CN111079157A - Secret fragmentation trusteeship platform based on block chain, equipment and medium - Google Patents
Secret fragmentation trusteeship platform based on block chain, equipment and medium Download PDFInfo
- Publication number
- CN111079157A CN111079157A CN201911151092.2A CN201911151092A CN111079157A CN 111079157 A CN111079157 A CN 111079157A CN 201911151092 A CN201911151092 A CN 201911151092A CN 111079157 A CN111079157 A CN 111079157A
- Authority
- CN
- China
- Prior art keywords
- secret
- node
- hash value
- platform
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013467 fragmentation Methods 0.000 title claims abstract description 15
- 238000006062 fragmentation reaction Methods 0.000 title claims abstract description 15
- 239000012634 fragment Substances 0.000 claims abstract description 39
- 238000012545 processing Methods 0.000 claims abstract description 15
- 238000013475 authorization Methods 0.000 claims abstract description 8
- 238000012795 verification Methods 0.000 claims description 11
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 3
- 239000000126 substance Substances 0.000 claims description 3
- 238000000034 method Methods 0.000 description 29
- 230000008569 process Effects 0.000 description 20
- 238000010586 diagram Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 7
- 230000006854 communication Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Power Engineering (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application discloses a secret fragmentation trusteeship platform based on a block chain, a device and a medium. The platform comprises an authorized party node, a data processing module and a data processing module, wherein the authorized party node is used for receiving the secret fragments distributed by the authorized party node and acquiring the hash values of the secret fragments by adopting a hash algorithm; the authorization side node is used for acquiring the hash value of the secret fragment of each authorization side node and encrypting the hash value for the first time; and the trustee node is used for encrypting the hash value after the first encryption for the second time, writing the encrypted hash value into the block chain, and processing the received request for reading the secret according to a preset intelligent contract. By the platform, distributed management of the secret can be realized, the safety of secret trusteeship is enhanced, and the integrity and tamper resistance of the secret are ensured.
Description
Technical Field
The application relates to the technical field of information encryption, in particular to a secret fragmentation trusteeship platform based on a block chain, a device and a medium.
Background
With the development of economy, technology becomes the core competitiveness of enterprise development and progress. In modern society, the core technology of an enterprise often exists as an enterprise secret, and the security and confidentiality of the enterprise are very important.
In the current secret escrow method, the trusting party needs to completely delegate the secret to a certain trustee. This means that the degree of reliability of the trusted party directly determines the degree of security of the secret. If the entrusted party's insider is motivated by interest to use the entruster's secret in violation of his interest to seek personal interest, it will cause huge and irretrievable harm to the entruster.
Therefore, the secrecy escrow method has low safety protection degree, weak risk resistance and low reliability.
Disclosure of Invention
The embodiment of the application provides a secret fragmentation trusteeship platform, equipment and a medium based on a block chain, which are used for solving the following technical problems in the prior art: the safety of the secrecy escrow is low and the anti-risk capability is weak.
The embodiment of the application adopts the following technical scheme:
a secret sharding hosting platform based on a blockchain, the blockchain platform including a plurality of nodes including a delegator node, and a plurality of authorizer nodes, the platform comprising:
the authorization side node is used for receiving the secret fragments distributed by the entrusting side node and acquiring the hash value of the secret fragments by adopting a hash algorithm;
the authorization side node is used for acquiring the hash value of the secret fragment of each authorization side node and encrypting the hash value for the first time;
and the trustee node is used for encrypting the hash value after the first encryption for the second time, writing the encrypted hash value into the block chain, and processing the received request for reading the secret according to a preset intelligent contract.
Optionally, the delegate node is further specifically configured to perform first encryption on the hash value by using a symmetric encryption algorithm.
Optionally, the trustee node is further specifically configured to perform second encryption on the hash value after the first encryption by using an asymmetric encryption algorithm.
Optionally, the trustee node is further specifically configured to perform, based on the received request for reading the secret, first decryption on the encrypted hash value in the block chain; the consignor node is also used for carrying out second decryption on the hash value after the first decryption; the trustee node is also used for verifying the hash value after the two times of decryption according to the pre-stored hash value; and the authorizer node is also used for returning the secret shard after the verification is passed.
Optionally, the trustee node is further configured to record, according to a preset intelligent contract, the user identifier of the request for sending the read secret and the corresponding read time on the blockchain after the verification is passed.
Optionally, the symmetric encryption algorithm comprises an AES encryption algorithm, an SM4 encryption algorithm.
Optionally, the asymmetric encryption algorithm comprises an RSA encryption algorithm, an SM2 encryption algorithm.
Optionally, the hashing algorithm comprises MD5, SHA1, SHA 256.
An apparatus for secret defragmentation hosting based on a blockchain, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
receiving secret fragments distributed by a consignor node, and acquiring hash values of the secret fragments by adopting a hash algorithm;
obtaining the hash value of the secret fragment of each authorized party node, and encrypting the hash value for the first time;
and encrypting the hash value after the first encryption for the second time, writing the encrypted hash value into the block chain, and processing the received request for reading the secret according to a preset intelligent contract.
A non-volatile computer storage medium hosted for secret fragmentation based on a blockchain, storing computer-executable instructions configured to:
receiving secret fragments distributed by a consignor node, and acquiring hash values of the secret fragments by adopting a hash algorithm;
obtaining the hash value of the secret fragment of each authorized party node, and encrypting the hash value for the first time;
and encrypting the hash value after the first encryption for the second time, writing the encrypted hash value into the block chain, and processing the received request for reading the secret according to a preset intelligent contract.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects: by dividing the secret into a plurality of secret fragments, the decentralized keeping of the secret is realized, and any authorized party cannot read all the secrets through only one secret fragment kept by the authorized party, so that the risk of secret leakage is reduced; the trustee cannot store the secret and cannot easily read the secret, so that the security of the secret is enhanced; the intelligent contract in the block chain platform limits the permission of reading the secret, and enhances the security of secret keeping; by keeping the secret encrypted, the security of the secret is also enhanced.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic architecture diagram of a secret fragmentation hosting platform based on a block chain according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an apparatus for block chain-based secret fragmentation hosting for hosting the block chain-based secret fragmentation hosting platform according to fig. 1 according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person skilled in the art without making any inventive step based on the embodiments in the description belong to the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is an architectural diagram of a secret fragmentation hosting platform based on a block chain according to an embodiment of the present application, where the platform specifically includes an entrusting party node 101, a entrusting party node 102, and a plurality of authorizing party nodes 103. Here, the requesting node 101 is the owner of the secret, the accepting node 102 is the party that accepts the request of the requesting node 101 and manages the secret, the authorizing node 103 is the party that actually holds the secret specified by the requesting node 101, and communication can be performed between the requesting node 101 and the accepting node 102, between the requesting node 101 and the authorizing node 103, and between the accepting node 102 and the authorizing node 103.
In the embodiment of the present application, the secret fragmentation escrow specifically includes a process of storing a secret, and a process of reading the secret.
Specifically, in the process of storing the secret, the entrusting party node 101 may first divide the secret into a corresponding number of secret shards according to the number of the authorizing party nodes 103, and distribute the secret shards to the authorizing party nodes 103, where each authorizing party node 103 holds one secret shard. By dividing the secret into a plurality of secret fragments and storing the secret by a plurality of authorized party nodes, the distributed storage of the secret can be realized, the close association degree of the security of the secret and the reliability of one authorized party is reduced, the risk of secret leakage is reduced to a certain extent, and the loss of secret leakage is reduced.
After receiving the secret shards, each authorizer node 103 may hash the secret shards held by each authorizer node by using a hash algorithm to obtain hash values. Specifically, the hash algorithm used by each authorized node 103 may be an MD5 algorithm, an SHA1 algorithm, an SHA256 algorithm, and the like, and each authorized node 103 may use the same hash algorithm or different hash algorithms, which is not limited in this application.
The trustee node 102 may respectively obtain the hash value of each secret shard from each authorizer node 103, and store all the obtained hash values for verification of the hash values in a subsequent secret reading process. The trustee node only acquires the hash value of each secret fragment but cannot acquire each secret fragment, namely, the trustee node cannot directly contact the secret, and the trustee node cannot acquire the secret according to the hash value of the secret according to the irreversibility of the hash algorithm.
Before writing the secret to the blockchain, the delegator node 101 may obtain hash values for each secret shard from each authorizer node 103 and encrypt each hash value. Specifically, the entrusting node 101 may employ a symmetric encryption algorithm to encrypt the hash value of the secret shard with a randomly generated character string as a key. Such as AES encryption algorithm, SM4 encryption algorithm, and so on. By encrypting the hash value of the secret fragment, the security of the secret can be guaranteed, and the security degree of the secret can be improved.
Further, after obtaining the hash value of the first encrypted secret fragment, the trustee node 102 may perform a second encryption, and then write the hash value of the twice encrypted secret fragment into the block chain. Specifically, when the trustee node 102 registers in the blockchain platform for the first time, the corresponding public key and private key can be obtained. The trusted party node 102 may use an asymmetric encryption algorithm, and use a public key as a key to encrypt the hash value after the first encryption. The trusted party node 102 may encrypt the data using an asymmetric encryption algorithm such as an RSA encryption algorithm or an SM2 encryption algorithm. Through secondary encryption, the security protection measures of the entrusted side node can be added on the basis of the encryption of the entrusted side node, and the security of secret fragments is further enhanced.
When writing the secret into the block chain, the trustee node 102 may write the information of the corresponding trustee node and the information of all authorizer nodes, such as the name and address, into the block chain in association with each other.
The secret is stored on the block chain, and the integrity and the tamper resistance of the secret can be ensured by utilizing the tamper resistance characteristic of the block chain, so that the safety degree of the secret is improved, and the safety of the secret is enhanced. Moreover, the secret is encrypted, so that the security of the secret can be further enhanced, and the secret can be prevented from being leaked.
In reading the secret, the trusted party node 102 may receive the request to read the secret and process the received request according to a preset intelligent contract.
Specifically, the trustee node 102 may extract the hash value of the encrypted secret in the blockchain based on the received request to read the secret, and decrypt the hash value of the encrypted secret. Corresponding to the encryption process, the trustee node 102 may employ a corresponding asymmetric encryption algorithm, and use the private key as a key to perform a first decryption on the twice-encrypted hash value. Through the encryption and decryption processes of the asymmetric encryption algorithm, the security of the secret can be ensured, and the secret cannot be acquired by others.
Then, for the first decrypted secret hash value, the entrusting node 101 may perform second decryption on the first decrypted hash value by using the key in the corresponding symmetric encryption algorithm in the encryption process, so as to obtain the secret hash value. Through the symmetric encryption process of the consignor node, the process of reading the secret can be ensured to be known by the consignor node, and the process of reading the secret is legal after the permission of the consignor node.
After the decryption of the secret is completed, the trusted party node 102 may compare and verify the hash value obtained after the two decryptions with the hash value obtained from each authorizing party node 103 and stored in the process of storing the secret. If the hash values are the same, it indicates that the verification is passed, and also indicates that the secret read by the trustee node 102 from the blockchain has not been tampered during the communication process. If the hash values are different, this indicates that the verification is not passed, and also indicates that the secret read by the trustee node 102 from the blockchain may be tampered during the communication process. Through the verification of the hash value, the integrity of the secret can be verified, the secret is ensured not to be tampered in the communication process, and the process of reading the secret is ensured to be safe.
Further, after obtaining the twice decrypted hash values, the trustee node 102 may obtain the hash value of each secret shard from each authorizer node 103 again, and perform verification using the newly obtained hash value and the decrypted hash value. By the method, the hash value pre-stored by the trustee node can be prevented from being tampered, so that the decrypted hash value cannot be correctly verified, and the safety of the verification process can be further enhanced.
The authorizer node 103 may return the held shard of the secret to the user requesting to read the secret after the authentication is passed. The user requesting to read the secret can respectively obtain the secret shards from the nodes of the authorized parties and integrate the obtained secret shards to obtain the complete secret.
In the process of secret storage and secret reading, the secret is divided into secret fragments, and the secret fragments are subjected to hashing and twice encryption, so that the dispersed keeping of the secret is realized, the security of the secret at the trustee node is ensured, and the security degree of the secret is enhanced. Meanwhile, the secret is written into the block chain, so that the tamper resistance of the secret is ensured, the secret is prevented from being maliciously tampered in the storage process, and the integrity of the secret is ensured.
In addition, the trustee node 102 may also record, according to a preset intelligent contract, the user identifier sending the request for reading the secret fragment and the corresponding reading time on the blockchain after the verification of the hash value is passed and the authorizer node 103 returns the secret to the user requesting to read the secret. In this way, tracing back the secret reading can be achieved through the block chain, and can be used for confirming the secret related security problem at a later time.
Based on the same idea, some embodiments of the present application further provide a device and a non-volatile computer storage medium corresponding to the above-described platform.
Fig. 2 is a schematic structural diagram of a block chain-based secret fragmentation hosting device corresponding to fig. 1 and used for hosting the block chain-based secret fragmentation hosting platform described above according to an embodiment of the present application, where the block chain device includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
receiving secret fragments distributed by a consignor node, and acquiring hash values of the secret fragments by adopting a hash algorithm;
obtaining the hash value of the secret fragment of each authorized party node, and encrypting the hash value for the first time;
and encrypting the hash value after the first encryption for the second time, writing the encrypted hash value into the block chain, and processing the received request for reading the secret according to a preset intelligent contract.
Some embodiments of the present application provide a non-volatile computer storage medium corresponding to a block chain based secret defragmentation escrow of fig. 1, having stored thereon computer-executable instructions configured to:
receiving secret fragments distributed by a consignor node, and acquiring hash values of the secret fragments by adopting a hash algorithm;
obtaining the hash value of the secret fragment of each authorized party node, and encrypting the hash value for the first time;
and encrypting the hash value after the first encryption for the second time, writing the encrypted hash value into the block chain, and processing the received request for reading the secret according to a preset intelligent contract.
The embodiments in the present application are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the device and media embodiments, since they are substantially similar to the platform embodiments, the description is relatively simple, and reference may be made to some descriptions of the platform embodiments for relevant points.
The device and the medium provided by the embodiment of the application are in one-to-one correspondence with the platform, so that the device and the medium also have beneficial technical effects similar to the platform corresponding to the device and the medium.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A secret sharding hosting platform based on a blockchain, wherein the blockchain platform comprises a plurality of nodes, the plurality of nodes comprise an entrusting party node, a entrusting party node and a plurality of authorizing party nodes, and the platform comprises:
the authorization side node is used for receiving the secret fragments distributed by the entrusting side node and acquiring the hash value of the secret fragments by adopting a hash algorithm;
the authorization side node is used for acquiring the hash value of the secret fragment of each authorization side node and encrypting the hash value for the first time;
and the trustee node is used for encrypting the hash value after the first encryption for the second time, writing the encrypted hash value into the block chain, and processing the received request for reading the secret according to a preset intelligent contract.
2. The platform of claim 1, wherein the principal node is further configured to encrypt the hash value a first time using a symmetric encryption algorithm.
3. The platform of claim 1, wherein the trusted party node is further configured to encrypt the hash value after the first encryption a second time using an asymmetric encryption algorithm.
4. The platform of claim 1,
the trustee node is further specifically configured to decrypt the encrypted hash value in the block chain for the first time based on the received request for reading the secret;
the consignor node is also used for carrying out second decryption on the hash value after the first decryption;
the trustee node is also used for verifying the hash value after the two times of decryption according to the pre-stored hash value;
and the authorizer node is also used for returning the secret shard after the verification is passed.
5. The platform of claim 4, wherein the trusted party node is further configured to record, after passing the verification according to a preset intelligent contract, an identity of a user sending the request to read the secret and a corresponding read time on a blockchain.
6. The platform of claim 2, wherein the symmetric encryption algorithm comprises an AES encryption algorithm, an SM4 encryption algorithm.
7. The platform of claim 3, wherein the asymmetric encryption algorithm comprises an RSA encryption algorithm, an SM2 encryption algorithm.
8. The platform of claim 1, in which the hashing algorithm comprises MD5, SHA1, SHA 256.
9. A device for secret fragmentation escrow based on a blockchain, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
receiving secret fragments distributed by a consignor node, and acquiring hash values of the secret fragments by adopting a hash algorithm;
obtaining the hash value of the secret fragment of each authorized party node, and encrypting the hash value for the first time;
and encrypting the hash value after the first encryption for the second time, writing the encrypted hash value into the block chain, and processing the received request for reading the secret according to a preset intelligent contract.
10. A non-volatile computer storage medium hosted for secret fragmentation based on a blockchain, storing computer-executable instructions configured to:
receiving secret fragments distributed by a consignor node, and acquiring hash values of the secret fragments by adopting a hash algorithm;
obtaining the hash value of the secret fragment of each authorized party node, and encrypting the hash value for the first time;
and encrypting the hash value after the first encryption for the second time, writing the encrypted hash value into the block chain, and processing the received request for reading the secret according to a preset intelligent contract.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911151092.2A CN111079157A (en) | 2019-11-21 | 2019-11-21 | Secret fragmentation trusteeship platform based on block chain, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911151092.2A CN111079157A (en) | 2019-11-21 | 2019-11-21 | Secret fragmentation trusteeship platform based on block chain, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111079157A true CN111079157A (en) | 2020-04-28 |
Family
ID=70311594
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911151092.2A Pending CN111079157A (en) | 2019-11-21 | 2019-11-21 | Secret fragmentation trusteeship platform based on block chain, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111079157A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111339536A (en) * | 2020-05-15 | 2020-06-26 | 支付宝(杭州)信息技术有限公司 | Data verification method and device based on secure execution environment |
| CN112100178A (en) * | 2020-09-08 | 2020-12-18 | 中国联合网络通信集团有限公司 | Delegation authorization verification method and system |
| CN115567203A (en) * | 2022-09-23 | 2023-01-03 | 太保科技有限公司 | Method, device, equipment and storage medium for recovering secret information |
-
2019
- 2019-11-21 CN CN201911151092.2A patent/CN111079157A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111339536A (en) * | 2020-05-15 | 2020-06-26 | 支付宝(杭州)信息技术有限公司 | Data verification method and device based on secure execution environment |
| CN112100178A (en) * | 2020-09-08 | 2020-12-18 | 中国联合网络通信集团有限公司 | Delegation authorization verification method and system |
| CN112100178B (en) * | 2020-09-08 | 2023-05-12 | 中国联合网络通信集团有限公司 | Delegation authorization verification method and system |
| CN115567203A (en) * | 2022-09-23 | 2023-01-03 | 太保科技有限公司 | Method, device, equipment and storage medium for recovering secret information |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109886040B (en) | Data processing method, data processing device, storage medium and processor | |
| CN111181720B (en) | Service processing method and device based on trusted execution environment | |
| CN107959567B (en) | Data storage method, data acquisition method, device and system | |
| CN108055125B (en) | Method and device for encrypting and decrypting product information | |
| CN110519260B (en) | Information processing method and information processing device | |
| US9813247B2 (en) | Authenticator device facilitating file security | |
| CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
| CN107317677B (en) | Secret key storage and equipment identity authentication method and device | |
| CN111935075A (en) | Block chain-based digital identity signing and issuing method, equipment and medium | |
| US9020149B1 (en) | Protected storage for cryptographic materials | |
| US11146554B2 (en) | System, method, and apparatus for secure identity authentication | |
| CN111079157A (en) | Secret fragmentation trusteeship platform based on block chain, equipment and medium | |
| CN108200014B (en) | Method, device and system for accessing server by using intelligent key device | |
| CN113497709A (en) | Trusted data source management method based on block chain, signature device and verification device | |
| CN113472521A (en) | Block chain-based real-name digital identity management method, signature device and verification device | |
| WO2015144672A1 (en) | Method and system for encrypted data synchronization for secure data management | |
| CN111460420A (en) | Method, device and medium for using electronic seal based on block chain | |
| CN114826661A (en) | Data access method, device and medium based on open API | |
| CN114547648A (en) | Data hiding trace query method and system | |
| US20190044721A1 (en) | Device authorization using symmetric key systems and methods | |
| US10785193B2 (en) | Security key hopping | |
| CN107026730B (en) | Data processing method, device and system | |
| CN103973698A (en) | User access right revoking method in cloud storage environment | |
| KR102364649B1 (en) | APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF | |
| EP3455763B1 (en) | Digital rights management for anonymous digital content sharing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200814 Address after: Room 1-2301, Building 7, North District, Shandong Design and Creative Industry Park, No. 868 Tangye West Road, Licheng District, Jinan City, Shandong Province, 250102 Applicant after: SHANDONG INSPUR QUALINK TECHNOLOGY Co.,Ltd. Address before: Room 3110, S01 building, Langchao building, No. 1036, Langchao Road, high tech Zone, Jinan City, Shandong Province 250101 Applicant before: Shandong Aicheng Network Information Technology Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |