CN111884805B - Data hosting method and system based on blockchain and distributed identity - Google Patents
Data hosting method and system based on blockchain and distributed identity Download PDFInfo
- Publication number
- CN111884805B CN111884805B CN202010590921.3A CN202010590921A CN111884805B CN 111884805 B CN111884805 B CN 111884805B CN 202010590921 A CN202010590921 A CN 202010590921A CN 111884805 B CN111884805 B CN 111884805B
- Authority
- CN
- China
- Prior art keywords
- data
- blockchain
- sharing platform
- distributed identity
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data hosting method and a system based on blockchain and distributed identity, solves the problem of heavy encryption and decryption work of proxy re-encryption, and provides a trusted data encryption and sharing mode based on blockchain intelligent contracts and verifiable statement VC. The method comprises the following steps: the data provider C sends ciphertext, an identification code, a public key of an asymmetric key and a data description document to the data sharing platform A, and deploys an intelligent contract on a blockchain, and takes a private key, a symmetric key, an identification code and a certification party of the asymmetric key as preset; the data demand party B sends data demand to the data sharing platform A, and the data sharing platform A returns ciphertext and encrypted verifiable statement; the data demand side B sends an encrypted verifiable statement to the intelligent contract, and the intelligent contract returns an encrypted symmetric key after verification; and the data demand party B decrypts to obtain a symmetric key, and then uses the ciphertext to obtain the original data.
Description
Technical Field
The invention relates to the field of blockchains, in particular to a data hosting method and system based on blockchains and distributed identities.
Background
The W3C organization defines a set of globally unique, universal, standardized, machine-readable DID distributed digital identity identifiers, while the Verifiable Credentials standard standardizes the data formats and interactions that can verify digital identity credentials, providing conditions for future digital identity interworking. The DID Auth standard proposed by the DIF organization starts a method for solving authentication of DID control rights among different service parties. Whereas DKMS is directed to constructing a trusted point-to-point secure communication link through the design of distributed key lifecycle management.
Proxy re-encryption is a technology that has been widely used in the field of cloud services in recent years. The cloud computing service provider is taken as an agent, and the user A cannot completely trust the cloud computing service provider, so that data which is required to be stored by the user A can be locally encrypted by the user A's own public key Pa and then transmitted to the cloud for storage, and thus the cloud computing service provider cannot obtain clear text information of the data, and the data can be decrypted only by the user A's own private key Sa. When the user A needs to share the data with the user B, the user A can calculate a conversion key Rk according to the private key of the user A and the public key Pb of the user B, and the cloud computing service provider uses the conversion key Rk to re-encrypt the ciphertext aiming at the user A to obtain the ciphertext aiming at the user B, so that the user B can easily download the ciphertext data from the cloud and can decrypt the ciphertext by using the private key Sb of the user B.
Although the whole process ensures that the cloud service platform cannot take the original data and ensures the security of the data, in the process, the encryption and decryption mode at the user side is inconvenient for data sharing, and the provider needs to generate a conversion key for each requiring party so that the user can increase heavy decryption work.
Disclosure of Invention
In order to solve the problem of heavy encryption and decryption work of the proxy in the prior art, the data hosting method and system based on the blockchain and the distributed identity can solve the problem of heavy encryption and decryption work of the proxy, and provide a security scheme for sharing the data hosting.
In a first aspect, an embodiment of the present application provides a blockchain and distributed identity-based data hosting method, the method including:
deploying a distributed identity registration contract in the blockchain network;
the Data sharing platform A receives ciphertext C_Data_1 generated by encrypting original Data Data_1 by a Data provider C through a symmetric key k, a unique identification code uuid_1 corresponding to the symmetric key k, public keys pubkD in an asymmetric key pair pubkD and a public kD generated by the Data provider C, and description document text_1 information of the Data;
the Data provider C creates and deploys an intelligent contract Smc1 on the blockchain for the sharing of the ciphertext c_data_1;
the data sharing platform A receives the data requirement of the data requirement party B according to the data corresponding to the description document text_1, analyzes the distributed identity DID_B of the data requirement party B to obtain the description document doc_B, and generates a verifiable statement VC_1 corresponding to a unique identification code according to the description document doc_B;
the data sharing platform A encrypts the verifiable statement VC_1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C_VC_1 and sends the encrypted verifiable statement C_VC_1 to a blockchain account B of the data requester B; the Data sharing platform A sends ciphertext C_Data_1 to the Data requiring party B;
the data demand direction B sends the encrypted verifiable claim c_vc_1 to the smart contract Smc1, such that the smart contract Smc1 decrypts the encrypted verifiable claim c_vc_1 with the private key prikD of the asymmetric key pair to obtain the verifiable claim vc_1;
the intelligent contract Smc1 obtains a symmetric key k according to an identification code uuid_1 in the verifiable statement VC_1, and encrypts the symmetric key k by using a public key pubkB of a data requiring party B to obtain C_k;
the smart contract Smc1 sends the c_k to the blockchain account B of the Data consumer B, which decrypts the symmetric key k using its private key prikB, for decrypting the ciphertext c_data_1 obtained from the Data sharing platform a to obtain the final original Data data_1.
Further, on the data transaction blockchain, a distributed identity registration contract is deployed, all participating principals can register unique distributed identities DID through the contract, and the data sharing platform a, the data demander B and the data provider C respectively register the distributed identities did_ A, DID _b and did_c and respectively generate corresponding DID description documents doc_ A, doc _b and doc_c.
Further, the information in the description document doc_a comprises a blockchain account a and a blockchain account public key pubkA which are bound with the distributed identity did_a; the information in the description document doc_b comprises a blockchain account B and a blockchain account public key pubkB which are bound with the distributed identity did_b; the information in the description document doc_c includes a blockchain account C and a blockchain account public key pubkC bound to the distributed identity did_c.
Further, data sharing platform a registers a prover issuer on the blockchain for generating a verifiable statement vc_1 for data requestor B.
Further, the smart contract Smc1 is controlled by a private key prikD of the asymmetric key pair generated by the data provider C, the data provider C calls the private key prikD to update the smart contract Smc1, and the smart contract Smc1 presets the private key prikD of the asymmetric key pair, the symmetric key k, the identification code uuid_1 and the issuer isuer as parameters of a verification contract.
Further, the process of generating verifiable claim vc_1 includes:
resolving the DID_B account of the data requiring party B to acquire the description document doc_B and verifying the validity of the description document doc_B;
generating a declaration raw_clip according to the DID_A of the data sharing platform A, the distributed identity DID_B of the data requiring party B, the identification code uuid_1 and the information to be declared;
generating a proof by using a private key prikA signature declaration raw_claim of the data sharing platform a;
generating a verifiable statement VC_1 according to the statement raw_claim and the proof.
Further, in the above steps, validity verification is further performed on the encrypted verifiable statement c_vc_1 information.
Further, the smart contract verification encryption verifiable claim c_vc_1 validity process includes:
decrypting the encrypted verifiable statement c_vc_1 using the private key prikD of the asymmetric key pair to obtain a verifiable statement vc_1;
analyzing an issuer DID in the VC to obtain doc_A;
verifying whether an issuer is a data sharing platform A, if so, analyzing a holder DID_B in a raw_clamp to obtain doc_B;
and verifying whether the blockchain account B of the data consumer B sending the encryption statement to the intelligent contract is the blockchain account B mentioned in doc_B, if so, verifying the signature VC_1 by using an asymmetric verification signature algorithm corresponding to the public key pubkA of the data sharing platform A.
In a second aspect, an embodiment of the present application provides a data hosting system based on a blockchain and a distributed identity, including a data sharing platform a, a data demander B, a data provider C, and a blockchain, where the data sharing platform a, the data demander B, the data provider C, and the blockchain interactively complete any one of the foregoing blockchain and the distributed identity based data hosting method, the system includes:
deploying a distributed identity registration contract in the blockchain network;
the Data sharing platform A receives ciphertext C_Data_1 generated by encrypting original Data Data_1 by a Data provider C through a symmetric key k, a unique identification code uuid_1 corresponding to the symmetric key k, public keys pubkD in an asymmetric key pair pubkD and a public kD generated by the Data provider C, and description document text_1 information of the Data;
the Data provider C creates and deploys an intelligent contract Smc1 on the blockchain for the sharing of the ciphertext c_data_1;
the data sharing platform A receives the data requirement of the data requirement party B according to the data corresponding to the description document text_1, analyzes the distributed identity DID_B of the data requirement party B to obtain the description document doc_B, and generates a verifiable statement VC_1 corresponding to a unique identification code according to the description document doc_B;
the data sharing platform A encrypts the verifiable statement VC_1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C_VC_1 and sends the encrypted verifiable statement C_VC_1 to a blockchain account B of the data requester B; the Data sharing platform A sends ciphertext C_Data_1 to the Data requiring party B;
the data demand direction B sends the encrypted verifiable claim c_vc_1 to the smart contract Smc1, such that the smart contract Smc1 decrypts the encrypted verifiable claim c_vc_1 with the private key prikD of the asymmetric key pair to obtain the verifiable claim vc_1;
the intelligent contract Smc1 obtains a symmetric key k according to an identification code uuid_1 in the verifiable statement VC_1, and encrypts the symmetric key k by using a public key pubkB of a data requiring party B to obtain C_k;
the smart contract Smc1 sends the c_k to the blockchain account B of the Data consumer B, which decrypts the symmetric key k using its private key prikB, for decrypting the ciphertext c_data_1 obtained from the Data sharing platform a to obtain the final original Data data_1.
Compared with the prior art, the data hosting method and system based on the blockchain and the distributed identity provided by the invention construct a trusted data encryption and sharing mode by utilizing the technologies of the verifiable statement VC, the blockchain intelligent contract, the data sharing platform and the like, in the process, a data provider does not need to be online in real time and gets rid of heavy work of encryption and decryption for multiple times, so that the data can be safely shared, and the platform only provides functions such as encryption and storage in the whole process, and the original data cannot be obtained. Meanwhile, all sharing and authorizing processes are recorded on a chain, so that a data provider can truly and intuitively control the times of data sharing.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it will be obvious that the drawings in the following description are some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flow chart of an embodiment of a blockchain and distributed identity based data hosting method provided by the present invention;
fig. 2 is a schematic architecture diagram of an embodiment of a blockchain and distributed identity based data hosting system according to the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In addition, the technical features which are designed in the different embodiments of the invention described below can be combined with one another as long as they do not conflict with one another.
Example 1
The invention provides a data hosting method based on blockchain and distributed identity, as shown in fig. 1, the method comprises the following steps:
s100: deploying a distributed identity registration contract in the blockchain network;
in specific implementation, a distributed identity registration contract is deployed on a data transaction blockchain, and all participating principals can register unique distributed identities DID through the contract, and a data sharing platform A, a data demander B and a data provider C respectively register the distributed identities DID_ A, DID _B and DID_C correspondingly and generate corresponding DID description documents doc_ A, doc _B and doc_C correspondingly.
Specifically, the information in the description document doc_a includes a blockchain account a and a blockchain account public key pubkA bound with the distributed identity did_a; the information in the description document doc_b comprises a blockchain account B and a blockchain account public key pubkB which are bound with the distributed identity did_b; the information in the description document doc_c includes a blockchain account C and a blockchain account public key pubkC bound to the distributed identity did_c.
S200: the Data sharing platform A receives ciphertext C_Data_1 generated by encrypting original Data Data_1 by a Data provider C through a symmetric key k, a unique identification code uuid_1 corresponding to the symmetric key k, public keys pubkD in an asymmetric key pair pubkD and a public kD generated by the Data provider C, and description document text_1 information of the Data;
in particular implementations, data sharing platform A registers a prover issuer on the blockchain for generating a verifiable statement VC_1 for data requestor B.
S300: the Data provider C creates and deploys an intelligent contract Smc1 on the blockchain for the sharing of the ciphertext c_data_1;
in specific implementation, the smart contract Smc1 is controlled by the private key prikD of the asymmetric key pair generated by the data provider C, the data provider C calls the private key prikD to update the smart contract Smc1, and the smart contract Smc1 presets the private key prikD of the asymmetric key pair, the symmetric key k, the identification code uuid_1 and the issuer as parameters of the verification contract.
S400: the data sharing platform A receives the data requirement of the data requirement party B according to the data corresponding to the description document text_1, analyzes the distributed identity DID_B of the data requirement party B to obtain the description document doc_B, and generates a verifiable statement VC_1 corresponding to a unique identification code according to the description document doc_B;
in particular implementation, the process of generating verifiable claim vc_1 in S400 includes:
resolving the DID_B account of the data requiring party B to acquire the description document doc_B and verifying the validity of the description document doc_B;
generating a declaration raw_clip according to the DID_A of the data sharing platform A, the distributed identity DID_B of the data requiring party B, the identification code uuid_1 and the information to be declared;
generating a proof by using a private key prikA signature declaration raw_claim of the data sharing platform a;
generating a verifiable statement VC_1 according to the statement raw_claim and the proof.
S500: the data sharing platform A encrypts the verifiable statement VC_1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C_VC_1 and sends the encrypted verifiable statement C_VC_1 to a blockchain account B of the data requester B; the Data sharing platform A sends ciphertext C_Data_1 to the Data requiring party B;
s600: the data demand direction B sends the encrypted verifiable claim c_vc_1 to the smart contract Smc1, such that the smart contract Smc1 decrypts the encrypted verifiable claim c_vc_1 with the private key prikD of the asymmetric key pair to obtain the verifiable claim vc_1;
in particular, after step S600, before step S700, validity verification is further included on the encrypted verifiable statement c_vc_1 information.
Specifically, the smart contract verifies the validity of the encrypted verifiable statement C_VC_1 by:
decrypting the encrypted verifiable statement c_vc_1 using the private key prikD of the asymmetric key pair to obtain a verifiable statement vc_1;
analyzing an issuer DID in the VC to obtain doc_A;
verifying whether an issuer is a data sharing platform A, if so, analyzing a holder DID_B in a raw_clamp to obtain doc_B;
and verifying whether the blockchain account B of the data consumer B sending the encryption statement to the intelligent contract is the blockchain account B mentioned in doc_B, if so, verifying the signature VC_1 by using an asymmetric verification signature algorithm corresponding to the public key pubkA of the data sharing platform A.
S700: the intelligent contract Smc1 obtains a symmetric key k according to an identification code uuid_1 in the verifiable statement VC_1, and encrypts the symmetric key k by using a public key pubkB of a data requiring party B to obtain C_k;
s800: the smart contract Smc1 sends the c_k to the blockchain account B of the Data consumer B, which decrypts the symmetric key k using its private key prikB, for decrypting the ciphertext c_data_1 obtained from the Data sharing platform a to obtain the final original Data data_1.
The data hosting method based on the blockchain and the distributed identity provided by the embodiment of the invention constructs a trusted data encryption and sharing mode by utilizing the technologies of the verifiable statement VC, the blockchain intelligent contract, the data sharing platform and the like, and in the process, a data provider does not need to be online in real time and gets rid of heavy work of encryption and decryption for multiple times, so that the data can be safely shared, and the platform only provides functions of encryption, storage and the like in the whole process, and cannot obtain the original data. Meanwhile, all sharing and authorizing processes are recorded on a chain, so that a data provider can truly and intuitively control the times of data sharing.
Example two
The invention also provides a data hosting system based on the blockchain and the distributed identity, as shown in fig. 2, which comprises a data sharing platform A, a data demand side B, a data provider side C and a blockchain, wherein the data sharing platform A, the data demand side B, the data provider side C and the blockchain are interacted to complete the data hosting method based on the blockchain and the distributed identity as shown in fig. 1, and the system comprises the following steps:
deploying a distributed identity registration contract in the blockchain network;
the Data sharing platform A receives ciphertext C_Data_1 generated by encrypting original Data Data_1 by a Data provider C through a symmetric key k, a unique identification code uuid_1 corresponding to the symmetric key k, public keys pubkD in an asymmetric key pair pubkD and a public kD generated by the Data provider C, and description document text_1 information of the Data;
the Data provider C creates and deploys an intelligent contract Smc1 on the blockchain for the sharing of the ciphertext c_data_1;
the data sharing platform A receives the data requirement of the data requirement party B according to the data corresponding to the description document text_1, analyzes the distributed identity DID_B of the data requirement party B to obtain the description document doc_B, and generates a verifiable statement VC_1 corresponding to a unique identification code according to the description document doc_B;
the data sharing platform A encrypts the verifiable statement VC_1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C_VC_1 and sends the encrypted verifiable statement C_VC_1 to a blockchain account B of the data requester B; the Data sharing platform A sends ciphertext C_Data_1 to the Data requiring party B;
the data demand direction B sends the encrypted verifiable claim c_vc_1 to the smart contract Smc1, such that the smart contract Smc1 decrypts the encrypted verifiable claim c_vc_1 with the private key prikD of the asymmetric key pair to obtain the verifiable claim vc_1;
the intelligent contract Smc1 obtains a symmetric key k according to an identification code uuid_1 in the verifiable statement VC_1, and encrypts the symmetric key k by using a public key pubkB of a data requiring party B to obtain C_k;
the smart contract Smc1 sends the c_k to the blockchain account B of the Data consumer B, which decrypts the symmetric key k using its private key prikB, for decrypting the ciphertext c_data_1 obtained from the Data sharing platform a to obtain the final original Data data_1.
Compared with the prior art, the data hosting method and system based on the blockchain and the distributed identity provided by the invention construct a trusted data encryption and sharing mode by utilizing the technologies of the verifiable statement VC, the blockchain intelligent contract, the data sharing platform and the like, in the process, a data provider does not need to be online in real time and gets rid of heavy work of encryption and decryption for multiple times, so that the data can be safely shared, and the platform only provides functions such as encryption and storage in the whole process, and the original data cannot be obtained. Meanwhile, all sharing and authorizing processes are recorded on a chain, so that a data provider can truly and intuitively control the times of data sharing.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (7)
1. A blockchain and distributed identity based data hosting method, the method comprising:
s100: deploying a distributed identity registration contract in the blockchain network;
s200: the Data sharing platform A receives ciphertext C_Data_1 generated by encrypting original Data Data_1 by a Data provider C through a symmetric key k, a unique identification code uuid_1 corresponding to the symmetric key k, public keys pubkD in an asymmetric key pair pubkD and a public kD generated by the Data provider C, and description document text_1 information of the Data;
s300: the Data provider creates and deploys an intelligent contract Smc1 on a blockchain for sharing the ciphertext C_Data_1;
s400: the data sharing platform A receives the data requirement of the data requirement party B according to the data corresponding to the description document text_1, analyzes the distributed identity DID_B of the data requirement party B to obtain the description document doc_B, and generates a verifiable statement VC_1 corresponding to a unique identification code according to the description document doc_B;
wherein the process of generating a verifiable declaration vc_1 in S400 includes:
resolving the distributed identity DID_B account of the data requiring party B to acquire the description document doc_B and verifying the validity of the description document doc_B;
generating a statement raw_clip according to the distributed identity DID_A of the data sharing platform A, the distributed identity DID_B of the data requiring party B, the identification code uuid_1 and the information to be stated;
generating a proof by using a private key prikA signature declaration raw_claim of the data sharing platform a;
generating a verifiable statement VC_1 according to the statement raw_claim and the proof;
s500: the data sharing platform A encrypts the verifiable statement VC_1 by using a public key pubkD provided by the data supplier C to generate an encrypted verifiable statement C_VC_1 and sends the encrypted verifiable statement C_VC_1 to a blockchain account B of the data requester B; the Data sharing platform A sends ciphertext C_Data_1 to the Data requiring party B;
s600: the data demand direction B sends the encrypted verifiable claim c_vc_1 to the smart contract Smc1, such that the smart contract Smc1 decrypts the encrypted verifiable claim c_vc_1 with the private key prikD of the asymmetric key pair to obtain the verifiable claim vc_1;
the intelligent contract Smc1 is controlled by a private key prikD of an asymmetric key pair generated by the data provider C, the data provider C calls the private key prikD to update the intelligent contract Smc1, and the intelligent contract Smc1 presets the private key prikD of the asymmetric key pair, the symmetric key k, the identification code uuid_1 and the issuer as parameters of a verification contract;
s700: the intelligent contract Smc1 obtains a symmetric key k according to an identification code uuid_1 in the verifiable statement VC_1, and encrypts the symmetric key k by using a public key pubkB of a data requiring party B to obtain C_k;
s800: the smart contract Smc1 sends the c_k to the blockchain account B of the Data consumer B, which decrypts the symmetric key k using its private key prikB, for decrypting the ciphertext c_data_1 obtained from the Data sharing platform a to obtain the final original Data data_1.
2. The blockchain and distributed identity based data hosting method of claim 1, wherein the step of: on the data transaction blockchain, a distributed identity registration contract is deployed, all participating principals can register unique distributed identities DID through the contract, and a data sharing platform A, a data demander B and a data provider C respectively register the distributed identities DID_ A, DID _B and DID_C correspondingly and generate corresponding DID description documents doc_ A, doc _B and doc_C correspondingly.
3. The blockchain and distributed identity-based data hosting method of claim 2, wherein the information in the description document doc_a includes a blockchain account a and a blockchain account public key pubkA bound to the distributed identity did_a; the information in the description document doc_b comprises a blockchain account B and a blockchain account public key pubkB which are bound with the distributed identity did_b; the information in the description document doc_c includes a blockchain account C and a blockchain account public key pubkC bound to the distributed identity did_c.
4. The blockchain and distributed identity based data hosting method of claim 1, wherein the step of: the data sharing platform a registers a prover issuer on the blockchain for generating a verifiable statement vc_1 for the data requestor B.
5. The blockchain and distributed identity based data hosting method of claim 1, wherein the step of: after step S600, before step S700, validity verification is further included on the encrypted verifiable statement c_vc_1 information.
6. The blockchain and distributed identity based data hosting method of claim 5, wherein the smart contract verification of the validity process of the encrypted verifiable claim c_vc_1 comprises:
decrypting the encrypted verifiable statement c_vc_1 using the private key prikD of the asymmetric key pair to obtain a verifiable statement vc_1;
analyzing an issuer DID in the VC to obtain doc_A;
verifying whether an issuer is a data sharing platform A, if so, analyzing and declaring a holder distributed identity DID_B in a raw_clamp to obtain a description document doc_B;
verifying whether the blockchain account B of the data consumer B sending the encrypted claim to the intelligent contract is the blockchain account B mentioned in the description document doc_b, if so, verifying the signature vc_1 using an asymmetric verification signature algorithm corresponding to the public key pubkA of the data sharing platform a.
7. A blockchain and distributed identity-based data hosting system comprising a data sharing platform a, a data demander B, a data provider C and a blockchain, wherein the data sharing platform a, the data demander B, the data provider C and the blockchain interact to complete the blockchain and distributed identity-based data hosting method as set forth in any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010590921.3A CN111884805B (en) | 2020-06-24 | 2020-06-24 | Data hosting method and system based on blockchain and distributed identity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010590921.3A CN111884805B (en) | 2020-06-24 | 2020-06-24 | Data hosting method and system based on blockchain and distributed identity |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111884805A CN111884805A (en) | 2020-11-03 |
CN111884805B true CN111884805B (en) | 2023-08-01 |
Family
ID=73158037
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010590921.3A Active CN111884805B (en) | 2020-06-24 | 2020-06-24 | Data hosting method and system based on blockchain and distributed identity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111884805B (en) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI773025B (en) * | 2020-12-16 | 2022-08-01 | 智弘軟體科技股份有限公司 | Processes and method for safe of use, monitoring and management of device accounts in terminal manner |
CN112866360B (en) * | 2021-01-06 | 2022-09-30 | 上海泰砥科技有限公司 | Block chain and distributed digital identity DID-based shared parking method and system |
CN112765671B (en) * | 2021-02-08 | 2021-09-21 | 上海万向区块链股份公司 | Localized data privacy encryption method and system |
CN113114728B (en) * | 2021-03-22 | 2022-04-01 | 南京航空航天大学 | Body area network identity authentication method and system based on editable block chain |
CN113395281B (en) * | 2021-06-11 | 2022-11-01 | 网易(杭州)网络有限公司 | Verification method and device capable of verifying statement and electronic equipment |
CN113378240B (en) * | 2021-06-23 | 2023-03-28 | 浪潮云信息技术股份公司 | Synchronous calling user identity authentication method based on block chain |
CN113626523B (en) * | 2021-08-09 | 2024-01-30 | 北京神州数码方圆科技有限公司 | DID-based blockchain data exchange method and system |
CN113609225B (en) * | 2021-08-09 | 2023-06-02 | 北京神州数码方圆科技有限公司 | DID-based blockchain data exchange method and system |
CN113691373B (en) * | 2021-08-20 | 2022-06-10 | 华中农业大学 | Anti-quantum key escrow system and method based on alliance block chain |
CN113761597B (en) * | 2021-09-17 | 2024-01-19 | 安徽高山科技有限公司 | Contract signing method based on verifiable certificate VC and blockchain signature |
CN114944937B (en) * | 2022-04-19 | 2024-04-09 | 网易(杭州)网络有限公司 | Distributed digital identity verification method, system, electronic equipment and storage medium |
CN115239441A (en) * | 2022-09-21 | 2022-10-25 | 航天宏图信息技术股份有限公司 | Data resource transaction method and system based on alliance chain bidding |
CN117527445B (en) * | 2024-01-02 | 2024-03-12 | 江苏荣泽信息科技股份有限公司 | Data sharing system based on re-encryption and distributed digital identity |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109326337A (en) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | Electronic medical record storage and shared model and method based on block chain |
CN109471844A (en) * | 2018-10-10 | 2019-03-15 | 深圳市达仁基因科技有限公司 | File sharing method, device, computer equipment and storage medium |
CN109951295A (en) * | 2019-02-27 | 2019-06-28 | 百度在线网络技术(北京)有限公司 | Key handling and application method, device, equipment and medium |
CN110311787A (en) * | 2019-06-21 | 2019-10-08 | 深圳壹账通智能科技有限公司 | Authorization management method, system, equipment and computer readable storage medium |
WO2020101325A1 (en) * | 2018-11-13 | 2020-05-22 | (주)블루팝콘 | Encryption system and method employing permutation group-based encryption technology |
-
2020
- 2020-06-24 CN CN202010590921.3A patent/CN111884805B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109326337A (en) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | Electronic medical record storage and shared model and method based on block chain |
CN109471844A (en) * | 2018-10-10 | 2019-03-15 | 深圳市达仁基因科技有限公司 | File sharing method, device, computer equipment and storage medium |
WO2020101325A1 (en) * | 2018-11-13 | 2020-05-22 | (주)블루팝콘 | Encryption system and method employing permutation group-based encryption technology |
CN109951295A (en) * | 2019-02-27 | 2019-06-28 | 百度在线网络技术(北京)有限公司 | Key handling and application method, device, equipment and medium |
CN110311787A (en) * | 2019-06-21 | 2019-10-08 | 深圳壹账通智能科技有限公司 | Authorization management method, system, equipment and computer readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN111884805A (en) | 2020-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111884805B (en) | Data hosting method and system based on blockchain and distributed identity | |
CN110493347B (en) | Block chain-based data access control method and system in large-scale cloud storage | |
CN114615095B (en) | Block chain cross-chain data processing method, relay chain, application chain and cross-chain network | |
Adams et al. | Understanding PKI: concepts, standards, and deployment considerations | |
CN111600875B (en) | Anonymous data sharing method and system based on data source and data master hiding | |
CN109450843B (en) | SSL certificate management method and system based on block chain | |
CN105577383A (en) | Management of cryptographic keys | |
US7266705B2 (en) | Secure transmission of data within a distributed computer system | |
Buccafurri et al. | Integrating digital identity and blockchain | |
CN114866323B (en) | User-controllable privacy data authorization sharing system and method | |
JP5992535B2 (en) | Apparatus and method for performing wireless ID provisioning | |
CN102055766A (en) | Webservice service management method and system | |
Borse et al. | Anonymity: A secure identity management using smart contracts | |
Basudan | A Scalable Blockchain Framework for Secure Transactions in IoT-Based Dynamic Applications | |
CN113329003B (en) | Access control method, user equipment and system for Internet of things | |
CN107409043B (en) | Distributed processing of products based on centrally encrypted stored data | |
KR100848966B1 (en) | Method for authenticating and decrypting of short message based on public key | |
KR20100025624A (en) | Method for generating secure key using certificateless public key in insecure communication channel | |
CN113239376B (en) | Data sharing method, request method and device based on block chain | |
KR20100002424A (en) | Method for generating secure key using certificateless public key | |
KR20230089969A (en) | An identity authentication device for non-face-to-face account opening and method of operation it | |
Zwattendorfer et al. | Design strategies for a privacy-friendly Austrian eID system in the public cloud | |
Liang et al. | An efficient blockchain-based anonymous authentication and supervision system | |
Tan et al. | Secure and privacy-preserving sharing of personal health records with multi-party pre-authorization verification | |
KR20210059525A (en) | System for recovery a private key based on multi signature of blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |