Disclosure of Invention
The invention provides a method, a device and a storage medium for extracting blockchain data, which realize the safety protection of the blockchain data extraction, so that the blockchain can safely extract the blockchain data under the condition that a secret key is lost or stolen, and the safety and the reliability of the blockchain are improved.
The invention provides a block chain data extraction method, which comprises the following steps:
step S10: judging whether the original private key of the target blockchain to be accessed is backed up in the key blockchain; when the backup is not completed, step S20 is performed; otherwise, executing step S30;
step S20: completing backup operation of an original private key of the target blockchain and access setting of the key blockchain;
step S30: accessing the key blockchain according to the access setting of the key blockchain;
step S40: obtaining the authority of calling operation on the original private key of the target blockchain in the key blockchain, and simultaneously obtaining the authority of establishing VPN channel connection for accessing the target blockchain;
step S50: establishing a VPN channel connection accessing the target blockchain and calling the original private key to access the target blockchain.
Further, the step S20 includes:
step S210: reminding a user to carry out original private key backup of the target block chain;
step S220: judging whether the user agrees with the backup, executing step S230 when the user agrees, otherwise, ending;
step S230: the user is prompted to generate a private key using an encryption algorithm using a key generation element to access the key blockchain, and a public key is generated using an encryption algorithm based on the private key.
Further, the key generation element includes any one or combination of a human body biometric feature, specific character information preset by a user, and specific data information of a third party authority.
Further, the step S20 further includes:
step S240: setting validity periods of the private key and the public key and an access mode of the key blockchain, wherein the access mode comprises the private key or the combination of the private keys;
step S250: storing the public key, the original private key of the target blockchain, the validity periods of the private key and the public key and the access mode to an information storage area of the key blockchain block.
Further, the original private key of the target blockchain in the information storage area of the key blockchain block can not be deleted, changed and read out, the original private key of the target blockchain can only be called, and signature verification is performed on the target blockchain through a VPN channel.
Further, the step S30 further includes:
step S310: judging whether the validity period is expired, executing step S320 when the validity period is expired, otherwise executing step S20;
step S320: receiving a private key or a combination of private keys provided by a user;
step S330, signature verification of the access of the key blockchain is performed on the private key or the combination of private keys;
step S340: and judging whether the signature verification is passed or not, if so, executing the step S40, and if not, ending.
Further, when the original private key of the target blockchain is finished backing up in the key blockchain, blocking and prohibiting access to the target blockchain using the private key of the target blockchain.
Further, the key blockchain is a newly constructed key blockchain of the blockchain data extraction method, the key blockchain is used for storing an original private key of a target blockchain, and a user invokes the original private key of the target blockchain according to a preset mode.
In order to achieve the above object, the present invention further provides a blockchain data extraction device, where the blockchain data extraction device includes a memory module and a processor module, and the memory module stores a blockchain data extraction program that can run on the processor module, and the blockchain data extraction program implements the steps of the blockchain data extraction method when executed by the processor module.
In addition, in order to achieve the above object, the present invention further provides a storage medium, which is a computer readable storage medium, and the storage medium stores a blockchain data extraction program thereon, where the blockchain data extraction program is executable by one or more processor modules to implement the steps of the blockchain data extraction method.
According to the blockchain data extraction method, the device and the storage medium, the original private key of the accessed target blockchain and the access control of the key blockchain are backed up, so that the safety protection of the extraction of the target blockchain data is realized, the blockchain data can be safely extracted under the condition that the key is lost or stolen, and the safety and the reliability of the blockchain are improved.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the prior art, when a user accesses a target blockchain, the user needs to provide an original private key of the target blockchain, and the original private key of the target blockchain is compared with an original public key stored in the target blockchain to verify, so that the user obtains the access to the target blockchain after verification. The invention provides a blockchain extraction method, which is to backup an original private key of a target blockchain to an information storage area of a key blockchain block and realize access and data extraction of the target blockchain through access control of the key blockchain, specifically referring to fig. 1, fig. 1 is a flow diagram of a blockchain data extraction method provided by an embodiment of the invention, and the method comprises the following steps:
step S10: judging whether the original private key of the target blockchain to be accessed is backed up in the key blockchain; when the backup is not completed, step S20 is performed; otherwise, executing step S30;
step S20: completing backup operation of an original private key of the target blockchain and access setting of the key blockchain;
step S30: accessing the key blockchain according to the access setting of the key blockchain;
step S40: obtaining the authority of calling operation on the original private key of the target blockchain in the key blockchain, and simultaneously obtaining the authority of establishing VPN channel connection for accessing the target blockchain;
step S50: establishing a VPN channel connection accessing the target blockchain and calling the original private key to access the target blockchain.
Referring to fig. 2, the step S20 includes:
step S210: reminding a user of carrying out original private key backup of the target blockchain.
Step S220: and judging whether the user agrees with the backup, executing step S230 when the user agrees, and ending the process if not.
Step S230: prompting a user to generate a private key accessing the key blockchain by using a key generation element by using an encryption algorithm, and generating a public key by using the encryption algorithm based on the private key; the key generation element comprises any one or combination of human body biological characteristics, specific character information preset by a user and specific data information of a third party mechanism. In particular, in an embodiment, the human body biometric means a human body biometric of a user's own individual, such as a fingerprint, a toe mark, a facial feature, as a key generation element, or specific character information preset by the user is used as a key generation element. Alternatively, the user may designate a third party, such as a family or friend, with the human body biometric of the third party as the key generation element; it is also possible to delegate a third party organization, such as a notarization agency, a public security, a judicial department, to use specific data information as key generating elements, such as digital certificates of the notarization agency, public security, names, addresses, contact information, etc. specified by the judicial department as specific data information as specified key generating elements.
Specifically, in an embodiment, the key generating element includes a first key generating element, a second key generating element, a third key generating element and a fourth key generating element, where the first key generating element is a string of characters stored on a physical medium, for example, a string of characters stored on a U disc, a string of characters stored on a hard disc of a computer, a string of characters stored on a paper, and a string of other characters such as a mobile phone number and an electronic mailbox, a first private key is generated on the first key generating element by using an irreversible encryption algorithm, and a first public key is generated on the basis of the first private key by using an encryption algorithm. The user only needs to remember the used character string and algorithm type, the user does not need to record or save the private key, and the same private key can still be temporarily generated when the user needs to use the private key for signature verification.
Likewise, the second key generating element is biometric information of the user's individual, such as a fingerprint, toe, retina, voiceprint, iris, and other facial features, and a second private key is generated using an irreversible encryption algorithm for the second key generating element, and a second public key is generated using an encryption algorithm based on the second private key. The third key generation element generates a third private key for the biometric information of one or more other people specified by the user by using an irreversible encryption algorithm, and generates a third public key by using an encryption algorithm based on the third private key. The fourth key generation element is specific data information held by an organization entrusted by a user, such as public security, notarization, judicial and arbitration organization entrusted by the user, the organization can be used as a final specific data information holder, the specific data information held by the organization comprises basic information such as an organization digital certificate, a company name, time and place information and the like, the fourth key generation element is used for generating a fourth private key by using an irreversible encryption algorithm, and the encryption algorithm is used for generating a fourth public key based on the fourth private key. The user, other people or entrusted organization only needs to remember the used key generation element and algorithm type, does not need to record or store the private key, and can still temporarily generate the same private key when the private key is needed to be used for signature verification. This avoids security problems associated with recording complex keys.
Step S240: setting validity periods of the private key and the public key and an access mode of the key blockchain, wherein the access mode comprises the private key or the combination of the private keys. In an embodiment, the validity period of the private key and the public key is set to be three months, and when the validity period exceeds three months, the private key and the public key are invalid, and the private key and the public key are required to be regenerated by a user, so that the use safety of the private key can be ensured.
Step S250: storing the public key, the original private key of the target blockchain, the validity periods of the private key and the public key and the access mode to an information storage area of the key blockchain block. The original private key of the target blockchain in the information storage area of the key blockchain block can not be deleted, changed and read out, the original private key of the target blockchain can only be called, and signature verification is carried out on the target blockchain through a VPN channel. The key blockchain is a newly constructed key blockchain of the blockchain data extraction method, the key blockchain is used for storing an original private key of a target blockchain, and a user invokes the original private key of the target blockchain according to a preset mode.
When the original private key of the target blockchain is completely backed up in the key blockchain, blocking and prohibiting access to the target blockchain using the private key of the target blockchain. Specifically, after the original private key of the target blockchain is stolen, the target blockchain still cannot be accessed by a stealer by using the original private key, so that the safety and the reliability of the blockchain are improved.
Referring to fig. 3, the step S30 further includes:
step S310: judging whether the validity period is expired, executing step S320 when the validity period is expired, otherwise executing step S20;
step S320: receiving a private key or a combination of private keys provided by a user;
step S330, signature verification of the access of the key blockchain is performed on the private key or the combination of private keys;
step S340: and judging whether the signature verification is passed or not, if so, executing the step S40, and if not, ending.
Specifically, setting an access mode to the key blockchain, wherein the access mode comprises a private key or a combination of private keys used; specifically, the following settings are exemplified in the present embodiment: the user sets an access mode of the key block chain to use two private keys, and under normal conditions, a first private key and a second private key are used; when an unexpected situation occurs, such as death or memory loss of the user, the second private key and the third private key are used; the third private key and the fourth private key are used when the user's personal biometric is unavailable. While taking into account that the individual's biometric characteristics change slightly with age or that injury sometimes leads to possible information errors, it is possible to generate a different private key, although with the same algorithm. To prevent this, it is necessary to secure or enhance the stability of the underlying data; such as periodic (e.g., three months) re-entry of biometric information or resetting; or in biological characteristics, only the iris with highest stability is collected to complete basic data; or in the most extreme case, the use of biometric information in the key combination is not considered. In other embodiments, it may be provided that access to the key blockchain is achieved using only the first private key, or that access to the key blockchain is achieved using a combination of a plurality of private keys.
In particular, in some extreme cases, such as where keys are lost, stolen, the use of different private keys or settings of private key combinations ensures that the data extraction to the blockchain can be securely implemented. In particular, in an embodiment, after a disaster, a user becomes a plant person, since he prepares in advance, the original private key of a target blockchain is backed up in the key blockchain, the biological characteristics of a certain family are taken as key generation elements to generate a fifth private key, and a notarization mechanism is entrusted with the fifth private key, the notarization mechanism uses specific data information to generate a sixth private key, and when the accident occurs, the combination of the fifth private key and the sixth private key is taken as an access mode of the key blockchain, and the authority of calling operation on the original private key of the target blockchain in the key blockchain is obtained through completing access of the key blockchain, and the authority of establishing VPN channel connection for accessing the target blockchain is obtained; further, establishing a VPN channel connection accessing the target blockchain and calling the original private key to access the target blockchain, so as to successfully realize extraction of blockchain data. In another embodiment, the original private key of the target blockchain of the user is stolen, even if the original private key of the target blockchain is obtained by a stealer, the stealer cannot access the target blockchain by using the stolen original private key or obtain the VPN channel authority and the access authority of the target blockchain, and cannot extract the data of the target blockchain, so that the protection purpose of preventing the original private key of the blockchain from being stolen is achieved, and the safety and the reliability of the blockchain are improved.
In addition, the invention also provides a block chain data extraction device.
Referring to fig. 4, an internal structure diagram of a blockchain signature verification device according to an embodiment of the invention is shown, where the blockchain signature verification device at least includes a memory module 11, a processor module 12, a communication bus 13, and a network interface 14. Preferably, the blockchain signature verification apparatus includes a set of one or more cloud computing devices or computer devices present on a computer network.
The memory module 11 includes at least one type of readable storage medium, including flash memory, a hard disk, a multimedia card, a card-type memory module (e.g., SD or DX memory module, etc.), a magnetic memory module, a magnetic disk, an optical disk, etc. The memory module 11 may in some embodiments be an internal memory unit of a blockchain signature verification device, such as a hard disk of the blockchain signature verification device. The memory module 11 may also be an external storage device of the blockchain signature verification device in other embodiments, such as a plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash memory Card (Flash Card) or the like. Further, the memory module 11 may also include both an internal memory unit and an external memory device of the blockchain signature verification device, and preferably, the memory module 11 may also be a network storage device or a cloud storage device existing in a computer network. The memory module 11 may be used not only for storing application software installed in the blockchain signature verification device and various types of data, such as codes of blockchain signature verification programs, but also for temporarily storing data that has been output or is to be output.
The processor module 12 may in some embodiments be a central processor module (Central Processing Unit, CPU), a controller, microcontroller, microprocessor module or other data processing chip, or any other computing device for executing program code stored in the memory module 11, or processing data, such as executing a blockchain signature verification program, or the like.
The communication bus 13 is any communication means for enabling connected communication between these components.
The network interface 14 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), and is typically used to establish a communication connection between the blockchain signature verification device and other electronic devices.
Optionally, the blockchain data extraction device may further comprise a user interface, which may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the blockchain data extraction device and for displaying a visual user interface.
Fig. 4 illustrates only a blockchain signature verification device having components 11-14 and a blockchain signature verification procedure, and those skilled in the art will appreciate that the structure illustrated in fig. 4 is not limiting of the blockchain signature verification device and may include fewer or more components than illustrated, or may combine certain components, or may be a different arrangement of components, or may be a set of one or more computer devices or cloud computing devices in a computer network.
In the embodiment of the blockchain data extraction device shown in fig. 4, the memory module 11 stores a blockchain data extraction program; the processor module 12 performs the following steps when executing the blockchain data extraction program stored in the memory module 11:
step S10: judging whether the original private key of the target blockchain to be accessed is backed up in the key blockchain; when the backup is not completed, step S20 is performed; otherwise, executing step S30;
step S20: completing backup operation of an original private key of the target blockchain and access setting of the key blockchain;
step S30: accessing the key blockchain according to the access setting of the key blockchain;
step S40: obtaining the authority of calling operation on the original private key of the target blockchain in the key blockchain, and simultaneously obtaining the authority of establishing VPN channel connection for accessing the target blockchain;
step S50: establishing a VPN channel connection accessing the target blockchain and calling the original private key to access the target blockchain.
Referring to fig. 5, a program module diagram of a blockchain data extraction procedure in an embodiment of the blockchain data extraction device of the present invention is shown, where the blockchain data extraction procedure may be divided into a backup module 10, a storage module 20, a calculation module 30, a setting module 40 and a verification module 50, and the exemplary steps are as follows:
the backup module 10 is used for executing the reminding and backup tasks of the backup of the user key;
a storage module 20 for performing storage tasks for the user's keys, private keys, public keys and settings;
a calculation module 30 for performing a calculation task of generating a private key and a public key by an encryption algorithm;
a setting module 40, configured to perform a task of setting the private key and the public key;
the verification module 50 is configured to perform a task of comparing the private key with the public key.
The functions or operation steps implemented when the program modules such as the backup module 10, the storage module 20, the calculation module 30, the setting module 40, and the verification module 50 are executed are substantially the same as those of the foregoing embodiments, and will not be described herein.
In addition, an embodiment of the present invention further provides a storage medium, where the storage medium is a computer readable storage medium, and the storage medium stores a blockchain data extraction program, where the blockchain data extraction program may be executed by one or more processor modules to implement the following operations:
step S10: judging whether the original private key of the target blockchain to be accessed is backed up in the key blockchain; when the backup is not completed, step S20 is performed; otherwise, executing step S30;
step S20: completing backup operation of an original private key of the target blockchain and access setting of the key blockchain;
step S30: accessing the key blockchain according to the access setting of the key blockchain;
step S40: obtaining the authority of calling operation on the original private key of the target blockchain in the key blockchain, and simultaneously obtaining the authority of establishing VPN channel connection for accessing the target blockchain;
step S50: establishing a VPN channel connection accessing the target blockchain and calling the original private key to access the target blockchain.
The storage medium embodiments of the present invention are substantially the same as the above-described blockchain data extraction method and apparatus embodiments, and are not described here in detail.
Compared with the prior art, the method, the device and the storage medium for extracting the blockchain data realize the safety protection of the blockchain data extraction through the backup of the secret key of the user and the setting of the public key of the private key, so that the blockchain data can be safely extracted under the condition that the secret key is lost or stolen, and the safety and the reliability of the blockchain are improved.
It should be noted that, the foregoing reference numerals of the embodiments of the present invention are merely for describing the embodiments, and do not represent the advantages and disadvantages of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of other like elements in a process, apparatus, article or method that comprises the element.
From the description of the embodiments above, it will be apparent to those skilled in the art that the above-described example methods may be implemented by means of software plus a necessary general purpose computer network hardware platform. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium as described above (e.g. ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a drone, a mobile phone, a computer, a server, or a network device, etc.) of a computer network to perform the method according to the embodiments of the present invention.
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.