CN111428253B - Data protection method and system suitable for block chain - Google Patents
Data protection method and system suitable for block chain Download PDFInfo
- Publication number
- CN111428253B CN111428253B CN202010211614.XA CN202010211614A CN111428253B CN 111428253 B CN111428253 B CN 111428253B CN 202010211614 A CN202010211614 A CN 202010211614A CN 111428253 B CN111428253 B CN 111428253B
- Authority
- CN
- China
- Prior art keywords
- value
- transmission
- verification
- data
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention discloses a data protection method and a system suitable for a block chain.A sensor acquires data information, acquires a transmission salt value corresponding to the data information, generates an HMAC value according to the data information, a transmission key stored in the sensor and the transmission salt value, and sends sensor data comprising a sensor label, the data information and the HMAC value to a block chain subsystem; the block chain subsystem receives the sensor data, acquires a verification salt value corresponding to the data information, generates an OHAMAC value according to the data information, the verification salt value and a verification key corresponding to the sensor tag, judges whether the OHAMAC value is equal to the HMAC value or not, and links the data information if the OHAMAC value is equal to the HMAC value; according to the invention, the corresponding salt value is obtained by introducing parameters related to the change of the transmission data, so that the attack resistance strength of the system is greatly enhanced, and the safety problem of sensor data transmission in the process of combining the block chain and the Internet of things is effectively solved.
Description
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to a data protection method and system for a block chain.
Background
With the gradual development of the global internet of things technology and the vigorous support of policies of all countries, advanced products such as internet of things chips and information sensors are continuously released, so that the application and popularization of the internet of things are effectively promoted, and the internet of things is widely applied to the fields of transportation, logistics, environmental protection, medical treatment, retail and the like. Meanwhile, the internet of things hardware and internet of things products gradually step to the market, and the market scales of wearable devices such as smart bracelets and smart watches and smart homes are gradually enlarged.
The blockchain integrates the technologies of distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like, has the characteristics of decentralization, distrust, data non-falsification, traceability and the like, and can provide trust, ownership record, transparency and communication support for the Internet of things, so that a new thought is provided for solving the development problem of the Internet of things industry and expanding the development space of the Internet of things industry.
For the security of the whole network, reliable and reliable authentication and data transmission of the sensor devices are important when the sensor devices are accessed into the network.
In order to improve the authenticity of uplink data, part of the schemes adopt a Hash's mode, namely, the hash value of the file content is stored for uplink. The hash value of the file content, which we also refer to as the "digital fingerprint" of the file, can be obtained by hashing the file content. Whether the content of the file is tampered can be verified in a HashMerge mode, for example, a hash value of an original text is stored in a block chain, when the file is taken again, hash operation is carried out on the content of the file, and if the hash value is consistent with the content stored in the chain, the content is considered to be trusted and is not tampered. If the hash values are different, the content is considered to have been tampered with and is no longer trusted.
HMAC is an abbreviation of key-dependent Hash-based Message Authentication Code (Hash-based Message Authentication Code), and is a mechanism for performing Message Authentication by using a Hash function in cryptography, which can prove that the content of a Message is not modified in the transmission process, and can reliably confirm that a received Message is consistent with a transmitted Message. HMAC is the means of providing authentication services chosen by many current security protocols, and it introduces keys, whose security does not depend entirely on the Hash algorithm used, and the keys used are agreed in advance by both parties and cannot be known by third parties.
First, the prior art solution can only know whether a file is tampered with, but cannot know what the true original is. Secondly, if the file and the hash value of the file are modified simultaneously in the uploading process, the uplink content is also possibly tampered. In addition, the existing scheme for protecting the data security of both communication parties by using the HMAC algorithm has the hidden danger of being easily attacked by a password because the password key transformation mode is simple (the key is strengthened and fixed with characters).
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the data protection method and system suitable for the block chain are provided, and the safety problem of sensor data transmission in the process of combining the block chain and the Internet of things can be effectively solved.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
a data protection method suitable for a block chain comprises the following steps:
s1, a sensor acquires data information, acquires a transmission salt value corresponding to the data information, generates an HMAC value according to the data information, a transmission key stored in the sensor and the transmission salt value, and sends sensor data comprising a sensor label, the data information and the HMAC value to a block chain subsystem;
s2, the block chain subsystem receives the sensor data, acquires a verification salt value corresponding to the data information, generates an OHAMAC value according to the data information, the verification salt value and a verification key corresponding to the sensor tag, judges whether the OHAMAC value is equal to the HMAC value or not, and links the data information if the OHAMAC value is equal to the HMAC value.
In order to solve the technical problem, the invention adopts another technical scheme as follows:
a data protection system adapted for a blockchain, comprising a sensor and a blockchain subsystem, the sensor including a first memory, a first processor and a first computer program stored on the first memory and executable on the first processor, the blockchain subsystem including a second memory, a second processor and a second computer program stored on the second memory and executable on the second processor, the first processor implementing the following steps when executing the first computer program:
s1, collecting data information, acquiring a transmission salt value corresponding to the data information, generating an HMAC value according to the data information, a transmission key stored in the data information and the transmission salt value, and sending sensor data comprising the sensor label, the data information and the HMAC value to a block chain subsystem;
the second processor, when executing the second computer program, implements the steps of:
s2, receiving the sensor data, acquiring a verification salt value corresponding to the data information, generating an OHMMAC value according to the data information, the verification salt value and a verification key corresponding to the sensor tag, judging whether the OHMMAC value is equal to the HMAC value, and if yes, linking the data information.
The invention has the beneficial effects that: a data protection method and system suitable for a block chain are disclosed, wherein an HMAC value is generated according to data information, a transmission salt value corresponding to the data information and a transmission key stored by the block chain subsystem, an OHAMAC value is generated according to the data information, a verification salt value corresponding to the data information and a pre-stored verification key after the block chain subsystem receives sensor data, and whether the data information is falsified or not is verified by judging whether the HMAC value and the OHAMAC value are equal or not.
Drawings
Fig. 1 is a schematic flowchart of a data protection method for a block chain according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a data protection system suitable for a block chain according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a data protection system for a block chain according to an embodiment of the present invention.
Description of reference numerals:
1. a data protection system adapted for use with a blockchain; 2. a sensor; 3. a first processor; 4. a first memory; 5. a block chain subsystem; 6. a second processor; 7. a second memory; 8. a key server; 9. a block chain node.
Detailed Description
In order to explain the technical contents, the objects and the effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.
Referring to fig. 1, a data protection method for a block chain includes the steps of:
s1, a sensor acquires data information, acquires a transmission salt value corresponding to the data information, generates an HMAC value according to the data information, a transmission key stored in the sensor and the transmission salt value, and sends sensor data comprising a sensor label, the data information and the HMAC value to a block chain subsystem;
s2, the block chain subsystem receives the sensor data, acquires a verification salt value corresponding to the data information, generates an OHAMAC value according to the data information, the verification salt value and a verification key corresponding to the sensor tag, judges whether the OHAMAC value is equal to the HMAC value or not, and links the data information if the OHAMAC value is equal to the HMAC value.
From the above description, the beneficial effects of the present invention are: the method comprises the steps of generating an HMAC value according to data information, a transmission salt value corresponding to the data information and a transmission key stored by the block chain subsystem, generating an OHAMAC value according to the data information, a verification salt value corresponding to the data information and a pre-stored verification key after the block chain subsystem receives sensor data, and verifying whether the data information is tampered or not by judging whether the HMAC value and the OHAMAC value are equal or not.
Further, the step S1 specifically includes the following steps:
s11, acquiring data information by a sensor, acquiring a transmission key stored by the sensor, and calculating a transmission data hash value of the transmission key and the splicing content of the data information;
s12, calculating the total transmission number of '1' in the binary number of the transmission data hash value by a sensor, and dividing the total transmission number by the digit of the transmission key to obtain a transmission remainder;
s13, the sensor inquires a transmission salt value table stored in the sensor according to the transmission remainder to obtain a transmission salt value corresponding to the transmission remainder, and an HMAC value is generated according to the transmission key, the transmission salt value and the data information;
s14, the sensor sends sensor data comprising the sensor tag, the data information and the HMAC value to a block chain subsystem;
the step S2 specifically includes the steps of:
s21, the block chain subsystem receives the sensor data, acquires a verification key corresponding to the sensor label, and calculates a verification data hash value of the verification key and the splicing content of the data information;
s22, the block chain subsystem calculates the total verification number of '1' in the binary number of the verification data hash value, and divides the total verification number by the digit number of the verification key to obtain a verification remainder;
s23, the block chain subsystem queries a verification salt value table corresponding to the sensor tag according to the verification remainder to obtain a verification salt value corresponding to the verification remainder, and generates an OHMMAC value according to the transmission key, the verification salt value and the data information;
s24, the block chain subsystem judges whether the OHAMAC value is equal to the HMAC value, if so, the data information is uplinked, otherwise, an alarm is sent out.
It can be known from the above description that the corresponding salt value table and the key are arranged in the sensor and the block chain subsystem, wherein the hash calculation is performed on the data information and the spliced data of the key, the obtained data hash value is weighed and subjected to remainder operation, and then the salt value table is queried according to the remainder to obtain the salt value, so that the salt value changes in real time along with the data information, and the salt value changing in real time is used as a part of the HMAC and is not sent together with the data, thereby realizing the algorithm reinforcement of 'key + multiple salt values' to enhance the anti-attack strength of the system.
Further, the step S11 of "calculating the hash value of the transmission data of the splicing content of the transmission key and the data information" specifically includes the following steps:
the sensor carries out bitwise XOR on the transmission key and a preset value comprising m bytes to obtain a converted transmission key of m bytes, if the byte length of the transmission key is less than m, 0 is filled behind the transmission key to ensure that the byte length of the transmission key reaches m bytes, and the m is equal to the byte number of the Hash output value;
splicing the data information behind the converted transmission key by the sensor to obtain transmission splicing content, and carrying out hash operation on the transmission splicing content to obtain a transmission data hash value;
the step S21 of "calculating the verification data hash value of the splicing content of the verification key and the data information" specifically includes the following steps:
the block chain subsystem carries out bitwise XOR on the verification key and preset values comprising m bytes to obtain a converted verification key of m bytes, and if the byte length of the verification key is smaller than m, 0 is filled behind the verification key to enable the byte length of the verification key to reach m bytes;
and the block chain subsystem splices the data information behind the converted verification key to obtain verification splicing content, and performs hash operation on the verification splicing content to obtain a verification data hash value.
As can be seen from the above description, the hash output value is an output value after the hash calculation, such as the hash value of the transmission data in step S1 and the hash value of the verification data in step S2, and the number of bytes of the hash output value is related to the hash algorithm used; therefore, the byte length of the key is complemented to the byte length of the hash output value, and the data information is added to obtain data with more bits than the hash output value, so that the safety of the output data hash value is enhanced.
Further, the step S13 specifically includes the following steps:
the sensor inquires a transmission salt value table stored by the sensor according to the transmission remainder to obtain a transmission salt value corresponding to the transmission remainder;
performing bitwise XOR on the transmission salt value and the preset numerical value by a sensor to obtain a m-byte converted transmission salt value, performing hash operation on the converted transmission salt value to obtain a transmission salt value hash value, and filling 0 behind the transmission salt value if the byte length of the transmission salt value is less than m so that the byte length of the transmission salt value reaches m bytes;
the sensor carries out hash operation on the data flow comprising the converted transmission key, the transmission salt value hash value and the transmission data hash value to obtain an HMAC value;
the step S23 specifically includes the following steps:
the block chain subsystem queries a verification salt value table stored by the block chain subsystem according to the verification remainder to obtain a verification salt value corresponding to the verification remainder;
the block chain subsystem carries out bitwise XOR on the verification salt value and the preset numerical value to obtain a converted verification salt value of m bytes, carries out Hash operation on the converted verification salt value to obtain a verification salt value Hash value, and fills 0 behind the verification salt value if the byte length of the verification salt value is smaller than m so that the byte length of the verification salt value reaches m bytes;
and the block chain subsystem carries out hash operation on the data stream comprising the converted verification key, the verification salt value hash value and the verification data hash value to obtain an OHAMAC value.
From the above description, it can be known that the length of the salt value is also increased to the number of bytes of the hash output value to ensure the security of the salt value hash value, and meanwhile, the salt value subjected to hash calculation is adopted in the HMAC value, so that the algorithm of "key + multiple salt value" is further strengthened to further enhance the strength of the system against attacks.
Further, the preset value is 0X55 of m bytes, m is 32, and the algorithm of the hash operation is a sha256 algorithm.
As can be seen from the above description, a preferred embodiment is provided, which uses the sha256 algorithm as the hash algorithm, and outputs a 256-bit value, i.e. 32 bytes, so that m is 32.
Referring to fig. 2 and fig. 3, a data protection system for a block chain includes a sensor and a block chain subsystem, where the sensor includes a first memory, a first processor, and a first computer program stored in the first memory and executable on the first processor, the block chain subsystem includes a second memory, a second processor, and a second computer program stored in the second memory and executable on the second processor, and the first processor implements the following steps when executing the first computer program:
s1, acquiring data information, acquiring a transmission salt value corresponding to the data information, generating an HMAC value according to the data information, a transmission key stored in the HMAC value, and sending sensor data comprising the sensor tag, the data information and the HMAC value to a block chain subsystem;
the second processor, when executing the second computer program, implements the steps of:
s2, receiving the sensor data, acquiring a verification salt value corresponding to the data information, generating an OHMMAC value according to the data information, the verification salt value and a verification key corresponding to the sensor tag, judging whether the OHMMAC value is equal to the HMAC value, and if so, chaining the data information.
From the above description, the beneficial effects of the present invention are: the method comprises the steps of generating an HMAC value according to data information, a transmission salt value corresponding to the data information and a transmission key stored by the block chain subsystem, generating an OHAMAC value according to the data information, a verification salt value corresponding to the data information and a pre-stored verification key after the block chain subsystem receives sensor data, and verifying whether the data information is tampered or not by judging whether the HMAC value and the OHAMAC value are equal or not.
Further, when the first processor executes the step S1 of the first computer program, the following steps are specifically implemented:
s11, collecting data information, acquiring a transmission key stored by the data information, and calculating a transmission data hash value of the transmission key and the splicing content of the data information;
s12, calculating the total transmission number of '1' in the binary number of the transmission data hash value, and dividing the total transmission number by the digit of the transmission key to obtain a transmission remainder;
s13, inquiring a transmission salt value table stored in the transmission device according to the transmission remainder to obtain a transmission salt value corresponding to the transmission remainder, and generating an HMAC value according to the transmission key, the transmission salt value and the data information;
s14, sending sensor data comprising the sensor tag, the data information and the HMAC value to a block chain subsystem;
when the second processor executes the step S2 of the second computer program, the following steps are specifically implemented:
s21, receiving the sensor data, acquiring a verification key corresponding to the sensor label, and calculating a verification data hash value of the verification key and the splicing content of the data information;
s22, calculating the total verification number of '1' in the binary number of the verification data hash value, and dividing the total verification number by the digit of the verification key to obtain a verification remainder;
s23, inquiring a verification salt value table corresponding to the sensor tag according to the verification remainder to obtain a verification salt value corresponding to the verification remainder, and generating an OHAMAC value according to the transmission key, the verification salt value and the data information;
s24, judging whether the OHMAC value is equal to the OHMAC value, if so, linking the data information, otherwise, sending an alarm.
