CN111884805B - Data hosting method and system based on blockchain and distributed identity - Google Patents

Data hosting method and system based on blockchain and distributed identity Download PDF

Info

Publication number
CN111884805B
CN111884805B CN202010590921.3A CN202010590921A CN111884805B CN 111884805 B CN111884805 B CN 111884805B CN 202010590921 A CN202010590921 A CN 202010590921A CN 111884805 B CN111884805 B CN 111884805B
Authority
CN
China
Prior art keywords
data
blockchain
sharing platform
distributed identity
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010590921.3A
Other languages
Chinese (zh)
Other versions
CN111884805A (en
Inventor
游海涛
傅福斌
林凯
王琳
陈秀琴
杨丰佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Wanshi Shunyi Technology Co ltd
Ylz Information Technology Co ltd
Original Assignee
Xiamen Wanshi Shunyi Technology Co ltd
Ylz Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Wanshi Shunyi Technology Co ltd, Ylz Information Technology Co ltd filed Critical Xiamen Wanshi Shunyi Technology Co ltd
Priority to CN202010590921.3A priority Critical patent/CN111884805B/en
Publication of CN111884805A publication Critical patent/CN111884805A/en
Application granted granted Critical
Publication of CN111884805B publication Critical patent/CN111884805B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data hosting method and a system based on blockchain and distributed identity, solves the problem of heavy encryption and decryption work of proxy re-encryption, and provides a trusted data encryption and sharing mode based on blockchain intelligent contracts and verifiable statement VC. The method comprises the following steps: the data provider C sends ciphertext, an identification code, a public key of an asymmetric key and a data description document to the data sharing platform A, and deploys an intelligent contract on a blockchain, and takes a private key, a symmetric key, an identification code and a certification party of the asymmetric key as preset; the data demand party B sends data demand to the data sharing platform A, and the data sharing platform A returns ciphertext and encrypted verifiable statement; the data demand side B sends an encrypted verifiable statement to the intelligent contract, and the intelligent contract returns an encrypted symmetric key after verification; and the data demand party B decrypts to obtain a symmetric key, and then uses the ciphertext to obtain the original data.

Description

Data hosting method and system based on blockchain and distributed identity
Technical Field
The invention relates to the field of blockchains, in particular to a data hosting method and system based on blockchains and distributed identities.
Background
The W3C organization defines a set of globally unique, universal, standardized, machine-readable DID distributed digital identity identifiers, while the Verifiable Credentials standard standardizes the data formats and interactions that can verify digital identity credentials, providing conditions for future digital identity interworking. The DID Auth standard proposed by the DIF organization starts a method for solving authentication of DID control rights among different service parties. Whereas DKMS is directed to constructing a trusted point-to-point secure communication link through the design of distributed key lifecycle management.
Proxy re-encryption is a technology that has been widely used in the field of cloud services in recent years. The cloud computing service provider is taken as an agent, and the user A cannot completely trust the cloud computing service provider, so that data which is required to be stored by the user A can be locally encrypted by the user A's own public key Pa and then transmitted to the cloud for storage, and thus the cloud computing service provider cannot obtain clear text information of the data, and the data can be decrypted only by the user A's own private key Sa. When the user A needs to share the data with the user B, the user A can calculate a conversion key Rk according to the private key of the user A and the public key Pb of the user B, and the cloud computing service provider uses the conversion key Rk to re-encrypt the ciphertext aiming at the user A to obtain the ciphertext aiming at the user B, so that the user B can easily download the ciphertext data from the cloud and can decrypt the ciphertext by using the private key Sb of the user B.
Although the whole process ensures that the cloud service platform cannot take the original data and ensures the security of the data, in the process, the encryption and decryption mode at the user side is inconvenient for data sharing, and the provider needs to generate a conversion key for each requiring party so that the user can increase heavy decryption work.
Disclosure of Invention
In order to solve the problem of heavy encryption and decryption work of the proxy in the prior art, the data hosting method and system based on the blockchain and the distributed identity can solve the problem of heavy encryption and decryption work of the proxy, and provide a security scheme for sharing the data hosting.
In a first aspect, an embodiment of the present application provides a blockchain and distributed identity-based data hosting method, the method including:
deploying a distributed identity registration contract in the blockchain network;
the Data sharing platform A receives ciphertext C_Data_1 generated by encrypting original Data Data_1 by a Data provider C through a symmetric key k, a unique identification code uuid_1 corresponding to the symmetric key k, public keys pubkD in an asymmetric key pair pubkD and a public kD generated by the Data provider C, and description document text_1 information of the Data;
the Data provider C creates and deploys an intelligent contract Smc1 on the blockchain for the sharing of the ciphertext c_data_1;
the data sharing platform A receives the data requirement of the data requirement party B according to the data corresponding to the description document text_1, analyzes the distributed identity DID_B of the data requirement party B to obtain the description document doc_B, and generates a verifiable statement VC_1 corresponding to a unique identification code according to the description document doc_B;
the data sharing platform A encrypts the verifiable statement VC_1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C_VC_1 and sends the encrypted verifiable statement C_VC_1 to a blockchain account B of the data requester B; the Data sharing platform A sends ciphertext C_Data_1 to the Data requiring party B;
the data demand direction B sends the encrypted verifiable claim c_vc_1 to the smart contract Smc1, such that the smart contract Smc1 decrypts the encrypted verifiable claim c_vc_1 with the private key prikD of the asymmetric key pair to obtain the verifiable claim vc_1;
the intelligent contract Smc1 obtains a symmetric key k according to an identification code uuid_1 in the verifiable statement VC_1, and encrypts the symmetric key k by using a public key pubkB of a data requiring party B to obtain C_k;
the smart contract Smc1 sends the c_k to the blockchain account B of the Data consumer B, which decrypts the symmetric key k using its private key prikB, for decrypting the ciphertext c_data_1 obtained from the Data sharing platform a to obtain the final original Data data_1.
Further, on the data transaction blockchain, a distributed identity registration contract is deployed, all participating principals can register unique distributed identities DID through the contract, and the data sharing platform a, the data demander B and the data provider C respectively register the distributed identities did_ A, DID _b and did_c and respectively generate corresponding DID description documents doc_ A, doc _b and doc_c.
Further, the information in the description document doc_a comprises a blockchain account a and a blockchain account public key pubkA which are bound with the distributed identity did_a; the information in the description document doc_b comprises a blockchain account B and a blockchain account public key pubkB which are bound with the distributed identity did_b; the information in the description document doc_c includes a blockchain account C and a blockchain account public key pubkC bound to the distributed identity did_c.
Further, data sharing platform a registers a prover issuer on the blockchain for generating a verifiable statement vc_1 for data requestor B.
Further, the smart contract Smc1 is controlled by a private key prikD of the asymmetric key pair generated by the data provider C, the data provider C calls the private key prikD to update the smart contract Smc1, and the smart contract Smc1 presets the private key prikD of the asymmetric key pair, the symmetric key k, the identification code uuid_1 and the issuer isuer as parameters of a verification contract.
Further, the process of generating verifiable claim vc_1 includes:
resolving the DID_B account of the data requiring party B to acquire the description document doc_B and verifying the validity of the description document doc_B;
generating a declaration raw_clip according to the DID_A of the data sharing platform A, the distributed identity DID_B of the data requiring party B, the identification code uuid_1 and the information to be declared;
generating a proof by using a private key prikA signature declaration raw_claim of the data sharing platform a;
generating a verifiable statement VC_1 according to the statement raw_claim and the proof.
Further, in the above steps, validity verification is further performed on the encrypted verifiable statement c_vc_1 information.
Further, the smart contract verification encryption verifiable claim c_vc_1 validity process includes:
decrypting the encrypted verifiable statement c_vc_1 using the private key prikD of the asymmetric key pair to obtain a verifiable statement vc_1;
analyzing an issuer DID in the VC to obtain doc_A;
verifying whether an issuer is a data sharing platform A, if so, analyzing a holder DID_B in a raw_clamp to obtain doc_B;
and verifying whether the blockchain account B of the data consumer B sending the encryption statement to the intelligent contract is the blockchain account B mentioned in doc_B, if so, verifying the signature VC_1 by using an asymmetric verification signature algorithm corresponding to the public key pubkA of the data sharing platform A.
In a second aspect, an embodiment of the present application provides a data hosting system based on a blockchain and a distributed identity, including a data sharing platform a, a data demander B, a data provider C, and a blockchain, where the data sharing platform a, the data demander B, the data provider C, and the blockchain interactively complete any one of the foregoing blockchain and the distributed identity based data hosting method, the system includes:
deploying a distributed identity registration contract in the blockchain network;
the Data sharing platform A receives ciphertext C_Data_1 generated by encrypting original Data Data_1 by a Data provider C through a symmetric key k, a unique identification code uuid_1 corresponding to the symmetric key k, public keys pubkD in an asymmetric key pair pubkD and a public kD generated by the Data provider C, and description document text_1 information of the Data;
the Data provider C creates and deploys an intelligent contract Smc1 on the blockchain for the sharing of the ciphertext c_data_1;
the data sharing platform A receives the data requirement of the data requirement party B according to the data corresponding to the description document text_1, analyzes the distributed identity DID_B of the data requirement party B to obtain the description document doc_B, and generates a verifiable statement VC_1 corresponding to a unique identification code according to the description document doc_B;
the data sharing platform A encrypts the verifiable statement VC_1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C_VC_1 and sends the encrypted verifiable statement C_VC_1 to a blockchain account B of the data requester B; the Data sharing platform A sends ciphertext C_Data_1 to the Data requiring party B;
the data demand direction B sends the encrypted verifiable claim c_vc_1 to the smart contract Smc1, such that the smart contract Smc1 decrypts the encrypted verifiable claim c_vc_1 with the private key prikD of the asymmetric key pair to obtain the verifiable claim vc_1;
the intelligent contract Smc1 obtains a symmetric key k according to an identification code uuid_1 in the verifiable statement VC_1, and encrypts the symmetric key k by using a public key pubkB of a data requiring party B to obtain C_k;
the smart contract Smc1 sends the c_k to the blockchain account B of the Data consumer B, which decrypts the symmetric key k using its private key prikB, for decrypting the ciphertext c_data_1 obtained from the Data sharing platform a to obtain the final original Data data_1.
Compared with the prior art, the data hosting method and system based on the blockchain and the distributed identity provided by the invention construct a trusted data encryption and sharing mode by utilizing the technologies of the verifiable statement VC, the blockchain intelligent contract, the data sharing platform and the like, in the process, a data provider does not need to be online in real time and gets rid of heavy work of encryption and decryption for multiple times, so that the data can be safely shared, and the platform only provides functions such as encryption and storage in the whole process, and the original data cannot be obtained. Meanwhile, all sharing and authorizing processes are recorded on a chain, so that a data provider can truly and intuitively control the times of data sharing.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it will be obvious that the drawings in the following description are some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flow chart of an embodiment of a blockchain and distributed identity based data hosting method provided by the present invention;
fig. 2 is a schematic architecture diagram of an embodiment of a blockchain and distributed identity based data hosting system according to the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In addition, the technical features which are designed in the different embodiments of the invention described below can be combined with one another as long as they do not conflict with one another.
Example 1
The invention provides a data hosting method based on blockchain and distributed identity, as shown in fig. 1, the method comprises the following steps:
s100: deploying a distributed identity registration contract in the blockchain network;
in specific implementation, a distributed identity registration contract is deployed on a data transaction blockchain, and all participating principals can register unique distributed identities DID through the contract, and a data sharing platform A, a data demander B and a data provider C respectively register the distributed identities DID_ A, DID _B and DID_C correspondingly and generate corresponding DID description documents doc_ A, doc _B and doc_C correspondingly.
Specifically, the information in the description document doc_a includes a blockchain account a and a blockchain account public key pubkA bound with the distributed identity did_a; the information in the description document doc_b comprises a blockchain account B and a blockchain account public key pubkB which are bound with the distributed identity did_b; the information in the description document doc_c includes a blockchain account C and a blockchain account public key pubkC bound to the distributed identity did_c.
S200: the Data sharing platform A receives ciphertext C_Data_1 generated by encrypting original Data Data_1 by a Data provider C through a symmetric key k, a unique identification code uuid_1 corresponding to the symmetric key k, public keys pubkD in an asymmetric key pair pubkD and a public kD generated by the Data provider C, and description document text_1 information of the Data;
in particular implementations, data sharing platform A registers a prover issuer on the blockchain for generating a verifiable statement VC_1 for data requestor B.
S300: the Data provider C creates and deploys an intelligent contract Smc1 on the blockchain for the sharing of the ciphertext c_data_1;
in specific implementation, the smart contract Smc1 is controlled by the private key prikD of the asymmetric key pair generated by the data provider C, the data provider C calls the private key prikD to update the smart contract Smc1, and the smart contract Smc1 presets the private key prikD of the asymmetric key pair, the symmetric key k, the identification code uuid_1 and the issuer as parameters of the verification contract.
S400: the data sharing platform A receives the data requirement of the data requirement party B according to the data corresponding to the description document text_1, analyzes the distributed identity DID_B of the data requirement party B to obtain the description document doc_B, and generates a verifiable statement VC_1 corresponding to a unique identification code according to the description document doc_B;
in particular implementation, the process of generating verifiable claim vc_1 in S400 includes:
resolving the DID_B account of the data requiring party B to acquire the description document doc_B and verifying the validity of the description document doc_B;
generating a declaration raw_clip according to the DID_A of the data sharing platform A, the distributed identity DID_B of the data requiring party B, the identification code uuid_1 and the information to be declared;
generating a proof by using a private key prikA signature declaration raw_claim of the data sharing platform a;
generating a verifiable statement VC_1 according to the statement raw_claim and the proof.
S500: the data sharing platform A encrypts the verifiable statement VC_1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C_VC_1 and sends the encrypted verifiable statement C_VC_1 to a blockchain account B of the data requester B; the Data sharing platform A sends ciphertext C_Data_1 to the Data requiring party B;
s600: the data demand direction B sends the encrypted verifiable claim c_vc_1 to the smart contract Smc1, such that the smart contract Smc1 decrypts the encrypted verifiable claim c_vc_1 with the private key prikD of the asymmetric key pair to obtain the verifiable claim vc_1;
in particular, after step S600, before step S700, validity verification is further included on the encrypted verifiable statement c_vc_1 information.
Specifically, the smart contract verifies the validity of the encrypted verifiable statement C_VC_1 by:
decrypting the encrypted verifiable statement c_vc_1 using the private key prikD of the asymmetric key pair to obtain a verifiable statement vc_1;
analyzing an issuer DID in the VC to obtain doc_A;
verifying whether an issuer is a data sharing platform A, if so, analyzing a holder DID_B in a raw_clamp to obtain doc_B;
and verifying whether the blockchain account B of the data consumer B sending the encryption statement to the intelligent contract is the blockchain account B mentioned in doc_B, if so, verifying the signature VC_1 by using an asymmetric verification signature algorithm corresponding to the public key pubkA of the data sharing platform A.
S700: the intelligent contract Smc1 obtains a symmetric key k according to an identification code uuid_1 in the verifiable statement VC_1, and encrypts the symmetric key k by using a public key pubkB of a data requiring party B to obtain C_k;
s800: the smart contract Smc1 sends the c_k to the blockchain account B of the Data consumer B, which decrypts the symmetric key k using its private key prikB, for decrypting the ciphertext c_data_1 obtained from the Data sharing platform a to obtain the final original Data data_1.
The data hosting method based on the blockchain and the distributed identity provided by the embodiment of the invention constructs a trusted data encryption and sharing mode by utilizing the technologies of the verifiable statement VC, the blockchain intelligent contract, the data sharing platform and the like, and in the process, a data provider does not need to be online in real time and gets rid of heavy work of encryption and decryption for multiple times, so that the data can be safely shared, and the platform only provides functions of encryption, storage and the like in the whole process, and cannot obtain the original data. Meanwhile, all sharing and authorizing processes are recorded on a chain, so that a data provider can truly and intuitively control the times of data sharing.
Example two
The invention also provides a data hosting system based on the blockchain and the distributed identity, as shown in fig. 2, which comprises a data sharing platform A, a data demand side B, a data provider side C and a blockchain, wherein the data sharing platform A, the data demand side B, the data provider side C and the blockchain are interacted to complete the data hosting method based on the blockchain and the distributed identity as shown in fig. 1, and the system comprises the following steps:
deploying a distributed identity registration contract in the blockchain network;
the Data sharing platform A receives ciphertext C_Data_1 generated by encrypting original Data Data_1 by a Data provider C through a symmetric key k, a unique identification code uuid_1 corresponding to the symmetric key k, public keys pubkD in an asymmetric key pair pubkD and a public kD generated by the Data provider C, and description document text_1 information of the Data;
the Data provider C creates and deploys an intelligent contract Smc1 on the blockchain for the sharing of the ciphertext c_data_1;
the data sharing platform A receives the data requirement of the data requirement party B according to the data corresponding to the description document text_1, analyzes the distributed identity DID_B of the data requirement party B to obtain the description document doc_B, and generates a verifiable statement VC_1 corresponding to a unique identification code according to the description document doc_B;
the data sharing platform A encrypts the verifiable statement VC_1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C_VC_1 and sends the encrypted verifiable statement C_VC_1 to a blockchain account B of the data requester B; the Data sharing platform A sends ciphertext C_Data_1 to the Data requiring party B;
the data demand direction B sends the encrypted verifiable claim c_vc_1 to the smart contract Smc1, such that the smart contract Smc1 decrypts the encrypted verifiable claim c_vc_1 with the private key prikD of the asymmetric key pair to obtain the verifiable claim vc_1;
the intelligent contract Smc1 obtains a symmetric key k according to an identification code uuid_1 in the verifiable statement VC_1, and encrypts the symmetric key k by using a public key pubkB of a data requiring party B to obtain C_k;
the smart contract Smc1 sends the c_k to the blockchain account B of the Data consumer B, which decrypts the symmetric key k using its private key prikB, for decrypting the ciphertext c_data_1 obtained from the Data sharing platform a to obtain the final original Data data_1.
Compared with the prior art, the data hosting method and system based on the blockchain and the distributed identity provided by the invention construct a trusted data encryption and sharing mode by utilizing the technologies of the verifiable statement VC, the blockchain intelligent contract, the data sharing platform and the like, in the process, a data provider does not need to be online in real time and gets rid of heavy work of encryption and decryption for multiple times, so that the data can be safely shared, and the platform only provides functions such as encryption and storage in the whole process, and the original data cannot be obtained. Meanwhile, all sharing and authorizing processes are recorded on a chain, so that a data provider can truly and intuitively control the times of data sharing.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.

Claims (7)

1. A blockchain and distributed identity based data hosting method, the method comprising:
s100: deploying a distributed identity registration contract in the blockchain network;
s200: the Data sharing platform A receives ciphertext C_Data_1 generated by encrypting original Data Data_1 by a Data provider C through a symmetric key k, a unique identification code uuid_1 corresponding to the symmetric key k, public keys pubkD in an asymmetric key pair pubkD and a public kD generated by the Data provider C, and description document text_1 information of the Data;
s300: the Data provider creates and deploys an intelligent contract Smc1 on a blockchain for sharing the ciphertext C_Data_1;
s400: the data sharing platform A receives the data requirement of the data requirement party B according to the data corresponding to the description document text_1, analyzes the distributed identity DID_B of the data requirement party B to obtain the description document doc_B, and generates a verifiable statement VC_1 corresponding to a unique identification code according to the description document doc_B;
wherein the process of generating a verifiable declaration vc_1 in S400 includes:
resolving the distributed identity DID_B account of the data requiring party B to acquire the description document doc_B and verifying the validity of the description document doc_B;
generating a statement raw_clip according to the distributed identity DID_A of the data sharing platform A, the distributed identity DID_B of the data requiring party B, the identification code uuid_1 and the information to be stated;
generating a proof by using a private key prikA signature declaration raw_claim of the data sharing platform a;
generating a verifiable statement VC_1 according to the statement raw_claim and the proof;
s500: the data sharing platform A encrypts the verifiable statement VC_1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C_VC_1 and sends the encrypted verifiable statement C_VC_1 to a blockchain account B of the data requester B; the Data sharing platform A sends ciphertext C_Data_1 to the Data requiring party B;
s600: the data demand direction B sends the encrypted verifiable claim c_vc_1 to the smart contract Smc1, such that the smart contract Smc1 decrypts the encrypted verifiable claim c_vc_1 with the private key prikD of the asymmetric key pair to obtain the verifiable claim vc_1;
the intelligent contract Smc1 is controlled by a private key prikD of an asymmetric key pair generated by the data provider C, the data provider C calls the private key prikD to update the intelligent contract Smc1, and the intelligent contract Smc1 presets the private key prikD of the asymmetric key pair, the symmetric key k, the identification code uuid_1 and the issuer as parameters of a verification contract;
s700: the intelligent contract Smc1 obtains a symmetric key k according to an identification code uuid_1 in the verifiable statement VC_1, and encrypts the symmetric key k by using a public key pubkB of a data requiring party B to obtain C_k;
s800: the smart contract Smc1 sends the c_k to the blockchain account B of the Data consumer B, which decrypts the symmetric key k using its private key prikB, for decrypting the ciphertext c_data_1 obtained from the Data sharing platform a to obtain the final original Data data_1.
2. The blockchain and distributed identity based data hosting method of claim 1, wherein the step of: on the data transaction blockchain, a distributed identity registration contract is deployed, all participating principals can register unique distributed identities DID through the contract, and a data sharing platform A, a data demander B and a data provider C respectively register the distributed identities DID_ A, DID _B and DID_C correspondingly and generate corresponding DID description documents doc_ A, doc _B and doc_C correspondingly.
3. The blockchain and distributed identity-based data hosting method of claim 2, wherein the information in the description document doc_a includes a blockchain account a and a blockchain account public key pubkA bound to the distributed identity did_a; the information in the description document doc_b comprises a blockchain account B and a blockchain account public key pubkB which are bound with the distributed identity did_b; the information in the description document doc_c includes a blockchain account C and a blockchain account public key pubkC bound to the distributed identity did_c.
4. The blockchain and distributed identity based data hosting method of claim 1, wherein the step of: the data sharing platform a registers a prover issuer on the blockchain for generating a verifiable statement vc_1 for the data requestor B.
5. The blockchain and distributed identity based data hosting method of claim 1, wherein the step of: after step S600, before step S700, validity verification is further included on the encrypted verifiable statement c_vc_1 information.
6. The blockchain and distributed identity based data hosting method of claim 5, wherein the smart contract verification of the validity process of the encrypted verifiable claim c_vc_1 comprises:
decrypting the encrypted verifiable statement c_vc_1 using the private key prikD of the asymmetric key pair to obtain a verifiable statement vc_1;
analyzing an issuer DID in the VC to obtain doc_A;
verifying whether an issuer is a data sharing platform A, if so, analyzing and declaring a holder distributed identity DID_B in a raw_clamp to obtain a description document doc_B;
verifying whether the blockchain account B of the data consumer B sending the encrypted claim to the intelligent contract is the blockchain account B mentioned in the description document doc_b, if so, verifying the signature vc_1 using an asymmetric verification signature algorithm corresponding to the public key pubkA of the data sharing platform a.
7. A blockchain and distributed identity-based data hosting system comprising a data sharing platform a, a data demander B, a data provider C and a blockchain, wherein the data sharing platform a, the data demander B, the data provider C and the blockchain interact to complete the blockchain and distributed identity-based data hosting method as set forth in any one of claims 1 to 6.
CN202010590921.3A 2020-06-24 2020-06-24 Data hosting method and system based on blockchain and distributed identity Active CN111884805B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010590921.3A CN111884805B (en) 2020-06-24 2020-06-24 Data hosting method and system based on blockchain and distributed identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010590921.3A CN111884805B (en) 2020-06-24 2020-06-24 Data hosting method and system based on blockchain and distributed identity

Publications (2)

Publication Number Publication Date
CN111884805A CN111884805A (en) 2020-11-03
CN111884805B true CN111884805B (en) 2023-08-01

Family

ID=73158037

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010590921.3A Active CN111884805B (en) 2020-06-24 2020-06-24 Data hosting method and system based on blockchain and distributed identity

Country Status (1)

Country Link
CN (1) CN111884805B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI773025B (en) * 2020-12-16 2022-08-01 智弘軟體科技股份有限公司 Processes and method for safe of use, monitoring and management of device accounts in terminal manner
CN112866360B (en) * 2021-01-06 2022-09-30 上海泰砥科技有限公司 Block chain and distributed digital identity DID-based shared parking method and system
CN112765671B (en) * 2021-02-08 2021-09-21 上海万向区块链股份公司 Localized data privacy encryption method and system
CN113114728B (en) * 2021-03-22 2022-04-01 南京航空航天大学 Body area network identity authentication method and system based on editable block chain
CN113395281B (en) * 2021-06-11 2022-11-01 网易(杭州)网络有限公司 Verification method and device capable of verifying statement and electronic equipment
CN113378240B (en) * 2021-06-23 2023-03-28 浪潮云信息技术股份公司 Synchronous calling user identity authentication method based on block chain
CN113626523B (en) * 2021-08-09 2024-01-30 北京神州数码方圆科技有限公司 DID-based blockchain data exchange method and system
CN113609225B (en) * 2021-08-09 2023-06-02 北京神州数码方圆科技有限公司 DID-based blockchain data exchange method and system
CN113691373B (en) * 2021-08-20 2022-06-10 华中农业大学 Anti-quantum key escrow system and method based on alliance block chain
CN113761597B (en) * 2021-09-17 2024-01-19 安徽高山科技有限公司 Contract signing method based on verifiable certificate VC and blockchain signature
CN114944937B (en) * 2022-04-19 2024-04-09 网易(杭州)网络有限公司 Distributed digital identity verification method, system, electronic equipment and storage medium
CN115239441A (en) * 2022-09-21 2022-10-25 航天宏图信息技术股份有限公司 Data resource transaction method and system based on alliance chain bidding
CN117527445B (en) * 2024-01-02 2024-03-12 江苏荣泽信息科技股份有限公司 Data sharing system based on re-encryption and distributed digital identity

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Electronic medical record storage and shared model and method based on block chain
CN109471844A (en) * 2018-10-10 2019-03-15 深圳市达仁基因科技有限公司 File sharing method, device, computer equipment and storage medium
CN109951295A (en) * 2019-02-27 2019-06-28 百度在线网络技术(北京)有限公司 Key handling and application method, device, equipment and medium
CN110311787A (en) * 2019-06-21 2019-10-08 深圳壹账通智能科技有限公司 Authorization management method, system, equipment and computer readable storage medium
WO2020101325A1 (en) * 2018-11-13 2020-05-22 (주)블루팝콘 Encryption system and method employing permutation group-based encryption technology

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Electronic medical record storage and shared model and method based on block chain
CN109471844A (en) * 2018-10-10 2019-03-15 深圳市达仁基因科技有限公司 File sharing method, device, computer equipment and storage medium
WO2020101325A1 (en) * 2018-11-13 2020-05-22 (주)블루팝콘 Encryption system and method employing permutation group-based encryption technology
CN109951295A (en) * 2019-02-27 2019-06-28 百度在线网络技术(北京)有限公司 Key handling and application method, device, equipment and medium
CN110311787A (en) * 2019-06-21 2019-10-08 深圳壹账通智能科技有限公司 Authorization management method, system, equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN111884805A (en) 2020-11-03

Similar Documents

Publication Publication Date Title
CN111884805B (en) Data hosting method and system based on blockchain and distributed identity
CN110493347B (en) Block chain-based data access control method and system in large-scale cloud storage
CN114615095B (en) Block chain cross-chain data processing method, relay chain, application chain and cross-chain network
Adams et al. Understanding PKI: concepts, standards, and deployment considerations
CN111600875B (en) Anonymous data sharing method and system based on data source and data master hiding
CN109450843B (en) SSL certificate management method and system based on block chain
CN105577383A (en) Management of cryptographic keys
US7266705B2 (en) Secure transmission of data within a distributed computer system
Buccafurri et al. Integrating digital identity and blockchain
CN114866323B (en) User-controllable privacy data authorization sharing system and method
JP5992535B2 (en) Apparatus and method for performing wireless ID provisioning
CN102055766A (en) Webservice service management method and system
Borse et al. Anonymity: A secure identity management using smart contracts
Basudan A Scalable Blockchain Framework for Secure Transactions in IoT-Based Dynamic Applications
CN113329003B (en) Access control method, user equipment and system for Internet of things
CN107409043B (en) Distributed processing of products based on centrally encrypted stored data
KR100848966B1 (en) Method for authenticating and decrypting of short message based on public key
KR20100025624A (en) Method for generating secure key using certificateless public key in insecure communication channel
CN113239376B (en) Data sharing method, request method and device based on block chain
KR20100002424A (en) Method for generating secure key using certificateless public key
KR20230089969A (en) An identity authentication device for non-face-to-face account opening and method of operation it
Zwattendorfer et al. Design strategies for a privacy-friendly Austrian eID system in the public cloud
Liang et al. An efficient blockchain-based anonymous authentication and supervision system
Tan et al. Secure and privacy-preserving sharing of personal health records with multi-party pre-authorization verification
KR20210059525A (en) System for recovery a private key based on multi signature of blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant