CN111507712B - User privacy data management method, system and terminal based on block chain - Google Patents
User privacy data management method, system and terminal based on block chain Download PDFInfo
- Publication number
- CN111507712B CN111507712B CN202010274722.1A CN202010274722A CN111507712B CN 111507712 B CN111507712 B CN 111507712B CN 202010274722 A CN202010274722 A CN 202010274722A CN 111507712 B CN111507712 B CN 111507712B
- Authority
- CN
- China
- Prior art keywords
- data
- user
- user privacy
- privacy data
- character string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000013523 data management Methods 0.000 title claims abstract description 24
- 238000012545 processing Methods 0.000 claims abstract description 22
- 230000005540 biological transmission Effects 0.000 claims description 12
- 239000000284 extract Substances 0.000 claims description 9
- 238000013500 data storage Methods 0.000 claims description 8
- 230000001174 ascending effect Effects 0.000 claims description 7
- 238000004806 packaging method and process Methods 0.000 claims description 5
- 238000013075 data extraction Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 17
- 238000005516 engineering process Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 230000009471 action Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000013524 data verification Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- KAICRBBQCRKMPO-UHFFFAOYSA-N phosphoric acid;pyridine-3,4-diamine Chemical compound OP(O)(O)=O.NC1=CC=NC=C1N KAICRBBQCRKMPO-UHFFFAOYSA-N 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000001343 mnemonic effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/389—Keeping log of transactions for guaranteeing non-repudiation of a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
Abstract
The application discloses a user privacy data management method, a system and a terminal based on a block chain, wherein the user privacy data is subjected to data processing to obtain a signature character string corresponding to the user privacy data and the user privacy data to be transmitted together; respectively encrypting the transmitted data at the user side and the server side and then storing the encrypted data in the block chain; when the private data of the user needs to be accessed, the server sends an access request to the user for authentication, and then the private data is decrypted according to the first secret key and the second secret key. The user privacy data is transmitted after being primarily processed, risks of disguising, tampering and replaying of data requests are prevented, and data of the server side and the user side are encrypted and stored and are in block chains respectively. When the data needs to be accessed, the data authority of ownership, use right and profit right of the user data is realized, and each operation of the user on the data of the user needs to be authorized, so that the safety of the user privacy data is improved.
Description
Technical Field
The application relates to the technical field of block chains, in particular to a block chain-based user privacy data management method, a block chain-based user privacy data management system and a block chain-based user privacy data management terminal.
Background
The blockchain, as an emerging distributed encryption technology, can also be used for encryption and non-tampering of user private data. For the safe storage of assets, the existing decentralized asset storage software mainly uses mnemonic words to generate a private key tree, so that the uniform storage and management of different block chain asset types are realized, and algorithms used behind all decentralized wallets in the market are all based on the technology.
For private data of a user, secret and non-tamper-able secure storage, the following two ways are generally available in the prior art. The first plaintext data is directly uplink, which is commonly found in conventional public applications or in DAPP (decentralized application) that relies on a conventional blockchain platform, such as ethernet (Ethereum), or DAPP over a wave field (TRON). Another method is to link the hash value of the data, that is, the block chain application only links the hash value of the transaction data and the transaction data itself is stored in a central database owned by a single organization but not linked, and most block chain storage applications adopt such a scheme, such as the block chain electronic storage system described in justice, paper expense, and the like.
For user privacy data, in the prior art, if plaintext data is used for direct uplink, although data can be guaranteed to be not falsified, the defect of the scheme is that transaction data is completely disclosed, no privacy protection is provided, and a serious problem of sensitive data leakage exists. In addition, if the hash value of the data is uplinked, the disadvantages are that the real data is not on the chain, the characteristic of block chain distributed storage is not utilized, the problem of loss, damage, single node failure and the like of the data under the chain exists, and the data under the chain cannot be found during the data verification, so that the system verification capability is invalid.
Disclosure of Invention
In order to solve the technical problems, the following technical scheme is provided:
in a first aspect, an embodiment of the present application provides a method for managing user privacy data based on a block chain, where the method includes: carrying out data processing on user privacy data to obtain a signature character string corresponding to the user privacy data, and transmitting the signature character string and the user privacy data together; encrypting and storing the transmitted data to a block chain through a first secret key and a second secret key corresponding to a user side and a server side respectively; when the visitor needs to access the user privacy data, the server sends an access request to the user for authentication, and then decrypts the privacy data according to the first secret key and the second secret key.
By adopting the implementation mode, the user privacy data is transmitted after being subjected to primary processing, the risks of data request camouflage prevention, request tampering and request replay are prevented, the data of the server side and the data of the user side are encrypted respectively, and the encrypted data are stored and block linked. When the data needs to be accessed, the data authority of ownership, use right and profit right of the user data is realized, and each operation of the user on the data of the user needs to be authorized, so that the safety of the user privacy data is improved.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the performing data processing on the user privacy data to obtain a signature character string corresponding to the user privacy data, and transmitting the signature character string and the user privacy data together includes: arranging parameter names corresponding to the user privacy data in an ascending order according to keys; adding timestamps to the arranged parameter names and parameter values to form character strings; the character string is spliced with a character string head and a character string tail and then signed to obtain a signature character string; and packaging the signature character string and the user privacy data and then transmitting the signature character string and the user privacy data.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the encrypting and storing the transmitted data onto the block chain by using a first key and a second key corresponding to the user side and the server side respectively includes: the user side uses the first secret key to encrypt the transmitted data for one time to generate first encrypted data; and the server uses a second key side to encrypt the first encrypted data for the second time to obtain second encrypted data, wherein the second encrypted data is the data stored at the side of the block chain.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, when a visitor needs to access the user privacy data, the sending, by the server, an access request to the user for authentication, and then decrypting the privacy data according to the first secret key and the second secret key includes: the server sends the received access request to a user to apply for obtaining data access right; if the user agrees to the visitor to access the user privacy data, the server extracts the second encryption data from the tile side; the server extracts the second encrypted data, decrypts the second encrypted data once through the second secret key to obtain the first encrypted data, and then sends the first encrypted data to the user; the user decrypts the received first encrypted data for the second time through the first secret key to obtain original user privacy data, and sends the original user privacy data to the server; the server sends the original user privacy data to the visitor.
A second convenience is that an embodiment of the present application provides a block chain-based user privacy data management system, where the system includes: the data transmission module is used for carrying out data processing on user privacy data to obtain a signature character string corresponding to the user privacy data and transmitting the signature character string and the user privacy data together; the data storage module is used for encrypting and storing the transmitted data to the block chain through a first secret key and a second secret key corresponding to the user side and the server side respectively; and the data management module is used for sending an access request to the user for right confirmation and verification when the visitor needs to access the user privacy data, and then decrypting the privacy data according to the first secret key and the second secret key.
With reference to the second plane, in a first possible implementation manner of the second aspect, the data transmission module includes: the first data processing unit is used for arranging parameter names corresponding to the user privacy data in an ascending order according to keys; the second data processing unit is used for adding timestamps to the arranged parameter names and parameter values to connect the parameter names and the parameter values into a character string; the signature unit is used for splicing the character string into a character string head and a character string tail and then signing to obtain a signature character string; and the data transmission unit is used for transmitting the signature character string and the user privacy data after packaging.
With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the first aspect, the data storage module includes: the first encryption unit is used for generating first encrypted data after the user side encrypts the transmitted data once by using the first secret key; and the second encryption unit is used for the server to perform secondary encryption on the first encrypted data by using a second key side to obtain second encrypted data, and the second encrypted data is data stored at the side of the block chain.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the data management module includes: the request receiving unit is used for sending the received access request to a user by the server to apply for obtaining the data access right; a data extraction unit configured to extract the second encrypted data from the tile side by the server if a user agrees to the visitor to access the user private data; the first decryption unit is used for decrypting the second encrypted data once through the second secret key after the server extracts the second encrypted data to obtain the first encrypted data, and then sending the first encrypted data to the user; the second decryption unit is used for the user to decrypt the received first encrypted data for the second time through the first secret key to obtain original user privacy data and send the original user privacy data to the server; and the data sending unit is used for sending the original user privacy data to the visitor by the server.
In a third aspect, an embodiment of the present application provides a terminal, including: a processor; a memory for storing processor executable instructions; the processor executes the method for managing user privacy data based on the blockchain according to the first aspect or any possible implementation manner of the first aspect, and transmits, stores and manages the user privacy data.
Drawings
Fig. 1 is a schematic flowchart of a block chain-based user privacy data management method according to an embodiment of the present application;
fig. 2 is a schematic diagram of a block chain-based user privacy data management system according to an embodiment of the present application;
fig. 3 is a schematic diagram of a terminal according to an embodiment of the present application.
Detailed Description
The present invention will be described with reference to the accompanying drawings and embodiments.
Fig. 1 is a schematic flowchart of a block chain-based user privacy data management method provided in an embodiment of the present application, and referring to fig. 1, the block chain-based user privacy data management method in the embodiment includes:
s101, carrying out data processing on user privacy data to obtain a signature character string corresponding to the user privacy data, and transmitting the signature character string and the user privacy data together.
Specifically, parameter names corresponding to the user privacy data are arranged in an ascending order according to keys, time stamps are added to the arranged parameter names and the parameter values to form a character string, the character string is spliced with a character string head and a character string tail and then signed to obtain a signature character string, and the signature character string and the user privacy data are packaged and transmitted.
For an illustrative example, TLS + data payload signature is used to prevent data request masquerading, request tampering and request replay, and the algorithm process is as follows: all request parameters except the signature are arranged in ascending order of key, and value does not need to be coded. Suppose that the timestamp of the current time is 12345678, where c is 3, b is 2, and a is 1, and after adding the timestamp, the sequence by key is: a is 1, b is 2, c is 3, and timing is 12345678. Connecting the parameter names and the parameter values into a character string to obtain a spliced character: a1b2c3_ timestamp12345678 connects the head and the tail of the assembled character string with claim token, then carries out the Signature of the key, and finally converts the Signature after the Signature of the key into capitalization. In this embodiment, the head and the tail of the string are the same string, for example, hello, and the concatenated string is hello a1b2c3_ timestamp12345678 hello. The private key used in the signature process is held by a user and is a single user side, and the private key is used as a data transmission signature. As shown in table 1, are parameters for processing user privacy data.
TABLE 1 processing parameters of user privacy data
| Parameter name | Type (B) | Must choose | Description of the invention |
| Payload | json | no | Interface request content parameters |
| Uid | sting | yes | User identity uid for identifying an unavailable caller |
| Token | string | yes | A user token for identifying the user session state |
| Sign | sting | yes | One-time signature calling to prevent request disguise, request tampering and request replay |
| timestamp | int | yes | Time stamp |
S102, the transmitted data are encrypted and stored in the block chain through the first secret key and the second secret key corresponding to the user side and the server side respectively.
And the user side encrypts the transmitted data once by using the first secret key to generate first encrypted data. And the server uses a second key side to encrypt the first encrypted data for the second time to obtain second encrypted data, wherein the second encrypted data is the data stored at the side of the block chain.
For the storage of user data, the whole amount of user private data is stored in an encryption mode and a block chain, the security integrity of the user private data is guaranteed, and the user private data cannot be tampered, meanwhile, a data encryption process is designed, a first secret key MasterKey at a user side, a second secret key DataKey of a server are designed, the secret key DataKey of the data encryption server is leaked, or the security secret key MasterKey of the user is leaked, so that the user private data cannot be leaked, and the security and the reliability of the data are guaranteed to the greatest extent.
In the whole data collection and storage process, the server side always stores the encrypted data of the user, and the real user data cannot be revealed even if the DataKey of the server side is revealed. Meanwhile, because the server side has a secondary encryption mechanism of the user data, under the condition that the MasterKey of the user is leaked, an attacker can not obtain the data of the user only by using the private key of the user.
S103, when the visitor needs to access the user privacy data, the server sends an access request to the user for authentication, and then decrypts the privacy data according to the first secret key and the second secret key.
The user data is safe to use, and the key point is that each use of the user encrypted data is performed after the user authorization is required, so that a data storage service party or a data using party cannot crack or dump plaintext data of the user, the user can enjoy real data use right, and meanwhile, each use record of the data is recorded by a block chain, so that the income generated by the data is finally owned by the user.
In the embodiment of the application, the server sends the received access request to the user to apply for obtaining the data access right, and after the user receives the access request sent by the server, the data verification is carried out on the use certificate number and the identity of the visitor so as to determine whether the visitor is allowed to extract and access the user privacy data. The server extracts the second encrypted data from the tile side if the user agrees to the visitor to access the user private data. And after the server extracts the second encrypted data, the second encrypted data is decrypted once through the second secret key DataKey to obtain the first encrypted data, and then the first encrypted data is sent to the user. And the user decrypts the received first encrypted data for the second time through the first secret key MasterKey to obtain original user privacy data, and sends the original user privacy data to the server, and the server sends the original user privacy data to the visitor.
It can be seen that, after receiving the request of the visitor, the server cannot directly respond to the request, and because the first secret key MasterKey held by the user, the server needs to use the second secret key DataKey to perform the first decryption under the condition that the user agrees. Meanwhile, the server side sends the digital certificate and the identity information of the user, so that the user can know the real data user information.
It can be known from the foregoing embodiments that, in the embodiments, a user privacy data management method based on a block chain is provided, where user privacy data is transmitted after being primarily processed, so as to prevent risks of masquerading prevention, request tampering, and request playback of data requests, and to implement respective encryption of data at a server and a client, and to store the encrypted data in the block chain. When the data needs to be accessed, the data authority of ownership, use right and profit right of the user data is realized, and each operation of the user on the data of the user needs to be authorized, so that the safety of the user privacy data is improved.
Corresponding to the method for managing user privacy data based on a block chain provided in the foregoing embodiment, the present application also provides an embodiment of a system for managing user privacy data based on a block chain, where the system 20 for managing user privacy data based on a block chain includes: a data transmission module 201, a data storage module 202 and a data management module 203.
The data transmission module 201 is configured to perform data processing on user privacy data to obtain a signature character string corresponding to the user privacy data, and transmit the signature character string and the user privacy data together.
Further, the data transmission module 201 includes: the device comprises a first data processing unit, a second data processing unit, a signature unit and a data transmission unit.
And the first data processing unit is used for arranging the parameter names corresponding to the user privacy data in an ascending order according to keys. And the second data processing unit is used for adding timestamps to the arranged parameter names and parameter values to connect the parameter names and the parameter values into a character string. And the signature unit is used for splicing the character string into a character string head and a character string tail and then signing to obtain a signature character string. And the data transmission unit is used for transmitting the signature character string and the user privacy data after packaging.
The data storage module 202 is configured to encrypt and store the transmitted data onto the block chain by using a first key and a second key corresponding to the user side and the server side, respectively.
Further, the data storage module 202 includes: a first encryption unit and a second encryption unit.
And the first encryption unit is used for generating first encrypted data after the user side encrypts the transmitted data once by using the first secret key. The second encryption unit is configured to perform secondary encryption on the first encrypted data by using a second key side by the server to obtain second encrypted data, where the second encrypted data is data stored on the side of the block chain.
And the data management module 203 is configured to, when the visitor needs to access the user privacy data, send an access request to the user for authentication, and then decrypt the privacy data according to the first secret key and the second secret key.
Further, the data management module 203 includes: the device comprises a request receiving unit, a data extracting unit, a first decrypting unit, a second decrypting unit and a data sending unit.
And the request receiving unit is used for sending the received access request to the user by the server to apply for obtaining the data access right. The data extraction unit is used for extracting the second encrypted data from the block side by the server if the user agrees to the visitor to access the user privacy data. The first decryption unit is configured to, after the server extracts the second encrypted data, perform primary decryption on the second encrypted data through the second key to obtain the first encrypted data, and then send the first encrypted data to the user. The second decryption unit is configured to decrypt, by the user, the received first encrypted data for the second time by using the first secret key to obtain original user privacy data, and send the original user privacy data to the server. And the data sending unit is used for sending the original user privacy data to the visitor by the server.
An embodiment of the present application further provides a terminal, and referring to fig. 3, the terminal 30 includes a processor 301, a memory 302, and a communication interface 303.
In fig. 3, the processor 301, the memory 302, and the communication interface 303 may be connected to each other by a bus; the bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 3, but this does not mean only one bus or one type of bus.
The processor 301 generally controls the overall functions of the terminal 30, for example, the terminal 30 is started, and after the terminal is started, the user privacy data is subjected to data processing to obtain a signature character string corresponding to the user privacy data, and the signature character string and the user privacy data are transmitted together; encrypting and storing the transmitted data to a block chain through a first secret key and a second secret key corresponding to a user side and a server side respectively; when the visitor needs to access the user privacy data, the server sends an access request to the user for authentication, and then decrypts the privacy data according to the first secret key and the second secret key.
The processor 301 may be a general-purpose processor such as a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP. The processor may also be a Microprocessor (MCU). The processor may also include a hardware chip. The hardware chips may be Application Specific Integrated Circuits (ASICs), Programmable Logic Devices (PLDs), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a Field Programmable Gate Array (FPGA), or the like.
The memory 302 is configured to store computer-executable instructions to support the operation of the terminal 30 data. The memory 301 may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
After the terminal 30 is started, the processor 301 and the memory 302 are powered on, and the processor 301 reads and executes the computer executable instructions stored in the memory 302 to complete all or part of the steps in the above-mentioned embodiment of the block chain based user privacy data management method.
The communication interface 303 is used for the terminal 30 to transmit data, for example, to realize communication with a client and a server. The communication interface 303 includes a wired communication interface, and may also include a wireless communication interface. The wired communication interface comprises a USB interface, a Micro USB interface and an Ethernet interface. The wireless communication interface may be a WLAN interface, a cellular network communication interface, a combination thereof, or the like.
In an exemplary embodiment, the terminal 30 provided by the embodiments of the present application further includes a power supply component that provides power to the various components of the terminal 30. The power components may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the terminal 30.
A communications component configured to facilitate communications between the terminal 30 and other devices in a wired or wireless manner. The terminal 30 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. The communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. The communication component also includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the terminal 30 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), or other electronic components.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Of course, the above description is not limited to the above examples, and technical features that are not described in this application may be implemented by or using the prior art, and are not described herein again; the above embodiments and drawings are only for illustrating the technical solutions of the present application and not for limiting the present application, and the present application is only described in detail with reference to the preferred embodiments instead, it should be understood by those skilled in the art that changes, modifications, additions or substitutions within the spirit and scope of the present application may be made by those skilled in the art without departing from the spirit of the present application, and the scope of the claims of the present application should also be covered.
Claims (5)
1. A block chain-based user privacy data management method is characterized by comprising the following steps:
the method comprises the following steps of carrying out data processing on user privacy data to obtain a signature character string corresponding to the user privacy data, and transmitting the signature character string and the user privacy data together, wherein the method comprises the following steps:
arranging parameter names corresponding to the user privacy data in an ascending order according to keys;
adding timestamps to the arranged parameter names and parameter values to form character strings;
the character string is spliced with a character string head and a character string tail and then signed to obtain a signature character string;
packaging the signature character string and the user privacy data and then transmitting the signature character string and the user privacy data;
a user encrypts transmitted data once through a first secret key at a user side to generate first encrypted data, a server encrypts the first encrypted data twice through a second secret key at a server side to obtain second encrypted data, and the second encrypted data is stored in a block chain;
when the visitor needs to access the user privacy data, the server sends an access request to the user for authentication, and then decrypts the privacy data according to the first secret key and the second secret key.
2. The method for managing user privacy data based on a block chain according to claim 1, wherein when a visitor needs to access the user privacy data, the server sends an access request to the user for authentication, and then decrypts the privacy data according to the first secret key and the second secret key, including:
the server sends the received access request to a user to apply for obtaining data access right;
if the user agrees to the visitor to access the user privacy data, the server extracts the second encryption data from the blockchain side;
the server extracts the second encrypted data, decrypts the second encrypted data once through the second secret key to obtain the first encrypted data, and then sends the first encrypted data to the user;
the user decrypts the received first encrypted data for the second time through the first secret key to obtain original user privacy data, and sends the original user privacy data to the server;
the server sends the original user privacy data to the visitor.
3. A blockchain-based user privacy data management system, the system comprising:
the data transmission module is used for carrying out data processing on user privacy data to obtain a signature character string corresponding to the user privacy data and transmitting the signature character string and the user privacy data together;
the data transmission module includes:
the first data processing unit is used for arranging parameter names corresponding to the user privacy data in an ascending order according to keys;
the second data processing unit is used for adding timestamps to the arranged parameter names and parameter values to connect the parameter names and the parameter values into a character string;
the signature unit is used for splicing the character string into a character string head and a character string tail and then signing to obtain a signature character string;
the data transmission unit is used for packaging and transmitting the signature character string and the user privacy data;
the data storage module is used for generating first encrypted data after a user encrypts transmitted data once through a first secret key at a user side, and the server encrypts the first encrypted data twice through a second secret key at a server side to obtain second encrypted data which is stored in the block chain;
and the data management module is used for sending an access request to the user for right confirmation and verification when the visitor needs to access the user privacy data, and then decrypting the privacy data according to the first secret key and the second secret key.
4. The blockchain-based user privacy data management system of claim 3, wherein the data management module comprises:
the request receiving unit is used for sending the received access request to a user by the server to apply for obtaining the data access right;
a data extraction unit configured to extract, by the server, the second encrypted data from the blockchain side if a user agrees to the visitor to access the user privacy data;
the first decryption unit is used for decrypting the second encrypted data once through the second secret key after the server extracts the second encrypted data to obtain the first encrypted data, and then sending the first encrypted data to the user;
the second decryption unit is used for the user to decrypt the received first encrypted data for the second time through the first secret key to obtain original user privacy data and send the original user privacy data to the server;
and the data sending unit is used for sending the original user privacy data to the visitor by the server.
5. A terminal, comprising:
a processor;
a memory for storing processor executable instructions;
the processor executes the block chain-based user privacy data management method according to any one of claims 1-2, and transmits, stores and manages user privacy data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010274722.1A CN111507712B (en) | 2020-04-09 | 2020-04-09 | User privacy data management method, system and terminal based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010274722.1A CN111507712B (en) | 2020-04-09 | 2020-04-09 | User privacy data management method, system and terminal based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111507712A CN111507712A (en) | 2020-08-07 |
| CN111507712B true CN111507712B (en) | 2021-02-23 |
Family
ID=71874641
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010274722.1A Expired - Fee Related CN111507712B (en) | 2020-04-09 | 2020-04-09 | User privacy data management method, system and terminal based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111507712B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112751859A (en) * | 2020-12-29 | 2021-05-04 | 链博(成都)科技有限公司 | Contract data processing method, system and terminal based on block chain |
| CN112887399B (en) * | 2021-01-25 | 2022-10-25 | 联通雄安产业互联网有限公司 | Privacy security management system based on block chain |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107222482A (en) * | 2017-06-01 | 2017-09-29 | 黑龙江卓亚科技有限公司 | A kind of data management system and method based on compound block chain network |
| CN109583219A (en) * | 2018-11-30 | 2019-04-05 | 国家电网有限公司 | A kind of data signature, encryption and preservation method, apparatus and equipment |
| CN111310225A (en) * | 2020-01-17 | 2020-06-19 | 北京众信易保科技有限公司 | Method and system for decentralized privacy data authorization based on block chain |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210089676A1 (en) * | 2018-02-16 | 2021-03-25 | Ecole Polytechnique Fédérale De Lausanne Epfl-Tto | Methods and systems for secure data exchange |
| CN108648784A (en) * | 2018-03-15 | 2018-10-12 | 西安电子科技大学 | Medical data storage method, information data processing terminal based on block chain technology |
| CN108683626B (en) * | 2018-03-15 | 2023-01-31 | 众安信息技术服务有限公司 | Data access control method and device |
| US20200074458A1 (en) * | 2018-08-30 | 2020-03-05 | International Business Machines Corporation | Privacy preserving transaction system |
-
2020
- 2020-04-09 CN CN202010274722.1A patent/CN111507712B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107222482A (en) * | 2017-06-01 | 2017-09-29 | 黑龙江卓亚科技有限公司 | A kind of data management system and method based on compound block chain network |
| CN109583219A (en) * | 2018-11-30 | 2019-04-05 | 国家电网有限公司 | A kind of data signature, encryption and preservation method, apparatus and equipment |
| CN111310225A (en) * | 2020-01-17 | 2020-06-19 | 北京众信易保科技有限公司 | Method and system for decentralized privacy data authorization based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111507712A (en) | 2020-08-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108667608B (en) | Method, device and system for protecting data key | |
| KR101637863B1 (en) | Security system and method for transmitting a password | |
| CN102413132B (en) | Two-way-security-authentication-based data downloading method and system | |
| US9253162B2 (en) | Intelligent card secure communication method | |
| CN108323230B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
| US20110113241A1 (en) | Ic card, ic card system, and method thereof | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN101350718B (en) | Method for protecting play content authority range base on user identification module | |
| CN105656920B (en) | A kind of encryption and decryption method and system for posting number of packages evidence based on express delivery | |
| CN109981255B (en) | Method and system for updating key pool | |
| JPH10508438A (en) | System and method for key escrow and data escrow encryption | |
| CN103905204A (en) | Data transmission method and transmission system | |
| CN105284072A (en) | Support for decryption of encrypted data | |
| CN108880995B (en) | Block chain-based unfamiliar social network user information and message pushing encryption method | |
| CN105072125A (en) | HTTP communication system and method | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN111507712B (en) | User privacy data management method, system and terminal based on block chain | |
| CN115118419B (en) | Data transmission method of security chip, security chip device, equipment and medium | |
| CN113591109A (en) | Method and system for communication between trusted execution environment and cloud | |
| JP4409497B2 (en) | How to send confidential information | |
| CN112217797B (en) | Intelligent gateway Internet of things control system and method applying block chain technology | |
| CN108323231B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
| KR102357595B1 (en) | Blockchain-based authentication system and method for preventing interception hacking attacks | |
| CN114499875A (en) | Service data processing method and device, computer equipment and storage medium | |
| JP4034946B2 (en) | COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND RECORDING MEDIUM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210223 |