It can be known from the above description that the corresponding salt value table and the key are arranged in the sensor and the block chain subsystem, wherein the hash calculation is performed on the data information and the spliced data of the key, the obtained data hash value is weighed and subjected to remainder operation, and then the salt value table is queried according to the remainder to obtain the salt value, so that the salt value changes in real time along with the data information, and the salt value changing in real time is used as a part of the HMAC and is not sent together with the data, thereby realizing the algorithm reinforcement of 'key + multiple salt values' to enhance the anti-attack strength of the system.
Further, when the first processor executes "calculate the hash value of the transmission data of the spliced content of the transmission key and the data information" in the step S11 of the first computer program, the following steps are specifically implemented:
performing bitwise XOR on the transmission key and a preset numerical value comprising m bytes to obtain a converted transmission key of m bytes, and if the byte length of the transmission key is less than m, filling 0 behind the transmission key to enable the byte length of the transmission key to reach m bytes, wherein m is equal to the byte number of a hash output value;
splicing the data information behind the converted transmission key to obtain transmission splicing content, and performing hash operation on the transmission splicing content to obtain a transmission data hash value;
the second processor, when executing "calculating the verification data hash value of the spliced content of the verification key and the data information" in step S21 of the second computer program, specifically implements the following steps:
carrying out bitwise XOR on the verification key and a preset value comprising m bytes to obtain a converted verification key of m bytes, and if the byte length of the verification key is less than m, filling 0 behind the verification key to enable the byte length of the verification key to reach m bytes;
splicing the data information behind the converted verification key to obtain verification splicing content, and performing hash operation on the verification splicing content to obtain a verification data hash value.
As can be seen from the above description, the hash output value is an output value after the hash calculation, such as the hash value of the transmission data in step S1 and the hash value of the verification data in step S2, and the number of bytes of the hash output value is related to the hash algorithm used; therefore, the byte length of the key is complemented to the byte length of the hash output value, and the data information is added to obtain data with more bits than the hash output value, so that the safety of the output data hash value is enhanced.
Further, the first processor, when executing the step S13 of the first computer program, specifically implements the following steps:
inquiring a transmission salt value table stored by the user according to the transmission remainder to obtain a transmission salt value corresponding to the transmission remainder;
performing bitwise XOR on the transmission salt value and the preset numerical value to obtain a m-byte converted transmission salt value, performing hash operation on the converted transmission salt value to obtain a hash value of the transmission salt value, and if the byte length of the transmission salt value is less than m, filling 0 behind the transmission salt value to enable the byte length of the transmission salt value to reach m bytes;
performing hash operation on the data stream comprising the converted transmission key, the transmission salt value hash value and the transmission data hash value to obtain an HMAC value;
the second processor, when executing the step S23 of the second computer program, specifically implements the following steps:
inquiring a verification salt value table stored by the user according to the verification remainder to obtain a verification salt value corresponding to the verification remainder;
carrying out bitwise XOR on the verification salt value and the preset numerical value to obtain a converted verification salt value of m bytes, carrying out Hash operation on the converted verification salt value to obtain a verification salt value Hash value, and if the byte length of the verification salt value is less than m, filling 0 behind the verification salt value to enable the byte length of the verification salt value to reach m bytes;
and carrying out hash operation on the data stream comprising the converted verification key, the verification salt value hash value and the verification data hash value to obtain an OHAMAC value.
From the above description, it can be known that the length of the salt value is also increased to the number of bytes of the hash output value to ensure the security of the salt value hash value, and meanwhile, the salt value subjected to hash calculation is adopted in the HMAC value, so that the algorithm of "key + multiple salt value" is further strengthened to further enhance the anti-attack strength of the system.
Further, the preset value is 0X55 of m bytes, m is 32, and the algorithm of the hash operation is a sha256 algorithm.
As can be seen from the above description, a preferred embodiment is provided, which uses the sha256 algorithm as the hash operation algorithm, and outputs 256-bit values, i.e. 32 bytes, so that m is 32.
Referring to fig. 1, a first embodiment of the present invention is:
in this embodiment, the hash algorithm is sha256 algorithm; the n sensors connected to the blockchain subsystem are defined as s 1 ,s 2 …,s n }; the sensor tag is defined as a non-repetitive string of characters { tag } 1 ,…,tag n }; sensor key is defined as k 1 ,k 2 …,k n The block chain subsystem defines a salt table for each sensor, where sensor s i The salt value is shown as { Sa i0 ,…,Sa im Therefore, in this embodiment, a data protection method applicable to a block chain is provided, which includes the steps of:
s1, a sensor acquires data information, acquires a transmission salt value corresponding to the data information, generates an HMAC value according to the data information, a transmission key stored in the sensor and the transmission salt value, and sends sensor data comprising a sensor label, the data information and the HMAC value to a block chain subsystem;
in this embodiment, if the data information is info, the sensor s i Tag is to be i info/HMAC is passed to the blockchain subsystem, where the data processed on the sensor is signaled for transmission and the data processed on the blockchain subsystem is signaled for verification in order to distinguish the data processed on the sensor from the data processed on the blockchain subsystem;
s2, the block chain subsystem receives the sensor data, acquires a verification salt value corresponding to the data information, generates an OHMMAC value according to the data information, the verification salt value and a verification key corresponding to the sensor tag, judges whether the OHMMAC value is equal to the OHMAC value or not, and links the data information if the OHMMAC value is equal to the HMAC value.
In this embodiment, the blockchain subsystem receives a tag i If the whole data is not attacked in the transmission process, the pre-stored keys and the salt value table are correspondingly consistent, and the finally obtained OHAMAC value is also equal to the HMAC, the acquired data information is added to the block for uplink by using a block chain consensus algorithm.
It should be appreciated that the random number applied in the calculation to derive the HMAC value is sent to the sensor by the blockchain subsystem, and therefore, in the case where the key corresponds to the salt table, the resulting hash value is naturally equal since the random number and the data information are the same.
Referring to fig. 1, the second embodiment of the present invention is:
in this embodiment, the preset value is 0x55 with m bytes, and m is 32, so that the method for protecting data in a block chain provided by this embodiment specifically includes the following steps on the basis of the first embodiment:
s11, acquiring data information by a sensor, and acquiring a transmission key stored by the sensor; the sensor carries out bitwise XOR on the transmission key and a preset value comprising m bytes to obtain a converted transmission key of m bytes, if the byte length of the transmission key is less than m, 0 is filled behind the transmission key to ensure that the byte length of the transmission key reaches m bytes, and m is equal to the byte number of the hash output value; splicing the data information behind the converted transmission key by the sensor to obtain transmission splicing content, and carrying out hash operation on the transmission splicing content to obtain a transmission data hash value;
i.e. in the present embodiment, the sensor s i Collecting data information info, and obtaining a secret key k i Calculating the Value of the hash Value of the transmission data i =SHA256(k i xor pad, info), where pad is a preset value, xor is an exclusive or operation, and represents a secret key k i Modulo two with a fixed length pad, if the key k i If the number of bytes is less than m, filling 0 until m bytes are reached;
s12, calculating the total transmission number of '1' in the binary number of the transmission data hash value by a sensor, and dividing the total transmission number by m to obtain a transmission remainder;
i.e. in the present embodiment, the sensor s i Obtain the transmission remainder w = Weight (Value) i ) Mod (m), where Weight is weighing, i.e. calculating the Value of the transmitted data hash Value i The Mod is a remainder function, which means that the total number Weight (Value) of the transmission before the Mod is added i ) Except after ModA remainder after byte length m of, e.g., 5Mod 2=1;
s13, the sensor inquires a transmission salt value table stored by the sensor according to the transmission remainder to obtain a transmission salt value corresponding to the transmission remainder; carrying out bitwise XOR on the transmission salt value and a preset value by the sensor to obtain a converted transmission salt value of m bytes, carrying out hash operation on the converted transmission salt value to obtain a hash value of the transmission salt value, and filling 0 behind the transmission salt value if the byte length of the transmission salt value is less than m so that the byte length of the transmission salt value reaches m bytes; the sensor carries out hash operation on the data stream comprising the converted transmission key, the transmission salt value hash value and the transmission data hash value to obtain an HMAC value;
i.e. in the present embodiment, the sensor s i Inquiring a transmission salt value table according to the transmission remainder w to obtain a corresponding transmission salt value Sa iw Resulting in HMAC value = SHA256 (k) i xor pad,SHA256(Sa iw xor pad),SHA256(k i xor pad, info)), also the transmission salt Sa iw The length of the byte is less than m, and the operation is carried out after the automatic 0 supplement;
s14, the sensor sends sensor data comprising a sensor label, data information and an HMAC value to the block chain subsystem;
s21, the block chain subsystem receives the sensor data and acquires a verification key corresponding to the sensor label, the block chain subsystem carries out bitwise XOR on the verification key and a preset value comprising m bytes to obtain a converted verification key of m bytes, and if the byte length of the verification key is smaller than m, 0 is filled behind the verification key to enable the byte length of the verification key to reach m bytes; and the block chain subsystem splices the data information behind the transformed verification key to obtain verification splicing content, and performs hash operation on the verification splicing content to obtain a verification data hash value.
S22, the block chain subsystem calculates the total verification number of '1' in the binary number of the verification data hash value, and divides the total verification number by the digit number of the verification key to obtain a verification remainder;
s23, the block chain subsystem queries a verification salt value table stored by the block chain subsystem according to the verification remainder to obtain a verification salt value corresponding to the verification remainder; the block chain subsystem carries out bitwise XOR on the verification salt value and a preset value to obtain a converted verification salt value of m bytes, hash operation is carried out on the converted verification salt value to obtain a verification salt value hash value, and if the byte length of the verification salt value is smaller than m, 0 is filled behind the verification salt value to enable the byte length of the verification salt value to reach m bytes; the block chain subsystem carries out hash operation on the data flow comprising the converted verification key, the verification salt value hash value and the verification data hash value to obtain an OHAMAC value;
that is, in the present embodiment, the above steps S21 to S23 are the same as the above steps S11 to S13, and thus the verification data hash value OValue can be obtained i =SHA256(k i xor pad, info), verify remainder ow = Weight (OValue) i ) Mod (m), OHMAC value = SHA256 (k) i xor pad,SHA256(Sa iow xor pad),SHA256(k i xor pad, info)), except k here i Is a sensor s stored on a blockchain subsystem i Because the two keys are consistent in advance, the two keys are equal under the condition that the information is not modified in the uploading process, and the salt Sa is verified in the same way iow And transport salt value Sa iw Is equal in case of not being modified in the uploading process
S24, the block chain subsystem judges whether the OHAMAC value is equal to the HMAC value, if so, the data information is uplinked, otherwise, an alarm is sent out.
In this embodiment, if the OHMAC value is not equal to the HMAC value, it is determined that the information is modified in the uploading process, and the information is an inaccurate message, the data information is not uplinked, and an alarm is issued, so that the system may be attacked.
Referring to fig. 2 and fig. 3, a third embodiment of the present invention is:
a data protection system 1 suitable for use with a blockchain is shown in figure 2. The sensor system comprises a sensor 2 and a block chain subsystem 5, wherein the sensor 2 comprises a first memory 4, a first processor 3 and a first computer program stored on the first memory 4 and operable on the first processor 3, the block chain subsystem 5 comprises a second memory 7, a second processor 6 and a second computer program stored on the second memory 7 and operable on the second processor 6, the first processor 3 implements the step S1 and the corresponding sub-steps S11 to S14 in the first or second embodiment when executing the first computer program, and the second processor 6 implements the step S2 and the corresponding sub-steps S21 to S24 in the first or second embodiment when executing the second computer program.
As shown in fig. 3, the block chain subsystem 5 includes a key server 8 for storing private data and verifying validity, and a block chain node 9 as a data chain.
In summary, according to the data protection method and system applicable to the blockchain provided by the invention, the hash calculation is performed on the spliced data of the data information and the key, the obtained data hash value is weighed and subjected to remainder operation, then the salt value table is inquired according to the remainder to obtain the salt value, then the salt value is subjected to the hash calculation to obtain the salt value hash value, finally the HMAC value is generated according to the data information, the salt value hash value corresponding to the data information and the transmission key stored by the system, after the blockchain subsystem receives the sensor data, the OHMAC value is generated according to the received data information, and whether the HMAC value and the OHMAC value are equal or not is judged, so that whether the data information is tampered or not is verified.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.
Claims (8)
1. A data protection method suitable for a block chain is characterized by comprising the following steps:
s1, a sensor acquires data information, acquires a transmission salt value corresponding to the data information, generates an HMAC value according to the data information, a transmission key and the transmission salt value stored in the sensor, and sends sensor data comprising a sensor label, the data information and the HMAC value to a block chain subsystem;
s2, the block chain subsystem receives the sensor data, acquires a verification salt value corresponding to the data information, generates an OHAMAC value according to the data information, the verification salt value and a verification key corresponding to the sensor tag, judges whether the OHAMAC value is equal to the HMAC value or not, and links the data information if the OHAMAC value is equal to the HMAC value;
the step S1 specifically includes the steps of:
s11, a sensor collects data information, obtains a transmission key stored by the sensor, and calculates a transmission data hash value of the transmission key and the splicing content of the data information;
s12, calculating the total transmission number of '1' in the binary number of the transmission data hash value by a sensor, and dividing the total transmission number by the digit of the transmission key to obtain a transmission remainder;
s13, the sensor inquires a transmission salt value table stored in the sensor according to the transmission remainder to obtain a transmission salt value corresponding to the transmission remainder, and an HMAC value is generated according to the transmission key, the transmission salt value and the data information;
s14, the sensor sends sensor data comprising the sensor tag, the data information and the HMAC value to a block chain subsystem;
the step S2 specifically includes the steps of:
s21, the block chain subsystem receives the sensor data, acquires a verification key corresponding to the sensor label, and calculates a verification data hash value of the verification key and the splicing content of the data information;
s22, the block chain subsystem calculates the total verification number of '1' in the binary number of the verification data hash value, and divides the total verification number by the digit number of the verification key to obtain a verification remainder;
s23, the block chain subsystem inquires a verification salt value table corresponding to the sensor tag according to the verification remainder to obtain a verification salt value corresponding to the verification remainder, and an OHAMAC value is generated according to the transmission key, the verification salt value and the data information;
s24, the block chain subsystem judges whether the OHMAC value is equal to the OHMAC value, if yes, the data information is uplinked, and if not, an alarm is sent out.
2. The method according to claim 1, wherein the step S11 of calculating the hash value of the transmission data of the concatenation content of the transmission key and the data information specifically comprises the following steps:
the sensor carries out bitwise XOR on the transmission key and a preset value comprising m bytes to obtain a converted transmission key of m bytes, if the byte length of the transmission key is less than m, 0 is filled behind the transmission key to ensure that the byte length of the transmission key reaches m bytes, and the m is equal to the byte number of the Hash output value;
splicing the data information behind the converted transmission key by the sensor to obtain transmission splicing content, and carrying out hash operation on the transmission splicing content to obtain a transmission data hash value;
the step S21 of "calculating the verification data hash value of the splicing content of the verification key and the data information" specifically includes the following steps:
the block chain subsystem carries out bitwise XOR on the verification key and a preset value comprising m bytes to obtain a converted verification key of m bytes, and if the byte length of the verification key is smaller than m, 0 is filled behind the verification key to ensure that the byte length of the verification key reaches m bytes;
and the block chain subsystem splices the data information behind the transformed verification key to obtain verification splicing content, and performs hash operation on the verification splicing content to obtain a verification data hash value.
3. The method according to claim 2, wherein the step S13 specifically includes the following steps:
the sensor inquires a transmission salt value table stored by the sensor according to the transmission remainder to obtain a transmission salt value corresponding to the transmission remainder;
performing bitwise XOR on the transmission salt value and the preset numerical value by a sensor to obtain a m-byte converted transmission salt value, performing hash operation on the converted transmission salt value to obtain a transmission salt value hash value, and filling 0 behind the transmission salt value if the byte length of the transmission salt value is less than m so that the byte length of the transmission salt value reaches m bytes;
the sensor carries out hash operation on the data flow comprising the converted transmission key, the transmission salt value hash value and the transmission data hash value to obtain an HMAC value;
the step S23 specifically includes the following steps:
the block chain subsystem queries a verification salt value table stored in the block chain subsystem according to the verification remainder to obtain a verification salt value corresponding to the verification remainder;
the block chain subsystem carries out bitwise XOR on the verification salt value and the preset numerical value to obtain a converted verification salt value of m bytes, carries out Hash operation on the converted verification salt value to obtain a verification salt value Hash value, and fills 0 behind the verification salt value if the byte length of the verification salt value is smaller than m so that the byte length of the verification salt value reaches m bytes;
and the block chain subsystem carries out hash operation on the data flow comprising the converted verification key, the verification salt value hash value and the verification data hash value to obtain an OHAMAC value.
4. The method as claimed in claim 2 or 3, wherein the predetermined value is 0X55 bytes, m is 32 bytes, and the algorithm of the hash operation is sha256 algorithm.
5. A data protection system adapted for a blockchain, comprising a sensor and a blockchain subsystem, the sensor comprising a first memory, a first processor and a first computer program stored on the first memory and executable on the first processor, the blockchain subsystem comprising a second memory, a second processor and a second computer program stored on the second memory and executable on the second processor, wherein the first processor when executing the first computer program implements the steps of:
s1, acquiring data information, acquiring a transmission salt value corresponding to the data information, generating an HMAC value according to the data information, a transmission key stored in the HMAC value, and sending sensor data comprising the sensor tag, the data information and the HMAC value to a block chain subsystem;
the second processor, when executing the second computer program, implements the steps of:
s2, receiving the sensor data, acquiring a verification salt value corresponding to the data information, generating an OHMMAC value according to the data information, the verification salt value and a verification key corresponding to the sensor tag, judging whether the OHMMAC value is equal to the HMAC value, and if yes, linking the data information;
the first processor, when executing the step S1 of the first computer program, specifically implements the following steps:
s11, collecting data information, acquiring a transmission key stored by the data information, and calculating a transmission data hash value of the transmission key and the splicing content of the data information;
s12, calculating the total transmission number of '1' in the binary number of the transmission data hash value, and dividing the total transmission number by the digit of the transmission key to obtain a transmission remainder;
s13, inquiring a transmission salt value table stored in the transmission device according to the transmission remainder to obtain a transmission salt value corresponding to the transmission remainder, and generating an HMAC value according to the transmission key, the transmission salt value and the data information;
s14, sending sensor data comprising the sensor tag, the data information and the HMAC value to a block chain subsystem;
when the second processor executes the step S2 of the second computer program, the following steps are specifically implemented:
s21, receiving the sensor data, acquiring a verification key corresponding to the sensor label, and calculating a verification data hash value of the verification key and the splicing content of the data information;
s22, calculating the total verification number of '1' in the binary number of the verification data hash value, and dividing the total verification number by the digit of the verification key to obtain a verification remainder;
s23, inquiring a verification salt value table corresponding to the sensor tag according to the verification remainder to obtain a verification salt value corresponding to the verification remainder, and generating an OHAMAC value according to the transmission key, the verification salt value and the data information;
and S24, judging whether the OHMMAC value is equal to the HMAC value, if so, linking the data information, and otherwise, sending an alarm.
6. The system according to claim 5, wherein the first processor implements the following steps when calculating the hash value of the transmission data of the concatenated content of the transmission key and the data information in step S11 of the first computer program:
carrying out bitwise XOR on the transmission key and a preset value comprising m bytes to obtain a converted transmission key of m bytes, and if the byte length of the transmission key is less than m, filling 0 behind the transmission key to ensure that the byte length of the transmission key reaches m bytes, wherein m is equal to the byte number of a Hash output value;
splicing the data information behind the converted transmission key to obtain transmission splicing content, and performing hash operation on the transmission splicing content to obtain a transmission data hash value;
the second processor, when executing "calculating the verification data hash value of the spliced content of the verification key and the data information" in step S21 of the second computer program, specifically implements the following steps:
carrying out bitwise XOR on the verification key and a preset value comprising m bytes to obtain a converted verification key of m bytes, and if the byte length of the verification key is less than m, filling 0 behind the verification key to enable the byte length of the verification key to reach m bytes;
splicing the data information behind the converted verification key to obtain verification splicing content, and performing hash operation on the verification splicing content to obtain a verification data hash value.
7. The data protection system applicable to a block chain according to claim 6, wherein the first processor implements the following steps when executing the step S13 of the first computer program:
inquiring a transmission salt value table stored by the user according to the transmission remainder to obtain a transmission salt value corresponding to the transmission remainder;
carrying out bitwise XOR on the transmission salt value and the preset numerical value to obtain a m-byte converted transmission salt value, carrying out hash operation on the converted transmission salt value to obtain a transmission salt value hash value, and if the byte length of the transmission salt value is less than m, filling 0 behind the transmission salt value to enable the byte length of the transmission salt value to reach m bytes;
performing hash operation on the data stream comprising the converted transmission key, the transmission salt value hash value and the transmission data hash value to obtain an HMAC value;
the second processor, when executing the step S23 of the second computer program, specifically implements the following steps:
inquiring a verification salt value table stored by the user according to the verification remainder to obtain a verification salt value corresponding to the verification remainder;
carrying out bitwise XOR on the verification salt value and the preset numerical value to obtain a converted verification salt value of m bytes, carrying out Hash operation on the converted verification salt value to obtain a verification salt value Hash value, and if the byte length of the verification salt value is less than m, filling 0 behind the verification salt value to enable the byte length of the verification salt value to reach m bytes;
and carrying out hash operation on the data flow comprising the converted verification key, the verification salt value hash value and the verification data hash value to obtain an OHAMAC value.
8. The system according to claim 6 or 7, wherein the predetermined value is 0X55 bytes, m is 32 bytes, and the algorithm of the hash operation is sha256 algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010211614.XA CN111428253B (en) | 2020-03-24 | 2020-03-24 | Data protection method and system suitable for block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010211614.XA CN111428253B (en) | 2020-03-24 | 2020-03-24 | Data protection method and system suitable for block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111428253A CN111428253A (en) | 2020-07-17 |
| CN111428253B true CN111428253B (en) | 2023-04-07 |
Family
ID=71548728
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010211614.XA Active CN111428253B (en) | 2020-03-24 | 2020-03-24 | Data protection method and system suitable for block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111428253B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115086008B (en) * | 2022-06-13 | 2024-02-09 | 北京信长城科技发展有限公司 | Method and device for realizing password security protection, storage medium and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017119668A1 (en) * | 2016-01-06 | 2017-07-13 | 조선대학교산학협력단 | Data transmission apparatus and method enabling non-repudiation for transmission message |
| WO2018024056A1 (en) * | 2016-08-05 | 2018-02-08 | 华为技术有限公司 | User password management method and server |
| WO2018046008A1 (en) * | 2016-09-12 | 2018-03-15 | 上海鼎利信息科技有限公司 | Storage design method of blockchain encrypted radio frequency chip |
| CN109495249A (en) * | 2018-11-23 | 2019-03-19 | 全链通有限公司 | A kind of date storage method of block catenary system, node and block catenary system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468095A (en) * | 2014-11-28 | 2015-03-25 | 华为技术有限公司 | Data transmission method and device |
| US10630481B2 (en) * | 2016-11-07 | 2020-04-21 | Ford Global Technologies, Llc | Controller area network message authentication |
| CN106656476B (en) * | 2017-01-18 | 2020-12-01 | 腾讯科技(深圳)有限公司 | Password protection method and device and computer readable storage medium |
| CN115619403A (en) * | 2019-10-24 | 2023-01-17 | 福建福链科技有限公司 | Safe block chain-based surveillance video data transaction method and system |
-
2020
- 2020-03-24 CN CN202010211614.XA patent/CN111428253B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017119668A1 (en) * | 2016-01-06 | 2017-07-13 | 조선대학교산학협력단 | Data transmission apparatus and method enabling non-repudiation for transmission message |
| WO2018024056A1 (en) * | 2016-08-05 | 2018-02-08 | 华为技术有限公司 | User password management method and server |
| WO2018046008A1 (en) * | 2016-09-12 | 2018-03-15 | 上海鼎利信息科技有限公司 | Storage design method of blockchain encrypted radio frequency chip |
| CN109495249A (en) * | 2018-11-23 | 2019-03-19 | 全链通有限公司 | A kind of date storage method of block catenary system, node and block catenary system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111428253A (en) | 2020-07-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110493197B (en) | Login processing method and related equipment | |
| CN109194466B (en) | Block chain-based cloud data integrity detection method and system | |
| CN109495249B (en) | Data storage method of block chain system, node and block chain system | |
| CN109347627B (en) | Data encryption and decryption method and device, computer equipment and storage medium | |
| EP1724658B1 (en) | Structured document signature device, structured document adaptation device and structured document verification device | |
| US8898086B2 (en) | Systems and methods for transmitting financial account information | |
| CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
| CN110868287B (en) | Authentication encryption ciphertext coding method, system, device and storage medium | |
| CA2555322C (en) | One way authentication | |
| JP2001051596A (en) | Device and method for generating/verifying data | |
| JPH04265031A (en) | Method and apparatus for utilization control of open key | |
| CN110611670A (en) | API request encryption method and device | |
| CN109688098B (en) | Method, device and equipment for secure communication of data and computer readable storage medium | |
| CN108833117B (en) | Private key storage and reading method and device and hardware equipment | |
| CN111131278A (en) | Data processing method and device, computer storage medium and electronic equipment | |
| CN103116730A (en) | Deciphering method and system of data protection application programming interface (DPAPI) enciphered data | |
| CN105450413A (en) | Password-setting method, device, and system | |
| KR101253683B1 (en) | Digital Signing System and Method Using Chained Hash | |
| IL140141A (en) | Transcoding in data communications | |
| CN111428253B (en) | Data protection method and system suitable for block chain | |
| CN114567431A (en) | Security authentication method for unidirectional transmission | |
| CN112907375B (en) | Data processing method, device, computer equipment and storage medium | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| Moriarty et al. | Pkcs# 12: Personal information exchange syntax v1. 1 | |
| CN110336678B (en) | Signature algorithm for preventing falsification of mass data in Internet of vehicles |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |