 and 1. Selecting a two-dimensional Gaussian function as a corresponding function, and obtaining the reliability VT of the visitor according to a calculation formula as follows:
Figure BDA0002302592320000051
data provider confidence DT is likewise determined by provider confidence DrepAnd the data privacy degree D of the corresponding settingpriThe method comprises two parts, wherein the formula of the formula VT is adjusted by considering that the data privacy degree is in inverse proportional relation with the privacy parameter of the differential privacy, and the calculation formula for obtaining the provider reliability DT is as follows:
Figure BDA0002302592320000052
through the formulas (1), (2) and (3), the maximum QT of the query security reliability can be calculatedmaxAnd minimum value QTminQuantizing the credibility grade into n grades, wherein each credibility grade corresponds to a privacy protection parameter epsilon, and the interval of the ith credibility grade is
Figure BDA0002302592320000061
Similarly, the differential privacy protection parameter epsilon is divided into n parts in the [0,1] interval, and the n parts are mapped with the credible levels one by one. And more fine-grained, safer and quicker privacy protection is realized.
Preferably, the invention also comprises an evaluation and feedback module of the reputation of the data provider by the data visitor, which can increase the dynamics of the access authorization. In implementation, when a reputation evaluation and feedback mechanism of a data provider by a data visitor operates, a default initial value needs to be given to each data provider, after the reputation of the data provider is evaluated and fed back by the data visitor, the reputation of the data provider is correspondingly increased or decreased, a trust threshold corresponding to a data privacy authority of each data provider is set for each data provider, and if the trust value of the data provider is greater than the threshold, the authority corresponding to the data provider is continuously reserved; if less than the trust threshold, the rights are reclaimed and no data is provided to them. By introducing an evaluation and feedback mechanism, the source and the effectiveness of the data can be better guaranteed. The evaluation and feedback module of the data visitor to the reputation of the data provider in the embodiment is arranged in the hierarchical access control module. Of course, the module for evaluating and feeding back the reputation of the data provider by the data visitor can also exist as an independent module.
It should be noted that the hierarchical access control method is based on role and attribute access control method, and the invention introduces consideration to reputation of data provider and data visitor at the same time, and realizes hierarchical refinement of access authority. The method has the disadvantages that the access control based on roles is adopted only, for example, the explosive growth of the roles brings exponential improvement of the configuration complexity of the access control, the maintenance of large workload is required continuously, the timeliness is difficult to ensure, the abuse of user authority, the coarse granularity of the access control and other safety problems; while attribute-based access control is also more complex in terms of policy auditing. Through the combination of the two types of access control, the defect of pure attribute-based access control is overcome, and the situations that the privacy requirement of the provider is not equal to the requirement of the visitor on data still exist. Therefore, consideration of credit degrees of the data provider and the data visitor is introduced, the trust degree grade is dynamically and quantitatively analyzed and mapped to the corresponding trust grade by combining the setting of the data privacy security grade of the data provider, and the corresponding privacy protection parameter is obtained, so that the control of hierarchical access is realized. And meanwhile, a dynamic feedback mechanism for the credit degree of the provider is introduced, the credit degree of the provider is increased or decreased according to the feedback of the data visitor to the data effectiveness, and the value of the data is better evaluated and the data is favorably shared. Preferably, as shown in fig. 4, the data optimization module imports the noise-added data added with noise through the difference privacy processing into the square root unscented kalman algorithm of the data optimization, and the precision of the data added with noise is improved by initializing an epsilon point and a Cholesky matrix square root and performing prediction and update steps. In a specific implementation, it is assumed that the data set provided by the data provider is a non-linear set. The data set is processed by the hierarchical access control module and then added with Laplace noise conforming to differential privacy protection, so that the privacy protection effect is achieved, but the accuracy of the data in actual use is not negligible, and the accuracy is more important in medical use particularly. Therefore, a nonlinear stream data release method based on square root unscented Kalman is introduced, a difference privacy data optimization algorithm DP _ SRUKF based on square root unscented Kalman filtering is provided, and by introducing a Cholesky matrix square root into unscented transformation of unscented Kalman filtering, the usability of data is improved and the privacy of the data is protected at the same time under the condition of slightly increasing the calculated amount.
As shown in fig. 2, a method for sharing block chain data based on a differential privacy protection technique includes:
s1, the data provider uploads the data information to the data sharing platform, and after the data information is verified by the network node, the data information is written into the block chain;
s2, the data accessor sends a demand data query request to search and retrieve the demand data in the data sharing platform;
s3, the hierarchical access control module adds noise to the private data to realize differential privacy protection;
s4, optimizing the noise data generated after the difference privacy processing in the step S3 by a data optimization module;
s5, the data access module calls the intelligent contract in the intelligent contract module, the data accessor sends the transaction request of the required data, and calls the intelligent contract at the same time, after the network node is verified, the transaction request of the partial or all required data is written into the block chain and sent to the data provider;
s6, the data upload module calls the intelligent contract in the intelligent contract module, the data provider uses the public key of the data visitor to decrypt the ciphertext, and the authenticity of the data transaction request is verified; the data provider analyzes the transaction request of the demand data, encrypts the demand data by using the public key of the data visitor, calls and confirms the intelligent contract, broadcasts the provided demand data, puts the complete transaction information into the block chain after being verified, and simultaneously sends the provided demand data to the data visitor.
Preferably, the step S3 of implementing differential privacy protection by adding noise to the private data by the hierarchical access control module includes the following steps:
s3.1, setting parameters: setting initial values of credit degrees of a data provider and a data visitor, setting an initial value of role attribute authority degrees of the data visitor, and setting data privacy degrees by the data provider;
s3.2, quantifying the privacy parameters of the query security credibility and the differential privacy according to the credibility of the data provider and the data visitor, and mapping one by one, wherein each query security credibility grade corresponds to one privacy parameter; in the embodiment of the invention, Laplace (Laplace mechanism) is adopted to add noise to private data to realize differential privacy protection.
And S3.3, dynamically evaluating and feeding back the credibility of the data provider.
In specific implementation, the query security credibility is composed of the credibility of an accessor and the credibility of a data provider, and the calculation formula is as follows:
QT=α·VT+β·DT (1)
wherein QT is query security confidence, VT is data visitor confidence, and DT is data provider confidenceDegrees, α and β are weights for visitor trustworthiness and provider trustworthiness, respectively, and α + β is defined as 1, and weights are assigned to α and β according to α: β as Vrep:DrepTo set VrepIs the reputation of the visitor, DrepIs the reputation of the data provider. The credit metric, the authority metric and the privacy metric are quantized into scalars between 0 and 1, and specifically may be: when the evaluation level is "low", the reference range is "[ 0,0.2 ]]"; when the evaluation level is "general", the reference range is "[ 0.2,0.6 ]]"; when the evaluation level is "high", the reference range is "[ 0.6,1]". the weights of α and β can be adjusted dynamically to achieve better protection of data for different privacy protection needs.
In implementation, the security and credibility of the query quantified by the hierarchical access control module is determined by the attribute values of both the data provider and the data visitor, and the attribute values comprise the credibility of both the data provider, the data privacy degree set by the data provider and the authority degree of the corresponding role attribute of the data visitor. The larger the credibility values of the two parties are, the more credible the credibility is; the higher the authority of the role or corresponding attribute of the visitor is, the more credible the obtained data is; the lower the privacy the provider has set on the data, the more trustworthy the data is.
Visitor trustworthiness VT the degree of reputation V of a visitorrepAnd corresponding role attribute weight limit VperThe authority degree and the credit degree are random variables which obey normal distribution between 0 and 1. Selecting a two-dimensional Gaussian function as a corresponding function, and obtaining the reliability VT of the visitor according to a calculation formula as follows:
Figure BDA0002302592320000081
data provider confidence DT is likewise determined by provider confidence DrepAnd the data privacy degree D of the corresponding settingpriThe method comprises two parts, wherein the formula of the formula VT is adjusted by considering that the data privacy degree is in inverse proportional relation with the privacy parameter of the differential privacy, and the calculation formula for obtaining the provider reliability DT is as follows:
Figure BDA0002302592320000082
through the formulas (1), (2) and (3), the maximum QT of the query security reliability can be calculatedmaxAnd minimum value QTminQuantizing the credibility grade into n grades, wherein each credibility grade corresponds to a privacy protection parameter epsilon, and the interval of the ith credibility grade is
Figure BDA0002302592320000083
Similarly, the differential privacy protection parameter epsilon is divided into n parts in the [0,1] interval, and the n parts are mapped with the credible levels one by one. And more fine-grained, safer and quicker privacy protection is realized.
Preferably, the invention also comprises an evaluation and feedback module of the reputation of the data provider by the data visitor, which can increase the dynamics of the access authorization. In implementation, when a reputation evaluation and feedback mechanism of a data provider by a data visitor operates, a default initial value needs to be given to each data provider, after the reputation of the data provider is evaluated and fed back by the data visitor, the reputation of the data provider is correspondingly increased or decreased, a trust threshold corresponding to a data privacy authority of each data provider is set for each data provider, and if the trust value of the data provider is greater than the threshold, the authority corresponding to the data provider is continuously reserved; if less than the trust threshold, the rights are reclaimed and no data is provided to them. By introducing an evaluation and feedback mechanism, the source and the effectiveness of the data can be better guaranteed. The evaluation and feedback module of the data visitor to the reputation of the data provider in the embodiment is arranged in the hierarchical access control module. Of course, the module for evaluating and feeding back the reputation of the data provider by the data visitor can also exist as an independent module.
It should be noted that the hierarchical access control method is based on role and attribute access control method, and the invention introduces consideration to reputation of data provider and data visitor at the same time, and realizes hierarchical refinement of access authority. The method has the disadvantages that the access control based on roles is adopted only, for example, the explosive growth of the roles brings exponential improvement of the configuration complexity of the access control, the maintenance of large workload is required continuously, the timeliness is difficult to ensure, the abuse of user authority, the coarse granularity of the access control and other safety problems; while attribute-based access control is also more complex in terms of policy auditing. Through the combination of the two types of access control, the defect of pure attribute-based access control is overcome, and the situations that the privacy requirement of the provider is not equal to the requirement of the visitor on data still exist. Therefore, consideration of credit degrees of the data provider and the data visitor is introduced, the trust degree grade is dynamically and quantitatively analyzed and mapped to the corresponding trust grade by combining the setting of the data privacy security grade of the data provider, and the corresponding privacy protection parameter is obtained, so that the control of hierarchical access is realized. And meanwhile, a dynamic feedback mechanism for the credit degree of the provider is introduced, the credit degree of the provider is increased or decreased according to the feedback of the data visitor to the data effectiveness, and the value of the data is better evaluated and the data is favorably shared.
Preferably, as shown in fig. 4, the data optimization module in step S4 performs an optimization process on the noisy data generated after the differential privacy processing in step S3, including the following steps:
s4.1, leading the noise-added data into a square root unscented Kalman algorithm of data optimization by a data optimization module;
s4.2, the square root unscented Kalman algorithm firstly carries out unscented transformation on a prediction function and an update function, and 2L +1 epsilon points are selected around the mean value for initialization;
s4.3, performing Cholesky first-order updating on the obtained prediction variance matrix to further obtain a square root matrix of the variance matrix;
s4.4, updating the square root matrix to realize the optimization processing of the data by filtering;
and S4.5, obtaining an optimized data set.
In specific implementation, the data optimization module imports the noise-added data added with noise through differential privacy processing into a square root unscented Kalman algorithm of data optimization, and the data precision after the noise is added is improved by initializing an epsilon point, a Cholesky matrix square root and predicting and updating steps. In a specific implementation, it is assumed that the data set provided by the data provider is a non-linear set. The data set is added with Laplace noise after being processed by the grading access control module, so that the privacy protection effect is achieved, but the accuracy of the data in actual use is not negligible, and the accuracy is more important in medical use particularly. Therefore, a nonlinear stream data release method based on square root unscented Kalman is introduced, a difference privacy data optimization algorithm DP _ SRUKF based on square root unscented Kalman filtering is provided, and by introducing a Cholesky matrix square root into unscented transformation of unscented Kalman filtering, the usability of data is improved and the privacy of the data is protected at the same time under the condition of slightly increasing the calculated amount.
In summary, compared with the prior art, the invention provides a block chain data sharing platform and a method based on a differential privacy protection technology, which can solve the privacy disclosure problem caused by the transaction process existing between a data provider and a data visitor, and enable the provider to obtain corresponding value benefits while sharing self health data for scientific research institutions and the like by realizing the mediation operation; secondly, the invention dynamically and quantitatively analyzes the trust level grade and maps the trust level grade to the corresponding trust level by introducing the consideration to the credit degrees of the data provider and the data visitor and combining the setting of the data privacy security level by the data provider, thereby obtaining the corresponding privacy protection parameter and realizing the control of the hierarchical access. And meanwhile, a dynamic feedback mechanism for the credit degree of a data provider is introduced, the credit degree of a contributor is increased or decreased according to the feedback of a data visitor on the data effectiveness, and the value of data is better evaluated and the data is favorably shared.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (11)

1. A block chain data sharing platform based on a differential privacy protection technology is characterized in that a data sharing platform framework comprises a data uploading module, a data access module, a differential privacy data processing module and an intelligent contract module.
2. The platform as claimed in claim 1, wherein the data upload module is connected to the intelligent contract module, and is configured to upload data information to the data sharing platform by a data provider.
3. The platform of claim 2, wherein the data information comprises a data directory and a data format.
4. The platform of claim 1, wherein the data access module is configured to send a request for data query and/or a request for transaction of data request to a data visitor.
5. The platform of claim 4, wherein the intelligent contract in the intelligent contract module can be invoked by the data access module, and the data visitor sends the request for data transaction, and invokes the intelligent contract, and after the network node is verified, writes part or all of the request for data transaction into the blockchain and sends the request to the data provider.
6. The platform of claim 4, wherein the intelligent contract in the intelligent contract module can be invoked by the data upload module, and the data provider decrypts the ciphertext of the intelligent contract module by using the public key of the data visitor to verify the authenticity of the request for the data transaction; the data provider analyzes the transaction request of the demand data, encrypts the demand data by using the public key of the data visitor, calls and confirms the intelligent contract, broadcasts the provided demand data, puts the complete transaction information into the block chain after being verified, and simultaneously sends the provided demand data to the data visitor.
7. A blockchain data sharing platform based on differential privacy protection technology according to claim 5 or 6, characterized in that the intelligent contracts in the intelligent contract module run on all nodes trying to access data tables.
8. The platform of claim 4, further comprising a differential privacy data processing module, wherein the differential privacy data processing module is connected to the intelligent contract module; the differential privacy data processing module comprises a hierarchical access control module and a data optimization module, and the differential privacy data processing module adds noise conforming to differential privacy to privacy data to realize privacy protection; the data optimization module is used for improving the precision of the noise-added data.
9. A block chain data sharing method based on a differential privacy protection technology is characterized in that the data sharing processing step comprises the following steps:
the data provider uploads data information to the data sharing platform, and after the data information is verified by the network node, the data information is written into the block chain;
a data accessor sends a demand data query request, and searches and retrieves demand data in a data sharing platform;
the hierarchical access control module adds noise to the private data to realize differential privacy protection of the private data;
the data optimization module carries out precision optimization on the noise-added data generated by the differential privacy processing;
the data access module calls an intelligent contract in the intelligent contract module, a data visitor sends a demand data transaction request, and calls the intelligent contract at the same time, and after the network node is verified, part or all of the demand data transaction request is written into a block chain and sent to a data provider;
the intelligent contract in the intelligent contract module is called by the data uploading module, and the data provider decrypts the ciphertext by using the public key of the data visitor and verifies the authenticity of the request for the data transaction; the data provider analyzes the transaction request of the demand data, encrypts the demand data by using the public key of the data visitor, calls and confirms the intelligent contract, broadcasts the provided demand data, puts the complete transaction information into the block chain after being verified, and simultaneously sends the provided demand data to the data visitor.
10. The method for sharing blockchain data based on differential privacy protection technology as claimed in claim 9, wherein the step of adding noise to the privacy data by the hierarchical access control module to implement differential privacy protection on the privacy data includes the following steps:
setting parameters: setting initial values of credit degrees of a data provider and a data visitor, setting an initial value of role attribute authority degrees of the data visitor, and setting data privacy degrees by the data provider;
quantizing the inquiry security credibility and the privacy parameters of the differential privacy according to the credibility of the data provider and the data visitor, and mapping one by one, wherein each inquiry security credibility grade corresponds to one privacy parameter;
and dynamically evaluating and feeding back the credibility of the data provider.
11. The method as claimed in claim 9, wherein the data optimization module is configured to optimize the noisy data, and the process includes the following steps:
the data optimization module imports the data added with noise after differential privacy processing into a square root unscented Kalman algorithm of data optimization;
the square root unscented Kalman algorithm firstly carries out unscented transformation on a prediction function and an update function, and 2L +1 sigma points are selected around the mean value for initialization;
performing Cholesky first-order updating on the obtained prediction variance matrix to further obtain a square root matrix of the variance matrix;
and the optimization processing of the data by the filtering is realized by updating the square root matrix.
CN201911227297.4A 2019-12-04 2019-12-04 Block chain data sharing platform and method based on differential privacy protection technology Pending CN110933093A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911227297.4A CN110933093A (en) 2019-12-04 2019-12-04 Block chain data sharing platform and method based on differential privacy protection technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911227297.4A CN110933093A (en) 2019-12-04 2019-12-04 Block chain data sharing platform and method based on differential privacy protection technology

Publications (1)

Publication Number Publication Date
CN110933093A true CN110933093A (en) 2020-03-27

Family

ID=69856640

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911227297.4A Pending CN110933093A (en) 2019-12-04 2019-12-04 Block chain data sharing platform and method based on differential privacy protection technology

Country Status (1)

Country Link
CN (1) CN110933093A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111881484A (en) * 2020-06-29 2020-11-03 北京工业大学 UCON evidence storage data access control method based on block chain
CN111931233A (en) * 2020-08-12 2020-11-13 哈尔滨工业大学(深圳) Information recommendation method and system based on block chain and localized differential privacy protection
CN112437441A (en) * 2020-10-22 2021-03-02 山东省科学院自动化研究所 Internet of things-oriented access control system and method based on intelligent contract
CN112507377A (en) * 2020-11-30 2021-03-16 北京理工大学 Block chain enabling supply chain system key information protection method based on differential privacy
CN112699413A (en) * 2021-01-20 2021-04-23 泉州华中科技大学智能制造研究院 Block chain system capable of protecting data security and data processing method thereof
CN113609523A (en) * 2021-07-29 2021-11-05 南京邮电大学 Vehicle networking private data protection method based on block chain and differential privacy
CN114117540A (en) * 2022-01-25 2022-03-01 广州天鹏计算机科技有限公司 Big data analysis processing method and system
CN117407843A (en) * 2023-10-13 2024-01-16 成都安美勤信息技术股份有限公司 Privacy information access detection management method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180307859A1 (en) * 2013-11-01 2018-10-25 Anonos Inc. Systems and methods for enforcing centralized privacy controls in de-centralized systems
CN109858228A (en) * 2019-01-31 2019-06-07 上海计算机软件技术开发中心 Data sharing service platform and method based on block chain
CN110321721A (en) * 2019-07-02 2019-10-11 石家庄铁道大学 Electronic health record access control method based on block chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180307859A1 (en) * 2013-11-01 2018-10-25 Anonos Inc. Systems and methods for enforcing centralized privacy controls in de-centralized systems
CN109858228A (en) * 2019-01-31 2019-06-07 上海计算机软件技术开发中心 Data sharing service platform and method based on block chain
CN110321721A (en) * 2019-07-02 2019-10-11 石家庄铁道大学 Electronic health record access control method based on block chain

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李森有: ""一种基于差分隐私的数据查询分级控制策略"", 《计算机科学》 *
王俊: ""面向健康服务的可穿戴设备安全认证与隐私数据发布"", 《中国博士学位论文全文数据库》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111881484A (en) * 2020-06-29 2020-11-03 北京工业大学 UCON evidence storage data access control method based on block chain
CN111881484B (en) * 2020-06-29 2024-06-07 北京工业大学 UCON (unified control over access) certificate data access control method based on blockchain
CN111931233A (en) * 2020-08-12 2020-11-13 哈尔滨工业大学(深圳) Information recommendation method and system based on block chain and localized differential privacy protection
CN111931233B (en) * 2020-08-12 2022-11-15 哈尔滨工业大学(深圳) Information recommendation method and system based on block chain and localized differential privacy protection
CN112437441B (en) * 2020-10-22 2022-08-05 山东省科学院自动化研究所 Internet of things-oriented access control system and method based on intelligent contract
CN112437441A (en) * 2020-10-22 2021-03-02 山东省科学院自动化研究所 Internet of things-oriented access control system and method based on intelligent contract
CN112507377A (en) * 2020-11-30 2021-03-16 北京理工大学 Block chain enabling supply chain system key information protection method based on differential privacy
CN112699413B (en) * 2021-01-20 2022-07-01 泉州华中科技大学智能制造研究院 Block chain system capable of protecting data security and data processing method thereof
CN112699413A (en) * 2021-01-20 2021-04-23 泉州华中科技大学智能制造研究院 Block chain system capable of protecting data security and data processing method thereof
CN113609523B (en) * 2021-07-29 2022-04-01 南京邮电大学 Vehicle networking private data protection method based on block chain and differential privacy
CN113609523A (en) * 2021-07-29 2021-11-05 南京邮电大学 Vehicle networking private data protection method based on block chain and differential privacy
CN114117540A (en) * 2022-01-25 2022-03-01 广州天鹏计算机科技有限公司 Big data analysis processing method and system
CN117407843A (en) * 2023-10-13 2024-01-16 成都安美勤信息技术股份有限公司 Privacy information access detection management method
CN117407843B (en) * 2023-10-13 2024-04-19 成都安美勤信息技术股份有限公司 Privacy information access detection management method

Similar Documents

Publication Publication Date Title
CN110933093A (en) Block chain data sharing platform and method based on differential privacy protection technology
US11418510B2 (en) Systems, methods, and apparatuses for implementing a role based access control and authorization validator via blockchain smart contract execution using distributed ledger technology (DLT)
Xu et al. An efficient privacy‐enhanced attribute‐based access control mechanism
CN110941856A (en) Data differential privacy protection sharing platform based on block chain
Wang et al. A triple real-time trajectory privacy protection mechanism based on edge computing and blockchain in mobile crowdsourcing
US9830472B2 (en) Method for handling privacy data
CN110785981A (en) Securing access to confidential data using blockchain ledgers
CN109525570B (en) Group client-oriented data layered security access control method
Shafagh et al. Droplet: Decentralized authorization and access control for encrypted data streams
CN108833393A (en) A kind of revocable data sharing method calculated based on mist
CN108632030A (en) A kind of fine-grained access control method efficient and safe based on CP-ABE
CN110611662B (en) Attribute-based encryption-based fog collaborative cloud data sharing method
CN114944963B (en) Government affair data opening method and system
CN107302524A (en) A kind of ciphertext data-sharing systems under cloud computing environment
Adlam et al. A permissioned blockchain approach to the authorization process in electronic health records
EP3817320B1 (en) Blockchain-based system for issuing and validating certificates
Mukherjee et al. Unified smart home resource access along with authentication using Blockchain technology
Han et al. Access control mechanism for the Internet of Things based on blockchain and inner product encryption
Duan et al. BSAF: A blockchain-based secure access framework with privacy protection for cloud-device service collaborations
CN116090000A (en) File security management method, system, device, medium and program product
CN113127927B (en) Attribute reconstruction encryption method and system for license chain data sharing and supervision
Yan et al. Traceable and weighted attribute-based encryption scheme in the cloud environment
CN105790929A (en) High-efficient access control method based on rule redundancy elimination in encryption environment
CN107659567A (en) The ciphertext access control method and system of fine granularity lightweight based on public key cryptosyst
Wang et al. A trust and attribute-based access control framework in internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200327