CN111159750B - Automobile maintenance data storage method based on alliance chain - Google Patents
Automobile maintenance data storage method based on alliance chain Download PDFInfo
- Publication number
- CN111159750B CN111159750B CN202010262492.7A CN202010262492A CN111159750B CN 111159750 B CN111159750 B CN 111159750B CN 202010262492 A CN202010262492 A CN 202010262492A CN 111159750 B CN111159750 B CN 111159750B
- Authority
- CN
- China
- Prior art keywords
- user
- data
- node
- information
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/20—Administration of product repair or maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/08—Insurance
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Strategic Management (AREA)
- General Engineering & Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Economics (AREA)
- Human Resources & Organizations (AREA)
- Finance (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Technology Law (AREA)
- Development Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an automobile maintenance data storage method based on an alliance chain. At present, the traditional storage mode of the automobile maintenance data is mainly paper materials and distributed local database storage, and the storage mode shows a plurality of disadvantages in the aspects of the integrity and the usability of the maintenance data. The invention realizes the logical block chain storage and the physical cloud storage of the maintenance data by using the block chain technology and the cloud storage technology which take the alliance chain as the main, so that the real maintenance data cannot be falsified and can be traced back once being generated and submitted to the verification node and written into the block by the P-DPoS common identification mechanism, and a user can know the integrity of the submitted data in time by a Merkle root verification method. Meanwhile, the public key encryption algorithm, the proxy re-encryption algorithm, the SOK protocol and other related cryptographic technologies are adopted, so that the disclosure and sharing of partial maintenance data are realized under the condition of ensuring that the privacy of the personal identity is not leaked, and great convenience is provided for the claim applying process of a user.
Description
Technical Field
The invention relates to the technical field of data security and credible storage, in particular to an automobile maintenance data storage method based on an alliance chain.
Background
The automobile maintenance data is an important certificate for applying for payment to an insurance company after a traffic accident or other unknown accidents happen to a user. However, to date, there is no safe and reliable maintenance data storage platform in the true sense, most of the maintenance data is stored on the hands of users in the form of paper materials, and part of the maintenance data is stored in a local database of an automobile maintenance network. Such a data storage method has two problems: first, the loss of paper material can adversely affect the user's application for payment. Second, for benefit, insurance company staff or other malicious third parties may directly require the database administrator to modify or delete the relevant data. Both of these cases pose a significant threat to the availability and authenticity of the repair data. Meanwhile, the insurance claim form at the present stage is that a user must go to a maintenance network site appointed by an insurance company to maintain an automobile, and because the appointed maintenance network site and the insurance company have a cooperative relationship, the condition that the maintenance price is higher than that of a common maintenance network site is likely to occur. As a user, it is necessary to select an appropriate maintenance site to repair the automobile, but the insurance company cannot confirm the reliability of the maintenance data.
The blockchain is a public database (or referred to as a public ledger) formed based on Hash and other technologies, wherein the blockchain technology refers to a technical combination of data exchange, processing and storage formed among multiple participants based on modern cryptography, distributed coherence protocol, peer-to-peer network communication technology, intelligent contract programming language and the like. The block chain has the decentralized characteristic, and the mutual communication among all the nodes is realized through a consensus algorithm. The block chain can be divided into three deployment modes of public chain, private chain and alliance chain. The alliance chain only needs alliance participation, and the read-write participation and accounting participation rights on the block chain are formulated according to alliance rules. The generation of the block chain record information requires that all network nodes agree and confirm, and once the nodes are merged into the block chain, the permanent record is continuously traceable and cannot be tampered. Credits recorded in the blockchain are therefore automatic and network-wide consensus, fair, objective and transparent. This is a higher level credit hierarchy than traditional credit hierarchies.
At present, a user, an insurance company and a vehicle maintenance website do not have a unified communication and information sharing channel, related maintenance data are stored dispersedly, cannot be shared, and have the possibility of being lost or even being deleted maliciously, so that a vehicle maintenance data storage system which integrates the three parties and ensures that information cannot be falsified, is traceable, is transparent and is based on a block chain is urgently needed in the market.
Disclosure of Invention
The invention provides an automobile maintenance data storage method based on a union chain, which is used for ensuring the reliability and the authenticity of maintenance data and realizing the sharing of partial information in the maintenance data. The invention also adopts the cloud storage technology to store larger data information so as to realize a system model of logically block chain storage and physically cloud storage. The invention does not select the most common PBFT algorithm in the alliance chain, but adopts an improved DPoS consensus mechanism to solve the problem of distributed consistency. In addition, the invention adopts the SOK protocol, the proxy re-encryption and other cryptographic methods to ensure the privacy of the user.
The automobile maintenance data storage method based on the alliance chain comprises the following steps:
step 3, after the automobile has an accident, the user comprehensively arranges all information;
step 4, the userxArranging the completed informationmsg x Submitting the information to an identity authentication node through a client node;
step 5, user informationmsg x The data are sent to each identity authentication node and an agent re-encryption node, and after being verified by the identity authentication nodes, a P-DPoS algorithm is executed, and relevant data are written into a alliance chain;
step 6, new userx’In submitting datamsg x ’Previously, the key could be based on by the client nodeKeyQuery federation chainsThe data stored in (a); key wordKeyThe following publicable information that does not relate to privacy of the identity of the individual is included: the maintenance location La, the maintenance component Comp, the maintenance price Pr, and the maintenance Time Time are expressed asKey→[La, Comp, Pr, Time](ii) a According to the query result, the userx’The proper place can be selected to finish the repair of the automobile at proper price;
step 7, the userxAfter the data is submitted, the integrity and confidentiality of the data can be confirmed by a merkle root verification method at a proper time;
step 8, the userxWhen a claim is made to an insurance company, its encrypted data needs to be separately disclosed to the insurance company.
Further, the step 2 is specifically realized by the following steps:
step 2-1, selecting a complete credible node identity authentication node CA with a government credit endorsement as an identity service node in a alliance chain and responsible for issuing and managing the identity of a user and an organization;
step 2-2, the nodes participating in consensus are granted permission by the identity authentication node CA, can participate in the execution of the P-DPoS algorithm, and are called identity authentication nodes;
step 2-3, the client nodes are divided into full-scale clients and lightweight clients, a user can upload maintenance data through the lightweight clients and send the maintenance data to the identity authentication node for verification, and the user can also inquire part of publicable information through the full-scale clients; the client node has no authority to participate in consensus;
2-4, the agent re-encryption node is responsible for executing an agent re-encryption algorithm and is automatically executed by an intelligent contract deployed on the node;
step 2-5, each participating user can generate a key pair by using an OpenSSL toolset through a client node, and for any userxIn terms of the key pair is (sk x , vk x ) Whereinsk x Is the use of a private key, and,vk x is a public key. User' sxExecuting CSR instruction to obtain certificatecert x Furthermore, participating users are definedxIs indexed byind x = vk x mod 2 k Whereink = Bit(vk x ) DIV 4;
Step 2-6, the identity authentication node CA generates a consensus integral for each identity authentication nodeCs(i),For each oneind x Generating a safety indexind x _Sr。
Further, the step 3 is specifically realized by the following steps:
step 3-1, the userxAfter the accident occurs, the following basic information is collated: the insurance purchase certificate and the vehicle driving certificate are counted as related certificate informationPr x Personal identity informationID x ;
Step 3-2, the following certification information is collated: an accident certificate with digital signature of traffic police, a survey report with digital signature of the worker of insurance company, and statistics of the accident certificate and the survey report areRp x ;
Step 3-3, the following multimedia information is arranged: the video information and the picture information of the accident scene of the automobile data recorder are counted asMd x ;
Step 3-4, the following maintenance information is arranged: maintenance network, maintenance time, maintenance parts, maintenance cost vouchers, statistics areRe x A network digital signature is attached; simultaneous generation of keywordsKeyThe indication part can disclose the maintenance data for other users to search.
Further, the step 4 is specifically realized by the following steps:
step 4-1, calculating personal basic information of the userC f = ESK(K sym ,(Pr x , ID x ,ind x _Sr) Therein), whereinK sym Is an encryption key generated by the SOK protocol; recalculating the double encrypted personal basic informationC f ’= EPK(vk x ,C f );
Step 4-2, calculating the encrypted claim application informationC t = EPK(vk x ,(Rp x , Md x , Re x ));
Step 4-3, calculating user informationmsg x = Combine(C f ’,C t , Key, ind x , vk x ) WhereinKeyContains the key words of the maintenance information, but does not contain any personal privacy, and other users cannot pass throughKeyTo know thatind x Any real world information of (1);
in the above steps, the EPK is a lightweight public key encryption algorithm, and the ESK is a symmetric encryption algorithm.
Further, the step 5 is specifically realized by the following steps:
step 5-1, each identity authentication node receivesmsg x Then, the public key of the user is usedvk i And transmitting the information to a proxy re-encryption node, and executing a proxy re-encryption algorithm by an intelligent contract on the node, wherein the method specifically comprises the following steps:
step 5-1-1, proxy re-encryption node receivesvk i Is fed back toind x ,ind x Smart contract generation keys on client nodesRK skx→vki And sending the key to the proxy re-encryption node;
step 5-1-2, Proxy usesxGenerated secret keyRK skx→vki Cipher textC t Is converted intoind i Can decrypt the ciphertextC ti Wherein, Proxy only provides conversion service and can not obtain plaintext;
step 5-1-3, Proxy sends the converted cipher text toind i ,ind i Invoking on an intelligent contractgetTrans() Function decryption verification; and call after verification is completeupTrans() Function changemsgState of making it legalmsg;
And 5-2, electing by a P-DPoS consensus algorithm to generate an authorization representative, wherein the P-DPoS consensus algorithm is executed as follows:
step 5-2-1, each having consensus scoresCs(i) All the identity authentication nodes need to throw the ticket to a trusted identity authentication node and can also throw the ticket to the identity authentication node; after a round of voting, the top 101 nodes with votes account in turn. Besides the 101 authorized representatives, a certain number of alternative representatives are also selected, and the number of votes obtained is according to a formulaCalculating;
step 5-2-2, if one of the 101 accounting nodes misses signing a new block, updating its consensus scoreCs(i) After update,,Is a delay timeA linear function of (a);
step 5-2-3, forCs(i) Too low a representative may be voted for;
step 5-2-4, if the authorized representative is voted for attendance, selecting a head node from the alternative representative queue to add to the tail of the authorized representative queue;
step 5-3, authorizing the representative to take the key value pair(s) ((key-value) In a form of writing data into blocks of a federation chain, and updating users of a record presenter upon successful writing of a recordxIs/are as followsind x _SR. The head of each record refers to an authorized representativevk(ii) a The merkle tree in the block stores the hash value of each ciphertext, namely the index of the data information and the actual storage address of the data informationFor the cloud platform, each piece of data information is provided with a specific timestamp; the data ciphertext stored in the cloud end is divided into a plurality of sub-ciphertexts.
Further, the step 7 and the merkle root verification method thereof are specifically realized by the following steps:
step 7-1, the user encrypts the ciphertextE(msg x ) Is divided into a plurality of equal-length sub-ciphertexts, the number of the sub-ciphertexts isnIs marked ase(e 0, e 1, .... ,e n-1);
Step 7-2, the user generates with a random number generatornA random number, recorded asr(r 0, r 1, .... r n-1);
Step 7-3, mixing eache i Andr i combining to obtainhash i =H(e i +r i );
In the step 7-4, the step of,nanhash i As a leaf node of the merkle tree, a merkle root value is finally obtained;
step 7-5, the ciphertext is divided intonWhen storing the sub-ciphertexts into the cloud storage server, each sub-ciphertext also needs to be stored into the cloud storage serverhash i Sending to the cloud end;
step 7-6, if the user wants to prove that it is the owner of a certain data, only one needs to be uploadedr i If, ifr i The hash value obtained after being combined with one of the sub-ciphertexts can be uploadedhash i If the user is searched in the table, the user can be proved to be the data owner;
step 7-7, the user can also combine allr i Upload, with eache i And calculating a hash value to obtain a root value, and if the root value is the same as the merkle root value, proving that the data has integrity.
Further, the step 8 is realized by the following specific method:
step 8-1, the userxStoring in cloud through proxy re-encryption nodeThe ciphertext is converted into a ciphertext which can be decrypted by the private key of the insurance company;
step 8-2, the insurance company acquires the user after verifying the related maintenance dataxTrue identity information of;
step 8-3, the acquisition of the real identity is completed through a secret key sharing system based on the identity, namely an SOK protocol;
step 8-4, completing the claim payment after checking no errors;
step 8-5, the userxIf insurance needs to be bought again from an insurance company, the insurance company only needs to inquire the safety index of the insurance companyind x _SrAccording toind x _SrAnd reasonable insurance cost is determined.
The invention has the beneficial effects that:
(1) by using the block chain technology taking the alliance chain as the main part, the problem that related maintenance data are stored dispersedly and can be lost or even deleted maliciously is solved. A unified three-party communication and information sharing channel is provided.
(2) The block chain technology is combined with the cloud storage technology, so that the block chain storage on logic and the cloud storage on physics are realized, the problem of overlarge blocks is avoided, and the disclosure and sharing of partial data are realized.
(3) And the integrity and confidentiality of cloud data are ensured by adopting a merkle tree root verification method.
(4) The improved DPOS algorithm is adopted, the system overhead is reduced, the consensus efficiency is improved, and meanwhile compared with the POS, decentralization can be achieved better.
(5) And the personal identity privacy and the data privacy are protected by adopting cryptographic methods such as proxy heavy encryption, an SOK protocol, a lightweight encryption algorithm and the like.
Drawings
FIG. 1 is a diagram of a system model in an embodiment of the invention.
FIG. 2 is a block diagram of a federation chain according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of proxy re-encryption according to an embodiment of the present invention.
FIG. 4 is a flow chart of the present invention.
Detailed Description
The technical scheme of the invention is further explained in detail by combining the drawings in the specification.
The present invention relates to some important terms and constraints, which are explained as follows:
AES encryption algorithm and ECC encryption algorithm: the AES encryption algorithm is one of a plurality of symmetric encryption algorithms, and has higher security compared with the traditional DES and 3DES encryption algorithms. The ECC encryption algorithm is called as an elliptic curve encryption algorithm, is a commonly used asymmetric encryption algorithm in a block chain, and has higher security and better performance compared with the traditional asymmetric encryption algorithm. The concrete design and implementation of the AES encryption algorithm and the ECC encryption algorithm are not the contents to be protected by the patent of the present invention, and it is only a technical means for implementing the scheme.
getTrans () function and uptTrans () function: the getTrans () function and the uptTrans () function are program codes which are deployed on distributed nodes and can be automatically executed, and are a specific implementation of an intelligent contract. Wherein the getTrans () function can automatically decrypt the received ciphertext and carry out corresponding verification work; the upTrans () function changes the state of the ciphertext that has passed the verification to a legal state after the getTrans () function is finished executing. The concrete implementation of getTrans () function and upTrans () function is not the content of the present patent to be protected, and it is only a technical means as the implementation of this scheme.
Merkle tree: the Merkle tree is an important data structure in a block chain, and is a Hash binary tree, wherein leaf nodes of the Merkle tree store transaction Hash, and if data of any leaf node changes, the transaction Hash is gradually transmitted to a root node, so that the change of the Hash value of the root node is caused. The design and specific implementation of the Merkle tree are not the subject of the present patent, and are only a technical means for realizing the present solution.
The SOK protocol: the SOK protocol is one of a plurality of key exchange algorithms, is an identity-based key sharing system, and generates shared keys by two key sharing parties meeting specific identity attributes, wherein the specific mechanism is similar to a Diffie-Hellman key agreement protocol. The design and specific implementation of the SOK protocol are not the subject of the present patent, but are merely a technical means for implementing the present solution.
The automobile maintenance data storage method based on the alliance chain comprises the following steps:
And 2, the identity authentication node CA endows different authorities according to roles of the participating users in the whole system, issues digital certificates for the participating users and simultaneously generates necessary public information.
The step 2 is realized by the following steps:
and 2-1, selecting a complete credible node identity authentication node CA with a government credit endorsement as an identity service node in the alliance chain and taking charge of issuing and managing the identities of users and organizations.
And 2-2, the nodes participating in consensus are granted permission by the identity authentication node CA and can participate in the execution of the P-DPoS algorithm, which is called as the identity authentication node.
Step 2-3, the client nodes are divided into full-scale clients and lightweight clients, a user can upload maintenance data through the lightweight clients and send the maintenance data to the identity authentication node for verification, and the user can also inquire part of publicable information through the full-scale clients; the client node has no authority to participate in the consensus.
And 2-4, the agent re-encryption node is responsible for executing the agent re-encryption algorithm and is automatically executed by an intelligent contract deployed on the node.
Step 2-5, each participating user can generate a key pair by using an OpenSSL toolset through a client node, and for any userxIn terms of the key pair is (sk x , vk x ) Whereinsk x Is the use of a private key, and,vk x is disclosedA key. User' sxExecuting CSR instruction to obtain certificatecert x Furthermore, participating users are definedxIs indexed byind x = vk x mod 2 k Whereink = Bit(vk x ) DIV 4。
Step 2-6, different from the traditional DPoS mechanism, the cryptocurrency of bit stock needs to be introduced, and the identity authentication node CA generates a consensus integral for each identity authentication nodeCs(i),For each oneind x Generating a safety indexind x _Sr。
And 3, after the automobile has an accident, the user comprehensively arranges all the information.
The step 3 is realized by the following steps:
step 3-1, the userxAfter the accident occurs, the following basic information is collated: insurance purchase voucher, vehicle driving certificate and other related voucher informationPr x Personal identity informationID x 。
Step 3-2, the following certification information is collated: an accident certificate with digital signature of traffic police, a survey report with digital signature of the worker of insurance company, and statistics of the accident certificate and the survey report areRp x 。
Step 3-3, the following multimedia information is arranged: the video information, the picture information of the accident scene and the like of the automobile data recorder are counted asMd x 。
Step 3-4, the following maintenance information is arranged: maintenance points, maintenance time, maintenance parts, maintenance cost vouchers, etcRe x A network digital signature is attached; simultaneous generation of keywordsKeyThe indication part can disclose the maintenance data for other users to search.
Step 4, the userxArranging the completed informationmsg x Submitted to the identity authentication node via the client node.
The step 4 is realized by the following steps:
step 4-1, calculating personal basic information of the userC f = ESK(K sym ,(Pr x , ID x ,ind x _Sr) Therein), whereinK sym Is an encryption key generated by the SOK protocol; recalculating the double encrypted personal basic informationC f ’= EPK(vk x ,C f )。
Step 4-2, calculating the encrypted claim application informationC t = EPK(vk x ,(Rp x , Md x , Re x ))。
Step 4-3, calculating user informationmsg x = Combine(C f ’,C t , Key, ind x , vk x ) WhereinKeyContains the key words of the maintenance information, but does not contain any personal privacy, and other users cannot pass throughKeyTo know thatind x Any real world information of (1).
In the above steps, the EPK is a lightweight public key encryption algorithm, and the ESK is a symmetric encryption algorithm.
Step 5, user informationmsgAnd the data are sent to each identity authentication node and the proxy re-encryption node, and after the identity authentication nodes verify the data, a P-DPoS algorithm is executed, and the related data are written into a alliance chain.
The step 5 is realized by the following steps:
step 5-1, each identity authentication node receivesmsg x Then, the public key of the user is usedvk i And transmitting the information to a proxy re-encryption node, and executing a proxy re-encryption algorithm by an intelligent contract on the node, wherein the method specifically comprises the following steps:
step 5-1-1, proxy re-encryption node receivesvk i Is fed back toind x ,ind x Smart contract generation keys on client nodesRK skx→vki And sends the key to the proxy re-encryption node.
Step 5-1-2, Proxy usesxGenerated secret keyRK skx→vki Cipher textC t Is converted intoind i Can decrypt the ciphertextC ti And the Proxy only provides conversion service and cannot acquire plaintext.
Step 5-1-3, Proxy sends the converted cipher text toind i ,ind i Invoking on an intelligent contractgetTrans() Function decryption verification; and call after verification is completeupTrans() Function changemsgState of making it legalmsg。
And 5-2, electing by a P-DPoS consensus algorithm to generate an authorization representative, wherein the P-DPoS consensus algorithm is executed as follows:
step 5-2-1, each having consensus scoresCs(i) All the identity authentication nodes need to throw the ticket to a trusted identity authentication node and can also throw the ticket to the identity authentication node; after a round of voting, the top 101 nodes with votes account in turn. Besides the 101 authorized representatives, a certain number of alternative representatives are also selected, and the number of votes obtained is according to a formulaAnd (4) calculating.
Step 5-2-2, if one of the 101 accounting nodes misses signing a new block, updating its consensus scoreCs(i) After update,,Is a delay timeIs a linear function of (a).
Step 5-2-3, forCs(i) The too low representative may beThe vote is attended.
And 5-2-4, if the authorized representative is present by voting, selecting the head node from the alternative representative queue to join the head node to the tail of the authorized representative queue.
Step 5-3, authorizing the representative to take the key value pair(s) ((key-value) In a form of writing data into blocks of a federation chain, and updating users of a record presenter upon successful writing of a recordxIs/are as followsind x _SR. The head of each record refers to an authorized representativevk(ii) a The merkle tree in the block stores a hash value of each ciphertext, namely an index of data information, the actual storage address of the data information is a cloud platform, and each piece of data information is provided with a specific timestamp; the data ciphertext stored in the cloud end is divided into a plurality of sub-ciphertexts.
Step 6, new userx’In submitting datamsg x ’Previously, the key could be based on by the client nodeKeyQuerying data stored in a federation chain; key wordKeyThe following information is contained: the publicly available information such as the maintenance location La, the maintenance component Comp, the maintenance price Pr, and the maintenance Time without privacy of the individual identity is expressed asKey→[La, Comp, Pr, Time](ii) a According to the query result, the userx’The appropriate location can be selected to complete the repair of the car at the appropriate price.
Step 7, the userxAfter the data is submitted, the integrity and confidentiality of the data can be confirmed by merkle root verification at an appropriate time.
The step 7 and the merkle root verification method thereof are specifically realized by the following steps:
step 7-1, the user encrypts the ciphertextE(msg x ) Is divided into a plurality of equal-length sub-ciphertexts, the number of the sub-ciphertexts isnIs marked ase(e 0, e 1, .... ,e n-1)。
Step 7-2, the user generates with a random number generatornA random number, recorded asr(r 0, r 1, .... r n-1)。
Step 7-3, mixing eache i Andr i combining to obtainhash i =H(e i +r i )。
In the step 7-4, the step of,nanhash i And finally obtaining a merkle root value as a leaf node of the merkle tree.
Step 7-5, the ciphertext is divided intonWhen storing the sub-ciphertexts into the cloud storage server, each sub-ciphertext also needs to be stored into the cloud storage serverhash i And sending to the cloud.
Step 7-6, if the user wants to prove that it is the owner of a certain data, only one needs to be uploadedr i If, ifr i The hash value obtained after being combined with one of the sub-ciphertexts can be uploadedhash i If the table is retrieved, the user can be verified as the data owner.
Step 7-7, the user can also combine allr i Upload, with eache i And calculating a hash value to obtain a root value, and if the root value is the same as the merkle root value, proving that the data has integrity.
Step 8, the userxWhen a claim is made to an insurance company, its encrypted data needs to be separately disclosed to the insurance company.
The step 8 is realized by the following specific method:
step 8-1, the userxAnd converting the ciphertext stored in the cloud into a ciphertext which can be decrypted by the private key of the insurance company through the proxy re-encryption node.
Step 8-2, the insurance company acquires the user after verifying the related maintenance dataxThe true identity information of.
And 8-3, acquiring the real identity through an identity-based secret key sharing system, namely an SOK protocol.
And 8-4, completing the claim payment after the verification is correct.
Step 8-5, the userxIf insurance needs to be bought again from an insurance company, the insurance company only needs to inquire the safety index of the insurance companyind x _SrAccording toind x _SrAnd reasonable insurance cost is determined.
The above description is only a preferred embodiment of the present invention, and the scope of the present invention is not limited to the above embodiment, but equivalent modifications or changes made by those skilled in the art according to the present disclosure should be included in the scope of the present invention as set forth in the appended claims.
Claims (3)
1. Automobile maintenance data storage method based on alliance chain, which is characterized in that: the data storage method comprises the following steps:
step 1, initializing a system, wherein the whole system consists of an identity authentication node CA, a client node, an agent re-encryption node and participating users, only relevant data index information is stored in a alliance chain, and for real data content, the real data content is stored in a cloud storage server of the alliance chain;
step 2, the identity authentication node CA endows different authorities according to the roles of the participating users in the whole system, issues digital certificates for the participating users and simultaneously generates public information;
the step 2 is realized by the following steps:
step 2-1, selecting a complete credible node identity authentication node CA with a government credit endorsement as an identity service node in a alliance chain and responsible for issuing and managing the identity of a user and an organization;
step 2-2, the nodes participating in consensus are granted permission by an identity authentication node CA and participate in the execution of a P-DPoS algorithm, and the nodes are called identity authentication nodes;
step 2-3, the client nodes are divided into a full-scale client and a lightweight client, a user uploads maintenance data through the lightweight client nodes and sends the maintenance data to an identity authentication node for verification processing, and the user inquires part of open information through the full-scale client nodes; the client node has no authority to participate in consensus;
2-4, the agent re-encryption node is responsible for executing an agent re-encryption algorithm and is automatically executed by an intelligent contract deployed on the agent re-encryption node;
step 2 to step 5, eachEach participating user generates a key pair through the client node using the OpenSSL toolset, and for any user x, the key pair is (sk)x,vkx) Wherein skxIs a private key, vkxIs a public key; user x executes the CSR instruction to obtain certificate certxFurthermore, an index ind is defined for the client node of participating user xx=vkx mod 2kWhere k is Bit (vk)x)DIV 4;
Step 2-6, the identity authentication node CA generates a consensus integral Cs (i) for each identity authentication node and generates a consensus integral Cs (i) for each indxGenerating a safety index indx_Sr;
Step 3, after the automobile has an accident, the user comprehensively arranges all information;
the step 3 is realized by the following steps:
step 3-1, after the accident occurs, the user x arranges the following basic information: the insurance purchase certificate and the vehicle driving certificate are counted as related certificate information PrxPersonal identification information IDx;
Step 3-2, the following certification information is collated: the accident certificate attached with traffic police digital signature is attached with survey report of the digital signature of the insurance company staff, and the statistics is Rpx;
Step 3-3, the following multimedia information is arranged: the video information and the scene of accident photo information of the automobile data recorder are counted as Mdx;
Step 3-4, the following maintenance information is arranged: maintenance site, maintenance time, maintenance parts, maintenance cost voucher, accounting for RexA maintenance website digital signature is attached; meanwhile, generating a keyword Key which indicates part of the public maintenance data for other users to retrieve;
step 4, finishing the information msg by the user xxSubmitting the information to an identity authentication node through a client node;
step 5, user information msgxThe data are sent to each identity authentication node and an agent re-encryption node, and after being verified by the identity authentication nodes, a P-DPoS algorithm is executed, and relevant data are written into a alliance chain;
the step 5 is realized by the following steps:
step 5-1, each identity authentication node receives msgxThen, the public key vk of the user is usediAnd transmitting the data to the agent re-encryption node, and executing an agent re-encryption algorithm by an intelligent contract on the agent re-encryption node, wherein the method specifically comprises the following steps:
step 5-1-1, the proxy re-encryption node receives vkiFeedback to indx,indxIntelligent contract generation key RK onskx→vkiAnd sending the key to the proxy re-encryption node;
step 5-1-2, the proxy re-encryption node uses the key RK generated by xskx→vkiCipher text CtConversion into indiCiphertext C that can be decrypted by the private keytiWherein, the proxy re-encryption node only provides conversion service and can not obtain plaintext;
step 5-1-3, the proxy re-encryption node sends the converted ciphertext to the indi,indiCalling a getTrans () function on the intelligent contract to decrypt and verify; and calls the upTrans () function to change msg after verification is completexState, make it legal msgx;
And 5-2, electing by a P-DPoS consensus algorithm to generate an authorization representative, wherein the P-DPoS consensus algorithm is executed as follows:
step 5-2-1, each identity authentication node with the consensus integral Cs (i) needs to cast the ticket to a trusted identity authentication node or cast the ticket to the identity authentication node per se; after one round of voting, keeping accounts of the highest 101 nodes with the votes in turn; besides the 101 authorized representatives, a certain number of alternative representatives are also selected, and the number of votes obtained is according to a formulaCalculating;
step 5-2-2, if one of the 101 accounting nodes misses signing a new block, updating the consensus integral Cs (i), wherein the updated Cs (i) is 100-alpha (delta t) multiplied by delta t, the delta t belongs to (0, 10), and alpha is a linear function of the delay time delta t;
step 5-2-3, the representative that is too low for Cs (i) is voted for;
step 5-2-4, if the authorized representative is voted for attendance, selecting a head node from the alternative representative queue to add to the tail of the authorized representative queue;
and 5-3, writing data into a block of the alliance chain in a key-value pair key-value mode by the authorized representative, and updating and recording the ind of the user x of the submitter once the record is successfully writtenxSr; the header of each record refers to the public key vk of the delegatei(ii) a The merkle tree in the block stores a hash value of each ciphertext, namely an index of data information, an actual storage address of the data information is a cloud storage server, and each piece of data information is provided with a specific timestamp; the data ciphertext stored in the cloud storage server is divided into a plurality of sub-ciphertexts;
step 6, new user x' submits data msgxBefore, inquiring data stored in a alliance chain through a client node according to a Key; the keyword Key contains the following publicable information that does not relate to privacy of the individual identity: the maintenance site La, the maintenance component Comp, the maintenance price Pr, and the maintenance Time Time are expressed as Key → [ La, Comp, Pr, Time](ii) a According to the query result, the user x' selects a proper place to finish the maintenance of the automobile at a proper price;
step 7, after the user x submits the data, the integrity and confidentiality of the data are confirmed through a merkle root verification method;
the step 7 and the merkle root verification method thereof are specifically realized by the following steps:
step 7-1, the user divides the encrypted ciphertext into a plurality of equal-length sub-ciphertexts, wherein the number of the sub-ciphertexts is n, and the sub-ciphertexts are marked as e (e)0,e1,....,en-1);
Step 7-2, the user generates n random numbers by using a random number generator, and the n random numbers are recorded as r (r)0,r1,....rn-1);
Step 7-3, adding each eiAnd riMerging to obtain the hashi=H(ei+ri);
Step 7-4, n hashesiAs a leaf node of the merkle tree, a merkle root value is finally obtained;
step 7-5, the ciphertext is divided intoWhen the n sub-ciphertexts are stored in the cloud storage server, each hash is required to be storediSending the data to a cloud storage server;
step 7-6, if the user wants to prove that it is the owner of a certain data, only one r needs to be uploadediIf r isiThe hash value which is obtained after being combined with a certain sub ciphertext can be uploadediIf the user is searched in the table, the user is proved to be the data owner;
step 7-7, the user puts all riUpload, with each eiCalculating a hash value to obtain a root value, and if the root value is the same as the merkle root value, proving that the data has integrity;
step 8, when the user x makes a claim for the insurance company, the user x needs to separately disclose the encrypted data to the insurance company.
2. A alliance-chain based automotive repair data storage method as claimed in claim 1 wherein: the step 4 is realized by the following steps:
step 4-1, calculating personal basic information C of userf=ESK(Ksym,(Prx,IDx,indxSr)), in which K issymIs an encryption key generated by the SOK protocol; recalculating the double encrypted personal basic information Cf’=EPK(vkx,Cf);
Step 4-2, calculating encrypted claim application information Ct=EPK(vkx,(Rpx,Mdx,Rex));
Step 4-3, calculating user information msgx=Combine(Cf’,Ct,Key,indx,vkx) Wherein, the Key contains the Key of the maintenance information, but does not contain any personal privacy, and other users can not know ind through the KeyxAny real world information of (1);
in the above steps, the EPK is a lightweight public key encryption algorithm, and the ESK is a symmetric encryption algorithm.
3. A alliance-chain based automotive repair data storage method as claimed in claim 1 wherein: the step 8 is realized by the following specific method:
step 8-1, the user x converts the ciphertext stored in the cloud storage server into the ciphertext which can be decrypted by the private key of the insurance company through the proxy re-encryption node;
8-2, verifying the related maintenance data by the insurance company and then acquiring the real identity information of the user x;
step 8-3, the acquisition of the real identity is completed through a secret key sharing system based on the identity, namely an SOK protocol;
step 8-4, completing the claim payment after checking no errors;
step 8-5, if the user x needs to purchase insurance again from an insurance company, the insurance company only needs to inquire the safety index ind of the insurance companyxSr, according to indxSr defines a reasonable insurance fee.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010262492.7A CN111159750B (en) | 2020-04-07 | 2020-04-07 | Automobile maintenance data storage method based on alliance chain |
PCT/CN2021/073500 WO2021203797A1 (en) | 2020-04-07 | 2021-01-25 | Alliance chain-based method for storing vehicle maintenance and servicing data |
JP2022504729A JP2022542134A (en) | 2020-04-07 | 2021-01-25 | Storage method of vehicle maintenance data based on consortium chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010262492.7A CN111159750B (en) | 2020-04-07 | 2020-04-07 | Automobile maintenance data storage method based on alliance chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111159750A CN111159750A (en) | 2020-05-15 |
CN111159750B true CN111159750B (en) | 2021-02-05 |
Family
ID=70567905
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010262492.7A Active CN111159750B (en) | 2020-04-07 | 2020-04-07 | Automobile maintenance data storage method based on alliance chain |
Country Status (3)
Country | Link |
---|---|
JP (1) | JP2022542134A (en) |
CN (1) | CN111159750B (en) |
WO (1) | WO2021203797A1 (en) |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111159750B (en) * | 2020-04-07 | 2021-02-05 | 南京邮电大学 | Automobile maintenance data storage method based on alliance chain |
CN111680282B (en) * | 2020-06-01 | 2021-08-24 | 腾讯科技(深圳)有限公司 | Node management method, device, equipment and medium based on block chain network |
CN111950010B (en) * | 2020-08-14 | 2022-11-25 | 南京邮电大学 | Shared bicycle accountable method combining block chain technology and cloud storage technology |
CN112040482A (en) * | 2020-09-08 | 2020-12-04 | 安徽大学 | Encryption processing method and equipment for automatic driving data under 5G communication |
CN112636897B (en) * | 2020-12-17 | 2022-06-10 | 清华大学 | Data encryption method and system for intelligent networked automobile cloud control application |
CN112966310B (en) * | 2021-03-23 | 2023-01-10 | 西安电子科技大学 | SQLite-based fine-grained data integrity verification method and device |
CN113259341B (en) * | 2021-05-11 | 2022-06-07 | 南京信易达计算技术有限公司 | Vehicle-connected data sharing cloud storage system and method based on 5G |
CN114036472B (en) * | 2021-11-05 | 2024-03-29 | 西北工业大学 | Kerberos and PKI security inter-domain cross-domain authentication method based on alliance chain |
CN114499988B (en) * | 2021-12-30 | 2022-11-08 | 电子科技大学 | Block chain-based Internet of things key distribution and equipment authentication method |
CN114449003B (en) * | 2022-01-28 | 2024-07-30 | 浪潮云信息技术股份公司 | Alliance chain data processing method and alliance chain |
CN114793237B (en) * | 2022-03-14 | 2023-06-20 | 中国人民大学 | Smart city data sharing method, device and medium based on block chain technology |
CN115277040B (en) * | 2022-03-23 | 2024-03-08 | 山东新一代信息产业技术研究院有限公司 | Medical health data storage and sharing method and system based on blockchain technology |
CN114615094B (en) * | 2022-05-11 | 2022-09-30 | 蜂联智能(深圳)有限公司 | Storage method and device based on Internet of things and security chip |
CN114928558B (en) * | 2022-06-14 | 2023-12-12 | 上海万向区块链股份公司 | Operation and maintenance method and system based on block chain |
CN115086049B (en) * | 2022-06-21 | 2023-09-08 | 天津理工大学 | Block chain medical data sharing system and method based on verifiable delay function |
CN114912856B (en) * | 2022-07-19 | 2022-09-30 | 安胜(天津)飞行模拟系统有限公司 | Flight simulator maintenance method based on block chain |
CN115277235B (en) * | 2022-08-01 | 2023-08-22 | 石家庄铁道大学 | Software anomaly monitoring method based on blockchain |
CN115118441B (en) * | 2022-08-29 | 2022-11-04 | 中航信移动科技有限公司 | Identity verification system based on block chain |
CN115242555B (en) * | 2022-09-21 | 2022-12-16 | 北京邮电大学 | Monitorable cross-chain private data sharing method and device |
CN115456631B (en) * | 2022-09-30 | 2023-07-21 | 佛山众陶联供应链服务有限公司 | Multi-level supply chain credit cross-level verification method and system based on blockchain |
CN115987697B (en) * | 2023-03-21 | 2023-06-27 | 安徽省大数据中心 | Multi-level information data sharing method and system based on event subscription mechanism |
CN117857061B (en) * | 2024-03-07 | 2024-05-28 | 肇庆学院 | Wireless sensor network authentication method and system based on blockchain |
CN118071520B (en) * | 2024-04-24 | 2024-08-30 | 北方健康医疗大数据科技有限公司 | Data service method and device for business health insurance nuclear insurance claim wind control business scene |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102137089B (en) * | 2010-11-01 | 2013-09-11 | 华为技术有限公司 | Method, device and system for verifying content integrity of streaming media |
CN109005036B (en) * | 2017-06-06 | 2023-04-07 | 北京握奇智能科技有限公司 | Block chain member management method and system based on identification cipher algorithm |
CN107273760A (en) * | 2017-06-09 | 2017-10-20 | 济南浪潮高新科技投资发展有限公司 | One kind is based on many CA application authentication methods of block chain |
CN107590738A (en) * | 2017-08-24 | 2018-01-16 | 阿里巴巴集团控股有限公司 | Processing method, device and the server of selection common recognition node |
GB2566741A (en) * | 2017-09-26 | 2019-03-27 | Phm Associates Ltd | Integrity of data records |
CN107729471A (en) * | 2017-10-13 | 2018-02-23 | 上海策赢网络科技有限公司 | A kind of block chain and its generation method and equipment |
CN107977713A (en) * | 2017-10-31 | 2018-05-01 | 深圳市轱辘车联数据技术有限公司 | Data processing method, server and computer-readable medium |
WO2019106768A1 (en) * | 2017-11-29 | 2019-06-06 | 学校法人法政大学 | Insurance system and insurance method |
CN108462568B (en) * | 2018-02-11 | 2021-08-06 | 西安电子科技大学 | Block chain-based secure file storage and sharing method and cloud storage system |
CN108416589A (en) * | 2018-03-08 | 2018-08-17 | 深圳前海微众银行股份有限公司 | Connection method, system and the computer readable storage medium of block chain node |
JP2019156148A (en) * | 2018-03-13 | 2019-09-19 | 本田技研工業株式会社 | Vehicle information processor, control method, and vehicle data provision system |
CN110290094B (en) * | 2018-03-19 | 2022-03-11 | 华为技术有限公司 | Method and device for controlling data access authority |
CN108446992A (en) * | 2018-05-11 | 2018-08-24 | 济南浪潮高新科技投资发展有限公司 | A kind of net connection accurate Accident Handling Method of automobile based on block chain |
US10937253B2 (en) * | 2018-06-11 | 2021-03-02 | International Business Machines Corporation | Validation of vehicle data via blockchain |
US11017112B2 (en) * | 2018-07-03 | 2021-05-25 | Tyson York Winarski | Distributed network for storing a redundant array of independent blockchain blocks |
CN109190402A (en) * | 2018-09-13 | 2019-01-11 | 北京京东尚科信息技术有限公司 | A kind of casualty data wiring method and device, equipment, storage medium |
CN109345388B (en) * | 2018-09-20 | 2020-09-08 | 百度在线网络技术(北京)有限公司 | Block chain intelligent contract verification method and device and storage medium |
CN109784857B (en) * | 2019-01-16 | 2020-09-25 | 杭州基尔区块链科技有限公司 | Data processing method, device and system based on block chain |
CN110737907B (en) * | 2019-09-26 | 2021-06-22 | 如般量子科技有限公司 | Anti-quantum computing cloud storage method and system based on alliance chain |
CN110958301A (en) * | 2019-11-04 | 2020-04-03 | 广州亚美信息科技有限公司 | Vehicle archive data processing method, device and system based on alliance chain |
CN111159750B (en) * | 2020-04-07 | 2021-02-05 | 南京邮电大学 | Automobile maintenance data storage method based on alliance chain |
-
2020
- 2020-04-07 CN CN202010262492.7A patent/CN111159750B/en active Active
-
2021
- 2021-01-25 JP JP2022504729A patent/JP2022542134A/en active Pending
- 2021-01-25 WO PCT/CN2021/073500 patent/WO2021203797A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
WO2021203797A1 (en) | 2021-10-14 |
CN111159750A (en) | 2020-05-15 |
JP2022542134A (en) | 2022-09-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111159750B (en) | Automobile maintenance data storage method based on alliance chain | |
CN111800268B (en) | Zero knowledge proof for blockchain endorsements | |
Florian et al. | Erasing data from blockchain nodes | |
US11238543B2 (en) | Payroll based blockchain identity | |
CN109040012B (en) | Block chain-based data security protection and sharing method and system and application | |
CN113065961B (en) | Power block chain data management system | |
JP2021512569A (en) | Blockchain data processing method, management side, client side, converter and medium | |
WO2021184885A1 (en) | Method and device for use in updating public key set at blockchain node | |
CN110458560B (en) | Method and apparatus for transaction verification | |
US11227282B2 (en) | Time-bounded activity chains with multiple authenticated agent participation bound by distributed single-source-of-truth networks that can enforce automated value transfer | |
Thompson | The preservation of digital signatures on the blockchain | |
CN111368318B (en) | Object tracking method for multi-mode blockchain transaction | |
CN110599163B (en) | Transaction record outsourcing method facing block chain transaction supervision | |
CN109858259B (en) | HyperLedger Fabric-based community health service alliance data protection and sharing method | |
CN117396869A (en) | System and method for secure key management using distributed ledger techniques | |
CN114900290A (en) | Data transaction model and privacy protection method based on block chain | |
CN113949541B (en) | DDS (direct digital synthesizer) secure communication middleware design method based on attribute strategy | |
CN114266069B (en) | House transaction electronic data sharing system and method based on blockchain technology | |
CN110619223A (en) | Block chain-based safe sharing method for credit data in personal credit investigation system | |
CN111008855A (en) | Retroactive data access control method based on improved proxy re-encryption | |
CA3180249A1 (en) | Permissioned eventing in a decentralized database | |
JP2023098847A (en) | Apparatus, method and computer program (selective audit process for privacy-preserving blockchain) | |
CN117999566A (en) | Privacy preserving state references | |
CN116436708A (en) | Trusted data sharing method and system based on blockchain technology | |
TW202101267A (en) | Account data processing method and account data processing system ensuring that there is encryption protection when account data is returned to an electronic payment dealer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |