CN111770175B - Regional sharing method for government affair data based on block chain and related components - Google Patents

Regional sharing method for government affair data based on block chain and related components Download PDF

Info

Publication number
CN111770175B
CN111770175B CN202010605096.XA CN202010605096A CN111770175B CN 111770175 B CN111770175 B CN 111770175B CN 202010605096 A CN202010605096 A CN 202010605096A CN 111770175 B CN111770175 B CN 111770175B
Authority
CN
China
Prior art keywords
data
client
digital
government affair
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010605096.XA
Other languages
Chinese (zh)
Other versions
CN111770175A (en
Inventor
张亮轩
陈亮
张一锋
李宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongchao Creditcard Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Original Assignee
Zhongchao Creditcard Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongchao Creditcard Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute filed Critical Zhongchao Creditcard Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Priority to CN202010605096.XA priority Critical patent/CN111770175B/en
Publication of CN111770175A publication Critical patent/CN111770175A/en
Application granted granted Critical
Publication of CN111770175B publication Critical patent/CN111770175B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a block chain-based government affair data trans-regional sharing method, which is characterized in that a digital license system is applied to the field of data exchange, government affair data ownership is attributed to individuals, and individual government affair data related to privacy are authorized and shared in an individual independent authorization mode, so that the problem that the privacy of the individual government affair data is easily violated when a data using client uses the government affair data can be avoided, and the effective security circulation of the government affair data among all departments is ensured; meanwhile, the block chain is used for tracing the processes of generation, authorization and the like of the digital certificate in the whole process, and all departments can verify and effectively extract the government affair data through the block chain no matter the data using client side is, so that the problems of isolated islands of the government affair data and data barriers among all the departments are solved, and the effective trans-regional sharing of the government affair data is realized. The invention also discloses a data providing client, a licensee terminal and a block chain-based government affair data cross-region sharing system.

Description

Regional sharing method for government affair data based on block chain and related components
Technical Field
The invention relates to the technical field of electronics, in particular to a block chain-based government affair data cross-region sharing method, a data providing client, a licensee terminal and a block chain-based government affair data cross-region sharing system.
Background
At present, due to the fact that work interconnection and intercommunication are carried out among all government departments at all levels, government affair data of all government departments at all levels have the requirement of data sharing, the current government affair data cross-region sharing is mainly based on a large data center established by all levels of governments, and the large data center directly collects the data of all government departments to conduct summary analysis.
Since part of government affair data relates to personal data privacy and business secret, personal data privacy is infringed by sharing personal data without personal permission, and corresponding legal risks can exist; meanwhile, data interfaces of all government departments are possibly not uniform, and under the data collection mode, data among different government departments are difficult to interconnect and intercommunicate, so that data open sharing is seriously hindered, and the problems of government data isolated islands and data barriers are caused.
Therefore, how to avoid the government affair data sharing from invading the personal privacy and break through the data barriers caused by the non-uniform data interfaces among all departments to realize effective government affair data sharing is a technical problem to be solved by technical personnel in the field.
Disclosure of Invention
The invention aims to provide a block chain-based government data cross-region sharing method, which can avoid the sharing of government data from invading the privacy of individuals and break through the data barriers caused by the non-uniform data interfaces among all departments, thereby realizing effective government data sharing; another object of the present invention is to provide a data providing client, a licensee and a system for sharing government affair data across regions based on a block chain, which have the above advantages.
In order to solve the technical problem, the invention provides a block chain-based government affair data trans-regional sharing method, which is applied to a digital license system and comprises the following steps:
the licensee end initiates a digital license application request to the data providing client end;
receiving and storing the digital certificate returned by the data providing client; the digital certificate is obtained by signing and issuing government affair data related to a licensee according to a private key and a digital certificate template stored in a block chain;
after receiving a government affair data acquisition request of a data use client, verifying whether a licensee authorizes the government affair data acquisition request;
and if the digital license is authorized, providing the digital license to the data use client so that the data use client extracts a public key corresponding to the private key from the block chain to verify the digital license and extract government affair data.
Optionally, the government affair data obtaining request includes: showing mode of government affair data; the presentation mode comprises the following steps: direct presentation and indirect presentation;
then, correspondingly, verifying whether the bearer is authorized includes: verifying whether a prover authorizes the government affairs to be provided to the data use client in the showing mode;
correspondingly, the step of providing the digital license to the data use client, so that the data use client extracts a public key corresponding to the private key from the blockchain to verify the digital license and extract government affair data includes:
when the data is directly presented by using the client, signing the digital certificate to obtain a first double-signature digital certificate; the first double-signature digital certificate is sent to the data use client side, so that the data use client side can verify the signature of the first double-signature digital certificate and extract government affair data by using the public keys of the data provision client side and the licensee which are stored in the block chain;
when the data is indirectly presented by using the client designation, the digital certificate is subjected to data hiding processing according to the logic judgment condition designated by the data providing client, and a certificate containing a logic judgment result is obtained; and sending the certification to the data use client so that the data use client can verify the certification and extract a logic judgment result by using the public key of the data providing client stored in the block chain.
Optionally, when the data specifies indirect presentation using the client, performing signature processing on the digital license includes:
and when the data is indirectly presented by using the client, performing signature processing on the digital certificate based on a CL signature mode.
Optionally, the data hiding processing is performed on the digital license according to a logic judgment condition specified by the data providing client, and includes:
and calling a Sigma protocol to hide the data of the digital license according to a logic judgment condition specified by the data providing client.
Optionally, receiving and storing the digital license returned by the data providing client includes:
and the licensee end receives the digital license returned by the data providing client end and stores the digital license in a digital license folder.
The application provides a licensee client, including:
the license application unit is used for initiating a digital license application request to the data providing client;
the license receiving unit is used for receiving and storing the digital license returned by the data providing client; the digital certificate is obtained by signing and issuing government affair data related to a licensee according to a private key and a digital certificate template stored in a block chain;
the authorization unit is used for verifying whether the licensee authorizes or not after receiving a government affair data acquisition request of the data use client;
and the license providing unit is used for providing the digital license to the data use client side if the digital license is authorized, so that the data use client side extracts the public key corresponding to the private key from the block chain to verify the digital license and extract government affair data.
The application provides a block chain-based government affair data trans-regional sharing method, which is applied to a digital license system and comprises the following steps:
when the data providing client receives a digital certificate application request sent by a certificate holder, government affair data related to the certificate holder is determined;
a private key and a digital certificate template stored in a block chain are called to sign and issue the government affair data to obtain a digital certificate;
and returning the digital license to the licensee end so that the licensee end can select whether to show the digital license to the data use client according to the result of the autonomous authorization.
Optionally, the block chain-based government data cross-region sharing method further includes:
and counting whether the issued digital certificates are revoked or not, and adding the revoked digital certificates into a certificate revocation list of the block chain, so that the data use client judges the validity of the digital certificates according to the certificate revocation list when obtaining the digital certificates through authorization.
The application provides a data providing client, including:
the data determining unit is used for determining government affair data related to the licensee when receiving a digital license application request sent by the licensee terminal;
the certificate issuing unit is used for calling a private key and a digital certificate template stored in the block chain to issue the government affair data to obtain a digital certificate;
and the license feedback unit is used for returning the digital license to the licensee end so that the licensee end can select whether to show the digital license to the data use client according to the result of the autonomous authorization.
The application also provides a regional sharing system of government affairs data based on block chain, including: the system comprises a block chain, a data providing client, a certificate holder and a data using client;
when the certifier side executes a program, the block chain-based government affair data cross-region sharing method which takes the certifier side as an execution main body is realized;
when the data providing client executes a program, the block chain-based government affair data cross-region sharing method which takes a prover client as an execution main body is realized;
the data use client is used for sending a government affair data acquisition request to the licensee terminal; after receiving the digital certificate returned by the certificate holder, extracting a public key from the block chain to verify the digital certificate; performing administrative data extraction after the verification is valid;
the block chain is used for storing the public key and the license template.
According to the technical scheme, the block chain-based government data cross-region sharing method provided by the invention provides a new cross-region sharing mode of government data, applies the digital license system to the field of data exchange, attributes the government data to individuals, and authorizes and shares the individual government data related to privacy by adopting an individual autonomous authorization mode, so that the problem that the privacy of the individual data is easily violated when a data using client uses the government data can be avoided, and the effective security circulation of the government data among all departments is ensured; meanwhile, the block chain is used for tracing the processes of generation, authorization and the like of the digital certificate in the whole process, and all departments can verify and effectively extract the government affair data through the block chain no matter the data using client side is, so that the problems of isolated islands of the government affair data and data barriers among all the departments are solved, and the effective trans-regional sharing of the government affair data is realized.
The invention also discloses a data providing client, a licensee terminal and a block chain-based government affair data cross-region sharing system, which have the beneficial effects and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for sharing government affair data across regions based on a blockchain according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a trans-regional shared flow of government affairs data based on a block chain according to an embodiment of the present invention;
fig. 3 is a block diagram of a credential holder client according to an embodiment of the present invention;
fig. 4 is a flowchart of another method for sharing government data across regions based on block chains according to an embodiment of the present invention;
fig. 5 is a block diagram of a data providing client according to an embodiment of the present invention.
Detailed Description
The core of the invention is to provide a block chain-based government affair data cross-region sharing method, which can avoid the sharing of government affair data to infringe personal privacy, break through data barriers caused by non-uniform data interfaces among all departments and realize effective government affair data sharing; another object of the present invention is to provide a data providing client, a licensee and a system for sharing government affair data across regions based on a block chain, which have the above advantages.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of a block chain-based method for sharing government affair data across regions according to an embodiment of the present invention, and fig. 2 is a schematic diagram illustrating a block chain-based method for sharing government affair data across regions, where a process of information interaction among components in the following steps may refer to the description of the present figure; the execution subject of the method is a certifier terminal, and the method can comprise the following steps:
step s110, the licensee end initiates a digital license application request to the data providing client end;
the method provided by the embodiment is implemented based on the block chain and is applied to the digital license system, and the specific introduction of the digital license system can refer to the related technologies and related documents, which are not described in detail in the embodiment. There are three main roles in the block chain-based digital license system model applied in this embodiment: data providers, licensees, and data consumers.
Wherein, the data provider refers to a department collecting government affair data, the licensee refers to an individual involved in the government affair data collected in the data providing client, and the data user refers to a department or an individual applying for using the government affair data of the licensee. In this embodiment, the introduction is simplified, an interactive terminal used by the data provider is referred to as a data providing client, an interactive terminal used by the data consumer is referred to as a data using client, and an interactive terminal used by the licensee is referred to as a licensee terminal.
The licensee applies for the digital license to the data providing client at a licensee terminal (a terminal operated by the licensee), and the data providing client signs the digital license for the licensee according to the license template. The issuing process of the digital license may refer to a related processing manner in the digital license system, which is not described in detail in this embodiment.
Step s120, receiving and storing the data and providing the digital certificate returned by the client;
the digital certificate is signed and issued to government affair data related to a licensee according to a private key and a digital certificate template stored in a block chain, the private key is kept by a data provider and stored in the data provider, the digital certificate template is stored in the block chain, the data provider signs and issues the government affair data related to the licensee according to the private key kept by the data provider and the digital certificate template stored in the block chain, the specific implementation process of generating the digital certificate can refer to the generation process of the digital certificate in a digital certificate system in the prior art, and the generation process is not repeated in the embodiment. In the embodiment, the digital license template and the public key are stored through the block chain, and the generation, authorization and revocation of the digital license are traced in the whole process of the block chain, so that the safety and compliance in the open utilization of the data resources can be guaranteed.
The digital license returned by the data providing client is received and then stored, the storage area of the digital license of the licensee side is not limited in the embodiment, and optionally, the licensee side can store the digital license in the digital license folder. The digital certificate folder is used for storing digital certificates in the digital certificate system, is a cloud space for encrypting and safely storing digital certificates of certificate holders, and stores the digital certificates in the digital certificate folder to ensure the safety of the digital certificates and avoid the problem of loss of government affair data safety caused by illegal stealing of the digital certificates. Of course, the information may also be stored in other areas, which is not limited in this embodiment.
Step s130, after receiving a government affair data acquisition request of the data use client, verifying whether a licensee authorizes the government affair data acquisition request;
and the licensee performs personal autonomous authorization in the licensee terminal according to the request of the data use client terminal. If the data is authorized, the licensee is indicated to allow the data use client to use government affair data related to the licensee; if not, the prover is instructed not to allow the data use client to use the government affairs data related to the prover.
In the embodiment, the individual government affair data related to privacy are authorized to be used in an individual independent authorization mode, each person has an independent authority for the government affair data, the authority of the data belongs to the individual, and the data are presented, circulated and shared by the individual independent authorization data, so that the problem that the privacy of the individual data is easily violated when the government affair data is used by a data use client can be avoided, and the effective safety circulation of the government affair data among all departments is ensured.
And step s140, if the authorization is passed, providing the digital license to the data use client, so that the data use client extracts a public key corresponding to the private key from the blockchain to verify the digital license and extract government affair data.
After the authorization, the data using client verifies the validity of the digital certificate by using the public key of the data providing client, so that the legal circulation and sharing of the data from the data providing client to the data using client are completed. The verification and data extraction processes of the digital license can be mutually referred to with the generation process of the digital license, and details are not repeated in this embodiment.
If the data use client is not authorized, the licensee is instructed not to allow the data use client to use the government affair data related to the licensee, the processing method in this case is not limited in this embodiment, and an unauthorized prompt message of the data use client may be directly fed back as shown in step s 150.
Based on the above description, the block chain-based method for sharing government affair data across regions provided by this embodiment provides a new mode for sharing government affair data across regions, applies the digital license system to the field of data exchange, and assigns the authority of government affair data to individuals, and performs authorized sharing and use on the individual government affair data related to privacy in an individual autonomous authorization manner, so that the problem that the privacy of individual data is easily violated when a data using client uses government affair data can be avoided, and effective security circulation of government affair data among various departments is ensured; meanwhile, the block chain is used for tracing the whole course of the generation, authorization and other processes of the digital certificate, and all departments can verify and effectively extract government affair data through the block chain no matter the data use client side is, so that the problems of isolated islands of government affair data and data barriers among all the departments are solved, and the effective trans-regional sharing of the government affair data is realized.
The government affair data obtaining request indicates that the data using client needs to obtain the government affair data, and the government affair data obtaining request may further include: the way of showing the government affair data; the presentation mode specifically includes: the method comprises the steps of direct presentation and indirect presentation, namely, the government affair data acquisition request can comprise the specification of a data use client to the supply mode of the government affair data, the direct presentation refers to the direct supply of the government affair data, the indirect presentation refers to the indirect supply of the government affair data, but the relevant information of the government affair data can be obtained, and the indirect presentation of the digital certificate is a mode for protecting the data privacy of a sponsor, can disclose the minimized data information to a third party, can ensure the minimized disclosure of the data under the condition that the effective use of the data is ensured, prevent the abuse of the data and protect the data privacy of individuals.
Then, correspondingly, verifying whether the bearer is authorized includes: verifying whether the licensee authorizes government affairs to be provided to the data use client in a presentation mode;
accordingly, the digital certificate is provided to the data usage client, so that the data usage client extracts a public key corresponding to the private key from the blockchain to verify the digital certificate and extract government affair data, including:
when the data is directly presented by using the client side designation, signing the digital certificate to obtain a first double-signature digital certificate; the first double-signature digital certificate is sent to a data use client so that the data use client can verify the signature of the first double-signature digital certificate and extract government affair data by using the public keys of the data provision client and the licensee stored in the block chain;
the direct presentation of the digital certificate means that the licensee directly presents the digital certificate to the data use client without any processing on the data in the digital certificate. The key implementation technique for direct presentation is digital signature. The data providing client signs the digital certificate containing the data of the certificate holder and sends the signed digital certificate to the certificate holder; after receiving the digital certificate, the holder stores the digital certificate in a digital certificate clip; when the digital certificate is presented, the licensee signs the digital certificate again, and the digital certificate signed by the two parties (the data providing client and the licensee) is sent to the data using client; the data use client side uses the public keys of the data provision client side and the licensee to verify the signature of the digital license, and then verification of the digital license can be completed.
When the data is indirectly presented by using the client designation, the digital certificate is subjected to data hiding processing according to the logic judgment condition designated by the data providing client, so that a certificate containing a logic judgment result is obtained; and sending the certification to the data use client so that the data use client can verify the certification and extract a logic judgment result by using the public key of the data providing client stored in the block chain.
The indirect presentation is that only a data provider is needed for signature, and a licensee does not need to perform user signature processing, but needs to hide data so as to avoid direct acquisition of private data.
Optionally, the digital certificate may be signed based on a CL signature manner by indirectly presenting the digital certificate for signature processing.
The CL signature algorithm comprises a key generation algorithm, a signature algorithm and a signature verification algorithm, and the specific algorithm flow is as follows.
1. And (3) key generation:
1) Randomly selecting two security prime numbers (p, q), and n = pq;
2) Randomly select k +2 quadratic residuals (R) 1 ,…,R k ,S,Z);
3) Output private key sk = (p, q), public key pk = (n, R) 1 ,…,R k ,S,Z)。
2. Signature:
1) Input k values m 1 ,…,m k };
2) Computing the Euler function of n
Figure BDA0002560732260000091
3) Randomly selecting a sufficiently large prime number e and an integer v;
4) Calculate e about
Figure BDA0002560732260000092
Modulo inverse element e of -1 That is to say have
Figure BDA0002560732260000093
5) Computing
Figure BDA0002560732260000094
6) The signature (a, e, v) is output.
3. And (4) checking the label:
inputting k values m 1 ,…,m k }, signature (a, e, v);
1) Verifying whether e and v are large enough, wherein e is a prime number;
2) Verifying whether the signature is satisfied
Figure BDA0002560732260000095
Optionally, the data hiding processing on the digital license according to the logic judgment condition specified by the data providing client may specifically be: and calling a Sigma protocol to hide the data of the digital license according to the logic judgment condition appointed by the data providing client.
The Sigma protocol is an efficient interactive zero-knowledge proof protocol. It can enable a prover to prove to a verifier that he knows the secret without presenting the secret to the verifier.
Suppose the prover knows that secret x satisfies y = g x He needs to prove knowledge of the secret to the verifier. The proof can be expressed as PK { (x): y = g x The certification can be done using a Sigma protocol:
1) The prover generates a random number r;
2) Prover calculates t = g r And sends it to the verifier;
3) The verifier selects a random number c and sends the random number c to the prover;
4) The prover calculates s = c-r x, sending s to the verifier;
5) Verifier verification g s *y c If t is true.
The Fiat-Shamir heuristic protocol may be used to convert the interactive zero-knowledge proof protocol (Sigma protocol) to a non-interactive zero-knowledge proof protocol. In the technical scheme based on the block chain digital certificate system, a non-interactive zero-knowledge proof protocol is mainly used for finishing indirect presentation of the digital certificate, so that the privacy of data of a certificate holder is protected.
In order to further understand the implementation manner of the indirect certificate presented in this embodiment, a specific generation process is described in this embodiment.
1. Issue digital certificate
Before the digital certificate is issued, the data providing client firstly runs a key generation algorithm of the CL signature to generate a public key and a private key, and records the public key in a block chain. Then, the data providing client and the licensee perform one round of interaction to complete the issuance of the digital license:
(1) Data providing client generating random number n 1 And sending to the licensee;
(2) The licensee generates a random number v' for the master key m 1 Computing
Figure BDA0002560732260000101
Hiding a principal secret key of the licensee, and sending the U to the data providing client;
(3) A data providing client generates a random prime e and an integer v';
(4) Data providing client-to-government affairs data m i Calculating CL signatures (A, e, v) by the U and sending the CL signatures to the licensee;
(5) The licensee calculates v = v' + v "to obtain a digital license ({ m ″) i },A,e,v)。
Through this process the bearer can obtain the digital certificate and then securely store it in the "digital certificate holder".
2. Showing digital certificate
The prover indirectly shows the data in the digital certificate to the data using client, that is, only the data using client is proved to be the logical judgment result about the data, for example, the data is greater than, less than, greater than or equal to or less than a certain value, but specific numerical values are hidden. The construction method proved as follows:
(1) Generating a random number r A Randomize CL signature:
Figure BDA0002560732260000102
v’=v-e*r A
(2) The structure proves that:
π=NIZKP{(e,v',{m i }):
Figure BDA0002560732260000111
(3) And outputting the proof pi.
To prove some logical judgment about the data, e.g. construct an inequality m for some data i The method for proving that the b is more than or equal to the following:
1) Calculating the difference Δ = m i B and expressed as the sum of the squares of four integers:
Figure BDA0002560732260000112
2) Generating a random number r i Respectively hiding the four integers in T i And the following was constructed to demonstrate:
Figure BDA0002560732260000113
3) Generating a random number r Δ Proof of value m i B is greater than or equal to b, structure proves that:
Figure BDA0002560732260000114
4) Generating random numbers
Figure BDA0002560732260000115
Hiding the difference delta at T Δ And the following was constructed to demonstrate:
Figure BDA0002560732260000116
5) Output proof (pi) 1 ,π 2 ,π 3 )。
Using a similar approach, an inequality m can be constructed for the data i >b,m i B or m is less than or equal to i < demonstration of b. Finally, proof pi and several triplets proof (pi) 1 ,π 2 ,π 3 ) I.e. constitute a complete proof of the data.
3. Verifying digital certificate
The data use client side can verify the zero knowledge proof pi and a plurality of triple proofs (pi) by using the digital certificate data in the block chain to provide the public key of the client side 1 ,π 2 ,π 3 ) Thereby completing the verification of the digital certificate.
The method for providing the digital license provided by the embodiment can support the license holder to show data to the data using client in a direct mode and an indirect mode, and protect the privacy of personal data to the greatest extent.
Referring to fig. 3, fig. 3 is a block diagram of a credential holder client provided in this embodiment; the apparatus may include: a license application unit 110, a license receiving unit 120, an authorization unit 130, and a license providing unit 140.
The license application unit 110 is mainly used for initiating a digital license application request to the data providing client;
the license receiving unit 120 is mainly used for receiving and storing the digital license returned by the data providing client; the digital certificate is obtained by signing and issuing government affair data related to a licensee according to a private key and a digital certificate template stored in a block chain;
the authorization unit 130 is mainly used for verifying whether a licensee is authorized after receiving a government affair data acquisition request of a data use client;
the license providing unit 140 is mainly configured to provide the digital license to the data using client if the digital license is authorized, so that the data using client extracts a public key corresponding to the private key from the blockchain to verify the digital license and extract government data.
The prover client side provided by the embodiment can avoid government affair data sharing from invading personal privacy, break through data barriers caused by non-uniform data interfaces among departments, and realize effective government affair data sharing. It should be noted that, in the specific embodiment of the present application, please refer to the specific embodiment corresponding to fig. 1 for the working process of each unit in the witness client, which is not described herein again.
Referring to fig. 4, fig. 4 is a flowchart of a block chain-based government data cross-region sharing method according to an embodiment of the present invention; the execution subject of the method is a data providing client (terminal providing government affairs data), and the method may include:
step s210, when the data providing client receives a digital license application request sent by the licensee, determining government affair data related to the licensee;
the government affair data of the certifier can be provided by the certifier and can also be searched from the government affair data storage terminal of the certifier, and the determining mode of the government affair data related to the certifier is not limited in the embodiment.
Step s220, a private key and a digital certificate template stored in the block chain are called to sign the government affair data to obtain a digital certificate;
the issuing process of the digital certificate can refer to the implementation process in the existing digital certificate system, and is not described herein again.
The digital license template and the public key are stored in the block chain, any other department user can read the digital license template and the public key through the block chain, data transmission and supervision of a data extraction process are carried out through the block chain, and data sharing blockage caused by different interfaces among departments can be avoided.
And step s330, the digital certificate is returned to the certificate holder, so that the certificate holder can select whether to show the digital certificate to the data use client according to the result of the autonomous authorization.
After the digital license is returned to the licensee end, the implementation process that the licensee end selects whether to show the digital license to the data use client according to the result of the autonomous authorization can refer to the introduction of the embodiment, and through the autonomous authorization of the licensee, the illegal acquisition of private data can be avoided, and the right to know and the right to decide of the licensee are ensured.
Further, the data providing client may be further configured to: and counting whether each issued digital license is revoked or not, and adding the revoked digital license into a license revocation list of the block chain, so that the validity of the digital license is judged according to the license revocation list when the digital license is obtained by the data use client through authorization, thereby realizing revocation of the digital license under the condition of overdue or other conditions, and avoiding circulation of invalid digital licenses.
Referring to fig. 5, fig. 5 is a block diagram of a data providing client according to the present embodiment; the apparatus may include: a data determination unit 210, a certificate issuance unit 220, and a certificate feedback unit 230.
The data determining unit 210 is mainly configured to determine government affair data related to a licensee when receiving a digital license application request sent by a licensee terminal;
the license issuing unit 220 is mainly used for calling a private key and a digital license template stored in the block chain to issue the government affair data to obtain a digital license;
the license feedback unit 230 is mainly configured to return the digital license to the licensee end, so that the licensee end selects whether to present the digital license to the data using client according to the result of the autonomous authorization.
The data providing client provided by the embodiment can avoid government affair data sharing from invading personal privacy, break through data barriers caused by non-uniform data interfaces among departments, and realize effective government affair data sharing. It should be noted that, for each unit in the data providing client in the specific embodiment of the present application, please refer to the specific embodiment corresponding to fig. 4 for the working process, which is not described herein again.
The embodiment of the invention provides a block chain-based government affair data cross-region sharing system which mainly comprises a block chain, a data providing client, a licensee end and a data using client.
The block chain is connected with the data providing client and the data using client and used for storing the public key and the license template, and the public key and the license template can be obtained by the data providing client and the data using client through the block chain.
The data providing client is also connected with the licensee end and is mainly used for determining government affair data related to the licensee when receiving a digital license application request sent by the licensee end; calling a private key and a digital certificate template stored in a block chain to sign and issue government affair data to obtain a digital certificate; returning the digital certificate to the certificate holder;
the licensee end is also connected with the data use client end and is mainly used for receiving and storing data and providing a digital certificate returned by the client end; after receiving a government affair data acquisition request of a data use client, verifying whether a licensee authorizes or not; and if the digital license is authorized, the digital license is provided for the data use client.
The data use client is used for initiating a government affair data acquisition request to the licensee terminal; after receiving the digital certificate returned by the licensee end, extracting a public key from the block chain to verify the digital certificate; and performing administration data extraction after the verification is valid.
The connection of the components in the specific system can refer to fig. 2, and the working schematic can refer to the description of the above embodiment.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses, devices, storage media and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus, device, storage medium and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a function calling device, or a network device) to execute all or part of the steps of the method of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The block chain-based government affair data cross-region sharing method and system, a prover client and a data providing client provided by the invention are described in detail above. The principles and embodiments of the present invention have been described herein using specific examples, which are presented only to assist in understanding the method and its core concepts of the present invention. It should be noted that, for those skilled in the art, without departing from the principle of the present invention, it is possible to make various improvements and modifications to the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.

Claims (6)

1. A block chain-based government affair data cross-region sharing method is characterized by being applied to a digital license system and comprising the following steps:
the licensee end initiates a digital license application request to the data providing client end;
receiving and storing the digital certificate returned by the data providing client; the digital certificate is obtained by signing and issuing government affair data related to a licensee according to a private key and a digital certificate template stored in a block chain;
after receiving a government affair data acquisition request of a data use client, verifying whether a licensee authorizes or not;
if the digital certificate is authorized, the digital certificate is provided for the data use client, so that the data use client extracts a public key corresponding to the private key from the block chain to verify the digital certificate and extract government affair data;
the government affair data acquisition request comprises the following steps: showing mode of government affair data; the presentation mode comprises the following steps: direct presentation and indirect presentation;
then, correspondingly, verifying whether the bearer is authorized includes: verifying whether a licensee authorizes the government affairs to be provided to the data use client in the showing mode;
correspondingly, the step of providing the digital license to the data use client, so that the data use client extracts a public key corresponding to the private key from the blockchain to verify the digital license and extract government affair data includes:
when the data is directly presented by using the client, signing the digital certificate to obtain a first double-signature digital certificate; sending the first double-signature digital certificate to the data use client so that the data use client can verify the signature of the first double-signature digital certificate and extract government affair data by using the data supply client stored in the block chain and the public key of the licensee;
when the data is indirectly presented by using the client designation, the digital certificate is subjected to data hiding processing according to the logic judgment condition designated by the data providing client, so that a certificate containing a logic judgment result is obtained; and sending the certification to the data use client so that the data use client can verify the certification and extract a logic judgment result by using the public key of the data provision client stored in the block chain.
2. The block chain-based government data trans-regional sharing method according to claim 1, wherein when the data is indirectly presented using a client designation, signing the digital license comprises:
and when the data is indirectly presented by using the client, performing signature processing on the digital certificate based on a CL signature mode.
3. The block chain-based government data trans-regional sharing method according to claim 1, wherein the data hiding process of the digital license according to the logic judgment condition specified by the data providing client comprises:
and calling a Sigma protocol to hide the data of the digital license according to a logic judgment condition specified by the data providing client.
4. The block chain-based government data trans-regional sharing method according to claim 1, wherein receiving and storing the digital certificate returned by the data providing client comprises:
and the licensee end receives the digital license returned by the data providing client end and stores the digital license in a digital license folder.
5. A witness client, comprising:
the license application unit is used for initiating a digital license application request to the data providing client;
the license receiving unit is used for receiving and storing the digital license returned by the data providing client; the digital certificate is obtained by signing and issuing government affair data related to a licensee according to a private key and a digital certificate template stored in a block chain;
the authorization unit is used for verifying whether a licensee authorizes or not after receiving a government affair data acquisition request of the data use client; the government affair data acquisition request comprises the following steps: showing mode of government affair data; the presentation mode comprises the following steps: direct presentation and indirect presentation; the verifying whether the bearer is authorized includes: verifying whether a prover authorizes the government affairs to be provided to the data use client in the showing mode;
the license providing unit is used for providing the digital license to the data use client side if the digital license is authorized, so that the data use client side extracts a public key corresponding to the private key from the block chain to verify the digital license and extract government affair data;
providing the digital license to the data use client, so that the data use client extracts a public key corresponding to the private key from the block chain to verify the digital license and extract government affair data, wherein the steps of:
when the data is directly presented by using the client designation, signing the digital certificate to obtain a first double-signature digital certificate; sending the first double-signature digital certificate to the data use client so that the data use client can verify the signature of the first double-signature digital certificate and extract government affair data by using the data supply client stored in the block chain and the public key of the licensee;
when the data is indirectly presented by using the client designation, the digital certificate is subjected to data hiding processing according to the logic judgment condition designated by the data providing client, and a certificate containing a logic judgment result is obtained; and sending the certification to the data use client so that the data use client can verify the certification and extract a logic judgment result by using the public key of the data providing client stored in the block chain.
6. A block chain-based government data cross-region sharing system is characterized by comprising: the system comprises a block chain, a data providing client, a licensee terminal and a data using client;
the step of implementing the block chain based government affair data cross-region sharing method according to any one of claims 1 to 4 when the prover terminal executes the program;
the data providing client is used for determining government affair data related to the licensee when receiving a digital license application request sent by the licensee terminal; a private key and a digital certificate template stored in a block chain are called to sign and issue the government affair data to obtain a digital certificate; returning the digital certificate to the licensee end so that the licensee end can select whether to show the digital certificate to the data use client according to an autonomous authorization result; the data providing client is also used for counting whether the issued digital certificates are revoked and adding the revoked digital certificates into a certificate revocation list of the block chain, so that the data using client judges the validity of the digital certificates according to the certificate revocation list when obtaining the digital certificates through authorization;
the data use client is used for sending a government affair data acquisition request to the licensee terminal; after receiving the digital certificate returned by the certificate holder, extracting a public key from the block chain to verify the digital certificate; performing administrative data extraction after the verification is valid;
the block chain is used for storing the public key and the license template.
CN202010605096.XA 2020-06-29 2020-06-29 Regional sharing method for government affair data based on block chain and related components Active CN111770175B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010605096.XA CN111770175B (en) 2020-06-29 2020-06-29 Regional sharing method for government affair data based on block chain and related components

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010605096.XA CN111770175B (en) 2020-06-29 2020-06-29 Regional sharing method for government affair data based on block chain and related components

Publications (2)

Publication Number Publication Date
CN111770175A CN111770175A (en) 2020-10-13
CN111770175B true CN111770175B (en) 2022-11-08

Family

ID=72723167

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010605096.XA Active CN111770175B (en) 2020-06-29 2020-06-29 Regional sharing method for government affair data based on block chain and related components

Country Status (1)

Country Link
CN (1) CN111770175B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112600677A (en) * 2020-12-28 2021-04-02 中钞信用卡产业发展有限公司杭州区块链技术研究院 License verification method and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106997525A (en) * 2017-04-10 2017-08-01 山大地纬软件股份有限公司 Digital license system based on block chain technology
CN107317683A (en) * 2017-06-20 2017-11-03 上海浩霖汇信息科技有限公司 A kind of bi-directional verification method and device of electronics license
CN108259622A (en) * 2018-02-07 2018-07-06 福建南威软件有限公司 A kind of trans-regional sharing method of electronics license data
CN108763942A (en) * 2018-05-22 2018-11-06 山大地纬软件股份有限公司 Digital license based on block chain licenses device and its application method
CN109189962A (en) * 2018-08-17 2019-01-11 福建南威软件有限公司 A kind of license service realization system based on block chain
CN109743330A (en) * 2019-01-22 2019-05-10 北京邮电大学 A kind of license method for authenticating, device, electronic equipment and storage medium
CN110958223A (en) * 2019-10-31 2020-04-03 百度在线网络技术(北京)有限公司 Delegation authorization method, device, equipment and medium based on block chain
CN111126950A (en) * 2019-12-10 2020-05-08 支付宝(杭州)信息技术有限公司 Service processing method, device and equipment based on block chain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11057366B2 (en) * 2018-08-21 2021-07-06 HYPR Corp. Federated identity management with decentralized computing platforms

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106997525A (en) * 2017-04-10 2017-08-01 山大地纬软件股份有限公司 Digital license system based on block chain technology
CN107317683A (en) * 2017-06-20 2017-11-03 上海浩霖汇信息科技有限公司 A kind of bi-directional verification method and device of electronics license
CN108259622A (en) * 2018-02-07 2018-07-06 福建南威软件有限公司 A kind of trans-regional sharing method of electronics license data
CN108763942A (en) * 2018-05-22 2018-11-06 山大地纬软件股份有限公司 Digital license based on block chain licenses device and its application method
CN109189962A (en) * 2018-08-17 2019-01-11 福建南威软件有限公司 A kind of license service realization system based on block chain
CN109743330A (en) * 2019-01-22 2019-05-10 北京邮电大学 A kind of license method for authenticating, device, electronic equipment and storage medium
CN110958223A (en) * 2019-10-31 2020-04-03 百度在线网络技术(北京)有限公司 Delegation authorization method, device, equipment and medium based on block chain
CN111126950A (en) * 2019-12-10 2020-05-08 支付宝(杭州)信息技术有限公司 Service processing method, device and equipment based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于区块链与电子认证的不动产登记电子证照系统的设计与实现;张飞等;《江苏科技信息》;20191220(第35期);全文 *

Also Published As

Publication number Publication date
CN111770175A (en) 2020-10-13

Similar Documents

Publication Publication Date Title
CN106961336B (en) A kind of key components trustship method and system based on SM2 algorithm
Hardjono et al. Cloud-based commissioning of constrained devices using permissioned blockchains
Yang et al. Password authentication schemes with smart cards
CN110022217B (en) Advertisement media service data credible storage system based on block chain
JP2022003536A (en) Method implemented by block chain for digital content control and distribution
CN109687963A (en) Anti- quantum calculation alliance chain method of commerce and system based on public key pond
Chen et al. A novel electronic cash system with trustee-based anonymity revocation from pairing
US8220040B2 (en) Verifying that group membership requirements are met by users
CN110519046A (en) Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD
CN111106930B (en) Block chain network construction method and device and block chain network system
CN114580029A (en) Block chain digital asset privacy protection method, device, equipment and storage medium
Win et al. Privacy enabled digital rights management without trusted third party assumption
CN113159762A (en) Block chain transaction method based on Paillier and game theory
CN111770175B (en) Regional sharing method for government affair data based on block chain and related components
KR102477363B1 (en) Anonymous Attribute Proof System and Method with Efficient Key Revocation
CN112529573A (en) Combined block chain threshold signature method and system
CN114514550A (en) Partitioning requests into blockchains
KR100507809B1 (en) Anonymous fingerprinting scheme based on the bilinear pairings diffie-hellman problem
CN113746645B (en) Public scene anonymous communication charging system and method based on chargeable digital certificate
CN113055166B (en) Secret key authorization method and device and digital signature system
CN115865426A (en) Privacy intersection method and device
JP2004228958A (en) Signature method and signature program
Brickell et al. ENHANCED PRIVACY ID: A REMOTE ANONYMOUS ATTESTATION SCHEME FOR HARDWARE DEVICES.
Okada et al. Optimistic fair exchange protocol for E-Commerce
Patil et al. An ID-based block ring signature system for secret sharing of data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant