CN111884805A - Data hosting method and system based on block chain and distributed identity - Google Patents

Data hosting method and system based on block chain and distributed identity Download PDF

Info

Publication number
CN111884805A
CN111884805A CN202010590921.3A CN202010590921A CN111884805A CN 111884805 A CN111884805 A CN 111884805A CN 202010590921 A CN202010590921 A CN 202010590921A CN 111884805 A CN111884805 A CN 111884805A
Authority
CN
China
Prior art keywords
data
blockchain
distributed identity
sharing platform
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010590921.3A
Other languages
Chinese (zh)
Other versions
CN111884805B (en
Inventor
游海涛
傅福斌
林凯
王琳
陈秀琴
杨丰佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Wanshi Shunyi Technology Co Ltd
Ylz Information Technology Co ltd
Original Assignee
Xiamen Wanshi Shunyi Technology Co Ltd
Ylz Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Wanshi Shunyi Technology Co Ltd, Ylz Information Technology Co ltd filed Critical Xiamen Wanshi Shunyi Technology Co Ltd
Priority to CN202010590921.3A priority Critical patent/CN111884805B/en
Publication of CN111884805A publication Critical patent/CN111884805A/en
Application granted granted Critical
Publication of CN111884805B publication Critical patent/CN111884805B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data escrow method and a data escrow system based on a block chain and a distributed identity, solves the problem of heavy encryption and decryption work of an agent, and provides a trusted data encryption and sharing mode based on a block chain intelligent contract and a verifiable statement VC. The method comprises the following steps: the data provider C sends a ciphertext, an identification code, a public key of an asymmetric key and a data description document to the data sharing platform A, deploys an intelligent contract on a block chain, and presets a private key of the asymmetric key, the symmetric key, the identification code and a certificate issuer; the data demand party B sends a data demand to the data sharing platform A, and the data sharing platform A returns a ciphertext and an encrypted verifiable statement; the data demand side B sends an encrypted verifiable statement to the intelligent contract, and the encrypted symmetric key is returned after the intelligent contract is verified; and the data requiring party B decrypts the data to obtain the symmetric key and then obtains the original data by using the ciphertext.

Description

Data hosting method and system based on block chain and distributed identity
Technical Field
The invention relates to the field of block chains, in particular to a data hosting method and system based on a block chain and distributed identities.
Background
The W3C organization defines a set of globally unique, universal, standardized, machine-readable DID distributed digital identity identifiers, and the veriable Credentials standard specifies the data format and interactions of Verifiable digital identity certificates, providing for future digital identity interworking. The DID Auth standard proposed by DIF organization sets out a method for authenticating DID control rights between different business parties. DKMS, in turn, is directed to the construction of a trusted point-to-point secure communication link through the design of distributed key lifecycle management.
Proxy re-encryption is a technology widely used in the field of cloud services in recent years. The cloud computing service provider serves as an agent, and the user A cannot completely trust the cloud computing service provider, so that data needing to be stored is encrypted locally by the public key Pa of the user A and then transmitted to the cloud for storage, the cloud computing service provider cannot obtain plaintext information of the data, and the data can be decrypted only by the user A through the private key Sa of the user A. When the user A needs to share the data with the user B, the user A can calculate a conversion key Rk according to the private key of the user A and the public key Pb of the user B, and the cloud computing service provider uses the conversion key Rk to re-encrypt the ciphertext aiming at the user A to obtain the ciphertext aiming at the user B, so that the user B can easily download the ciphertext data from the cloud, and can decrypt the ciphertext by using the private key Sb of the user B.
Although the whole process ensures that the original data cannot be taken by the cloud service platform and the security of the data is ensured, in the process, the encryption and decryption mode at the user side is very inconvenient for data sharing, and the provider needs to generate a conversion key for each demander, so that the user frequently acquires and releases authorization, which increases heavy decryption work for the user.
Disclosure of Invention
In order to solve the problem of heavy encryption and decryption work of proxy re-encryption in the prior art, the data hosting method and system based on the block chain and the distributed identity provided by the invention can solve the problem of heavy encryption and decryption work of proxy re-encryption and provide a security scheme for data hosting and sharing.
In a first aspect, an embodiment of the present application provides a data hosting method based on a blockchain and a distributed identity, where the method includes:
deploying a distributed identity registration contract in a blockchain network;
the Data sharing platform A receives ciphertext C _ Data _1 generated by encrypting original Data Data _1 by a Data provider C through a symmetric key k, a unique identification code uuid _1 corresponding to the symmetric key k, a public key pubkD in an asymmetric key pair pubkD and a public key privkD generated by the Data provider C, and description document Text _1 information of Data;
the Data provider C creates and deploys an intelligent contract Smc1 on a block chain for sharing of the ciphertext C _ Data _ 1;
the data sharing platform A receives the data requirement corresponding to the description document Text _1 from the data demander B, analyzes the distributed identity DID _ B of the data demander B to obtain a description document Doc _ B, and generates a verifiable statement VC _1 corresponding to the unique identification code according to the description document Doc _ B;
the data sharing platform A encrypts the verifiable statement VC _1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C _ VC _1 and sends the encrypted verifiable statement C _ VC _1 to a block chain account B of the data supplier B; the Data sharing platform A sends a ciphertext C _ Data _1 to the Data demander B;
the data consumer B sends the encrypted verifiable statement C _ VC _1 to the smart contract Smc1 to cause the smart contract Smc1 to decrypt the encrypted verifiable statement C _ VC _1 with the private key prikD of the asymmetric key pair to obtain the verifiable statement VC _ 1;
the intelligent contract Smc1 obtains a symmetric key k according to the identification code uuid _1 in the verifiable statement VC _1, and encrypts the symmetric key k by using a public key pubkB of the data demander B to obtain C _ k;
the intelligent contract Smc1 sends the C _ k to the blockchain account B of the Data demander B, and the Data demander B decrypts the symmetric key k by using the private key privb of the Data demander B, so as to decrypt the ciphertext C _ Data _1 obtained from the Data sharing platform a to obtain the final original Data _ 1.
Further, a distributed identity registration contract is deployed on the data transaction block chain, all participating agents can register unique distributed identities DID through the contract, the data sharing platform A, the data demander B and the data provider C respectively and correspondingly register distributed identities DID _ A, DID _ B and DID _ C, and respectively and correspondingly generate corresponding DID description documents Doc _ A, Doc _ B and Doc _ C.
Further, the information in the description document Doc _ a includes a blockchain account a bound with the distributed identity DID _ a and a blockchain account public key pubkA; the information in the description document Doc _ B comprises a block chain account B bound with a distributed identity DID _ B and a block chain account public key pubkB; the information in the description document Doc _ C includes a blockchain account C bound with the distributed identity DID _ C and a blockchain account public key pubkC.
Further, the data sharing platform a registers the issuer issuers on the blockchain for generating the verifiable statement VC _1 for the data demander B.
Further, the smart contract Smc1 is controlled by the private key prikD of the asymmetric key pair generated by the data provider C, the data provider C invokes the private key prikD to update the smart contract Smc1, and the smart contract Smc1 presets the private key prikD of the asymmetric key pair, the symmetric key k, the identification code uuid _1, and the prover issuer as parameters of a verification contract.
Further, the process of generating the verifiable assertion VC _1 includes:
analyzing a DID _ B account of a data demander B to obtain a description document Doc _ B and verifying the validity of the description document Doc _ B;
generating a declaration raw _ container according to the DID _ A of the data sharing platform A, the distributed identity DID _ B of the data demander B, the identification code uuid _1 and the information to be declared;
generating an attestation proof using a private key priva signature statement raw _ container of a data sharing platform a;
and generating a verifiable statement VC _1 according to the statement raw _ container and the proof.
Further, the above steps further include verifying the validity of the encrypted information of the verifiable declaration C _ VC _ 1.
Further, the process of verifying the validity of the encrypted verifiable assertion C _ VC _1 by the intelligent contract comprises the following steps:
decrypting the encrypted verifiable statement C _ VC _1 by using a private key prikD of the asymmetric key pair to obtain a verifiable statement VC _ 1;
resolving a certificate issuing party ISSuer DID in the VC to obtain Doc _ A;
verifying whether an issuer is a data sharing platform A or not, and if so, analyzing a holder DID _ B in raw _ container to obtain a Doc _ B;
and verifying whether the block chain account B of the data demander B sending the encryption statement to the intelligent contract is the block chain account B mentioned in the Doc _ B, and if so, verifying the signature VC _1 by using an asymmetric verification signature algorithm corresponding to the public key pubkA of the data sharing platform A.
In a second aspect, an embodiment of the present application provides a data hosting system based on a blockchain and a distributed identity, including a data sharing platform a, a data demander B, a data provider C, and a blockchain, where the data sharing platform a, the data demander B, the data provider C, and the blockchain interactively complete any one of the above data hosting methods based on a blockchain and a distributed identity, and the system includes:
deploying a distributed identity registration contract in a blockchain network;
the Data sharing platform A receives ciphertext C _ Data _1 generated by encrypting original Data Data _1 by a Data provider C through a symmetric key k, a unique identification code uuid _1 corresponding to the symmetric key k, a public key pubkD in an asymmetric key pair pubkD and a public key privkD generated by the Data provider C, and description document Text _1 information of Data;
the Data provider C creates and deploys an intelligent contract Smc1 on a block chain for sharing of the ciphertext C _ Data _ 1;
the data sharing platform A receives the data requirement corresponding to the description document Text _1 from the data demander B, analyzes the distributed identity DID _ B of the data demander B to obtain a description document Doc _ B, and generates a verifiable statement VC _1 corresponding to the unique identification code according to the description document Doc _ B;
the data sharing platform A encrypts the verifiable statement VC _1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C _ VC _1 and sends the encrypted verifiable statement C _ VC _1 to a block chain account B of the data supplier B; the Data sharing platform A sends a ciphertext C _ Data _1 to the Data demander B;
the data consumer B sends the encrypted verifiable statement C _ VC _1 to the smart contract Smc1 to cause the smart contract Smc1 to decrypt the encrypted verifiable statement C _ VC _1 with the private key prikD of the asymmetric key pair to obtain the verifiable statement VC _ 1;
the intelligent contract Smc1 obtains a symmetric key k according to the identification code uuid _1 in the verifiable statement VC _1, and encrypts the symmetric key k by using a public key pubkB of the data demander B to obtain C _ k;
the intelligent contract Smc1 sends the C _ k to the blockchain account B of the Data demander B, and the Data demander B decrypts the symmetric key k by using the private key privb of the Data demander B, so as to decrypt the ciphertext C _ Data _1 obtained from the Data sharing platform a to obtain the final original Data _ 1.
Compared with the prior art, the data escrow method and system based on the block chain and the distributed identity, provided by the invention, utilize the technologies of the verifiable statement VC, the block chain intelligent contract, the data sharing platform and the like to construct a trusted data encryption and sharing mode. Meanwhile, all sharing and authorization processes are recorded on the chain, so that the data provider can really and intuitively control the data sharing times.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flowchart of an embodiment of a data hosting method based on a blockchain and a distributed identity according to the present invention;
fig. 2 is a schematic structural diagram of a data hosting system based on a blockchain and a distributed identity according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Furthermore, the technical features designed in the different embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Example one
The invention provides a data hosting method based on a block chain and distributed identities, as shown in figure 1, the method comprises the following steps:
s100: deploying a distributed identity registration contract in a blockchain network;
in specific implementation, a distributed identity registration contract is deployed on a data transaction block chain, all participating agents can register unique distributed identities DID through the contract, a data sharing platform A, a data demander B and a data provider C respectively and correspondingly register distributed identities DID _ A, DID _ B and DID _ C, and respectively and correspondingly generate corresponding DID description documents Doc _ A, Doc _ B and Doc _ C.
Specifically, the information in the description document Doc _ a includes a blockchain account a and a blockchain account public key pubkA bound to the distributed identity DID _ a; the information in the description document Doc _ B comprises a block chain account B bound with a distributed identity DID _ B and a block chain account public key pubkB; the information in the description document Doc _ C includes a blockchain account C bound with the distributed identity DID _ C and a blockchain account public key pubkC.
S200: the Data sharing platform A receives ciphertext C _ Data _1 generated by encrypting original Data Data _1 by a Data provider C through a symmetric key k, a unique identification code uuid _1 corresponding to the symmetric key k, a public key pubkD in an asymmetric key pair pubkD and a public key privkD generated by the Data provider C, and description document Text _1 information of Data;
in specific implementation, the data sharing platform a registers the issuer issuers on the blockchain, and is used for generating the verifiable statement VC _1 for the data demander B.
S300: the Data provider C creates and deploys an intelligent contract Smc1 on a block chain for sharing of the ciphertext C _ Data _ 1;
in specific implementation, the smart contract Smc1 is controlled by the private key prikD of the asymmetric key pair generated by the data provider C, the data provider C invokes the private key prikD to update the smart contract Smc1, and the smart contract Smc1 presets the private key prikD of the asymmetric key pair, the symmetric key k, the identification code uuid _1, and the prover issuer as parameters of a verification contract.
S400: the data sharing platform A receives the data requirement corresponding to the description document Text _1 from the data demander B, analyzes the distributed identity DID _ B of the data demander B to obtain a description document Doc _ B, and generates a verifiable statement VC _1 corresponding to the unique identification code according to the description document Doc _ B;
in specific implementation, the process of generating the verifiable declaration VC _1 in S400 includes:
analyzing a DID _ B account of a data demander B to obtain a description document Doc _ B and verifying the validity of the description document Doc _ B;
generating a declaration raw _ container according to the DID _ A of the data sharing platform A, the distributed identity DID _ B of the data demander B, the identification code uuid _1 and the information to be declared;
generating an attestation proof using a private key priva signature statement raw _ container of a data sharing platform a;
and generating a verifiable statement VC _1 according to the statement raw _ container and the proof.
S500: the data sharing platform A encrypts the verifiable statement VC _1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C _ VC _1 and sends the encrypted verifiable statement C _ VC _1 to a block chain account B of the data supplier B; the Data sharing platform A sends a ciphertext C _ Data _1 to the Data demander B;
s600: the data consumer B sends the encrypted verifiable statement C _ VC _1 to the smart contract Smc1 to cause the smart contract Smc1 to decrypt the encrypted verifiable statement C _ VC _1 with the private key prikD of the asymmetric key pair to obtain the verifiable statement VC _ 1;
in specific implementation, after step S600 and before step S700, validity verification is further performed on the information of the encrypted verifiable declaration C _ VC _ 1.
Specifically, the process of verifying the validity of the encrypted verifiable assertion C _ VC _1 by the smart contract comprises:
decrypting the encrypted verifiable statement C _ VC _1 by using a private key prikD of the asymmetric key pair to obtain a verifiable statement VC _ 1;
resolving a certificate issuing party ISSuer DID in the VC to obtain Doc _ A;
verifying whether an issuer is a data sharing platform A or not, and if so, analyzing a holder DID _ B in raw _ container to obtain a Doc _ B;
and verifying whether the block chain account B of the data demander B sending the encryption statement to the intelligent contract is the block chain account B mentioned in the Doc _ B, and if so, verifying the signature VC _1 by using an asymmetric verification signature algorithm corresponding to the public key pubkA of the data sharing platform A.
S700: the intelligent contract Smc1 obtains a symmetric key k according to the identification code uuid _1 in the verifiable statement VC _1, and encrypts the symmetric key k by using a public key pubkB of the data demander B to obtain C _ k;
s800: the intelligent contract Smc1 sends the C _ k to the blockchain account B of the Data demander B, and the Data demander B decrypts the symmetric key k by using the private key privb of the Data demander B, so as to decrypt the ciphertext C _ Data _1 obtained from the Data sharing platform a to obtain the final original Data _ 1.
According to the data hosting method based on the block chain and the distributed identity, a trusted data encryption and sharing mode is established by utilizing technologies such as a verifiable statement VC, a block chain intelligent contract and a data sharing platform. Meanwhile, all sharing and authorization processes are recorded on the chain, so that the data provider can really and intuitively control the data sharing times.
Example two
The invention also provides a data hosting system based on a blockchain and a distributed identity, as shown in fig. 2, the data hosting system comprises a data sharing platform a, a data demander B, a data provider C and a blockchain, the data sharing platform a, the data demander B, the data provider C and the blockchain interactively complete the data hosting method based on the blockchain and the distributed identity as shown in fig. 1, and the system comprises:
deploying a distributed identity registration contract in a blockchain network;
the Data sharing platform A receives ciphertext C _ Data _1 generated by encrypting original Data Data _1 by a Data provider C through a symmetric key k, a unique identification code uuid _1 corresponding to the symmetric key k, a public key pubkD in an asymmetric key pair pubkD and a public key privkD generated by the Data provider C, and description document Text _1 information of Data;
the Data provider C creates and deploys an intelligent contract Smc1 on a block chain for sharing of the ciphertext C _ Data _ 1;
the data sharing platform A receives the data requirement corresponding to the description document Text _1 from the data demander B, analyzes the distributed identity DID _ B of the data demander B to obtain a description document Doc _ B, and generates a verifiable statement VC _1 corresponding to the unique identification code according to the description document Doc _ B;
the data sharing platform A encrypts the verifiable statement VC _1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C _ VC _1 and sends the encrypted verifiable statement C _ VC _1 to a block chain account B of the data supplier B; the Data sharing platform A sends a ciphertext C _ Data _1 to the Data demander B;
the data consumer B sends the encrypted verifiable statement C _ VC _1 to the smart contract Smc1 to cause the smart contract Smc1 to decrypt the encrypted verifiable statement C _ VC _1 with the private key prikD of the asymmetric key pair to obtain the verifiable statement VC _ 1;
the intelligent contract Smc1 obtains a symmetric key k according to the identification code uuid _1 in the verifiable statement VC _1, and encrypts the symmetric key k by using a public key pubkB of the data demander B to obtain C _ k;
the intelligent contract Smc1 sends the C _ k to the blockchain account B of the Data demander B, and the Data demander B decrypts the symmetric key k by using the private key privb of the Data demander B, so as to decrypt the ciphertext C _ Data _1 obtained from the Data sharing platform a to obtain the final original Data _ 1.
Compared with the prior art, the data escrow method and system based on the block chain and the distributed identity, provided by the invention, utilize the technologies of the verifiable statement VC, the block chain intelligent contract, the data sharing platform and the like to construct a trusted data encryption and sharing mode. Meanwhile, all sharing and authorization processes are recorded on the chain, so that the data provider can really and intuitively control the data sharing times.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (9)

1. A data hosting method based on a blockchain and a distributed identity is characterized by comprising the following steps:
s100: deploying a distributed identity registration contract in a blockchain network;
s200: the Data sharing platform A receives ciphertext C _ Data _1 generated by encrypting original Data Data _1 by a Data provider C through a symmetric key k, a unique identification code uuid _1 corresponding to the symmetric key k, a public key pubkD in an asymmetric key pair pubkD and a public key privkD generated by the Data provider C, and description document Text _1 information of Data;
s300: the Data provider C creates and deploys an intelligent contract Smc1 on a block chain for sharing of the ciphertext C _ Data _ 1;
s400: the data sharing platform A receives the data requirement corresponding to the description document Text _1 from the data demander B, analyzes the distributed identity DID _ B of the data demander B to obtain a description document Doc _ B, and generates a verifiable statement VC _1 corresponding to the unique identification code according to the description document Doc _ B;
s500: the data sharing platform A encrypts the verifiable statement VC _1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C _ VC _1 and sends the encrypted verifiable statement C _ VC _1 to a block chain account B of the data supplier B; the Data sharing platform A sends a ciphertext C _ Data _1 to the Data demander B;
s600: the data consumer B sends the encrypted verifiable statement C _ VC _1 to the smart contract Smc1 to cause the smart contract Smc1 to decrypt the encrypted verifiable statement C _ VC _1 with the private key prikD of the asymmetric key pair to obtain the verifiable statement VC _ 1;
s700: the intelligent contract Smc1 obtains a symmetric key k according to the identification code uuid _1 in the verifiable statement VC _1, and encrypts the symmetric key k by using a public key pubkB of the data demander B to obtain C _ k;
s800: the intelligent contract Smc1 sends the C _ k to the blockchain account B of the Data demander B, and the Data demander B decrypts the symmetric key k by using the private key privb of the Data demander B, so as to decrypt the ciphertext C _ Data _1 obtained from the Data sharing platform a to obtain the final original Data _ 1.
2. The blockchain and distributed identity based data hosting method according to claim 1, wherein: and deploying a distributed identity registration contract on the data transaction block chain, wherein all participating agents can register unique distributed identity DID through the contract, and the data sharing platform A, the data demander B and the data provider C respectively and correspondingly register distributed identities DID _ A, DID _ B and DID _ C and respectively and correspondingly generate corresponding DID description documents Doc _ A, Doc _ B and Doc _ C.
3. The blockchain and distributed identity based data hosting method according to claim 2, wherein the information in the description document Doc _ a includes a blockchain account a bound to a distributed identity DID _ a and a blockchain account public key pubkA; the information in the description document Doc _ B comprises a block chain account B bound with a distributed identity DID _ B and a block chain account public key pubkB; the information in the description document Doc _ C includes a blockchain account C bound with the distributed identity DID _ C and a blockchain account public key pubkC.
4. The blockchain and distributed identity based data hosting method according to claim 1, wherein: the data sharing platform A registers the issuer issuers on the blockchain for generating the verifiable statement VC _1 for the data demander B.
5. The blockchain and distributed identity based data hosting method according to claim 1, wherein: the smart contract Smc1 is controlled by the private key prikD of the asymmetric key pair generated by the data provider C, the data provider C updates the smart contract Smc1 by calling the private key prikD, and the smart contract Smc1 presets the private key prikD of the asymmetric key pair, the symmetric key k, the identification code uuid _1 and the prover issuer as parameters of the authentication contract.
6. The blockchain and distributed identity based data hosting method according to claim 1, wherein the process of generating the verifiable assertion VC _1 in S400 comprises:
analyzing a DID _ B account of a data demander B to obtain a description document Doc _ B and verifying the validity of the description document Doc _ B;
generating a declaration raw _ container according to the DID _ A of the data sharing platform A, the distributed identity DID _ B of the data demander B, the identification code uuid _1 and the information to be declared;
generating an attestation proof using a private key priva signature statement raw _ container of a data sharing platform a;
and generating a verifiable statement VC _1 according to the statement raw _ container and the proof.
7. The blockchain and distributed identity based data hosting method according to claim 1, wherein: after step S600 and before step S700, validity verification of the information of the encrypted verifiable assertion C _ VC _1 is further included.
8. The blockchain and distributed identity based data hosting method according to claim 7, wherein the smart contract verifying the validity process of the encrypted verifiable assertion C _ VC _1 comprises:
decrypting the encrypted verifiable statement C _ VC _1 by using a private key prikD of the asymmetric key pair to obtain a verifiable statement VC _ 1;
resolving a certificate issuing party ISSuer DID in the VC to obtain Doc _ A;
verifying whether an issuer is a data sharing platform A or not, and if so, analyzing a holder DID _ B in raw _ container to obtain a Doc _ B;
and verifying whether the block chain account B of the data demander B sending the encryption statement to the intelligent contract is the block chain account B mentioned in the Doc _ B, and if so, verifying the signature VC _1 by using an asymmetric verification signature algorithm corresponding to the public key pubkA of the data sharing platform A.
9. A data hosting system based on a blockchain and a distributed identity comprises a data sharing platform A, a data demander B, a data provider C and a blockchain, and is characterized in that the data sharing platform A, the data demander B, the data provider C and the blockchain interactively complete the data hosting method based on the blockchain and the distributed identity, which is disclosed by any one of claims 1 to 8.
CN202010590921.3A 2020-06-24 2020-06-24 Data hosting method and system based on blockchain and distributed identity Active CN111884805B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010590921.3A CN111884805B (en) 2020-06-24 2020-06-24 Data hosting method and system based on blockchain and distributed identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010590921.3A CN111884805B (en) 2020-06-24 2020-06-24 Data hosting method and system based on blockchain and distributed identity

Publications (2)

Publication Number Publication Date
CN111884805A true CN111884805A (en) 2020-11-03
CN111884805B CN111884805B (en) 2023-08-01

Family

ID=73158037

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010590921.3A Active CN111884805B (en) 2020-06-24 2020-06-24 Data hosting method and system based on blockchain and distributed identity

Country Status (1)

Country Link
CN (1) CN111884805B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112765671A (en) * 2021-02-08 2021-05-07 上海万向区块链股份公司 Localized data privacy encryption method and system
CN112866360A (en) * 2021-01-06 2021-05-28 上海泰砥科技有限公司 Block chain and distributed digital identity DID-based shared parking method and system
CN113114728A (en) * 2021-03-22 2021-07-13 南京航空航天大学 Body area network identity authentication method and system based on editable block chain
CN113378240A (en) * 2021-06-23 2021-09-10 浪潮云信息技术股份公司 Synchronous calling user identity authentication method based on block chain
CN113395281A (en) * 2021-06-11 2021-09-14 网易(杭州)网络有限公司 Verification method and device capable of verifying statement and electronic equipment
CN113609225A (en) * 2021-08-09 2021-11-05 北京神州数码方圆科技有限公司 DID-based block chain data exchange method and system
CN113626523A (en) * 2021-08-09 2021-11-09 北京神州数码方圆科技有限公司 DID-based block chain data exchange method and system
CN113691373A (en) * 2021-08-20 2021-11-23 华中农业大学 Anti-quantum key escrow system and method based on alliance block chain
CN113761597A (en) * 2021-09-17 2021-12-07 安徽高山科技有限公司 Contract signing method based on verifiable certificate VC and block chain signature
TWI773025B (en) * 2020-12-16 2022-08-01 智弘軟體科技股份有限公司 Processes and method for safe of use, monitoring and management of device accounts in terminal manner
CN114944937A (en) * 2022-04-19 2022-08-26 网易(杭州)网络有限公司 Distributed digital identity verification method, system, electronic device and storage medium
CN115239441A (en) * 2022-09-21 2022-10-25 航天宏图信息技术股份有限公司 Data resource transaction method and system based on alliance chain bidding
CN117527445A (en) * 2024-01-02 2024-02-06 江苏荣泽信息科技股份有限公司 Data sharing system based on re-encryption and distributed digital identity

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Electronic medical record storage and shared model and method based on block chain
CN109471844A (en) * 2018-10-10 2019-03-15 深圳市达仁基因科技有限公司 File sharing method, device, computer equipment and storage medium
CN109951295A (en) * 2019-02-27 2019-06-28 百度在线网络技术(北京)有限公司 Key handling and application method, device, equipment and medium
CN110311787A (en) * 2019-06-21 2019-10-08 深圳壹账通智能科技有限公司 Authorization management method, system, equipment and computer readable storage medium
WO2020101325A1 (en) * 2018-11-13 2020-05-22 (주)블루팝콘 Encryption system and method employing permutation group-based encryption technology

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Electronic medical record storage and shared model and method based on block chain
CN109471844A (en) * 2018-10-10 2019-03-15 深圳市达仁基因科技有限公司 File sharing method, device, computer equipment and storage medium
WO2020101325A1 (en) * 2018-11-13 2020-05-22 (주)블루팝콘 Encryption system and method employing permutation group-based encryption technology
CN109951295A (en) * 2019-02-27 2019-06-28 百度在线网络技术(北京)有限公司 Key handling and application method, device, equipment and medium
CN110311787A (en) * 2019-06-21 2019-10-08 深圳壹账通智能科技有限公司 Authorization management method, system, equipment and computer readable storage medium

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI773025B (en) * 2020-12-16 2022-08-01 智弘軟體科技股份有限公司 Processes and method for safe of use, monitoring and management of device accounts in terminal manner
CN112866360A (en) * 2021-01-06 2021-05-28 上海泰砥科技有限公司 Block chain and distributed digital identity DID-based shared parking method and system
CN112866360B (en) * 2021-01-06 2022-09-30 上海泰砥科技有限公司 Block chain and distributed digital identity DID-based shared parking method and system
CN112765671B (en) * 2021-02-08 2021-09-21 上海万向区块链股份公司 Localized data privacy encryption method and system
CN112765671A (en) * 2021-02-08 2021-05-07 上海万向区块链股份公司 Localized data privacy encryption method and system
CN113114728A (en) * 2021-03-22 2021-07-13 南京航空航天大学 Body area network identity authentication method and system based on editable block chain
CN113395281A (en) * 2021-06-11 2021-09-14 网易(杭州)网络有限公司 Verification method and device capable of verifying statement and electronic equipment
CN113395281B (en) * 2021-06-11 2022-11-01 网易(杭州)网络有限公司 Verification method and device capable of verifying statement and electronic equipment
CN113378240A (en) * 2021-06-23 2021-09-10 浪潮云信息技术股份公司 Synchronous calling user identity authentication method based on block chain
CN113378240B (en) * 2021-06-23 2023-03-28 浪潮云信息技术股份公司 Synchronous calling user identity authentication method based on block chain
CN113609225B (en) * 2021-08-09 2023-06-02 北京神州数码方圆科技有限公司 DID-based blockchain data exchange method and system
CN113626523A (en) * 2021-08-09 2021-11-09 北京神州数码方圆科技有限公司 DID-based block chain data exchange method and system
CN113609225A (en) * 2021-08-09 2021-11-05 北京神州数码方圆科技有限公司 DID-based block chain data exchange method and system
CN113626523B (en) * 2021-08-09 2024-01-30 北京神州数码方圆科技有限公司 DID-based blockchain data exchange method and system
CN113691373A (en) * 2021-08-20 2021-11-23 华中农业大学 Anti-quantum key escrow system and method based on alliance block chain
CN113761597A (en) * 2021-09-17 2021-12-07 安徽高山科技有限公司 Contract signing method based on verifiable certificate VC and block chain signature
CN113761597B (en) * 2021-09-17 2024-01-19 安徽高山科技有限公司 Contract signing method based on verifiable certificate VC and blockchain signature
CN114944937A (en) * 2022-04-19 2022-08-26 网易(杭州)网络有限公司 Distributed digital identity verification method, system, electronic device and storage medium
CN114944937B (en) * 2022-04-19 2024-04-09 网易(杭州)网络有限公司 Distributed digital identity verification method, system, electronic equipment and storage medium
CN115239441A (en) * 2022-09-21 2022-10-25 航天宏图信息技术股份有限公司 Data resource transaction method and system based on alliance chain bidding
CN117527445A (en) * 2024-01-02 2024-02-06 江苏荣泽信息科技股份有限公司 Data sharing system based on re-encryption and distributed digital identity
CN117527445B (en) * 2024-01-02 2024-03-12 江苏荣泽信息科技股份有限公司 Data sharing system based on re-encryption and distributed digital identity

Also Published As

Publication number Publication date
CN111884805B (en) 2023-08-01

Similar Documents

Publication Publication Date Title
CN111884805B (en) Data hosting method and system based on blockchain and distributed identity
CN110933108B (en) Data processing method and device based on block chain network, electronic equipment and storage medium
CN112003889B (en) Distributed cross-link system and cross-link information interaction and system access control method
US11283626B2 (en) Apparatus and methods for distributed certificate enrollment
CN114615095A (en) Block chain cross-chain data processing method, relay chain, application chain and cross-chain network
CN109450843B (en) SSL certificate management method and system based on block chain
US20030163700A1 (en) Method and system for user generated keys and certificates
CN1980121B (en) Electronic signing mobile terminal, system and method
JP2004180280A (en) Method and system for adaptive authorization
US7266705B2 (en) Secure transmission of data within a distributed computer system
US20080148062A1 (en) Method for the secure storing of program state data in an electronic device
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
CN104683107B (en) Digital certificate keeping method and device, digital signature method and device
JP5992535B2 (en) Apparatus and method for performing wireless ID provisioning
CN112766962A (en) Method for receiving and sending certificate, transaction system, storage medium and electronic device
CN102055766A (en) Webservice service management method and system
KR100848966B1 (en) Method for authenticating and decrypting of short message based on public key
KR100984275B1 (en) Method for generating secure key using certificateless public key in insecure communication channel
Arnedo-Moreno et al. Secure communication setup for a P2P-based JXTA-overlay platform
Ok et al. SIMSec: A key exchange protocol between SIM card and service provider
US9722800B2 (en) Method for creating a derived entity of an original data carrier
KR100970552B1 (en) Method for generating secure key using certificateless public key
CN113329003B (en) Access control method, user equipment and system for Internet of things
KR100349888B1 (en) PKI system for and method of using micro explorer on mobile terminals
US9281947B2 (en) Security mechanism within a local area network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant