CN111475828B - Encryption method and device, decryption method and device of block chain account book data - Google Patents
Encryption method and device, decryption method and device of block chain account book data Download PDFInfo
- Publication number
- CN111475828B CN111475828B CN202010405906.7A CN202010405906A CN111475828B CN 111475828 B CN111475828 B CN 111475828B CN 202010405906 A CN202010405906 A CN 202010405906A CN 111475828 B CN111475828 B CN 111475828B
- Authority
- CN
- China
- Prior art keywords
- field
- data
- sensitive
- encrypted
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Abstract
The invention discloses an encryption method and device, a decryption method and device of block chain account book data, wherein the encryption method comprises the following steps: identifying whether sensitive fields are contained in the book data; generating a ciphertext Hash abstract according to the plaintext field value of the sensitive field; packaging the Hash abstract and the unique identification of the specified privacy area by an intelligent contract to generate an encrypted coding string; generating an encryption key value pair by taking the encryption coding string as a key and the plaintext field value as a value, and storing the encryption key value pair in a designated privacy area; replacing a plaintext field value with an encrypted coding string to encrypt a sensitive field; the decryption method comprises the following steps: identifying whether the ledger data contains sensitive fields; identifying whether the field value of the sensitive field is an encrypted code string; retrieving a plaintext field value in a designated privacy zone via an intelligent contract; replacing the encrypted encoding string with a plaintext field value; and a corresponding apparatus is disclosed. The invention gets rid of the dependence on the encryption of the secret key, and leads the user experience to be smoother; the possibility of tampering the sensitive data is eliminated, and the safety of the block chain sensitive data is improved.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to an encryption method and device and a decryption method and device for block chain account book data.
Background
At present, each alliance party of an alliance block chain can realize fair accounting and data sharing on each node, and a data security mechanism of the block chain can guarantee that members except alliance members cannot acquire data on the alliance chain. In practical applications, however, data in a federation blockchain often has some sensitive fields, the sensitive fields need to be kept secret from one or more members of a federation, and other data except the sensitive fields can be shared. Sensitive information such as a certain purchase service, purchase price, purchaser and the like can be opened for a client side and a platform for service support, but the actual service provider selected by the platform may need to be kept secret; in addition to sensitive information, the type of purchase, purchase requirements, etc. need to be opened to the actual service provider.
Sensitive data in a block chain account book are encrypted through an intelligent contract, and the following two processing methods are generally adopted in the industry at present:
one is to remove the sensitive data from the original block chain ledger, and combine all sensitive fields to form a fully encrypted ledger. The method for splitting the account book data and uniformly encrypting and storing the sensitive data enables the sensitive data to be separated from the original account book and splits the integrity of the original account book data, so that the account book data cannot clearly reflect application scene appeal. When a data authority side needs to use the ledger data, the integrity of the ledger of an original scene needs to be repaired, the complexity of a system design stage is increased by the repair work, and meanwhile, the workload of the system operation stage is increased.
The other method is to use a symmetric or non-reconciliation public and private key, encrypt sensitive data by using the public key and then uniformly encrypt and manage the private key. The method for encrypting sensitive data by using the 'symmetric or asymmetric key' can ensure the data relation integrity of the original account book, but the management of the key is very important. If the key pair cannot be dynamically updated and is unchanged for a long time, a great risk of private key leakage is faced; if dynamic key updating is supported, the problems of key security storage (especially private keys), key updating strategies, encryption and decryption precision matching and the like need to be solved. The storage security of the private key can be achieved by means of blockchain isolated storage techniques such as channel isolation, privacy zones, etc., but not only the increased key management effort is a heavy task for the smart contracts.
Disclosure of Invention
The invention provides an encryption method and device, and a decryption method and device of block chain account book data to solve the technical problems.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
according to a first aspect of the embodiments of the present invention, there is provided an encryption method for block chain ledger data, which is used for a data submitter to submit ledger data of a block chain, and includes the following steps:
103, acquiring a unique identifier of a specified privacy area through an intelligent contract, and packaging the Hash abstract and the unique identifier of the specified privacy area to generate an encryption coding string;
104, generating an encryption key value pair by taking the encryption coding string as a key and the plaintext field value as a value, and storing the encryption key value pair in a designated privacy area;
and 105, replacing a plaintext field value with the encrypted coding string to serve as a sensitive field for encryption, and submitting the uplink of the account book data.
Preferably, in step 101, the method for identifying whether the ledger data contains the sensitive field is to identify whether the field name of the field to be identified contains an identifier before or after the field name of the field to be identified, where the identifier is used to identify the field as the sensitive field.
Preferably, in step 101, if the ledger data does not contain the sensitive field, the processing of the ledger data is terminated, and the uplink is directly submitted.
