CN110990484B - Information storage method, system, computer equipment and storage medium based on block chain - Google Patents

Information storage method, system, computer equipment and storage medium based on block chain Download PDF

Info

Publication number
CN110990484B
CN110990484B CN201911183946.5A CN201911183946A CN110990484B CN 110990484 B CN110990484 B CN 110990484B CN 201911183946 A CN201911183946 A CN 201911183946A CN 110990484 B CN110990484 B CN 110990484B
Authority
CN
China
Prior art keywords
information
identity certificate
stored
certificate
user terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911183946.5A
Other languages
Chinese (zh)
Other versions
CN110990484A (en
Inventor
张亮
冯思博
黄细健
卢德恩
贺亚光
李楠
蔡剑戈
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd
Original Assignee
Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd filed Critical Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd
Priority to CN201911183946.5A priority Critical patent/CN110990484B/en
Publication of CN110990484A publication Critical patent/CN110990484A/en
Application granted granted Critical
Publication of CN110990484B publication Critical patent/CN110990484B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The invention discloses a block chain-based information storage method, a block chain-based information storage system, computer equipment and a storage medium, wherein the method comprises the following steps: and generating a public key and a private key according to a secret key generation rule when receiving information to be stored, judging whether an effective identity certificate exists according to a certificate judgment rule, if not, sending an identity certificate acquisition request to a management server to acquire the effective identity certificate, correlating the public key with the effective identity certificate to obtain correlation information, sending the correlation information to the management server, signing the information to be stored according to a signature rule and the private key to obtain the information to be stored containing a signature value, correlating the information to be stored with the public key and the signature value to obtain correlation storage information, and performing distributed storage. By the method, the identity certificate and the information to be stored are stored respectively, repeated storage of the identity certificate due to the fact that the identity certificate is added in the information to be stored is avoided, storage space is saved, and efficiency of storing the data information is improved.

Description

Information storage method, system, computer equipment and storage medium based on block chain
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a blockchain-based information storage method, a blockchain-based information storage system, a blockchain-based information storage computer device, and a blockchain-based information storage medium.
Background
When the data information is stored based on the blockchain technology, in order to perform authority management and privacy protection on each node in the blockchain, a certificate system based on a PKI system (public key infrastructure ) can be adopted, and in order to ensure the validity of a signature in the data information, the data information from the blockchain node needs to carry certificate information corresponding to the node, so that a large amount of storage space is required when the data information is stored, the transmission efficiency of data among the nodes is influenced, the same certificate information is contained in a plurality of pieces of data information from the same node, and the storage resource is seriously wasted due to repeated storage of the certificate information. Thus, the prior art method has a problem of low data information storage efficiency.
Disclosure of Invention
The embodiment of the invention provides a blockchain-based information storage method, a blockchain-based information storage system, computer equipment and a storage medium, and aims to solve the problem of low data information storage efficiency in the prior art.
In a first aspect, an embodiment of the present invention provides a blockchain-based information storage method, including:
if the input information to be stored is received, generating a public key and a private key according to a preset secret key generation rule;
judging whether a valid identity certificate exists according to preset certificate judging rules;
if the effective identity certificate does not exist, an identity certificate acquisition request is sent to the management server to acquire the effective identity certificate corresponding to the user terminal from the management server;
if an effective identity certificate exists or a corresponding effective identity certificate is obtained, the public key and the effective identity certificate are associated to obtain association information and the association information is sent to the management server;
signing the information to be stored according to a preset signing rule and the private key to obtain the information to be stored containing a signature value;
and correlating the information to be stored with the public key and the signature value to obtain correlated storage information and performing distributed storage.
In a second aspect, embodiments of the present invention provide a blockchain-based information storage system including:
the key generation unit is used for generating a public key and a private key according to a preset key generation rule if the input information to be stored is received;
The identity certificate judging unit is used for judging whether a valid identity certificate exists according to preset certificate judging rules;
a valid identity certificate acquiring unit, configured to send an identity certificate acquiring request to the management server to acquire a valid identity certificate corresponding to the user terminal from the management server if the valid identity certificate does not exist;
the association information sending unit is used for associating the public key with the effective identity certificate to obtain association information and sending the association information to the management server if the effective identity certificate exists or the corresponding effective identity certificate is obtained;
the information to be stored signing unit is used for signing the information to be stored according to a preset signing rule and the private key to obtain the information to be stored containing a signing value;
and the distributed storage unit is used for associating the information to be stored with the public key and the signature value to obtain associated storage information and performing distributed storage.
In a third aspect, an embodiment of the present invention further provides a computer apparatus, which includes a memory, a processor, and a computer program stored on the memory and capable of running on the processor, where the processor implements the blockchain-based information storage method according to the first aspect.
In a fourth aspect, embodiments of the present invention further provide a computer readable storage medium, where the computer readable storage medium stores a computer program, where the computer program when executed by a processor causes the processor to perform the blockchain-based information storage method of the first aspect.
The embodiment of the invention provides a block chain-based information storage method, a block chain-based information storage system, computer equipment and a storage medium. And generating a public key and a private key according to a secret key generation rule when receiving information to be stored, judging whether an effective identity certificate exists according to a certificate judgment rule, if not, sending an identity certificate acquisition request to a management server to acquire the effective identity certificate, correlating the public key with the effective identity certificate to obtain correlation information, sending the correlation information to the management server, signing the information to be stored according to a signature rule and the private key to obtain the information to be stored containing a signature value, correlating the information to be stored with the public key and the signature value to obtain correlation storage information, and performing distributed storage. By the method, the identity certificate and the information to be stored are stored respectively, repeated storage of the identity certificate due to the fact that the identity certificate is added in the information to be stored is avoided, storage space is saved, and efficiency of storing the data information is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart illustrating a blockchain-based information storage method according to an embodiment of the present invention;
fig. 2 is an application scenario schematic diagram of a blockchain-based information storage method according to an embodiment of the present invention;
FIG. 3 is a schematic sub-flowchart of a blockchain-based information storage method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of another flow chart of a blockchain-based information storage method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of another sub-flowchart of a blockchain-based information storage method according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating another exemplary blockchain-based information storage method according to an embodiment of the present invention;
FIG. 7 is a schematic block diagram of a blockchain-based information storage system provided by an embodiment of the present invention;
Fig. 8 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
Referring to fig. 1 and fig. 2, fig. 1 is a flowchart of a blockchain-based information storage method according to an embodiment of the present invention, and fig. 2 is a schematic application scenario of the blockchain-based information storage method according to an embodiment of the present invention. The blockchain-based information storage method is applied to the user terminal 10, and is executed by application software installed in the user terminal 10, and the management server 20 and the blockchain network 30 establish network connection with the user terminal 10 to realize data information transmission. The user terminal 10 is a terminal device for executing a blockchain-based information storage method to store information, such as a desktop computer, a notebook computer, a tablet computer, a mobile phone, etc., the management server 20 is a server for establishing a network connection with the user terminal 10 to perform data transmission, and the blockchain network 30 is a terminal network formed by a plurality of terminal devices in the internet based on intelligent contracts. In fig. 2, only one ue 10 is shown to transmit information to the management server 20 and the blockchain network 30, and in practical applications, the blockchain network 30 and the management server 20 may transmit information to multiple ues 10 at the same time.
As shown in fig. 1, the method includes steps S110 to S160.
S110, if the input information to be stored is received, a public key and a private key are generated according to a preset key generation rule.
If the input information to be stored is received, a public key and a private key are generated according to a preset secret key generation rule. The user terminal receives information to be stored input by a user, the information to be stored can be transaction data, log data and the like so as to only contain text information, the blockchain network is composed of a plurality of terminal devices, each terminal device in the blockchain network corresponds to one node in the blockchain network, and the user terminal can be used as one node in the blockchain network. The public key and the private key are generated according to a key generation rule, wherein the key generation rule can be an Elliptic Curve Digital Signature Algorithm (ECDSA) or an Edwardz curve digital signature algorithm (EDDSA). The secret key generation rule can generate a public key and a private key, the public key and the private key appear in pairs, the information needing to be signed can be signed (also called encryption) through the private key to obtain signature information, signature verification can be carried out on the signature information through the public key, and only the signature information through the signature verification can be confirmed to be valid, namely, the signature in the signature information obtained through the signature carried out through the private key is confirmed to be valid.
For example, taking an elliptic curve digital signature algorithm as an example, the specific process of generating the public key and the private key is as follows: 1. optionally selecting an elliptic curve E from elliptic curves included in an elliptic curve digital signature algorithm p (a, b) a base point G corresponding to the elliptic curve; 2. generating a random integer k as a private key according to the order n of G, wherein 0<k<n; 3. the public key p=k×g is calculated using the base point G.
S120, judging whether a valid identity certificate exists according to a preset certificate judging rule.
Judging whether a valid identity certificate exists according to preset certificate judging rules. And judging whether the user terminal stores the valid identity certificate according to the certificate judging rule. The identity certificate is a certificate for proving qualification of the user terminal to join the blockchain network to store information to the blockchain network, and only the user terminal storing the valid identity certificate can join the blockchain network and send the information to the blockchain for storage. The effective identity certificate comprises an issuing mechanism, an issuing time, a certificate validity period and terminal information of a user terminal, wherein the terminal information of the user terminal is information for identifying the user terminal, and comprises identity identification information such as a user name of a user using the user terminal, an organization name (or company name) to which the user belongs, a mailbox address and the like.
In one embodiment, as shown in FIG. 3, step S120 includes substeps S121, S122, S123, and S124.
S121, judging whether the identity certificate is stored in the user terminal.
And judging whether the identity certificate is stored in the user terminal. Firstly judging whether an identity certificate is stored in a user terminal, if the identity certificate is stored in the user terminal, indicating that the user terminal has joined a blockchain network, and further judging whether the identity certificate is a valid identity certificate; if the identity certificate is not stored in the user terminal, the user terminal is not added into the blockchain network.
S122, if the user terminal stores the identity certificate, judging whether the identity certificate is valid or not according to the certificate judging rule.
And if the user terminal stores the identity certificate, judging whether the identity certificate is valid or not according to the certificate judging rule. The certificate judging rule is a rule for judging whether the identity certificate is valid or not, and the certificate judging rule can be a rule for judging whether the identity certificate exceeds the period of time at the current time based on the issuing time and the valid period of the identity certificate, or a rule for judging whether an issuing mechanism is a valid issuing mechanism, or a rule for judging whether terminal information of a user terminal is matched with the user terminal.
Taking a certificate judging rule as an example of judging whether the identity certificate exceeds the period of time based on the issuing time and the valid period of the identity certificate, judging whether the current time is contained in the time limited by the issuing time and the valid period of the identity certificate, and judging that the identity certificate is valid if the current time is contained; and if the identity certificate is not contained, judging that the identity certificate is invalid.
For example, when the issuing time of a certain identity certificate is 2018-07-11 and the validity period of the identity certificate is 180 days, and the current time is 2018-11-01, the current time is included in the time limited by the issuing time and the validity period of the identity certificate, and the identity certificate is judged to be valid.
And S123, if the user terminal does not store the identity certificate or judges that the identity certificate is invalid, a judging result of not storing the valid identity certificate is obtained.
And if the user terminal does not store the identity certificate or judges that the identity certificate is invalid, obtaining a judging result of not storing the valid identity certificate. If the user terminal does not store the identity certificate, indicating that the user terminal does not join the blockchain network; if the identity certificate is judged to be invalid, the identity certificate stored in the user terminal is indicated to be incapable of being used normally, and the judgment result of storing the valid identity certificate is obtained in both cases.
S124, if the identity certificate is judged to be valid, a judgment result of the stored valid identity certificate is obtained.
And if the identity certificate is judged to be valid, obtaining a judgment result of the stored valid identity certificate.
And S130, if the effective identity certificate does not exist, an identity certificate acquisition request is sent to the management server so as to acquire the effective identity certificate corresponding to the user terminal from the management server.
And if the effective identity certificate does not exist, sending an identity certificate acquisition request to the management server so as to acquire the effective identity certificate corresponding to the user terminal from the management server. If the user terminal does not store the effective identity certificate, an identity certificate acquisition request is required to be sent to the management server to acquire the corresponding effective identity certificate. The identity certificate acquisition request includes terminal information of the user terminal.
In one embodiment, as shown in fig. 4, steps S131, S132, and S133 are further included, and all the above steps are performed in the management server.
S131, if an identity certificate acquisition request from the user terminal is received, request abstract information corresponding to the identity certificate acquisition request is generated according to a preset abstract information generation rule.
And if an identity certificate acquisition request from the user terminal is received, generating request abstract information corresponding to the identity certificate acquisition request according to a preset abstract information generation rule. Specifically, terminal information included in the identity certificate acquisition request is acquired, where the terminal information includes identity information such as a user name of a user using the user terminal, an organization name (or company name) to which the user belongs, and a mailbox address. And carrying out hash operation on the terminal information according to the summary information generation rule to obtain the corresponding summary information, wherein the hash operation is a secure hash algorithm 256.
In this embodiment, hash (basic information) =digest information, that is, hash operation is performed on terminal information in an identity certificate acquisition request to obtain digest information, and for any length (calculated by bit), SHA256 (secure Hash algorithm 256) generates a 32-byte length data, and SHA256 always processes the information as a bit string.
For example, hash (username: xyz, organization name: AA company, mailbox address: xyz@999.com) =82d54bc 57A6F1D78.
S132, signing the request abstract information according to a preset root certificate to obtain a digital signature.
And signing the request abstract information according to a preset root certificate to obtain a digital signature. Specifically, the root certificate contains private key information, and the process of signing the request abstract information according to the root certificate is to encrypt the request abstract information by using the private key information of the root certificate, and the encrypted data obtained after encryption is the digital signature. Can be according to c.ident.n e The (modN) is calculated to encrypt the information N to be encrypted to obtain the encrypted information c, wherein (N, e) is the private key information of the root certificate, and the mode of signing the request summary information according to the root certificate can also be other encryption modes.
S133, generating a valid identity certificate corresponding to the identity certificate acquisition request according to a preset certificate issuing rule and the digital signature, and feeding back the valid identity certificate to the user terminal.
And generating a valid identity certificate corresponding to the identity certificate acquisition request according to a preset certificate issuing rule and the digital signature, and feeding the valid identity certificate back to the user terminal. Specifically, the certificate issuing rule is rule information for issuing an effective identity certificate, the certificate issuing rule includes an effective period and issuing information, the effective period is configured according to the effective period, the issuing mechanism is configured according to the issuing information, the current time is used as the issuing time, the obtained effective period, the issuing mechanism, the issuing time and the digital signature are added to information included in an identity certificate obtaining request, and a corresponding effective identity certificate can be generated, and the generated effective identity certificate includes the issuing mechanism, the issuing time, the effective period of the certificate, terminal information of a user terminal and the digital signature.
In an embodiment, as shown in fig. 5, step S130 further includes step S130a.
S130a, the valid identity certificate is sent to the blockchain network to be stored in a distributed mode.
And sending the valid identity certificate to the blockchain network to store the valid identity certificate in a distributed mode. Specifically, the valid identity credentials may be broadcast according to a preset broadcast rule, so as to store the valid identity credentials in a plurality of nodes of the blockchain network, that is, to implement distributed storage of the valid identity credentials. The broadcast rule includes a plurality of node addresses, each node address corresponds to a node in the blockchain network, and the node address in the broadcast rule may be an IP address corresponding to a node preset by a user, or an IP address of a historical node recorded in the user terminal and having data information transmitted between the nodes corresponding to the user terminal. After broadcasting the effective identity certificate according to the broadcasting rule, the effective identity certificate is stored in a distributed manner in a plurality of nodes of the blockchain, and then the corresponding identity certificate in the current user terminal can be verified through the effective identity certificates stored in other nodes.
And S140, if a valid identity certificate exists or a corresponding valid identity certificate is acquired, associating the public key with the valid identity certificate to obtain association information and sending the association information to the management server.
And if the effective identity certificate exists or the corresponding effective identity certificate is obtained, associating the public key with the effective identity certificate to obtain association information and sending the association information to the management server. If the effective identity certificate is stored in the user terminal or obtained from the management server, the generated public key is associated with the effective identity certificate to obtain association information, and the association information is sent to the management server. A valid identity certificate may be associated with one or more public keys, and a valid identity certificate associated with the public key may be found based on the public key.
And S150, signing the information to be stored according to a preset signing rule and the private key to obtain the information to be stored containing a signature value.
And signing the information to be stored according to a preset signing rule and the private key to obtain the information to be stored containing a signature value. The signature rule is a rule for signing the information to be stored by using the private key, after signing the information to be stored, obtaining the information to be stored containing the signature value, and verifying the signature value contained in the information to be stored by using the public key to verify whether the signature value is effective.
For example, taking an elliptic curve digital signature algorithm as an example, the process of signing the information to be stored according to the signature rule and the private key includes: 1. generating a random integer R according to the order n of G, calculating a point r=r×g, wherein 0<k<n, G is the base point corresponding to the circular curve; 2. the information m to be stored and the point R are arranged in an elliptic curve E p The coordinate points (x, y) in (a, b) are used as parameters, and a hash is calculated according to SHA1 (secure hash algorithm 1), wherein the hash=sha1 (m, x, y); 3. calculating s≡r-hash×k (mod n); 4. and judging whether r or s is 0, if any number of r or s is zero, repeating the steps 1-4, and if neither r nor s is zero, outputting r and s as signature values.
After the signature value is obtained, the signature value is added to the information to be stored, so that the information to be stored can be signed, and the information to be stored containing the signature value is obtained.
And S160, correlating the information to be stored with the public key and the signature value to obtain correlated storage information and performing distributed storage.
And correlating the information to be stored with the public key and the signature value to obtain correlated storage information and performing distributed storage. And correlating the information to be stored, the public key and the signature value, and sending the information to a blockchain network for distributed storage, wherein the information for distributed storage does not contain a valid identity certificate. In addition, stored account book information corresponding to the information to be stored can be generated according to the abstract information generation rule, and the stored account book information, the public key and the signature value are associated and then sent to the blockchain network for distributed storage.
In one embodiment, as shown in fig. 6, step S160 is further followed by steps S170, S180, and S190.
S170, if the associated storage information to be stored from the blockchain network is received, checking whether the associated storage information to be stored passes verification or not according to a preset checking algorithm and a public key and a signature value in the associated storage information to be stored.
If the associated storage information to be stored from the blockchain network is received, checking whether the associated storage information to be stored passes verification or not according to a preset checking algorithm and a public key and a signature value in the associated storage information to be stored. The user terminal receives the associated information to be stored sent by other nodes in the blockchain network, firstly, the associated information to be stored is checked according to a checking algorithm, the associated information to be stored contains effective information, a public key and a signature value which are associated with the effective information, and the public key and the signature value in the associated information to be stored are required to be used in the checking process of the effective information.
For example, taking an elliptic curve digital signature algorithm as an example, the process of signing the associated information to be stored is as follows: 1. calculating s×G+SHA1 (m) ×P to obtain coordinate values (x 1, y 1) of a point D, wherein G is a base point corresponding to a circular curve, and r and s are signature values; 2. calculating r1≡x1 mod P, wherein P is a public key; 3. and verifying whether the equation of r1≡r mod P is satisfied, if so, verifying the signature result to be passed, and if not, verifying the signature result to be failed.
And S180, if the association information to be stored passes verification, sending the public key to the management server to acquire certificate verification information of whether the effective identity certificate corresponding to the public key passes verification.
And if the associated information to be stored passes the verification, sending the public key to the management server to acquire certificate verification information of whether the effective identity certificate corresponding to the public key passes the verification. The management server is an issuing mechanism of the effective identity certificates, the management server stores the issued effective identity certificates and public keys associated with each effective identity certificate, the public keys in the associated information to be stored are sent to the management server, the management server can acquire the effective identity certificates corresponding to the public keys, and if the effective identity certificates corresponding to the public keys do not exist in the management server, certificate verification information which is not passed by verification is fed back to the user terminal; if the effective identity certificate corresponding to the public key exists in the management server, whether the effective identity certificate exists in a certificate revocation list is also required to be judged, a plurality of identity certificates to be revoked are stored in the certificate revocation list of the management server, and if the effective identity does not exist in the certificate revocation list, certificate verification information passing verification is fed back to the user terminal; if the valid identity certificate exists in the certificate revocation list, the certificate verification information which is not passed by verification is fed back to the user terminal.
And S190, if the certificate verification information is verification passing, storing the associated storage information to be stored.
And if the certificate verification information is verification passing, storing the associated storage information to be stored. And if the received certificate verification information is verification passing, storing the associated storage information to be stored, namely storing the associated storage information to be stored in a storage space of the user terminal.
According to the information storage method based on the blockchain, a public key and a private key are generated according to a secret key generation rule when information to be stored is received, whether an effective identity certificate exists is judged according to a certificate judgment rule, if the effective identity certificate does not exist, an identity certificate acquisition request is sent to a management server to acquire the effective identity certificate, the public key and the effective identity certificate are associated to obtain associated information and sent to the management server, the information to be stored is signed according to a signature rule and the private key to obtain information to be stored containing a signature value, the information to be stored is associated with the public key and the signature value to obtain associated storage information, and distributed storage is performed. By the method, the identity certificate and the information to be stored are stored respectively, repeated storage of the identity certificate due to the fact that the identity certificate is added in the information to be stored is avoided, storage space is saved, and efficiency of storing the data information is improved.
The embodiment of the present invention further provides a blockchain-based information storage system, where the blockchain-based information storage system includes a management server 20 and at least one user terminal 10, the user terminal 10 is configured to execute the method executable by the user terminal in the blockchain-based information storage method, and the management server 20 is configured to execute the method executable by the management server in the blockchain-based information storage method. In particular, referring to FIG. 7, FIG. 7 is a schematic block diagram of a blockchain-based information storage system provided by embodiments of the present invention.
As shown in fig. 7, the user terminal 10 includes a key generation unit 110, an identity certificate judgment unit 120, a valid identity certificate acquisition unit 130, an associated information transmission unit 140, an information to be stored signature unit 150, and a distributed storage unit 160.
The key generation unit 110 is configured to generate a public key and a private key according to a preset key generation rule if the input information to be stored is received.
The identity certificate judging unit 120 is configured to judge whether a valid identity certificate exists according to a preset certificate judging rule.
In other embodiments of the invention, the identity certificate determination unit 120 includes a subunit: the device comprises an identity certificate storage judging unit, a valid judging unit, a first judging result acquiring unit and a second judging result acquiring unit.
An identity certificate storage judging unit for judging whether an identity certificate is stored in the user terminal; the validity judging unit is used for judging whether the identity certificate is valid or not according to the certificate judging rule if the identity certificate is stored in the user terminal; the first judgment result acquisition unit is used for acquiring a judgment result of not storing an effective identity certificate if the user terminal does not store the identity certificate or judges that the identity certificate is invalid; and the second judgment result acquisition unit is used for acquiring a judgment result of the stored valid identity certificate if the identity certificate is judged to be valid.
And the valid identity certificate acquiring unit 130 is configured to send an identity certificate acquiring request to the management server to acquire a valid identity certificate corresponding to the user terminal from the management server if the valid identity certificate does not exist.
As shown in fig. 7, the management server 20 includes: a request digest information generation unit 131, a data signature acquisition unit 132, and a valid identity certificate generation unit 133.
A request summary information generating unit 131, configured to generate, if an identity certificate acquisition request from the user terminal is received, request summary information corresponding to the identity certificate acquisition request according to a preset summary information generating rule; a data signature obtaining unit 132, configured to sign the request summary information according to a preset root certificate to obtain a digital signature; and the valid identity certificate generating unit 133 is configured to generate a valid identity certificate corresponding to the identity certificate acquisition request according to a preset certificate issuing rule and the digital signature, and feed back the valid identity certificate to the user terminal.
In other inventive embodiments, the user terminal 10 further comprises a subunit: an identity certificate distributed storage unit.
And the identity certificate distributed storage unit is used for sending the valid identity certificate to the blockchain network so as to perform distributed storage on the valid identity certificate.
And the association information sending unit 140 is configured to associate the public key with the valid identity certificate to obtain association information and send the association information to the management server if the valid identity certificate exists or a corresponding valid identity certificate is obtained.
The information to be stored signing unit 150 is configured to sign the information to be stored according to a preset signing rule and the private key to obtain the information to be stored including a signature value.
The distributed storage unit 160 is configured to correlate the information to be stored with the public key and the signature value to obtain correlated storage information, and perform distributed storage.
In other inventive embodiments, the user terminal further comprises a subunit: the device comprises a verification unit, a certificate verification information acquisition unit and an information storage unit.
The signature verification unit is used for verifying whether the associated storage information to be stored passes verification or not according to a preset signature verification algorithm and a public key and a signature value in the associated storage information to be stored if the associated storage information to be stored is received from the blockchain network; the certificate verification information acquisition unit is used for sending the public key to the management server to acquire the certificate verification information whether the valid identity certificate corresponding to the public key passes verification or not if the associated information to be stored passes verification; and the information storage unit is used for storing the associated storage information to be stored if the certificate verification information passes verification.
The blockchain-based information storage system provided by the embodiment of the invention is used for executing the blockchain-based information storage method, generating a public key and a private key according to a secret key generation rule, judging whether an effective identity certificate exists according to a certificate judgment rule, if not, sending an identity certificate acquisition request to a management server to acquire the effective identity certificate, associating the public key with the effective identity certificate to obtain associated information, sending the associated information to the management server, signing the information to be stored according to a signature rule and the private key to obtain the information to be stored containing a signature value, associating the information to be stored with the public key and the signature value to obtain the associated storage information, and performing distributed storage. By the method, the identity certificate and the information to be stored are stored respectively, repeated storage of the identity certificate due to the fact that the identity certificate is added in the information to be stored is avoided, storage space is saved, and efficiency of storing the data information is improved.
The blockchain-based information storage system described above may be implemented in the form of a computer program that can run on a computer device as shown in fig. 8.
Referring to fig. 8, fig. 8 is a schematic block diagram of a computer device according to an embodiment of the present invention.
With reference to FIG. 8, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032, when executed, may cause the processor 502 to perform a blockchain-based information storage method.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the execution of a computer program 5032 in the non-volatile storage medium 503, which computer program 5032, when executed by the processor 502, causes the processor 502 to perform a blockchain based information storage method.
The network interface 505 is used for network communication, such as providing for transmission of data information, etc. It will be appreciated by those skilled in the art that the architecture shown in fig. 8 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting of the computer device 500 to which the present inventive arrangements may be implemented, as a particular computer device 500 may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
The processor 502 is configured to execute a computer program 5032 stored in a memory to implement the blockchain-based information storage method according to the embodiment of the present application.
Those skilled in the art will appreciate that the embodiment of the computer device shown in fig. 8 is not limiting of the specific construction of the computer device, and in other embodiments, the computer device may include more or less components than those shown, or certain components may be combined, or a different arrangement of components. For example, in some embodiments, the computer device may include only a memory and a processor, and in such embodiments, the structure and function of the memory and the processor are consistent with the embodiment shown in fig. 8, and will not be described again.
It should be appreciated that in an embodiment of the application, the processor 502 may be a central processing unit (Central Processing Unit, CPU), the processor 502 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSPs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In another embodiment of the application, a computer-readable storage medium is provided. The computer readable storage medium may be a non-volatile computer readable storage medium. The computer readable storage medium stores a computer program, and the computer readable storage medium is installed in a user terminal or a management server, wherein the computer readable instructions in the user terminal when executed by a processor implement a method that is executable by the user terminal in the blockchain-based information storage method of the embodiment of the present application, and the computer readable instructions in the management server when executed by the processor implement a method that is executable by the management server in the blockchain-based information storage method of the embodiment of the present application.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus, system and unit described above may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein. Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus, system, and method may be implemented in other ways. For example, the system embodiments described above are merely illustrative, for example, the division of the units is merely a logical function division, there may be another division manner in actual implementation, or units having the same function may be integrated into one unit, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, systems, or units, or may be an electrical, mechanical, or other form of connection.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present invention.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention is essentially or part of what contributes to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a computer-readable storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. The computer readable storage medium is a physical, non-transitory storage medium, and the computer readable storage medium is a non-volatile storage medium, and the computer readable storage medium may be an internal storage unit of the foregoing device, for example, a hard disk of the device or a physical storage medium such as a memory. The storage medium may also be an external storage device of the device, for example, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or other physical storage medium.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (7)

1. The information storage method based on the block chain is applied to a user terminal, and the user terminal is communicated with a management server and a block chain network, and is characterized by comprising the following steps:
if the input information to be stored is received, generating a public key and a private key according to a preset secret key generation rule;
judging whether a valid identity certificate exists according to preset certificate judging rules;
if the effective identity certificate does not exist, an identity certificate acquisition request is sent to the management server to acquire the effective identity certificate corresponding to the user terminal from the management server;
if an effective identity certificate exists or a corresponding effective identity certificate is obtained, the public key and the effective identity certificate are associated to obtain association information and the association information is sent to the management server;
Signing the information to be stored according to a preset signing rule and the private key to obtain the information to be stored containing a signature value;
correlating the information to be stored with the public key and the signature value to obtain correlated storage information and performing distributed storage; wherein the associated storage information does not contain the valid identity certificate;
after the sending the identity certificate obtaining request to the management server to obtain the valid identity certificate corresponding to the user terminal from the management server, the method further includes:
sending the valid identity certificate to the blockchain network to store the valid identity certificate in a distributed manner;
the sending the valid identity certificate to the blockchain network includes: broadcasting the effective identity certificate according to a preset broadcasting rule so as to store the effective identity certificate in a plurality of nodes of a block chain network, wherein the node address in the broadcasting rule is an IP address corresponding to a preset node or a recorded IP address of a historical node which has data information transmission between the nodes corresponding to the user terminal;
if the associated storage information to be stored from the blockchain network is received, checking whether the associated storage information to be stored passes verification or not according to a preset checking algorithm and a public key and a signature value in the associated storage information to be stored;
If the associated storage information to be stored passes verification, sending the public key to the management server to obtain certificate verification information of whether the effective identity certificate corresponding to the public key passes verification or not;
and if the certificate verification information is verification passing, storing the associated storage information to be stored.
2. The blockchain-based information storage method of claim 1, wherein the determining whether a valid identity certificate exists according to a preset certificate determination rule includes:
judging whether an identity certificate is stored in the user terminal;
if the user terminal has stored the identity certificate, judging whether the identity certificate is valid or not according to the certificate judging rule;
if the user terminal does not store the identity certificate or judges that the identity certificate is invalid, a judging result of not storing the valid identity certificate is obtained;
and if the identity certificate is judged to be valid, obtaining a judgment result of the stored valid identity certificate.
3. A blockchain-based information storage method, in which a management server communicates with a user terminal and a blockchain network, the method comprising the steps of:
If an identity certificate acquisition request from the user terminal is received, generating request abstract information corresponding to the identity certificate acquisition request according to a preset abstract information generation rule;
signing the request abstract information according to a preset root certificate to obtain a digital signature;
generating a valid identity certificate corresponding to the identity certificate acquisition request according to a preset certificate issuing rule and the digital signature, and feeding the valid identity certificate back to the user terminal;
the information storage method further includes the steps applied to the user terminal of:
if the input information to be stored is received, generating a public key and a private key according to a preset secret key generation rule;
judging whether a valid identity certificate exists according to preset certificate judging rules;
if the effective identity certificate does not exist, an identity certificate acquisition request is sent to the management server to acquire the effective identity certificate corresponding to the user terminal from the management server;
if an effective identity certificate exists or a corresponding effective identity certificate is obtained, the public key and the effective identity certificate are associated to obtain association information and the association information is sent to the management server;
signing the information to be stored according to a preset signing rule and the private key to obtain the information to be stored containing a signature value;
Correlating the information to be stored with the public key and the signature value to obtain correlated storage information and performing distributed storage; wherein the associated storage information does not contain the valid identity certificate;
after the sending the identity certificate obtaining request to the management server to obtain the valid identity certificate corresponding to the user terminal from the management server, the method further includes:
sending the valid identity certificate to the blockchain network to store the valid identity certificate in a distributed manner;
the sending the valid identity certificate to the blockchain network includes: broadcasting the effective identity certificate according to a preset broadcasting rule so as to store the effective identity certificate in a plurality of nodes of a block chain network, wherein the node address in the broadcasting rule is an IP address corresponding to a preset node or a recorded IP address of a historical node which has data information transmission between the nodes corresponding to the user terminal;
if the associated storage information to be stored from the blockchain network is received, checking whether the associated storage information to be stored passes verification or not according to a preset checking algorithm and a public key and a signature value in the associated storage information to be stored;
If the associated storage information to be stored passes verification, sending the public key to the management server to obtain certificate verification information of whether the effective identity certificate corresponding to the public key passes verification or not;
and if the certificate verification information is verification passing, storing the associated storage information to be stored.
4. A blockchain-based information storage system comprising a management server and at least one user terminal, the user terminal being configured to perform the steps performed at the user terminal in the method according to any one of claims 1-3, the management server being configured to perform the steps performed at the management server in the method according to claim 3, the user terminal comprising:
the key generation unit is used for generating a public key and a private key according to a preset key generation rule if the input information to be stored is received;
the identity certificate judging unit is used for judging whether a valid identity certificate exists according to preset certificate judging rules;
a valid identity certificate acquiring unit, configured to send an identity certificate acquiring request to the management server to acquire a valid identity certificate corresponding to the user terminal from the management server if the valid identity certificate does not exist;
The association information sending unit is used for associating the public key with the effective identity certificate to obtain association information and sending the association information to the management server if the effective identity certificate exists or the corresponding effective identity certificate is obtained;
the information to be stored signing unit is used for signing the information to be stored according to a preset signing rule and the private key to obtain the information to be stored containing a signing value;
the distributed storage unit is used for associating the information to be stored with the public key and the signature value to obtain associated storage information and performing distributed storage; wherein the associated storage information does not contain the valid identity certificate;
the user terminal further includes:
an identity certificate distributed storage unit, configured to send the valid identity certificate to the blockchain network to perform distributed storage on the valid identity certificate;
the sending the valid identity certificate to the blockchain network includes: broadcasting the effective identity certificate according to a preset broadcasting rule so as to store the effective identity certificate in a plurality of nodes of a block chain network, wherein the node address in the broadcasting rule is an IP address corresponding to a preset node or a recorded IP address of a historical node which has data information transmission between the nodes corresponding to the user terminal;
The user terminal further comprises a subunit: the device comprises a verification unit, a certificate verification information acquisition unit and an information storage unit;
the signature verification unit is used for verifying whether the associated storage information to be stored passes verification or not according to a preset signature verification algorithm and a public key and a signature value in the associated storage information to be stored if the associated storage information to be stored is received from the blockchain network;
the certificate verification information acquisition unit is used for transmitting the public key to the management server to acquire the certificate verification information whether the valid identity certificate corresponding to the public key passes verification or not if the associated storage information to be stored passes verification;
and the information storage unit is used for storing the associated storage information to be stored if the certificate verification information passes verification.
5. The blockchain-based information storage system of claim 4, wherein the identity certificate determination unit includes:
an identity certificate storage judging unit for judging whether an identity certificate is stored in the user terminal;
the validity judging unit is used for judging whether the identity certificate is valid or not according to the certificate judging rule if the identity certificate is stored in the user terminal;
The first judgment result acquisition unit is used for acquiring a judgment result of not storing an effective identity certificate if the user terminal does not store the identity certificate or judges that the identity certificate is invalid;
and the second judgment result acquisition unit is used for acquiring a judgment result of the stored valid identity certificate if the identity certificate is judged to be valid.
6. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor is adapted to run the computer program to perform the steps of the method according to any one of claims 1 to 2 or to perform the steps of the method according to claim 3.
7. A computer readable storage medium storing a computer program of instructions which, when executed by a processor, perform the steps of the method of any one of claims 1-2 or the steps of the method of claim 3.
CN201911183946.5A 2019-11-27 2019-11-27 Information storage method, system, computer equipment and storage medium based on block chain Active CN110990484B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911183946.5A CN110990484B (en) 2019-11-27 2019-11-27 Information storage method, system, computer equipment and storage medium based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911183946.5A CN110990484B (en) 2019-11-27 2019-11-27 Information storage method, system, computer equipment and storage medium based on block chain

Publications (2)

Publication Number Publication Date
CN110990484A CN110990484A (en) 2020-04-10
CN110990484B true CN110990484B (en) 2023-10-24

Family

ID=70087410

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911183946.5A Active CN110990484B (en) 2019-11-27 2019-11-27 Information storage method, system, computer equipment and storage medium based on block chain

Country Status (1)

Country Link
CN (1) CN110990484B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111832046B (en) * 2020-07-02 2024-02-23 中通服创发科技有限责任公司 Trusted data certification method based on blockchain technology
CN112307445B (en) * 2020-09-30 2021-08-10 深圳百纳维科技有限公司 Identity management method and device based on block chain
CN113515764B (en) * 2021-06-24 2021-11-30 南京可信区块链与算法经济研究院有限公司 Data management and control method
CN114666065B (en) * 2022-03-28 2023-05-30 深圳大学 Message encryption transmission method, device, equipment and medium based on block chain
CN115430138B (en) * 2022-08-25 2023-04-11 深圳快狗互动科技有限公司 Stand-alone game data safe storage method and device and computer equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079037A (en) * 2016-09-18 2017-08-18 深圳前海达闼云端智能科技有限公司 Identity identifying method, device, node and system based on block chain
CN108777684A (en) * 2018-05-30 2018-11-09 招商银行股份有限公司 Identity identifying method, system and computer readable storage medium
CN109522698A (en) * 2018-10-11 2019-03-26 平安科技(深圳)有限公司 User authen method and terminal device based on block chain
CN110493237A (en) * 2019-08-26 2019-11-22 深圳前海环融联易信息科技服务有限公司 Identity management method, device, computer equipment and storage medium
CN110490588A (en) * 2019-08-23 2019-11-22 深圳前海环融联易信息科技服务有限公司 Letter of identity management method, device, computer equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11250493B2 (en) * 2014-03-31 2022-02-15 Monticello Enterprises LLC System and method for performing social media cryptocurrency transactions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079037A (en) * 2016-09-18 2017-08-18 深圳前海达闼云端智能科技有限公司 Identity identifying method, device, node and system based on block chain
CN108777684A (en) * 2018-05-30 2018-11-09 招商银行股份有限公司 Identity identifying method, system and computer readable storage medium
CN109522698A (en) * 2018-10-11 2019-03-26 平安科技(深圳)有限公司 User authen method and terminal device based on block chain
CN110490588A (en) * 2019-08-23 2019-11-22 深圳前海环融联易信息科技服务有限公司 Letter of identity management method, device, computer equipment and storage medium
CN110493237A (en) * 2019-08-26 2019-11-22 深圳前海环融联易信息科技服务有限公司 Identity management method, device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN110990484A (en) 2020-04-10

Similar Documents

Publication Publication Date Title
CN110990484B (en) Information storage method, system, computer equipment and storage medium based on block chain
US11323276B2 (en) Mutual authentication of confidential communication
US11108565B2 (en) Secure communications providing forward secrecy
US8594324B2 (en) Key validation scheme
US8285989B2 (en) Establishing a secured communication session
US20170374033A1 (en) Authentication via revocable signatures
EP4066434B1 (en) Password-authenticated public key establishment
CN107094108B (en) Device connected to a data bus and method for implementing an encryption function in said device
US8468339B2 (en) Efficient security information distribution
CN111989891A (en) Data processing method, related device and block chain system
US20150288527A1 (en) Verifiable Implicit Certificates
US20090094452A1 (en) Efficient Certified Email Protocol
KR100635280B1 (en) Security method using electronic signature
CN115580396B (en) Tight trace query system and method
US10263773B2 (en) Method for updating a public key
KR20230024369A (en) Creation of Secret Shares
CN107332833B (en) Verification method and device
CN115885498A (en) Threshold signature
JP2023547156A (en) Identifying denial of service attacks
CN110266478B (en) Information processing method and electronic equipment
US9054861B2 (en) Enhanced key agreement and transport protocol
Chen et al. How to bind a TPM’s attestation keys with its endorsement key
US11438146B1 (en) System and method for performing key exchange while overcoming a malicious adversary party
CN112287399B (en) Digital signature method, system and device
Zhang et al. A new non-interactive deniable authentication protocol based on generalized ElGamal signature scheme

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant