CN111147241A - Key protection method based on block chain - Google Patents

Key protection method based on block chain Download PDF

Info

Publication number
CN111147241A
CN111147241A CN201911408635.4A CN201911408635A CN111147241A CN 111147241 A CN111147241 A CN 111147241A CN 201911408635 A CN201911408635 A CN 201911408635A CN 111147241 A CN111147241 A CN 111147241A
Authority
CN
China
Prior art keywords
access device
holder
server
blockchain
test
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911408635.4A
Other languages
Chinese (zh)
Inventor
张锦喜
孙大伟
彭奕填
叶亚芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Zhuoqi Investment Co Ltd
Original Assignee
Guangdong Zhuoqi Investment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Zhuoqi Investment Co Ltd filed Critical Guangdong Zhuoqi Investment Co Ltd
Priority to CN201911408635.4A priority Critical patent/CN111147241A/en
Publication of CN111147241A publication Critical patent/CN111147241A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Accounting & Taxation (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Power Engineering (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a key protection method based on a block chain, which comprises the steps of selecting a plurality of blocks from a plurality of block chains as target blocks by a processor, generating and sending a test message to a plurality of undetermined blocks by the target blocks, and electronically recording access equipment in a readable storage medium of a computer in the plurality of undetermined blocks after the step of generating and sending the test message; the access device is configured to control the nodes of each block chain to be disassembled, the nodes of each block chain respectively use the initial keys of the nodes as operation factors, and key protection signatures are obtained through fitting of a formula (1) according to the operation factors in the disassembled nodes of each block chain. By adopting the operation of matching verification of the private key, the proxy address and the identification information, the operation of the whole block chain has higher safety, and the safety of the transaction information on the block chain is effectively protected.

Description

Key protection method based on block chain
Technical Field
The invention relates to the technical field of block chains, in particular to a key protection method based on a block chain.
Background
In the bottom technology of the block chain, a large number of cryptographic algorithms are used, such as cryptographic algorithms for ensuring communication security between network nodes, preventing falsification during message transmission, ensuring that a receiver confirms that a message source is correct, and the like, and a key is a result generated by the cryptographic algorithms and is used for data encryption or digital signature. The management and application of nodes in a blockchain in a group form is a working mode under a current blockchain mechanism, and in this mode, a corresponding key needs to be generated for each node group, and in the current situation, a key of a node group is often generated by a certain node in the node group or a control node outside the node group. However, since it is difficult to ensure the validity of an individual node, and the generated key may be maliciously tampered, the key of the node group is generated only by a certain node, so that the security and reliability are low, and further, the security and reliability of data transmission or digital signature between node groups under the block chain mechanism are reduced.
The invention is made in order to solve the problems of single key protection means, poor protection effect and the like which generally exist in the field.
Disclosure of Invention
The invention aims to provide a key protection method based on a block chain, aiming at the defects of the key protection of the current block chain.
In order to overcome the defects of the prior art, the invention adopts the following technical scheme:
a key protection method based on a block chain comprises the following steps: selecting, with a processor, a plurality of blocks from a plurality of block chains as target blocks, the target blocks generating a test message and sending the test message to a plurality of pending blocks, and after the step of generating and sending the test message, recording in a computer readable storage medium the electronics of the access device in the plurality of pending blocks that have been accessed;
identifying a holder associated with an access device and providing a message to the holder on said access device, the message prompting the holder to require authorization to download a malicious application associated with the access device;
after receiving the authorization of the holder, downloading and installing a malicious application on an access device, and configuring a proxy address from the access device where the malicious application is installed, wherein the proxy address on the access device is configured to automatically send a test message by using a processor of the access device, and the proxy address on the access device is configured to scan a memory of the access device by using the processor of the access device to acquire contact information of a next block to be determined of another holder;
automatically sending a second test message directly to the next block to be determined by a processor of the access device according to the proxy address on the access device, the second test message including the identification information of the holder and a recommended access device associated with the server; and automatically storing the data in the isolated memory through the processor, so that the access device installed by the malicious application does not perform data communication transmission with the blockchain.
Optionally, the access device is configured to control nodes of each block chain to be disassembled, and each node of each block chain takes its own initial key as an operation factor, and obtains a key protection signature through fitting of a formula (1) according to the operation factor in each of the disassembled nodes of the block chain;
according to the operation factor of the initial key on the block chain, the following node function is obtained, Q (i), and the data table of Q (i) is as follows:
Figure BDA0002349368910000021
Figure BDA0002349368910000022
fitting an array of calculation factors according to the data table, fitting according to the polynomial of formula (1),
Figure BDA0002349368910000023
wherein ρ 0, ρ 1 … … are blockchain hash values on the blockchain,
Figure BDA0002349368910000031
and T is the operation factor of each data table and is the number of times of any splitting operation factor.
Optionally, the access device is configured to generate and send a test message to a target device of a plurality of servers based on a plurality of target tiles, and the proxy address on the target device is further configured to match contact information of the server target device of the other holder with tile chain information of the other holder, and retrieve other transaction information from the information of the tile chain.
Optionally, the proxy address on the access device is further configured to determine access level information of at least one of: a block in a blockchain in a plurality of the server target devices;
the address of the proxy on the server target device is also configured to be specific to the super node of the holder having the higher access level.
Optionally, the server device is configured to communicate with a test phone using an internet connection or other wireless communication method, the test phone having a gateway application configured to operate as part of a system for assessing data security and to be used to launch or defend against attacks.
Optionally, the gateway application is configured to perform or facilitate performance of a test attack, the gateway application being configured to directly simulate an attacker.
Optionally, the server device or gateway application is configured to simulate different attacker profiles, one attacker profile being configured to simulate an attacker using highly outdated vulnerabilities and widely used scripts, and another attacker profile simulating an attacker.
Optionally, the system for evaluating data security is configured to simulate or participate in post-attack behavior once access to a particular device is obtained.
Optionally, the server device further comprises one or more interfaces displaying bearer output from the server device to the server device, the web server component of the server device communicating with the bearer via a graphical bearer interface, and the engine component of the server device being configured to display output to the bearer in the form of a text-based bearer interface;
according to the server apparatus including accessing a simulation server, the simulation server outputs information to a graphical or text-based holder interface as needed.
Optionally, the test attack takes the form of attempting to have the holder of the test subject device install an application on its device or otherwise compromise the security of the transaction record on the block, and the test attack takes the form of attempting to take advantage of inherent holes in a particular test subject device or type of test subject device to avoid tampering with the transaction information on the block.
The beneficial effects obtained by the invention are as follows:
1. the keys of each block chain are stored in a specific key storage unit, the key storage unit is in data connection with the processor, in the connection process, the validity of the keys needs to be checked, the key manager performs centralized checking in the checking process, and the keys are stored in the key storage unit through the key manager, so that the keys are effectively prevented from being leaked and imitated, and the safety of information of transactions on the block chains is improved;
2. by adopting the test of the test message and combining with the access records stored in a plurality of undetermined blocks of the electronic record of the access equipment and cached in the undetermined blocks, all records for attacking or accessing the test information are stored, so that when the same attacking behaviors occur, the records in the undetermined blocks can be activated and the illegal attacking behaviors are resisted;
3. the identification information is adopted to enable the block chain to be connected with the server or not in the process of testing or simulating the attack, and if the identification information does not appear, the server is determined as the attack behavior, and the server is isolated by the processor;
4. the original text of the private key is calculated by adopting a data table obtained by carrying out operation factors on the initial keys on each block chain, and particularly, the private key is changed according to the splitting times of the data table, so that the private key has high safety;
5. by adopting the behavior of guiding the attack to access the virtual block, the generation of copying or tampering transaction information and transaction records of the network of the whole block chain by the attack behavior is reduced to the greatest extent, and the safety performance of the whole block chain is improved;
6. the operation of the whole block chain has higher safety by adopting the operation of the matching verification of the private key, the proxy address and the identification information. The safety of the transaction information on the blockchain is effectively protected.
Drawings
The invention will be further understood from the following description in conjunction with the accompanying drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the embodiments. Like reference numerals designate corresponding parts throughout the different views.
Fig. 1 is a block flow diagram of the processor accessing a blockchain.
Fig. 2 is a block diagram of the flow of the owner access.
Fig. 3 is a block diagram of the key fitting process.
Fig. 4 is a block diagram of a flow of the test message during access.
Fig. 5 is a test control block diagram of the test message.
Fig. 6 is a control block diagram of the display interface of the server apparatus.
Fig. 7 is a block diagram of a display interface of the server apparatus.
Fig. 8 is a system block diagram of the data security.
Detailed Description
In order to make the objects and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the following embodiments; it should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. Other systems, methods, and/or features of the present embodiments will become apparent to those skilled in the art upon review of the following detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description, be within the scope of the invention, and be protected by the accompanying claims. Additional features of the disclosed embodiments are described in, and will be apparent from, the detailed description that follows.
The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it should be understood that if there is an orientation or positional relationship indicated by the terms "upper" and "lower" and "left" and "right" etc., it is only for convenience of description and simplification of the description based on the orientation or positional relationship shown in the drawings, but it is not indicated or implied that the device or assembly referred to must have a specific orientation.
The first embodiment is as follows: a key protection method based on a block chain comprises the following steps: selecting, with a processor, a plurality of blocks from a plurality of block chains as target blocks, the target blocks generating a test message and sending the test message to a plurality of pending blocks, and after the step of generating and sending the test message, recording in a computer readable storage medium the electronics of the access device in the plurality of pending blocks that have been accessed;
identifying a holder associated with an access device and providing a message to the holder on said access device, the message prompting the holder to require authorization to download a malicious application associated with the access device;
after receiving the authorization of the holder, downloading and installing a malicious application on an access device, and configuring a proxy address from the access device where the malicious application is installed, wherein the proxy address on the access device is configured to automatically send a test message by using a processor of the access device, and the proxy address on the access device is configured to scan a memory of the access device by using the processor of the access device to acquire contact information of a next block to be determined of another holder;
automatically sending a second test message directly to the next block to be determined by a processor of the access device according to the proxy address on the access device, the second test message including the identification information of the holder and a recommended access device associated with the server; and automatically storing the data in the isolated memory through the processor, so that the access device installed by the malicious application does not perform data communication transmission with the blockchain.
Example two: a block chain based key protection method comprising selecting a plurality of blocks from a plurality of block chains as target blocks with a processor, the target blocks generating and sending a test message to a plurality of pending blocks, and electronically recording an access device in the accessed plurality of pending blocks in a computer readable storage medium after the step of generating and sending the test message; identifying a holder associated with an access device and providing a message to the holder on said access device prompting the holder to authorize download of a malicious application associated with the access device; after receiving the authorization, downloading and installing the malicious application on the access device, and installing an agent address on the device from the malicious application, wherein the agent address on the device is configured to automatically send a test message by using a processor of the access device, and the agent address on the device is configured to scan a memory of the access device by using the processor of the access device to acquire contact information of a next block to be determined of another holder; using proxy ground on a deviceAddressing and using a processor of the access device to automatically send a second test message directly to the next block to be determined, the second test message including identification information of the holder and a recommended access device associated with the server; and automatically stored in the isolated memory by the processor so that the access device does not communicate data with the blockchain. Specifically, in each of the target blocks, each of the target blocks is provided with a plurality of nodes. In this embodiment, the sending of the test message is performed for each node, where the sending of the test message includes operations such as an attack on the node. The attack operates by simply testing the access keys in the block for resistance. In this embodiment, each of the blocks is configured to have a corresponding key, and when anyone needs to access a private block chain, the key of the block chain needs to be verified, so that the block chain can be accessed, queried, browsed, edited, or the like. And the keys of the block chains are stored in a specific key storage unit, the key storage unit is in data connection with the processor, in the connection process, the validity of the keys needs to be checked, and the key manager performs centralized checking in the checking process and stores the keys in the key storage unit through the key manager. The test message can be generated and sent in the undetermined block, a record of the test message is stored in a plurality of undetermined blocks of the electronic record of the access device, and the access record cached in the undetermined blocks stores all records of the attack or access of the test message, so that when the same attack behavior occurs, the record in the undetermined blocks can be activated, and the illegal attack behavior can be resisted. In this embodiment, a key protection method is further provided, where the protection method further includes a key generation algorithm, and a formula of the algorithm is:
Figure BDA0002349368910000081
wherein N is the number of block chains; ki is the number of times of searching the test message of the ith key fragment; fi for finding ith record stationThe number of comparisons of the required key; and the result calculated by the QPM is the key of the block chain. And storing the secret key in the storage unit, wherein the generated secret key is protected by the secret key protection device, the secret key protection device is configured to be deployed with a plurality of nodes to form a cluster, so that the search throughput requirement of the system is met, the number of the nodes can be dynamically reduced, the system resources are saved, the performance of other subsystems can be improved, and the number of the nodes can be increased, so that the performance of the search subsystem is proportionally improved. The index in the cluster has multiple copies, and the unavailability of a single node does not affect the availability of the whole subsystem. If a node is unavailable, the data on that node will automatically recreate copies on other available nodes, which copies can generate private keys. In this embodiment, the keys of the block chain include a public key and a private key, and the generation of the public key can be performed by the key generation algorithm. The generation of the private key is calculated by an asymmetric encryption algorithm, so that the private key is effectively ensured to have high protection efficiency. In addition, in this embodiment, the asymmetric encryption algorithm includes, but is not limited to, two algorithms listed below for generation, specifically: including RSA and ECC. In the block chain, an elliptic curve digital signature algorithm is commonly used, which is an analog of the digital signature algorithm by using an elliptic curve encryption algorithm. The elliptic curve cryptographic algorithm realizes functions of data encryption and decryption, digital signature, identity authentication and the like, and has the advantages of high safety, convenience in generating public and private keys, high processing speed, small storage space and the like. Compared with the RSA algorithm, in practical development and use, the elliptic curve encryption is more widely used, and in each block in this embodiment, the SECP256k1 in the elliptic curve is used, so that 128-bit security protection can be provided. First, the sender and the receiver hold the public key of the other party and the private key of the sender and the receiver, respectively. Secondly, the sender uses the private key of the sender to encrypt the signature and uses the public key of the other party to encrypt the signature; and thirdly, the receiver uses the public key of the sender to carry out identity verification after taking the data, and uses the private key of the receiver to decrypt. Through the process, the data can be ensured not to be intercepted and irrelevant even if the data is intercepted, because no private key existsIs the original text that the key cannot be reached. In short, the asymmetric encryption algorithm actually uses a pair of secret keys, the public key is disclosed to the outside, and the private key is left. If the data is to be transmitted, it is encrypted with the public key of the other party and the recipient is decrypted with the private key. If the signature is to be signed, the signature is encrypted by the private key of the signature, and the other party verifies the signature by the public key. In addition, when the malicious application is monitored and the binding or downloading or editing operation of the malicious application is monitored according to the test message, the processor isolates the malicious application when the state of the block chain is maliciously edited, and simultaneously shields the digital address of the malicious application, so that the applied application does not perform data connection with other block chains. In the process, the malicious application can be replaced by a common attack means such as a Trojan horse virus or a worm virus. The method for protecting the key adopted in the embodiment can resist attack or the leakage of the blockchain key. In addition, in the process of sending the test message each time, the test message has identification information of the holder, the identification information enables the blockchain to identify whether to connect with the server in the process of testing or simulating an attack, and if the identification information does not appear, the server is determined to be an attack behavior, and the server is isolated by the processor. In this embodiment, each time the test information is sent, a corresponding pending block is generated, and the pending blocks are different from each other. So that the operation of the test information can be tested efficiently. In the process, the server also records the test behavior and the attack behavior. When the test behavior occurs, the server records the precautionary measures and records. If the block is an attack behavior, at the moment, the identification information does not participate, and the server and the processor are cooperatively operated, so that the attack behavior is isolated, and the transaction information stored on the block is ensured not to be leaked. Sending test information to the block to enable the first pending block and the second pending block
The access equipment is configured to control nodes of each block chain to be disassembled, each node of the block chain takes an initial key of the node as an operation factor, and a key protection signature is obtained through fitting of a formula (1) according to the operation factor in each disassembled node of the block chain; deriving a node function Q as follows from the operation factor of the initial key on the blockchain
(i) The data table of Q (i) is as follows:
Figure BDA0002349368910000101
Figure BDA0002349368910000102
fitting an array of calculation factors according to the data table, fitting according to the polynomial of formula (1),
Figure BDA0002349368910000103
wherein ρ 0, ρ 1 … … are blockchain hash values on the blockchain,
Figure BDA0002349368910000104
and T is the operation factor of each data table and is the number of times of any splitting operation factor. Specifically, in the block chains of the transaction, hash values of the block chains are not necessarily the same, and the corresponding block chain private key is obtained by obtaining different hash values of the block chains and fitting the hash values with the initial keys of the block chains, so that the private key has higher capability of resisting attacks. When the blockchain is attacked or edited, the hash value on the blockchain changes following the change of the blockchain. Thus, the occurrence of impersonation and duplication of the private key is reduced. In addition, the original text of the private key is calculated by performing a data table on the operation factors of the initial keys on each block chain, and particularly, the private key is divided according to the times of the data tableThe rows are changed so that the private key has a high degree of security. In this embodiment, all the described block chains have different hash values, and different sub-chains of the same block chain are identified as the same block chain as long as the hash values have the same status. At this time, the private key of the same hash value can be accessed or edited indiscriminately.
A target device of the access device configured to generate and send a test message to a plurality of servers based on a plurality of target tiles. The proxy address on the target device is further configured to match contact information of the server target device of the other holder with blockchain information of the other holder and to retrieve other transaction information from the blockchain information. Specifically, in each access device corresponding to each block chain, the access device accesses or edits according to the private key, and in addition, in this process, the test message can be pushed to the target device of each server, at this time, in this access, the access can be performed on each node on the block, and particularly, when any one of the hash value or the initial key on the block chain is changed, the private key will be changed, and through the dynamic change of the private key, the private key is effectively prevented from being leaked, the security of the key is ensured indeed, and the security of the transaction information on the block is ensured indirectly. In this embodiment, the target device is provided with a digital address generator during the test, and the digital address generator will work only during the transmission of the test message. That is, the digital address generator operates when the test information has the identification information. In particular, the digital address generator mimics the translation of an attack action on the digital address of the target device. The digital addresses comprise proxy addresses, which can match corresponding virtual blocks, the proxy addresses of the virtual blocks are different from the network addresses of the block chains, and at this time, the attack behavior is connected to the virtual block chains through the virtual blocks. And the virtual block is accessed by guiding the attack behavior, so that the generation of copying or tampering transaction information and transaction records of the network of the whole block chain by the attack behavior is reduced to the greatest extent, and the safety performance of the whole block chain is improved.
The proxy address on the access device is further configured to determine access level information for at least one of: a block in a blockchain in a plurality of the server target devices; the address of the proxy on the server target device is also configured to be specific to the super node of the holder having the higher access level. Specifically, the digital address generator on the access device generates the proxy address so that the proxy address can access the same level of blocks for the test message or through a private key, and access is limited only to blocks where the proxy address is similar or the same. In the blocks of the same level, the blocks may also be the virtual blocks, which are accessed in the same virtual block chain. In addition, the proxy address can also be accessed to a specific block chain, and the key needs to be verified in the accessing process. In this embodiment, the key comprises a combination of a public key and a private key. The private key needs to be provided by the holder and can be verified by the super node of the block chain, so that the super node needs to verify the identification information of the block in the process of accessing. In addition, the hash values of the super nodes of the block chains are different. In the process of accessing the super node, the private key is also calculated by the formula (1), and in the process of collecting the times T, a character string of the private key is obtained, so that the super node can be accessed. And the operation of the whole block chain has higher safety through the operation of matching verification of the private key, the proxy address and the identification information. And effectively protecting the safety of the transaction information on the blockchain.
The server device is configured to communicate with a test phone using an internet connection or other wireless communication method, the test phone having a gateway application configured to operate as part of a system for assessing data security and to be used to launch or defend against attacks. The gateway application is configured to perform or facilitate performance of a test attack, the gateway application being configured to directly simulate an attacker. The server device or gateway application is configured to simulate different attacker profiles, one attacker profile is configured to simulate an attacker using highly outdated vulnerabilities and widely used scripts, and another attacker profile simulates an attacker. Specifically, the test behavior performed by the server greatly improves the capability of resisting attacks on the whole block network. In this embodiment, the attack behavior may be performed in the wireless communication manner, and the attack may be performed on the server device, and may also be performed through other network management applications, such as: telephone communications, etc. In the process of testing the server, the test telephone can simulate the attack behavior, so that the resistance of the server equipment can be greatly improved. In addition, in the process of attack, the attack operations are all recorded in the profiles of the attackers, so that the attack operations simulating the attack behaviors can be consulted for dealing with the same attack behaviors. In the attack operation of the simulated attacker, the gateway application is attacked through the attack behavior of the script, so that the server equipment can generate the configuration file to ensure that the server can resist the attack operation of the attacker. The gateway application may send and receive communications with the server device, for example, to allow external access to a corporate network or other access-restricted network, and may allow an attacker to perform an attack. This may be useful, for example, to determine the security level of a particular network, as it may determine what types of attackers a particular network may be attacked by. The test attack may use any message protocol or combination of message protocols, including but not limited to the following list of several devices: SMS, MMS, email, instant messaging, in-app messaging, Near Field Communication (NFC), bluetooth, and ZigBee, Z-are traveling, voice, or other forms of electronic communication as needed. In this embodiment, the message used in the test attack may include a message body, which may be, for example, text, an image, a video, a sound or voice recording, or the like. Mail body, as needed.
The message used in the test attack may also include a hyperlink or another reference to the location of the website. Once the test subject device has been successfully attacked or breached, it may communicate this to a listener system or otherwise to a server device. In this embodiment, a listener system is also included throughout the system, which includes a listener and may be configured to take some action upon receiving a signal from one or more test subject devices. In this embodiment, the listener may be replaced with a poller, and may periodically check to see if a signal has been sent from one or more test subject devices. In addition, the listener system may also include an API that may control how the listener system interacts with other system components and interface software and hardware, as desired. The API may use REST, JSON, or other standards as desired. A copy of the gateway application or the like may also be employed. In this embodiment, the gateway application may be configured to communicate with its own instance, and the server device may operate the gateway application in the same or a different configuration to send or receive communications therefrom. Other devices running the gateway application.
A system for evaluating data security is configured to simulate or participate in post-attack behavior once access to a particular device is obtained. In particular, a system for evaluating data security may also take other actions to detect vulnerabilities in a target mobile device or otherwise measure mobile device security. In this embodiment, the system for evaluating data security may install or attempt to install an agent on a particular mobile device, to measure the degree of device security, or may otherwise test or scan for a particular mobile device. In this embodiment, all devices will use some form of encryption or a particular form of encryption may be a record of a transaction of the blockchain. In another embodiment, it may be specified that the user must have a login PIN or password that meets certain length or complexity requirements. In another embodiment, the policy may require the user to use some form of security on the device, such as biometric identification, or may require setting up multi-factor authentication. A system that evaluates data security may test or scan the mobile device to evaluate whether these requirements are indeed met, and an agent on the device may interact with other applications on the particular mobile device. Agents on the device may be used to evaluate the actual security of these sandboxes. In another embodiment, a particular mobile device may have another application, program, or feature that may interact with or be evaluated by an agent on the device. Other measures may also be taken to detect vulnerabilities when evaluating a system for data security. For example, a system for evaluating data security may crawl websites or other data sources, such as social media websites, to locate personal contact information of users of mobile devices or other company employees that are available for company management. Then, the personal contact information, such as: the corresponding phone number of the mobile device may be used by the system to evaluate the data security of the execution attack. This may allow the system for evaluating data security to determine, for example, which endpoints are most vulnerable or insecure, or which endpoints pose the greatest risk to the enterprise network, or any other content related to the endpoints. The system for evaluating data security may also collect other data from the infected device. In other embodiments, the system for evaluating data security may collect personal contact details or any other detailed information for any or all contacts in the user's mobile device, not just personal contact details or other organizations for contacts associated with a company. This may include contacts that the user has explicitly identified as a group or as important.
The server device further comprises one or more interfaces that display output from the server device to a holder of the server device, a web server component of the server device communicates with the holder via a graphical holder interface, and an engine component of the server device is configured to display output to the holder in the form of a text-based holder interface; according to the server apparatus including accessing a simulation server, the simulation server outputs information to a graphical or text-based holder interface as needed. Specifically, each interface of the server device may connect data of the server or share data with the server. But the interfaces are provided with verification devices which can verify the legality of the interfaces connected with the interfaces, and the private key or other verification means is needed to verify the legality in the connection process, so that the data stored on the server are safe. In this embodiment, each block chain is stored in the server, and the transactions in each block chain are stored in the server, so that the server can perform centralized management. Additionally, the web server component of the server device may communicate with the user via a graphical user interface, and the engine component of the server device may be configured to display the output to the user. The displayed output may be in the form of a text-based user interface. Other configurations are also contemplated, as desired; for example: according to the server apparatus, including accessing a simulation server, information is output to a graphical or text-based user interface. The operation which can be performed by the user can be displayed in real time, the visualization effect is achieved,
test attacks take the form of attempting to have the holder of a test subject device install an application on its device or otherwise compromise the security of the transaction record on a block, test attacks taking the form of attempting to take advantage of inherent holes in a particular test subject device or type of test subject device to avoid tampering with the transaction information on the block. In particular, in this embodiment, the test attack may be configured as an attack to be tested by a threat model. The attack type and the attack mode are actually operated by the threat model, so that the attack operation can be actually protected.
In summary, in the block chain-based key protection method of the present invention, keys of each block chain are stored in a specific key storage unit, the key storage unit is in data connection with the processor, and in the connection process, the validity of the key needs to be checked, and the key manager performs centralized checking in the checking process, and stores the key in the key storage unit through the key manager, so that the keys are effectively prevented from being leaked and imitated, and the security of information of transactions on the block chains is improved; by adopting the test of the test message and combining with the record stored in a plurality of undetermined blocks of the electronic record of the access device, the access record cached in the undetermined blocks stores all records for attacking or accessing the test information, so that when the same attacking behavior occurs, the records in the undetermined blocks can be activated and the illegal attacking behavior can be resisted; by adopting the identification information, whether the block chain is connected with the server can be identified in the process of testing or simulating an attack, and if the identification information does not appear, the server is determined as an attack behavior, and the server is isolated by the processor; calculating to obtain the original text of the private key by adopting a data table obtained by carrying out operation factors on initial keys on each block chain, and particularly, changing the private key according to the splitting times of the data table to ensure that the private key has high safety; by adopting the behavior of guiding the attack to access the virtual block, the generation of copying or tampering transaction information and transaction records of the network of the whole block chain by the attack behavior is reduced to the greatest extent, and the safety performance of the whole block chain is improved; the operation of the whole block chain has higher safety by adopting the operation of the matching verification of the private key, the proxy address and the identification information. And effectively protecting the safety of the transaction information on the blockchain.
Although the invention has been described above with reference to various embodiments, it should be understood that many changes and modifications may be made without departing from the scope of the invention. That is, the methods, systems, and devices discussed above are examples. Various configurations omit, replace, or add various processes or components as appropriate. For example, in alternative configurations, the methods are performed in an order different than that described, and/or various components are added, omitted, and/or combined. Moreover, features described with respect to certain configurations may be combined in various other configurations, such as different aspects and elements of a configuration in a similar manner. Further, as technology evolves, elements more recent therein, that is, many of the elements are examples, and do not limit the scope of the disclosure or claims.
Specific details are given in the description to provide a thorough understanding of the exemplary configurations including implementations. However, configurations may be practiced without these specific details, for example, well-known circuits, processes, algorithms, structures, and techniques have been shown without unnecessary detail in order to avoid obscuring the configurations. The description provides example configurations only, and does not limit the scope, applicability, or configuration of the claims. Rather, the foregoing description of the configurations will provide those skilled in the art with an enabling description for implementing the described techniques. Various changes may be made in the function and arrangement of elements without departing from the spirit or scope of the disclosure.
In conclusion, it is intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that these examples are illustrative only and are not intended to limit the scope of the invention. After reading the description of the invention, the skilled person will make various changes or modifications to the invention, and such equivalent changes and modifications also fall within the scope of the invention as defined in the appended claims.

Claims (10)

1. A key protection method based on a block chain is characterized by comprising the following steps:
selecting, with a processor, a plurality of blocks from a plurality of block chains as target blocks, the target blocks generating a test message and sending the test message to a plurality of pending blocks, and after the step of generating and sending the test message, recording in a computer readable storage medium the electronics of the access device in the plurality of pending blocks that have been accessed;
identifying a holder associated with an access device and providing a message to the holder on said access device, the message prompting the holder to require authorization to download a malicious application associated with the access device;
after receiving the authorization of the holder, downloading and installing a malicious application on an access device, and configuring a proxy address from the access device where the malicious application is installed, wherein the proxy address on the access device is configured to automatically send a test message by using a processor of the access device, and the proxy address on the access device is configured to scan a memory of the access device by using the processor of the access device to acquire contact information of a next block to be determined of another holder;
automatically sending a second test message directly to the next block to be determined by a processor of the access device according to the proxy address on the access device, the second test message including the identification information of the holder and a recommended access device associated with the server; and automatically storing the data in the isolated memory through the processor, so that the access device installed by the malicious application does not perform data communication transmission with the blockchain.
2. The method according to claim 1, wherein the access device is configured to control nodes of each blockchain to perform splitting, each node of the blockchain uses its own initial key as an operation factor, and obtains a key protection signature by fitting according to formula (1) according to the operation factor in each split node of the blockchain;
according to the operation factor of the initial key on the block chain, a node function Q (i) is obtained, wherein the data table of Q (i) is as follows:
Figure FDA0002349368900000011
Figure FDA0002349368900000012
fitting an array of calculation factors according to the data table, fitting according to the polynomial of formula (1),
Figure FDA0002349368900000021
wherein ρ 0, ρ 1 … … are blockchain hash values on the blockchain,
Figure FDA0002349368900000022
and T is the operation factor of each data table and is the number of times of any splitting operation factor.
3. A blockchain-based key protection method according to claim 1, wherein the access device is configured to generate and send a test message to a target device of a plurality of servers based on a plurality of target blocks, and the proxy address on the target device is further configured to match contact information of the server target device of the other holder with blockchain information of the other holder and retrieve other transaction information from the blockchain information.
4. The blockchain-based key protection method of claim 1, wherein the proxy address on the access device is further configured to determine access level information for at least one of: a block in a blockchain in a plurality of the server target devices;
the address of the proxy on the server target device is also configured to be specific to the super node of the holder having the higher access level.
5. A blockchain-based key protection method according to claim 1, characterized in that the server device is configured to communicate with a test phone using an internet connection or other wireless communication method, the test phone having a gateway application configured to operate as part of a system for evaluating data security and used to launch or defend against attacks.
6. The blockchain-based key protection method of claim 5, wherein the gateway application is configured to perform or facilitate performance of a test attack, and wherein the gateway application is configured to directly simulate an attacker.
7. The blockchain-based key protection method of claim 5, wherein the server device or gateway application is configured to simulate different attacker profiles, one attacker profile is configured to simulate an attacker with a highly outdated vulnerability and widely used scripts, and another attacker profile simulates an attacker.
8. The blockchain-based key protection method of claim 1, wherein the system for evaluating data security is configured to simulate or participate in post-attack behavior once access to a specific device is obtained.
9. The blockchain-based key protection method of claim 1, wherein the server device further includes one or more interfaces that display output from the server device to a holder of the server device, wherein a web server component of the server device communicates with the holder via a graphical holder interface, and wherein an engine component of the server device is configured to display output to the holder in the form of a text-based holder interface;
according to the server apparatus including accessing a simulation server, the simulation server outputs information to a graphical or text-based holder interface as needed.
10. The method of claim 1, wherein the test attack is in a form of attempting to enable a holder of the test object device to install an application on the device or otherwise compromise security of the transaction record on the block, and the test attack is in a form of attempting to utilize inherent holes in a specific test object device or type of test object device to prevent tampering with the transaction information on the block.
CN201911408635.4A 2019-12-31 2019-12-31 Key protection method based on block chain Pending CN111147241A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911408635.4A CN111147241A (en) 2019-12-31 2019-12-31 Key protection method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911408635.4A CN111147241A (en) 2019-12-31 2019-12-31 Key protection method based on block chain

Publications (1)

Publication Number Publication Date
CN111147241A true CN111147241A (en) 2020-05-12

Family

ID=70522504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911408635.4A Pending CN111147241A (en) 2019-12-31 2019-12-31 Key protection method based on block chain

Country Status (1)

Country Link
CN (1) CN111147241A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170318046A1 (en) * 2016-04-28 2017-11-02 Shevirah Inc. Method and system for assessing data security
CN108712261A (en) * 2018-05-10 2018-10-26 杭州智块网络科技有限公司 A kind of key generation method, device and medium based on block chain

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170318046A1 (en) * 2016-04-28 2017-11-02 Shevirah Inc. Method and system for assessing data security
CN108712261A (en) * 2018-05-10 2018-10-26 杭州智块网络科技有限公司 A kind of key generation method, device and medium based on block chain

Similar Documents

Publication Publication Date Title
US20080037791A1 (en) Method and apparatus for evaluating actions performed on a client device
Jeong et al. An efficient authentication system of smart device using multi factors in mobile cloud service architecture
CN105447715A (en) Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party
WO2016188335A1 (en) Access control method, apparatus and system for user data
Bates et al. Forced perspectives: Evaluating an SSL trust enhancement at scale
CN104410580B (en) Credible and secure WiFi routers and its data processing method
Singh Social networking for botnet command and control
Herrmann et al. Basic concepts and models of cybersecurity
CN115001841A (en) Identity authentication method, identity authentication device and storage medium
CN105187369A (en) Data access method and data access device
BalaGanesh et al. Smart devices threats, vulnerabilities and malware detection approaches: a survey
CN104092733B (en) A kind of credible distributed file system based on HDFS
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN107770183A (en) A kind of data transmission method and device
Shah et al. Appraisal of the Most Prominent Attacks due to vulnerabilities in cloud computing
Tejaswi et al. Leaky kits: The increased risk of data exposure from phishing kits
Vo et al. Protecting web 2.0 services from botnet exploitations
JP2011525011A (en) Method and system for preventing man-in-the-middle computer hacking techniques
CN111147241A (en) Key protection method based on block chain
Dionysiou et al. Lethe: Practical data breach detection with zero persistent secret state
Armin Mobile threats and the underground marketplace
Vasile Securing encrypted communication
Liu Ethical Hacking of a Smart Video Doorbell
CN113961970B (en) Cross-network-segment network disk login identity authentication method and device, network disk and storage medium
KR102534012B1 (en) System and method for authenticating security level of content provider

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200512

RJ01 Rejection of invention patent application after publication