Preferably, in the step 102, the algorithm used for generating the Hash digest of the ciphertext according to the sensitive field of the plaintext is MD5, SHA1 or SHA 512; in step 103, the algorithm used for generating the encrypted encoding string by packaging the Hash digest and the unique identifier of the designated privacy zone is Base64 or Base 62.
According to a second aspect of the embodiments of the present invention, there is provided an encryption apparatus for sensitive data of a blockchain ledger, which is used by a data submitter for submitting ledger data of a blockchain, including:
the first identification module is used for identifying whether sensitive fields are contained in the ledger data;
the Hash abstract module is used for generating a Hash abstract of a ciphertext according to a plaintext field value of a sensitive field if the ledger data contains the sensitive field;
the encoding module is used for acquiring the unique identifier of the specified privacy area through the intelligent contract, and packaging the Hash abstract and the unique identifier of the specified privacy area to generate an encrypted encoding string;
the isolation module is used for generating a key value pair by taking the encrypted coding string as a key and the plaintext field value as a value, and storing the key value pair in a designated privacy area;
and the encryption module is used for encrypting the sensitive field by using the encryption coding string to replace a plaintext field value and submitting the uplink of the account book data.
According to a third aspect of the embodiments of the present invention, there is provided a method for decrypting blockchain ledger data, which is used by a data receiving party to decrypt ledger data obtained on a blockchain, and includes the following steps:
and 305, replacing the encrypted coding string with the plaintext field value to obtain the ledger data decrypted by the sensitive field.
Preferably, in step 301, the method for identifying whether the ledger data contains a sensitive field is to identify whether the field name of the field to be identified contains an identifier before or after the field name of the field to be identified, where the identifier is used to identify the field as a sensitive field; step 305 removes the identifier when finally obtaining ledger data decrypted by the sensitive field.
Preferably, the step 303 includes the following steps:
step 3031, judging whether the data receiver has the access authority of the appointed privacy area, if not, terminating the decryption;
3032, retrieving and finding out a corresponding encryption key value pair in the designated privacy area through the intelligent contract, and acquiring a plaintext field value of a sensitive field corresponding to the encryption code string, wherein the encryption key value pair takes the encryption code string as a key and the plaintext field value as a value.
Preferably, the method further includes, between step 303 and step 305:
step 3041, caching the plaintext field value;
step 3042, inverse coding the encrypted code string to obtain an inverse coded Hash digest and a timestamp;
step 3043, generating a Hash digest to be verified by using a Hash digest algorithm used when encrypting the cached plaintext field value by the data submitter;
step 3044, compare the Hash digest of the anti-code with the Hash digest to be verified, if they are consistent, go to step 305, if they are not consistent, determine that the verification fails to be abnormal, and terminate the decryption.
According to a fourth aspect of the embodiments of the present invention, there is provided a device for decrypting blockchain account data, where the device is used by a data receiving side to decrypt account data obtained on a blockchain, and the device includes:
the second identification module is used for identifying whether the ledger data contains sensitive fields;
the third identification module is used for identifying whether the field value of the sensitive field is an encrypted coding string if the account book data contains the sensitive field;
the retrieval module is used for retrieving and finding a corresponding encryption key value pair in a specified privacy area through an intelligent contract if the field value of the sensitive field is an encryption coding string, and acquiring a plaintext field value of the sensitive field corresponding to the encryption coding string, wherein the encryption key value pair takes the encryption coding string as a key and the plaintext field value as a value;
and the decryption module is used for replacing the encrypted coding string with the plaintext field value to obtain the ledger data decrypted by the sensitive field.
Compared with the prior art, the method can automatically identify the sensitive data and automatically encrypt and decrypt the sensitive data without additional operation assistance. The member who has the reading right to the sensitive data can realize the use experience of the non-inductive encryption process; for the members without authority, the acquired account book data uniformly encrypts the sensitive information, and the ciphertext can not reversely deduce the original sensitive information. The invention gets rid of the dependence on the encryption of the secret key on the premise of not reducing the encryption security, greatly simplifies the logic complexity of the intelligent contract and ensures that the user experience is smoother; the abstract of the sensitive data is stored to a block chain account book as a ciphertext and is supervised by all members of all alliances together, so that the possibility of tampering the sensitive data is eliminated, and the safety of the block chain sensitive data is greatly improved.
Drawings
FIG. 1 is a flow chart of a method for encrypting blockchain account data according to the present invention;
fig. 2 is a block diagram of an encryption apparatus for block chain account data according to the present invention;
FIG. 3 is a flowchart of a method for decrypting blockchain account data according to the present invention;
FIG. 4 is a block diagram of a block chain account data decryption apparatus according to the present invention;
FIG. 5 is a block diagram of a retrieving module in the apparatus for decrypting blockchain account data according to the present invention;
fig. 6 is a block diagram of a structure of a check module in the apparatus for decrypting blockchain account data according to the present invention.
In the figure, 201-a first identification module, 202-a Hash digest module, 203-an encoding module, 204-an isolation module, 205-an encryption module, 401-a second identification module, 402-a third identification module, 403-a retrieval module, 404-a verification module, 405-a decryption module, 4031-authority judgment sub-module, 4032-a retrieval sub-module, 4041-a cache sub-module, 4042-a reverse encoding sub-module, 4043-a Hash digest sub-module and 4044-a verification sub-module.
Detailed Description
The present invention will be described in detail below with reference to specific embodiments shown in the drawings. These embodiments are not intended to limit the present invention, and structural, methodological, or functional changes made by those skilled in the art according to these embodiments are included in the scope of the present invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
As shown in fig. 1, an encryption method for block chain account data is used for a data submitter to submit account data of a block chain, and includes the following steps:
The method for identifying whether the ledger data contains the sensitive field is to identify whether the field name of the field to be identified contains an identifier before and after the field name of the field to be identified, wherein the identifier is used for identifying the field as the sensitive field.
The identifier is a preset character, and may be a character set according to a certain rule, such as: special symbol substitutions such as "+", "#", "%" etc.; may be a random number; may be some function with a numerical value correspondence, etc.
For example, the following ledger data:
{"id":"123","age":"20","sex":"man","*account":"13093402989348655232"}。
in embodiment 1, the field account is modified with an identifier "+", so that when the blockchain submits the account data to the chain, the field value of account needs to be encrypted, and other fields do not need to be specially processed.
The contract for the sensitive identifier is utilized to realize the automatic identification of the sensitive data by the intelligent contract, so that the sensitive data is encrypted only and the requirements of a service scene are met. Therefore, the additional communication protocol is not needed to be added to indicate which fields in the account book are sensitive data, which is the conventional common method, so that unnecessary workload is avoided.
And 102, if the account book data contains sensitive fields, generating a Hash abstract of a ciphertext according to plaintext field values of the sensitive fields. If the account book data does not contain the sensitive field, the processing of the account book data is terminated, and the uplink is directly submitted.
Here, the algorithm used to generate the Hash digest of the ciphertext may be MD5, SHA1, SHA512, or the like. The mature and general Hash digest algorithms are all irreversible and reliable algorithms, and are not limited to the three mainstream algorithms.
Although the traditional implementation of the Hash abstract only serves as a tool for data checking, the Hash abstract is irreversible, the contact ratio is low, and the Hash abstract has strong identity verification significance on original data, so that the Hash abstract is simply transformed, the Hash data packet is endowed with the function of key indexing after the Hash collision problem is solved, and the function of sensitive field ciphertext is also endowed. The multiplexing mechanism according with the Hash abstract characteristics simplifies the process variables and ensures that the intelligent contract processing logic is rigorous and reliable.
The sensitive field account in example 1 is processed by the hash digest algorithm with SHA1 algorithm as an example as follows:
md5 = hashlib.sha1()
md5.update(bytes(‘13093402989348655232', encoding='utf-8'))
data = md5.hexdigest()
here, the data, that is, the digest obtained after the data, that is, the sensitive field account, is subjected to the hash digest algorithm processing, and the numerical values are: 0DCD85B96E3A9F644CB3F086738FFCEB4C3E 872E.
And 103, acquiring the unique identifier of the specified privacy area through the intelligent contract, and packaging the Hash abstract and the unique identifier of the specified privacy area to generate an encryption coding string.
The designated privacy area is an isolated storage area designated by the blockchain system and used for storing encrypted account book data, can be a privacy data isolation area of a data provider or a data receiver, and can also be a temporary data area newly built in a blockchain public area. Because the identification id of the privacy zone can cause the failure of the establishment of the privacy zone if repeated, the unique identification of the privacy zone has non-repeatability, and the json object character string after abstract packaging cannot be collided at present.
The Hash abstract has collision probability, but the collision problem can be solved by combining the unique identification of the privacy area. The invention abandons the traditional complex algorithm of encrypting the abstract again by the encryption factor, but carries out encryption coding by algorithms such as Base64 and the like in a way of splicing character strings in the trail, and can also realize the generation of the unique character string in the scene. The simple and reliable data packing mode enables the work during decryption to be fast and efficient.
Of course, the encryption of the Hash digest and the unique identification packed data of the designated privacy zone can be performed by adopting other algorithms such as Base62 instead of the Base64 algorithm, and the selection of the specific operation environment of the system is visible.
In embodiment 1, the intelligent contract obtains the unique identifier of the specified privacy zone of the system, if the value is: zoneId = 63370738175000000. Packing the Hash abstract and a unique identification zoneId of a specified privacy area into a json object:
["0DCD85B96E3A9F644CB3F086738FFCEB4C3E872E","63370738175000000"]。
the json object generated in the embodiment 1 is encrypted and encoded by the Base64 algorithm, and the encrypted and encoded string is as follows:
WyIwRENEODVCOTZFM0E5RjY0NENCM0YwODY3MzhGRkNFQjRDM0U4NzJFIiwiMTU4Njk0NTgwNCJd。
the encryption coding string has uniqueness in the application range and can be used as a key of a block chain K-V storage mode.
And step 104, generating an encryption key value pair by taking the encryption coding string as a key and the plaintext field value as a value, and storing the encryption key value pair in a designated privacy area.
Different blockchain platforms may have different mechanisms for implementing data isolation regions, such as channel isolation, privacy data regions, etc. Taking the privacy data area of the hyper book (fabric hyper-bridge) as an example, a block chain alliance party can create a privacy area belonging to the block chain alliance party in an alliance channel, the privacy area can dynamically authorize other alliance parties in an alliance chain, and authorized alliance party members can also read data in the privacy block.
Here, sensitive data is stored in a K-V mode in isolation, where an encrypted encoding string is a Key (Key) and a plaintext field value is a value (V), in embodiment 1:
Key =
WyIwRENEODVCOTZFM0E5RjY0NENCM0YwODY3MzhGRkNFQjRDM0U4NzJFIiwiMTU4Njk0NTgwNCJd。
V = 13093402989348655232。
and 105, replacing a plaintext field value with the encrypted coding string to serve as a sensitive field for encryption, and submitting the uplink of the account book data.
Because the plaintext field value of the sensitive field is stored by adopting a block chain isolation mechanism, the account book is updated by replacing the sensitive data value with the encrypted coding string, namely, the sensitive data of the account book is encrypted, and meanwhile, the account book keeps the unique index of the plaintext address of the sensitive data, so that the integrity of the data relationship of the account book is guaranteed. The encrypted ledger data obtained in example 1 is as follows:
{"id":"123","age":"20","sex":"man","*account":" WyIwRENEODVCOTZFM0E5RjY0NENCM0YwODY3MzhGRkNFQjRDM0U4NzJFIiwiMTU4Njk0NTgwNCJd "}。
after the account book is submitted, the Hash abstract of the sensitive data is seen for other union party members, and the sensitive data not only realizes encryption, but also ensures the data not to be tampered. Since the data submitter is not necessarily the data owner, the Hash digest will be used as a check for the sensitive data in the decryption process, and tampering with the sensitive data value by the sensitive data owner is avoided.
In summary, the present invention does not use any symmetric key or asymmetric key, but uses a key-off manner to implement sensitive data encryption, thereby implementing protection of sensitive data, and the encryption strength of sensitive data is equivalent to that of the traditional asymmetric encryption manner. The symmetric or asymmetric encryption mode also has the problem that a private key needs to be stored safely, and a technical means of block chain isolation storage is also needed. Under the same data security condition, sensitive data encryption is realized without depending on a key pair, a series of problems of dynamic generation of the key pair, key production strategy, key adding and solving matching and the like are avoided, and the execution force of the intelligent contract is greatly optimized.
Based on the above encryption method, as shown in fig. 2, the present invention further provides an encryption apparatus for sensitive data of a block chain ledger, which is used for the ledger data of a block chain to be submitted by a data submitting party, and includes:
the first identification module 201 is used for identifying whether sensitive fields are contained in the ledger data;
the Hash digest module 202 is configured to, if the ledger data contains a sensitive field, generate a Hash digest of the ciphertext according to a plaintext field value of the sensitive field;
the encoding module 203 is used for acquiring the unique identifier of the appointed privacy area through the intelligent contract, and packaging the Hash abstract and the unique identifier of the appointed privacy area to generate an encrypted encoding string;
the isolation module 204 is configured to generate a key value pair with the encrypted encoding string as a key and the plaintext field value as a value, and store the key value pair in a designated privacy area;
the encryption module 205 is configured to encrypt the sensitive field by replacing the plaintext field value with the encrypted encoding string, and submit the uplink of the ledger data.
In the first identification module 201, the method for identifying whether the ledger data contains the sensitive field is to identify whether the field name of the field to be identified contains an identifier before or after the field name of the field to be identified, where the identifier is used to identify the field as the sensitive field; if the account book data does not contain the sensitive field, the processing of the account book data is terminated, and the uplink is directly submitted. In the Hash digest module 202, the algorithm used for generating the Hash digest of the ciphertext according to the sensitive field of the plaintext is MD5, SHA1, SHA512, or the like. In the encoding module 203, the algorithm adopted for generating the encrypted encoding string by packaging the Hash digest and the unique identifier of the designated privacy zone is Base64 or Base62 and the like.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The invention also discloses a corresponding decryption method corresponding to the encryption method of the block chain account book data.
As shown in fig. 3, a method for decrypting blockchain account data, which is used by a data receiving party to decrypt account data obtained on a blockchain, includes the following steps:
The method for identifying whether the ledger data contains the sensitive field is to identify whether the field name of the field to be identified contains an identifier before and after the field name of the field to be identified, wherein the identifier is used for identifying the field as the sensitive field.
The method and the system identify the decryption appeal through the identification of the account book data, do not depend on other additional protocol descriptions, and reduce the coupling degree of the intelligent contract decryption module and other functional modules.
In the encrypted ledger data obtained in example 1, the field account is previously modified with an identifier "x" to be a sensitive field.
In the encrypted ledger data obtained in embodiment 1, an encrypted character string is obtained by parsing and identifying:
WyIwRENEODVCOTZFM0E5RjY0NENCM0YwODY3MzhGRkNFQjRDM0U4NzJFIiwiMTU4Njk0NTgwNCJd。
And 305, replacing the encrypted coding string with the plaintext field value to obtain the ledger data decrypted by the sensitive field. And finally, removing all identifiers before and after the field name of the sensitive field when the account book data decrypted by the sensitive field is obtained.
In embodiment 1, the account book data after decryption and replacement is as follows:
{"id":"123","age":"20","sex":"man","account":"13093402989348655232"}。
specifically, the step 303 may include the following steps:
step 3031, judging whether the data receiver has the access authority of the appointed privacy area, if not, terminating the decryption;
3032, retrieving and finding out a corresponding encryption key value pair in the designated privacy area through the intelligent contract, and acquiring a plaintext field value of a sensitive field corresponding to the encryption code string, wherein the encryption key value pair takes the encryption code string as a key and the plaintext field value as a value.
Before retrieval, whether a data receiver has the access authority of a designated privacy area is checked, and the retrieval of the encryption key value pair can be carried out only if the data receiver has the corresponding authority. The access rights of the designated privacy zone may also be ranked, specifically set according to actual needs.
In order to ensure accuracy, the steps 303 and 305 may further include:
Specifically, the step 304 may include the following steps:
step 3041, caching the plaintext field value;
step 3042, de-encoding the encrypted encoded string to obtain a de-encoded Hash digest and a unique identifier of the designated privacy zone;
step 3043, generating a Hash digest to be verified by using a Hash digest algorithm used when encrypting the cached plaintext field value by the data submitter;
step 3044, compare the Hash digest of the anti-code with the Hash digest to be verified, if they are consistent, go to step 305, if they are not consistent, determine that the verification fails to be abnormal, and terminate the decryption.
Because of the nature of sensitive data, it was decided to be managed directly by a few federation parties. After the authorized party obtains the sensitive data plaintext, the intelligent contract verifies whether the sensitive data plaintext is tampered by using the Hash abstract supervised by each party on the block chain ledger. If there are any changes to the sensitive data values, the smart contract returns an exception and leaves a warranty on the blockchain.
Based on the above decryption method, as shown in fig. 4, the present invention further provides a decryption apparatus for block chain account data, where the decryption apparatus is used by a data receiving side to decrypt the account data obtained on a block chain, and the decryption apparatus includes:
a second identification module 401, configured to identify whether the ledger data contains a sensitive field;
a third identifying module 402, configured to identify whether a field value of the sensitive field is an encrypted encoding string if the ledger data contains the sensitive field;
a retrieving module 403, configured to, if the field value of the sensitive field is an encrypted encoding string, retrieve and find a corresponding encrypted key value pair in the specified privacy area through an intelligent contract, to obtain a plaintext field value of the sensitive field corresponding to the encrypted encoding string, where the encrypted encoding string is used as a key in the encrypted key value pair, and the plaintext field value is used as a value;
and a decryption module 405, configured to replace the encrypted encoding string with a plaintext field value, to obtain the ledger data decrypted by the sensitive field.
In the second identification module 401, the method for identifying whether the ledger data contains the sensitive field is to determine whether the field name of the field to be identified contains an identifier before or after the field name of the field to be identified, where the identifier is used to identify the field as the sensitive field; in the decryption module 405, the identifier is removed when finally obtaining the ledger data decrypted by the sensitive field.
As shown in fig. 5, the retrieving module 403 includes:
the authority judgment sub-module 4031 is used for judging whether the data receiver has the access authority of the designated privacy area, and if not, the decryption is terminated;
the retrieval submodule 4032 is configured to retrieve and find a corresponding encryption key value pair in the specified privacy area through an intelligent contract, and acquire a plaintext field value of a sensitive field corresponding to the encryption code string, where the encryption key value pair takes the encryption code string as a key and the plaintext field value as a value.
In addition, the retrieving module 403 and the decrypting module 405 may further include:
and a checking module 404, configured to check a plaintext field value.
Specifically, as shown in fig. 6, the verifying module 404 may include:
the cache submodule 4041 is used for caching after acquiring the field value of the plaintext;
the anti-coding submodule 4042 is used for anti-coding the encrypted coding character string to obtain an anti-coded Hash abstract and a unique identifier of a designated privacy area;
the Hash digest submodule 4043 is configured to generate a Hash digest to be verified by using a Hash digest algorithm used when the data submitter encrypts the cached plaintext field value;
the verification submodule 4044 is configured to compare the anti-coded Hash digest with the Hash digest to be verified, if the comparison result is consistent, the step 305 is performed, and if the comparison result is inconsistent, it is determined that the verification fails to be abnormal, and the decryption is terminated.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
Claims (10)
1. A method for encrypting block chain account book data is characterized in that the method is used for the account book data of a block chain to be submitted by a data submitting party and comprises the following steps:
step 101, identifying whether sensitive fields are contained in the account book data;
step 102, if the account book data contains sensitive fields, generating a Hash abstract according to plaintext field values of the sensitive fields;
103, acquiring a unique identifier of a specified privacy area through an intelligent contract, and packaging the Hash abstract and the unique identifier of the specified privacy area to generate an encryption coding string;
104, generating a key value pair by taking the encrypted coding string as a key and the plaintext field value as a value, and storing the key value pair in a designated privacy area;
and 105, replacing a plaintext field value with the encrypted coding string to serve as a sensitive field for encryption, and submitting the uplink of the account book data.
2. The method of claim 1, wherein in step 101, the method for identifying whether the ledger data contains the sensitive field is whether the field name of the field to be identified contains an identifier before or after the field name, and the identifier is used for identifying the field as the sensitive field.
3. The method of claim 1 wherein in step 101, if the ledger data does not contain sensitive fields, the processing of the ledger data is terminated and the uplink is directly submitted.
4. The method according to any one of claims 1 to 3, wherein in the step 102, the algorithm for generating the Hash digest according to the sensitive field of the plaintext is MD5, SHA1 or SHA 512; in step 103, the algorithm used for generating the encrypted encoding string by packaging the Hash digest and the unique identifier of the designated privacy zone is Base64 or Base 62.
5. An encryption device for block chain account book data is characterized in that the encryption device is used for account book data of a block chain to be submitted by a data submitting party and comprises the following components:
the first identification module is used for identifying whether sensitive fields are contained in the ledger data;
the Hash abstract module is used for generating a Hash abstract according to the plaintext field value of the sensitive field if the account book data contains the sensitive field;
the encoding module is used for acquiring the unique identifier of the specified privacy area through the intelligent contract, and packaging the Hash abstract and the unique identifier of the specified privacy area to generate an encrypted encoding string;
the isolation module is used for generating a key value pair by taking the encrypted coding string as a key and the plaintext field value as a value, and storing the key value pair in a designated privacy area;
and the encryption module is used for encrypting the sensitive field by using the encryption coding string to replace a plaintext field value and submitting the uplink of the account book data.
6. A method for decrypting blockchain account data, which is used by a data receiving party to decrypt account data obtained on a blockchain, wherein the account data is encrypted based on the encryption method of blockchain account data of any one of claims 1 to 4, and the method is characterized by comprising the following steps:
step 301, identifying whether the ledger data contains sensitive fields;
step 302, if the account book data contains sensitive fields, identifying whether the field values of the sensitive fields are encrypted code strings;
step 303, if the field value of the sensitive field is an encrypted encoding string, retrieving and finding a corresponding key value pair in a specified privacy area through an intelligent contract, and acquiring a plaintext field value of the sensitive field corresponding to the encrypted encoding string, wherein the encrypted encoding string is used as a key in the key value pair, and the plaintext field value is used as a value;
and 305, replacing the encrypted coding string with the plaintext field value to obtain the ledger data decrypted by the sensitive field.
7. The method according to claim 6, wherein in step 301, the method for identifying whether the ledger data contains the sensitive field is whether the field name of the field to be identified contains an identifier before or after the field name, and the identifier is used for identifying the field as the sensitive field; said step 305 removes the identifier when finally obtaining ledger data decrypted by the sensitive field.
8. The method of claim 6, wherein the step 303 comprises the steps of:
step 3031, judging whether the data receiver has the access authority of the appointed privacy area, if not, terminating the decryption;
3032, retrieving and finding out a corresponding key value pair in the designated privacy area through the intelligent contract, and acquiring a plaintext field value of a sensitive field corresponding to the encrypted coding string, wherein the encrypted coding string is taken as a key in the key value pair, and the plaintext field value is taken as a value.
9. The method according to any one of claims 6 to 8, further comprising, between step 303 and step 305:
step 304, checking the field value of the plaintext; the step 304 includes the steps of:
step 3041, caching the plaintext field value;
step 3042, de-encoding the encrypted encoded string to obtain a de-encoded Hash digest and a unique identifier of the designated privacy zone;
step 3043, generating a Hash digest to be verified by using a Hash digest algorithm used when encrypting the cached plaintext field value by the data submitter;
step 3044, compare the Hash digest of the anti-code with the Hash digest to be verified, if they are consistent, go to step 305, if they are not consistent, determine that the verification fails to be abnormal, and terminate the decryption.
10. A device for decrypting blockchain account data, which is used by a data receiving party to decrypt account data obtained on a blockchain, wherein the account data is encrypted based on the encryption method of blockchain account data according to any one of claims 1 to 4, and the device is characterized by comprising:
the second identification module is used for identifying whether the ledger data contains sensitive fields;
the third identification module is used for identifying whether the field value of the sensitive field is an encrypted coding string or not if the account book data contains the sensitive field;
the retrieval module is used for retrieving and finding a corresponding key value pair in a specified privacy area through an intelligent contract if the field value of the sensitive field is an encrypted coding string, and acquiring a plaintext field value of the sensitive field corresponding to the encrypted coding string, wherein the key value pair takes the encrypted coding string as a key and the plaintext field value as a value;
and the decryption module is used for replacing the encrypted coding string with the plaintext field value to obtain the ledger data decrypted by the sensitive field.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010405906.7A CN111475828B (en) | 2020-05-14 | 2020-05-14 | Encryption method and device, decryption method and device of block chain account book data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010405906.7A CN111475828B (en) | 2020-05-14 | 2020-05-14 | Encryption method and device, decryption method and device of block chain account book data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111475828A CN111475828A (en) | 2020-07-31 |
| CN111475828B true CN111475828B (en) | 2022-05-13 |
Family
ID=71759880
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010405906.7A Active CN111475828B (en) | 2020-05-14 | 2020-05-14 | Encryption method and device, decryption method and device of block chain account book data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111475828B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112016113B (en) * | 2020-09-28 | 2024-04-16 | 同盾控股有限公司 | Data encryption and decryption method, device and system |
| CN112487446A (en) * | 2020-11-26 | 2021-03-12 | 南京纯白矩阵科技有限公司 | Hot plug method for block chain encryption algorithm |
| CN113408259A (en) * | 2021-06-09 | 2021-09-17 | 微易签(杭州)科技有限公司 | Method, system, device and storage medium for filling in files based on block chain |
| CN113610642A (en) * | 2021-08-05 | 2021-11-05 | 北京百度网讯科技有限公司 | Data processing method and device based on block chain and electronic equipment |
| IT202100031529A1 (en) * | 2021-12-16 | 2023-06-16 | X Consulting S R L | METHOD OF MANAGEMENT OF A CUSTOMER DATABASE OF A PLATFORM FOR THE PROVISION OF SERVICES AND RELATED PLATFORM |
| CN115099817B (en) * | 2022-06-17 | 2023-03-24 | 北京中科深智科技有限公司 | Efficient block chain transaction verification and query method and system |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104281794A (en) * | 2014-09-23 | 2015-01-14 | 北京奇艺世纪科技有限公司 | Password storing and verifying method and password storing and verifying device |
| CN104468113A (en) * | 2013-09-16 | 2015-03-25 | 安讯士有限公司 | Distribution of user credentials |
| CN107592298A (en) * | 2017-08-11 | 2018-01-16 | 中国科学院大学 | A kind of sequence comparison algorithm based on single server model safely outsourced method, user terminal and server |
| CN108768990A (en) * | 2018-05-18 | 2018-11-06 | 浙江工商大学 | It is a kind of that encryption method can search for based on block chain |
| CN109040341A (en) * | 2018-08-27 | 2018-12-18 | 深圳前海益链网络科技有限公司 | Intelligent contract address generating method, device, computer equipment and readable storage medium storing program for executing |
| CN109741803A (en) * | 2019-01-14 | 2019-05-10 | 南京大学 | Medical data security cooperation system based on block chain |
| CN109766342A (en) * | 2018-12-28 | 2019-05-17 | 国云科技股份有限公司 | A kind of data storage and querying method based on block chain |
| CN109858904A (en) * | 2017-11-30 | 2019-06-07 | 国付宝信息科技有限公司 | Data processing method and device based on block chain |
| CN109949035A (en) * | 2019-03-15 | 2019-06-28 | 智链万源(北京)数字科技有限公司 | Block chain data-privacy control method, apparatus and system |
| CN110008733A (en) * | 2019-01-31 | 2019-07-12 | 阿里巴巴集团控股有限公司 | The method and device that the transaction of a kind of pair of write-in block chain is hidden |
| CN110020554A (en) * | 2019-04-19 | 2019-07-16 | 腾讯科技(深圳)有限公司 | Information processing method, device and computer readable storage medium based on block chain |
| CN110059495A (en) * | 2018-12-14 | 2019-07-26 | 阿里巴巴集团控股有限公司 | Data sharing method, apparatus and system, electronic equipment |
| CN110287724A (en) * | 2019-05-23 | 2019-09-27 | 顺丰科技有限公司 | Data storage and verification method and device |
| CN110310176A (en) * | 2019-06-26 | 2019-10-08 | 上海迪维欧电子设备有限公司 | A kind of data ciphering method and device based on block chain network |
| CN111079198A (en) * | 2020-03-10 | 2020-04-28 | 广州电力交易中心有限责任公司 | Data publishing method and system based on electric power transaction |
| WO2020083822A1 (en) * | 2018-10-25 | 2020-04-30 | Sony Corporation | Privacy-preserving mobility as a service supported by blockchain |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101593196B (en) * | 2008-05-30 | 2013-09-25 | 日电(中国)有限公司 | Method, device and system for rapidly searching ciphertext |
| EP3633915B1 (en) * | 2018-10-01 | 2023-05-10 | Schneider Electric Industries SAS | Secure storage of data in a blockchain |
-
2020
- 2020-05-14 CN CN202010405906.7A patent/CN111475828B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468113A (en) * | 2013-09-16 | 2015-03-25 | 安讯士有限公司 | Distribution of user credentials |
| CN104281794A (en) * | 2014-09-23 | 2015-01-14 | 北京奇艺世纪科技有限公司 | Password storing and verifying method and password storing and verifying device |
| CN107592298A (en) * | 2017-08-11 | 2018-01-16 | 中国科学院大学 | A kind of sequence comparison algorithm based on single server model safely outsourced method, user terminal and server |
| CN109858904A (en) * | 2017-11-30 | 2019-06-07 | 国付宝信息科技有限公司 | Data processing method and device based on block chain |
| CN108768990A (en) * | 2018-05-18 | 2018-11-06 | 浙江工商大学 | It is a kind of that encryption method can search for based on block chain |
| CN109040341A (en) * | 2018-08-27 | 2018-12-18 | 深圳前海益链网络科技有限公司 | Intelligent contract address generating method, device, computer equipment and readable storage medium storing program for executing |
| WO2020083822A1 (en) * | 2018-10-25 | 2020-04-30 | Sony Corporation | Privacy-preserving mobility as a service supported by blockchain |
| CN110059495A (en) * | 2018-12-14 | 2019-07-26 | 阿里巴巴集团控股有限公司 | Data sharing method, apparatus and system, electronic equipment |
| CN109766342A (en) * | 2018-12-28 | 2019-05-17 | 国云科技股份有限公司 | A kind of data storage and querying method based on block chain |
| CN109741803A (en) * | 2019-01-14 | 2019-05-10 | 南京大学 | Medical data security cooperation system based on block chain |
| CN110008733A (en) * | 2019-01-31 | 2019-07-12 | 阿里巴巴集团控股有限公司 | The method and device that the transaction of a kind of pair of write-in block chain is hidden |
| CN109949035A (en) * | 2019-03-15 | 2019-06-28 | 智链万源(北京)数字科技有限公司 | Block chain data-privacy control method, apparatus and system |
| CN110020554A (en) * | 2019-04-19 | 2019-07-16 | 腾讯科技(深圳)有限公司 | Information processing method, device and computer readable storage medium based on block chain |
| CN110287724A (en) * | 2019-05-23 | 2019-09-27 | 顺丰科技有限公司 | Data storage and verification method and device |
| CN110310176A (en) * | 2019-06-26 | 2019-10-08 | 上海迪维欧电子设备有限公司 | A kind of data ciphering method and device based on block chain network |
| CN111079198A (en) * | 2020-03-10 | 2020-04-28 | 广州电力交易中心有限责任公司 | Data publishing method and system based on electric power transaction |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111475828A (en) | 2020-07-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111475828B (en) | Encryption method and device, decryption method and device of block chain account book data | |
| US10305875B1 (en) | Hybrid blockchain | |
| CN111130757B (en) | Multi-cloud CP-ABE access control method based on block chain | |
| US10296248B2 (en) | Turn-control rewritable blockchain | |
| US20080263645A1 (en) | Privacy identifier remediation | |
| CN108615154B (en) | Block chain digital signature system based on hardware encryption protection and using process | |
| CN111274599A (en) | Data sharing method based on block chain and related device | |
| CN107508791A (en) | A kind of terminal identity verification method and system based on distributed key encryption | |
| CN111340483A (en) | Data management method based on block chain and related equipment | |
| CN106992978A (en) | Network safety managing method and server | |
| CA2981202A1 (en) | Hashed data retrieval method | |
| US20220020010A1 (en) | Decentralized electronic contract attestation platform | |
| CN112398818B (en) | Software activation method and related device thereof | |
| CN109672522A (en) | A kind of key querying method and cloud platform | |
| AU2021101878A4 (en) | Computerized design model for encryption in blockchain transaction systems | |
| CN114154179A (en) | Block chain key escrow method, system, terminal device and storage medium | |
| CA2586248C (en) | Privacy identifier remediation | |
| CN117078273A (en) | Article anti-counterfeiting information fidelity method and system based on trusted distributed storage technology | |
| CN117938546A (en) | Verification and data access method of electronic account | |
| CN115913666A (en) | Data processing method and device based on block chain | |
| CN115208630A (en) | Block chain based data acquisition method and system and block chain system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |