CN112084536A - Key storage method and device based on block chain - Google Patents

Key storage method and device based on block chain Download PDF

Info

Publication number
CN112084536A
CN112084536A CN202010904192.4A CN202010904192A CN112084536A CN 112084536 A CN112084536 A CN 112084536A CN 202010904192 A CN202010904192 A CN 202010904192A CN 112084536 A CN112084536 A CN 112084536A
Authority
CN
China
Prior art keywords
organization
key
block
storing
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010904192.4A
Other languages
Chinese (zh)
Other versions
CN112084536B (en
Inventor
黎原
徐欣
毛雨萌
马国斌
穆瑾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202010904192.4A priority Critical patent/CN112084536B/en
Publication of CN112084536A publication Critical patent/CN112084536A/en
Application granted granted Critical
Publication of CN112084536B publication Critical patent/CN112084536B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a key storage method and device based on a block chain, relates to the technical field of the block chain, and can avoid disclosure of a private key so as to guarantee security of an encrypted document. The method comprises the following steps: first, a first key pair including a first public key and a second key pair including a second public key and a second private key are obtained. Wherein the first key pair corresponds to a first organization and the second key pair corresponds to a second organization, and the authority level of the first organization is higher than that of the second organization. And then storing the first public key and the second public key into a first block for storing shared data of each organization including the first organization and the second organization, and storing the second private key into a second block for storing the data of the first organization after encrypting the second private key by adopting the first public key.

Description

Key storage method and device based on block chain
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a method and an apparatus for storing a key based on a blockchain.
Background
Currently, when implementing paperless office work, such as in an enterprise or in a government department, different keys are used for encrypting different documents when transmitting the documents or storing the documents in order to ensure information security.
However, when the document is encrypted by the above method, since all documents are encrypted by different keys, it is inevitable to notify the user of the private key through the internet or the like for many times after the document is encrypted, and the user can decrypt the document for viewing. The private key may be leaked in the process of transmitting the private key for many times, so that the security of the document cannot be guaranteed.
Disclosure of Invention
The application provides a block chain-based key storage method and device, which can avoid the disclosure of a private key, thereby ensuring the security of an encrypted document.
In order to achieve the purpose, the technical scheme is as follows:
in a first aspect, the present application provides a method for storing a key based on a blockchain, which first obtains a first key pair including a first public key and a second key pair including a second public key and a second private key. Wherein the first key pair corresponds to a first organization and the second key pair corresponds to a second organization, and the authority level of the first organization is higher than that of the second organization. And then storing the first public key and the second public key into a first block for storing shared data of each organization including the first organization and the second organization, and storing the second private key into a second block for storing the data of the first organization after encrypting the second private key by adopting the first public key.
In the block chain-based key storage method provided by the application, the same key pair is obtained for the same organization, so that the same key pair can be adopted by the users of the same organization to encrypt the document, and the users of the same organization do not need to transmit the private key every time the document is transmitted. In addition, the private key of the second organization with the lower authority level is stored in the second block for storing the data of the first organization with the higher authority level, so that the first organization with the higher authority level can decrypt the encrypted file of the second organization by looking at the data stored in the second block, and thus, the transmission of the private key between different authority levels is also avoided. Due to the irreparable modification of the block chain itself, it can be ensured that the second private key stored in the second block and the first public key and the second public key stored in the first block are not tampered with. Therefore, the key storage method based on the block chain does not need to transmit the private key in the forms of the Internet and the like, and the leakage of the private key can be avoided. Therefore, the security of the encrypted document can be guaranteed by the key pair encrypted document stored by the key storage method based on the block chain.
In a second aspect, the present application provides a key storage device based on a block chain, including an obtaining module and a storage module. The obtaining module is used for obtaining the first key pair and the second key pair. The first key pair corresponds to a first organization, the second key pair corresponds to a second organization, and the authority level of the first organization is higher than that of the second organization; the first key pair includes a first public key and the second key pair includes a second public key and a second private key. And the storage module is used for storing the first public key and the second public key acquired by the acquisition module into the first block, and storing the second private key acquired by the acquisition module into the second block after being encrypted by the first public key. The first block is used for storing shared data of various organizations including a first organization and a second organization, and the second block is used for storing data of the first organization.
In a third aspect, the present application provides a blockchain-based key storage apparatus, including a processor and a memory, where the processor is configured to couple with the memory, read and execute instructions in the memory, so as to implement the blockchain-based key storage method provided in the first aspect.
Optionally, the blockchain based key storage may further include a memory for storing program instructions and data of the blockchain based key storage. Further optionally, the blockchain based key storage may further comprise a transceiver for performing steps of transceiving data, signaling or information, e.g. obtaining the first key pair and the second key pair, under control of the processor of the blockchain based key storage.
Alternatively, the key storage device based on the blockchain may be a server, or may be a part of a device in the server, for example, a system on chip in the server. The server is configured to support the blockchain-based key storage device to implement the functions referred to in the first aspect, for example, to receive, transmit or process data and/or information referred to in the above-mentioned blockchain-based key storage method. The chip system includes a chip and may also include other discrete devices or circuit structures.
In a fourth aspect, the present application provides a computer-readable storage medium having instructions stored therein, which when executed by a computer, implement the blockchain-based key storage method as provided in the first aspect.
In a fifth aspect, the present application provides a computer program product comprising computer instructions which, when run on a computer, cause the computer to perform the blockchain based key storage method according to the first aspect.
It should be noted that all or part of the computer instructions may be stored on the computer readable storage medium. The computer-readable storage medium may be packaged with the processor of the blockchain-based key storage device, or may be packaged separately from the processor of the blockchain-based key storage device, which is not limited in this application.
For the descriptions of the second, third, fourth and fifth aspects in this application, reference may be made to the detailed description of the first aspect; in addition, for the beneficial effects described in the second aspect, the third aspect, the fourth aspect and the fifth aspect, reference may be made to the beneficial effect analysis of the first aspect, and details are not repeated here.
In the present application, the names of the above-mentioned key storage based on block chains do not constitute a limitation on the devices or functional modules themselves, which may appear by other names in actual implementations. Insofar as the functions of the respective devices or functional blocks are similar to those of the present invention, they are within the scope of the claims of the present application and their equivalents.
These and other aspects of the present application will be more readily apparent from the following description.
Drawings
Fig. 1 is a schematic flowchart of a key storage method based on a block chain according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another key storage method based on a block chain according to an embodiment of the present application;
FIG. 3 is a tree diagram for representing the hierarchical relationship of organization rights according to an embodiment of the present application;
FIG. 4 is another tree diagram for representing the hierarchical relationship of organization rights according to an embodiment of the present application;
FIG. 5 is a further tree diagram for representing the hierarchical relationship of organization rights according to an embodiment of the present application;
FIG. 6 is a further tree diagram for representing the hierarchical relationship of organization rights according to an embodiment of the present application;
FIG. 7 is a further tree diagram for representing the hierarchical relationship of organization rights according to an embodiment of the present application;
FIG. 8 is a further tree diagram for representing the hierarchical relationship of organization rights according to an embodiment of the present application;
FIG. 9 is a further tree diagram for representing the hierarchical relationship of organization rights according to an embodiment of the present application;
FIG. 10 is a further tree diagram for representing the hierarchical relationship of organization rights according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a key storage device based on a block chain according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of another key storage device based on a blockchain according to an embodiment of the present application.
Detailed Description
The following describes a method and an apparatus for storing a key based on a blockchain according to an embodiment of the present application in detail with reference to the accompanying drawings.
The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone.
The terms "first" and "second" and the like in the description and drawings of the present application are used for distinguishing different objects or for distinguishing different processes for the same object, and are not used for describing a specific order of the objects.
Furthermore, the terms "including" and "having," and any variations thereof, as referred to in the description of the present application, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may alternatively include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that in the embodiments of the present application, words such as "exemplary" or "for example" are used to mean serving as examples, illustrations or descriptions. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
In the description of the present application, the meaning of "a plurality" means two or more unless otherwise specified.
Currently, when implementing paperless office work, such as in an enterprise or in a government department, different keys are used for encrypting different documents when transmitting the documents or storing the documents in order to ensure information security.
However, when the document is encrypted by the above method, since all documents are encrypted by different keys, it is inevitable to notify the user of the private key through the internet or the like for many times after the document is encrypted, and the user can decrypt the document for viewing. The private key may be leaked in the process of transmitting the private key for many times, so that the security of the document cannot be guaranteed.
In view of the above problems in the prior art, an embodiment of the present application provides a key storage method based on a block chain, which can obtain different key pairs for different organizations, and store the key pairs corresponding to the organizations into corresponding blocks in the block chain according to authority levels of the organizations. Therefore, when a user needs to encrypt a certain document, the public key corresponding to the organization where the user is located can be used for encrypting the document and then storing the encrypted document into the block corresponding to the organization where the user is located. Due to the fact that the block chain is not modifiable, files stored in the blocks can be guaranteed not to be tampered, and therefore safety of documents can be guaranteed.
The key storage method based on the block chain provided by the embodiment of the application can be applied to a key storage device based on the block chain, and the key storage device based on the block chain can be a physical machine (such as a server) or a Virtual Machine (VM) deployed on the physical machine. For example, when a server executes the key storage method based on the block chain provided in the embodiment of the present application, the server may be one server or a server cluster composed of multiple servers, which is not limited in the embodiment of the present application.
Referring to fig. 1, a method for storing a key based on a block chain according to an embodiment of the present application includes:
s101, the key storage device based on the block chain acquires a first key pair and a second key pair.
Wherein the first key pair corresponds to a first organization and the second key pair corresponds to a second organization.
It is to be understood that the organization in the embodiment of the present application may be all employees in a certain department of a certain enterprise, may be a manager in a certain department of a certain enterprise, may be all members in a certain project group in a certain enterprise, or may be a group leader in a certain project group in a certain enterprise, and the present application is not limited thereto. Of course, in practical applications, the organization in the embodiment of the present application may also be other organizations with authority levels.
It should be noted that, in the embodiment of the present application, the authority level of the first organization is higher than the authority level of the second organization. Illustratively, the second organization may be all members of a project team within an enterprise, and correspondingly, the first organization may be the group leader of the project team.
In one possible implementation, the key storage device based on the block chain carries a computer program for randomly generating a key pair, and the key storage device based on the block chain executes the computer program for randomly generating the key pair, so that the first key pair and the second key pair can be randomly generated. The first key pair comprises a first public key and a first private key, and the second key pair comprises a second public key and a second private key.
In one possible implementation, the first key pair and the second key pair may be obtained from a first server based on a blockchain key storage, and the first server may have a computer program loaded therein for randomly generating the key pairs. The first server executes a computer program that randomly generates a key pair, may randomly generate a first key pair and a second key pair, and then sends to a blockchain-based key storage.
Of course, in practical applications, the key storage device based on the block chain may also obtain the first key pair and the second key pair in other manners, which is not limited in this application.
It should be further noted that, in a specific application of the key storage method based on the block chain provided in the embodiment of the present application, after the key storage device based on the block chain acquires the corresponding key pair for each organization, each organization may store the corresponding key pair in a preset storage manner. For example, after the key storage device based on the blockchain acquires the first key pair for the first organization, the first organization may store the corresponding key pair in a preset storage manner. In one possible implementation, the first organization may record the first key pair in a text record. Of course, in practical applications, each organization may also record the key pair obtained by the key storage device based on the block chain in other manners, which is not limited in this application.
S102, storing the first public key and the second public key into the first block by the key storage device based on the block chain, and storing the second private key into the second block after being encrypted by the first public key.
It should be noted that, in an implementation of the embodiment of the present application, the key storage device based on the block chain may create a private block chain to implement storage of the key and the file, where the first block and the second block are two different blocks on the private block chain.
The first block is used for storing shared data of various organizations including a first organization and a second organization, and the second block is used for storing the data of the first organization.
In a possible implementation manner, after the key storage device based on the block chain stores the second private key into the second block after encrypting the second private key by using the first public key, the first organization may view the file encrypted by the second organization. For example, the second organization may store the file a in the fourth block after encrypting the file a by using the second public key. The fourth block is used for storing data of a second organization. Because the second organization knows the second private key, the second organization can decrypt the file A encrypted by the second public key by adopting the second private key, so that the authority for looking up the file A is obtained. In addition, because the second private key encrypted by the first public key is stored in the second block for storing the data of the first organization, and the first organization knows the first private key, the first organization can decrypt the file where the second private key encrypted by the first public key is located by the first private key. Therefore, the first organization can acquire the second private key, further, the first organization can decrypt the file A encrypted by the second public key by using the second private key, and then the first organization can acquire the authority for looking up the file A.
In the block chain-based key storage method provided by the application, the same key pair is obtained for the same organization, so that the same key pair can be adopted by the users of the same organization to encrypt the document, and the users of the same organization do not need to transmit the private key every time the document is transmitted. In addition, the private key of the second organization with the lower authority level is stored in the second block for storing the data of the first organization with the higher authority level, so that the first organization with the higher authority level can decrypt the encrypted file of the second organization by looking at the data stored in the second block, and thus, the transmission of the private key between different authority levels is also avoided. Due to the irreparable modification of the block chain itself, it can be ensured that the second private key stored in the second block and the first public key and the second public key stored in the first block are not tampered with. Therefore, the key storage method based on the block chain does not need to transmit the private key in the forms of the Internet and the like, and the leakage of the private key can be avoided. Therefore, the security of the encrypted document can be guaranteed by the key pair encrypted document stored by the key storage method based on the block chain.
When each organization (for example, each department or each project group) of an enterprise stores a key and a file by using the key storage method based on the block chain provided in the embodiment of the present application, if the enterprise adds an organization, the enterprise user may trigger the key storage device based on the block chain to reacquire the key pair for the added organization through a first trigger operation, and the key storage device based on the block chain may determine the storage block of the private key in the key pair according to the authority level of the organization in the enterprise. The first trigger operation may be any operation in which a user controls the key storage device based on the block chain to run a program instruction to acquire the key pair through a trigger terminal or other devices.
Therefore, optionally, as shown in fig. 2, the method for storing a key based on a blockchain according to the embodiment of the present application further includes: S103-S105:
and S103, acquiring a third key pair by the key storage device based on the block chain.
Wherein the third key pair corresponds to a third organization, the third key pair including a third public key and a third private key.
Specifically, the manner of obtaining the third key pair by the key storage device based on the block chain is the same as the manner of obtaining the first key pair and the second key pair, and reference may be made to the foregoing related description, and details are not repeated here.
And S104, storing the third public key into the first block by the key storage device based on the block chain.
And S105, determining the authority level of the third organization based on the key storage device of the block chain, and determining the storage block of the third private key according to the authority level of the third organization.
In one possible implementation, the key storage device based on the block chain may store authority level tables of respective organizations, and the key storage device based on the block chain may determine the authority level of the third organization according to the authority level tables. When the authority hierarchy relationship of each organization changes, the user can update the authority hierarchy table stored in the key storage device based on the block chain through a second trigger operation. The second trigger operation may be any operation in which the user controls the key storage device based on the block chain to run the program instruction to update the authority hierarchy table through a trigger terminal or other devices.
In a possible implementation manner, when the key storage device based on the block chain determines that the authority level of the third organization is higher than that of the first organization, and the authority level of the third organization is the highest authority level, the key storage device based on the block chain may store the first private key and the third private key in the third block after being encrypted by using the third public key. Wherein the third block is for storing data of a third organization.
As shown in FIG. 3, a tree diagram is provided in which the third organization has a higher level of authority than the first organization. Wherein node a represents a first organization, node B represents a second organization, and node C represents a third organization. Because the key storage device based on the block chain encrypts the first private key by using the third public key and stores the encrypted first private key into the third block, and the third organization knows the third private key, the third organization can decrypt the file where the first private key encrypted by using the third public key is located by using the third private key to obtain the first private key when the third organization is implemented specifically. So that the third organization may employ the first private key to decrypt files encrypted by the first organization using the first public key. Further, the third organization may decrypt, with the first private key, the file where the second private key is located, which is encrypted by the second organization with the first public key, so as to view the file encrypted by the second organization. Therefore, the third organization corresponding to the C node with the highest privilege level can view not only the content in the third block for storing the data of the third organization but also the content in the second block for storing the data of the first organization and the content in the fourth block for storing the data of the second organization. And a first organization corresponding to the a node may view content in a second section for storing data of the first organization and content in a fourth section for storing data of the second organization. The second organization corresponding to the B node may view the contents in the fourth section for storing the data of the second organization.
In the embodiment of the present application, for the authority levels of the organizations shown in fig. 3, the key storage device based on the block chain stores a third private key of a third organization in a third block for storing data of the third organization after encrypting the third private key with a third public key. In practical application, since the third organization is the current highest authority level, the third private key may not be stored in the third block, and the third organization only needs to store the third key pair in a preset storage manner.
In a possible implementation manner, when the key storage device based on the block chain determines that the authority level of the third organization is higher than the authority level of the second organization and lower than the authority level of the first organization, the key storage device based on the block chain may store the third private key into the second block after being encrypted by the first public key, and store the second private key into the third block after being encrypted by the third public key.
As shown in FIG. 4, a tree diagram is provided in which the third organization has a level of authority higher than the second organization and lower than the first organization. Wherein node a represents a first organization, node B represents a second organization, and node C represents a third organization. The first organization corresponding to the a node can view not only the contents in the second block for storing the data of the first organization but also the contents in the third block for storing the data of the third organization and the contents in the fourth block for storing the data of the second organization. And the third organization corresponding to the C node can view the content in the third block for storing the data of the third organization and can also view the content in the fourth block for storing the data of the second organization. The second organization corresponding to the B node may view the contents in the fourth section for storing the data of the second organization. The specific analysis process is similar to the analysis process of the authority hierarchy relationship corresponding to the tree diagram shown in fig. 3, and is not described herein again.
In a possible implementation manner, when the key storage device based on the block chain determines that the authority level of the third organization is lower than that of the second organization, the third private key is encrypted by the second public key and then stored in the fourth block.
As shown in FIG. 5, a tree diagram is provided in which the third organization has a lower privilege level than the second organization. Wherein node a represents a first organization, node B represents a second organization, and node C represents a third organization. The first organization corresponding to the a node can view not only the contents in the second block for storing the data of the first organization but also the contents in the third block for storing the data of the third organization and the contents in the fourth block for storing the data of the second organization. And a second organization corresponding to the B node may view content in a fourth block for storing data of the second organization and content in a third block for storing data of the third organization. The third organization corresponding to the C node may view the content in a third section for storing data of the third organization. The specific analysis process is similar to the analysis process of the authority hierarchy relationship corresponding to the tree diagram shown in fig. 3, and is not described herein again.
In a possible implementation manner, when the key storage device based on the block chain determines that the authority level of the third organization is the same as that of the second organization, the third private key is encrypted by the first public key and then stored in the second block.
As shown in fig. 6, a tree diagram is provided in which the third organization has the same privilege level as the second organization. Wherein node a represents a first organization, node B represents a second organization, and node C represents a third organization. The first organization corresponding to the a node can view not only the contents in the second block for storing the data of the first organization but also the contents in the third block for storing the data of the third organization and the contents in the fourth block for storing the data of the second organization. The second organization corresponding to the B node can only view the contents in the fourth block for storing the data of the second organization. A third organization corresponding to a C node of the same privilege level as the B node can only view the contents of a third chunk for storing data of the third organization. The specific analysis process is similar to the analysis process of the authority hierarchy relationship corresponding to the tree diagram shown in fig. 3, and is not described herein again.
Optionally, when each project group of a certain enterprise stores a key and a file by using the key storage method based on the block chain provided in this embodiment of the present application, if a certain project group is finished, the enterprise user may trigger the key storage device based on the block chain to delete data stored in a block corresponding to the project group (corresponding to an organization in this embodiment of the present application) through a third trigger operation. The third triggering operation may be any operation in which the user controls the key storage device based on the block chain to run the program instruction to acquire the deletion data through a device such as a triggering terminal.
In one possible implementation, taking the authority hierarchy relationship of each organization represented by the tree shown in fig. 5 as an example, when the key storage device based on the block chain determines to delete the data stored in the fourth block (corresponding to the second organization), the data stored in the fourth block may be decrypted by using the second private key. And then, the key storage device based on the block chain encrypts the decrypted data stored in the fourth block by adopting the first public key and stores the encrypted data in the second block, and the random key is adopted to re-encrypt the data stored in the fourth block. And finally, the key storage device based on the block chain acquires a fourth key pair comprising a fourth private key and a fourth public key for the third organization again, stores the fourth public key into the first block, encrypts the fourth private key by adopting the first public key and then stores the fourth private key into the second block. Since the random key does not correspond to any organization, the data stored in the fourth block is deleted, and the tree diagram shown in fig. 5 is changed to the tree diagram shown in fig. 7.
It can be understood that the embodiment of the present application provides a key storage method based on a block chain, and is not limited to the authority hierarchy relationship of each organization represented by the tree diagrams shown in fig. 3 to fig. 6, and in practical applications, the authority hierarchy of each organization is more complex. In order to more clearly illustrate the key storage method based on the block chain provided in the embodiment of the present application, the authority level relationship of each organization represented by the tree diagram shown in fig. 8 will be specifically described as an example.
As shown in fig. 8, a certain enterprise has 10 organizations in total, and a D node represents a D organization, an E node represents an E organization, an F node represents an F organization, a G node represents a G organization, an H node represents an H organization, an I node represents an I organization, a J node represents a J organization, a K node represents a K organization, an L node represents an L organization, and an M node represents an M organization. The key storage device based on the block chain can respectively obtain the key pairs corresponding to the organizations, and determine the blocks for storing the data of the organizations and the public blocks for storing the shared data of the organizations on the created private block chain. A key storage based on a block chain may store public keys of organizations in a common block.
It can be seen that the authority level of the E organization is higher than that of the H organization, the I organization and the J organization, and the private key of the H organization, the private key of the I organization and the private key of the J organization can be respectively encrypted by the public key of the E organization and then stored in the block for storing the data of the E organization by the key storage device based on the block chain. The authority level of the F organization is higher than that of the K organization, and the key storage device based on the block chain can store the private key of the K organization in the block for storing the data of the F organization after encrypting the private key by adopting the public key of the F organization. The authority level of the G organization is higher than that of the L organization and the M organization, and the secret key storage device based on the block chain can store the private key of the L organization and the private key of the M organization into the block for storing the data of the G organization after being encrypted by the public key of the G organization. In addition, the authority level of the organization D is higher than that of the organization E, the organization F and the organization G, and the private key of the organization E, the private key of the organization F and the private key of the organization G can be stored in the block for storing the data of the organization D after being encrypted by the public key of the organization D respectively based on the key storage device of the block chain. Therefore, the D organization can check the encrypted files of the E organization, the F organization and the G organization, can check the encrypted files of the H organization, the I organization and the J organization of the subordinate levels of the E organization after further obtaining the private key of the E organization, can check the encrypted file of the K organization of the subordinate levels of the F organization after further obtaining the private key of the F organization, and can check the encrypted files of the L organization and the M organization of the subordinate levels of the G organization after further obtaining the private key of the G organization. The organization E can view the encrypted files organized by the subordinate levels H, I and J, the organization F can view the encrypted files organized by the subordinate levels K, and the organization G can view the encrypted files organized by the subordinate levels L and M.
If an N organization and an O organization are newly added to the enterprise, the key storage device based on the block chain may respectively obtain a key pair for the N organization and the O organization, store the obtained two public keys in a public block, and respectively determine blocks for storing N organization data and O organization data on the created private block chain. And then, determining the authority levels of the N organization and the O organization based on the key storage device of the block chain, and determining the storage blocks of the private key of the N organization and the private key of the O organization according to the determined authority levels.
Illustratively, when the key storage based on the block chain determines that the authority level of the N organization is higher than the E organization and the F organization but less than the D organization, and the authority level of the O organization is higher than the G organization but less than the D organization, that is, the authority hierarchical relationship of each organization corresponds to the tree diagram shown in fig. 9. The key storage device based on the block chain can store the private key of the organization E and the private key of the organization F into a block for storing data of the organization N after being encrypted by the public key of the organization N, store the private key of the organization N into the block for storing data of the organization D after being encrypted by the public key of the organization D, store the private key of the organization G into the block for storing data of the organization O after being encrypted by the public key of the organization O, and store the private key of the organization O into the block for storing data of the organization D after being encrypted by the public key of the organization D.
Illustratively, when the key storage based on the block chain determines that the authority level of the N organization is higher than that of the E organization and the F organization and is not less than that of the D organization, and the authority level of the O organization is higher than that of the G organization and is not less than that of the D organization, that is, the authority hierarchical relationship of each organization corresponds to the tree diagram shown in fig. 10. The key storage device based on the block chain can store the private key of the organization E and the private key of the organization F into the block for storing the data of the organization N after being encrypted by the public key of the organization N, and store the private key of the organization G into the block for storing the data of the organization O after being encrypted by the public key of the organization O.
In summary, according to the key storage method based on the block chain provided by the present application, the key pair corresponding to each organization is stored in the corresponding block in the block chain according to the authority level of each organization, so that each organization can encrypt the document by using the corresponding key pair and store the encrypted document in the block corresponding to each organization, and the document and the key pair are not transmitted through other manners such as the internet. Due to the fact that the block chains are not modifiable, files stored in the blocks can be guaranteed not to be tampered, and the file storage safety is further guaranteed by adopting a key pair mode to carry out asymmetric encryption.
As shown in fig. 11, an embodiment of the present application further provides a blockchain-based key storage device, where the blockchain-based key storage device includes: an acquisition module 31 and a storage module 32.
The obtaining module 31 executes S101 in the above method embodiment, and the storing module 32 executes S102 in the above method embodiment.
In particular, the obtaining module 31 is configured to obtain a first key pair and a second key pair. Wherein the first key pair corresponds to a first organization and the second key pair corresponds to a second organization, and the authority level of the first organization is higher than that of the second organization. The first key pair includes a first public key and the second key pair includes a second public key and a second private key.
The storage module 32 is configured to store the first public key and the second public key acquired by the acquisition module 31 in the first block, and store the second private key acquired by the acquisition module 31 in the second block after being encrypted by the first public key. The first block is used for storing shared data of various organizations including a first organization and a second organization, and the second block is used for storing the data of the first organization.
Optionally, the apparatus further comprises a determination module. The obtaining module 31 is further configured to obtain a third key pair, where the third key pair corresponds to a third organization. The third key pair includes a third public key and a third private key. And a storage module 32, configured to store the third public key obtained by the obtaining module 31 in the first block. And the determining module is configured to determine the authority level of the third organization, and determine the storage block of the third private key acquired by the acquiring module 31 according to the authority level of the third organization.
Optionally, the first key pair further includes a first private key, and the determining module is specifically configured to: when the authority level of the third organization is higher than that of the first organization and the authority level of the third organization is the highest authority level, the first private key and the third private key acquired by the acquisition module 31 are encrypted by a third public key and then stored in a third block; the third block is for storing data of a third organization.
Optionally, the determining module is further specifically configured to: when the authority level of the third organization is determined to be higher than the authority level of the second organization and lower than the authority level of the first organization, the third private key acquired by the acquisition module 31 is encrypted by the first public key and then stored in the second block, and the second private key acquired by the acquisition module 31 is encrypted by the third public key and then stored in the third block.
Optionally, the determining module is further specifically configured to: and when the permission level of the third organization is determined to be the same as the permission level of the second organization, encrypting the third private key acquired by the acquisition module 31 by using the first public key and storing the encrypted third private key in the second block.
Optionally, the determining module is further specifically configured to: when the authority level of the third organization is lower than that of the second organization, the third private key acquired by the acquisition module 31 is encrypted by adopting a second public key and then stored in the fourth block; the fourth block is for storing data of the second organization.
Optionally, the apparatus further includes a processing module, when it is determined to delete the data stored in the fourth block, the processing module is configured to: decrypting the data stored in the fourth block by using the second private key acquired by the acquisition module 31; the decrypted data stored in the fourth block is encrypted by adopting the first public key and then stored in the second block through the storage module 32, and the data stored in the fourth block is re-encrypted by adopting a random key; re-acquiring a fourth key pair for the third organization through the acquiring module 31, where the fourth key pair includes a fourth private key and a fourth public key; the fourth public key is stored in the first block through the storage module 32, and the fourth private key acquired by the acquisition module 31 is encrypted by the first public key and stored in the second block.
Optionally, the storage module 32 is further configured to store program codes of the key storage device based on the blockchain, and the like.
As shown in fig. 12, an embodiment of the present application further provides a key storage device based on a block chain, which includes a memory 41, a processor 42, a bus 43, and a communication interface 44; the memory 41 is used for storing computer execution instructions, and the processor 42 is connected with the memory 41 through a bus 43; when the blockchain based key storage device is operating, the processor 42 executes computer-executable instructions stored by the memory 41 to cause the blockchain based key storage device to perform the blockchain based key storage method provided in the above-described embodiments.
In particular implementations, processor 42(42-1 and 42-2) may include one or more Central Processing Units (CPUs), such as CPU0 and CPU1 shown in FIG. 12, as one example. And as an example, the blockchain based key store may include a plurality of processors 42, such as processor 42-1 and processor 42-2 shown in fig. 12. Each of the processors 42 may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). Processor 42 may refer herein to one or more devices, circuits, and/or processing cores that process data (e.g., computer program instructions).
The memory 41 may be, but is not limited to, a read-only memory 41 (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 41 may be self-contained and coupled to the processor 42 via a bus 43. The memory 41 may also be integrated with the processor 42.
In a specific implementation, the memory 41 is used for storing data in the present application and computer-executable instructions corresponding to software programs for executing the present application. The processor 42 may base various functions of the blockchain based key storage device by running or executing software programs stored in the memory 41 and calling up data stored in the memory 41.
The communication interface 44 is any device, such as a transceiver, for communicating with other devices or communication networks, such as a control system, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), and the like. The communication interface 44 may include a receiving unit implementing a receiving function and a transmitting unit implementing a transmitting function.
The bus 43 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an extended ISA (enhanced industry standard architecture) bus, or the like. The bus 43 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 12, but this is not intended to represent only one bus or type of bus.
As an example, in connection with fig. 11, the function implemented by the acquisition module in the key storage based on the block chain is the same as the function implemented by the receiving unit in fig. 12, the function implemented by the processing module in the key storage based on the block chain is the same as the function implemented by the processor in fig. 12, and the function implemented by the storage module in the key storage based on the block chain is the same as the function implemented by the memory in fig. 12.
For the explanation of the related contents in this embodiment, reference may be made to the above method embodiments, which are not described herein again.
Through the above description of the embodiments, it is clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
An embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed by a computer, the computer is enabled to execute the method for storing a key based on a blockchain provided in the foregoing embodiment.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a RAM, a ROM, an erasable programmable read-only memory (EPROM), a register, a hard disk, an optical fiber, a CD-ROM, an optical storage device, a magnetic storage device, any suitable combination of the foregoing, or any other form of computer readable storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuit (ASIC). In embodiments of the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (16)

1. A method for storing a key based on a block chain is characterized by comprising the following steps:
acquiring a first key pair and a second key pair; the first key pair corresponds to a first organization, the second key pair corresponds to a second organization, and the first organization has a higher level of authority than the second organization; the first key pair comprises a first public key, and the second key pair comprises a second public key and a second private key;
storing the first public key and the second public key into a first block, and storing the second private key into a second block after being encrypted by the first public key; the first block is used for storing shared data of each organization including the first organization and the second organization, and the second block is used for storing data of the first organization.
2. The blockchain-based key storage method according to claim 1, wherein the method further comprises:
obtaining a third key pair, the third key pair corresponding to a third organization; the third key pair comprises a third public key and a third private key;
storing the third public key into the first block;
and determining the authority level of the third organization, and determining the storage block of the third private key according to the authority level of the third organization.
3. The method of claim 2, wherein the first key pair further comprises a first private key, and the determining the permission level of the third organization and determining the storage block of the third private key according to the permission level of the third organization comprises:
when the permission level of the third organization is higher than that of the first organization and the permission level of the third organization is the highest permission level, the first private key and the third private key are encrypted by the third public key and then stored in a third block; the third block is for storing the data of the third organization.
4. The method for storing a key based on a block chain according to claim 3, wherein the determining the authority level of the third organization and determining the storage block of the third private key according to the authority level of the third organization comprises:
and when the permission level of the third organization is determined to be higher than the permission level of the second organization and lower than the permission level of the first organization, the third private key is encrypted by the first public key and then stored in the second block, and the second private key is encrypted by the third public key and then stored in the third block.
5. The method according to claim 4, wherein determining the authority level of the third organization and determining the storage block of the third private key according to the authority level of the third organization comprises:
and when the permission level of the third organization is determined to be the same as the permission level of the second organization, the third private key is encrypted by the first public key and then stored in the second block.
6. The method for storing a key based on a block chain according to claim 5, wherein the determining the authority level of the third organization and determining the storage block of the third private key according to the authority level of the third organization comprises:
when the authority level of the third organization is lower than that of the second organization, the third private key is encrypted by a second public key and then stored in a fourth block; the fourth block is for storing the data of the second organization.
7. The method of claim 6, wherein when it is determined to delete the data stored in the fourth chunk, the method further comprises:
decrypting the data stored in the fourth block by using the second private key;
encrypting the decrypted data stored in the fourth block by adopting the first public key and then storing the encrypted data in the second block, and re-encrypting the data stored in the fourth block by adopting a random key;
retrieving a fourth key pair for the third organization, the fourth key pair comprising a fourth private key and a fourth public key;
and storing the fourth public key into the first block, and storing the fourth private key into the second block after encrypting the fourth private key by adopting the first public key.
8. A blockchain-based key storage device, comprising:
the acquisition module is used for acquiring a first key pair and a second key pair; the first key pair corresponds to a first organization, the second key pair corresponds to a second organization, and the first organization has a higher level of authority than the second organization; the first key pair comprises a first public key, and the second key pair comprises a second public key and a second private key;
the storage module is used for storing the first public key and the second public key acquired by the acquisition module into a first block, and storing the second private key acquired by the acquisition module into a second block after being encrypted by the first public key; the first block is used for storing shared data of each organization including the first organization and the second organization, and the second block is used for storing data of the first organization.
9. The blockchain-based key storage device of claim 8, wherein the device further comprises a determination module;
the obtaining module is further configured to obtain a third key pair, where the third key pair corresponds to a third organization; the third key pair comprises a third public key and a third private key;
the storage module is configured to store the third public key acquired by the acquisition module in the first block;
the determining module is configured to determine an authority level of the third organization, and determine the storage block of the third private key acquired by the acquiring module according to the authority level of the third organization.
10. The blockchain-based key storage device of claim 9, wherein the first key pair further includes a first private key, and the determining module is specifically configured to:
when the permission level of the third organization is higher than that of the first organization and the permission level of the third organization is the highest permission level, the first private key and the third private key acquired by the acquisition module are encrypted by the third public key and then stored in a third block; the third block is for storing the data of the third organization.
11. The blockchain-based key storage device of claim 10, wherein the determining module is further specifically configured to:
when the permission level of the third organization is determined to be higher than the permission level of the second organization and lower than the permission level of the first organization, the third private key acquired by the acquisition module is encrypted by the first public key and then stored in the second block, and the second private key acquired by the acquisition module is encrypted by the third public key and then stored in the third block.
12. The blockchain-based key storage device of claim 11, wherein the determining module is further specifically configured to:
and when the permission hierarchy of the third organization is determined to be the same as the permission hierarchy of the second organization, the third private key acquired by the acquisition module is encrypted by the first public key and then stored in the second block.
13. The blockchain-based key storage device of claim 12, wherein the determining module is further specifically configured to:
when the authority level of the third organization is lower than the authority level of the second organization, the third private key acquired by the acquisition module is encrypted by a second public key and then stored in a fourth block; the fourth block is for storing the data of the second organization.
14. The device according to claim 13, wherein the device further comprises a processing module, when determining to delete the data stored in the fourth block, the processing module is configured to:
decrypting the data stored in the fourth block by using the second private key acquired by the acquisition module;
encrypting the decrypted data stored in the fourth block by the first public key, storing the encrypted data in the second block through the storage module, and re-encrypting the data stored in the fourth block by a random key;
re-acquiring a fourth key pair for the third organization through the acquisition module, wherein the fourth key pair comprises a fourth private key and a fourth public key;
and storing the fourth public key into the first block through the storage module, and storing the fourth private key acquired by the acquisition module into the second block after being encrypted by adopting the first public key.
15. A key storage device based on a block chain is characterized by comprising a memory, a processor, a bus and a communication interface; the memory is used for storing computer execution instructions, and the processor is connected with the memory through the bus;
when the blockchain based key storage device is running, a processor executes the computer executable instructions stored in the memory to cause the blockchain based key storage device to perform the blockchain based key storage method of any one of claims 1 to 7.
16. A computer-readable storage medium having stored therein instructions, which when executed by a computer, cause the computer to execute the blockchain-based key storage method according to any one of claims 1 to 7.
CN202010904192.4A 2020-09-01 2020-09-01 Key storage method and device based on blockchain Active CN112084536B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010904192.4A CN112084536B (en) 2020-09-01 2020-09-01 Key storage method and device based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010904192.4A CN112084536B (en) 2020-09-01 2020-09-01 Key storage method and device based on blockchain

Publications (2)

Publication Number Publication Date
CN112084536A true CN112084536A (en) 2020-12-15
CN112084536B CN112084536B (en) 2023-07-21

Family

ID=73732849

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010904192.4A Active CN112084536B (en) 2020-09-01 2020-09-01 Key storage method and device based on blockchain

Country Status (1)

Country Link
CN (1) CN112084536B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785506A (en) * 2022-06-17 2022-07-22 杭州天谷信息科技有限公司 Electronic contract signing method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101099330A (en) * 2005-02-07 2008-01-02 三星电子株式会社 Key management method using hierarchical node topology, and method of registering and deregistering user using the same
CN101490687A (en) * 2006-07-07 2009-07-22 桑迪士克股份有限公司 Control system and method using identity objects
CN110224814A (en) * 2019-06-27 2019-09-10 深圳前海微众银行股份有限公司 A kind of block chain data sharing method and device
CN110798315A (en) * 2019-11-11 2020-02-14 腾讯科技(深圳)有限公司 Data processing method and device based on block chain and terminal
CN111104686A (en) * 2019-09-10 2020-05-05 腾讯科技(深圳)有限公司 Block chain network control method, device, equipment and storage medium
CN111431713A (en) * 2020-03-27 2020-07-17 财付通支付科技有限公司 Private key storage method and device and related equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101099330A (en) * 2005-02-07 2008-01-02 三星电子株式会社 Key management method using hierarchical node topology, and method of registering and deregistering user using the same
CN101490687A (en) * 2006-07-07 2009-07-22 桑迪士克股份有限公司 Control system and method using identity objects
CN110224814A (en) * 2019-06-27 2019-09-10 深圳前海微众银行股份有限公司 A kind of block chain data sharing method and device
CN111104686A (en) * 2019-09-10 2020-05-05 腾讯科技(深圳)有限公司 Block chain network control method, device, equipment and storage medium
CN110798315A (en) * 2019-11-11 2020-02-14 腾讯科技(深圳)有限公司 Data processing method and device based on block chain and terminal
CN111431713A (en) * 2020-03-27 2020-07-17 财付通支付科技有限公司 Private key storage method and device and related equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王伟康: "区块链技术在文档管理中的应用与研究", 中国优秀硕士学位论文全文数据库 信息科技辑 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785506A (en) * 2022-06-17 2022-07-22 杭州天谷信息科技有限公司 Electronic contract signing method

Also Published As

Publication number Publication date
CN112084536B (en) 2023-07-21

Similar Documents

Publication Publication Date Title
US11271910B2 (en) Techniques for shared private data objects in a trusted execution environment
US9680809B2 (en) Secure data storage on a cloud environment
US9037870B1 (en) Method and system for providing a rotating key encrypted file system
US8850593B2 (en) Data management using a virtual machine-data image
US20150095662A1 (en) Method for securing content in dynamically allocated memory using different domain-specific keys
CN104468562B (en) A kind of data security protecting portable terminal transparent towards Mobile solution
US11087017B1 (en) Systems, methods, and computer-readable media for utilizing anonymous sharding techniques to protect distributed data
CN111132150A (en) Method and device for protecting data, storage medium and electronic equipment
CN113886862B (en) Trusted computing system and resource processing method based on trusted computing system
CN109510702B (en) Key storage and use method based on computer feature codes
EP3308496A2 (en) System, apparatus and method for secure coordination of a rendezvous point for distributed devices using entropy multiplexing
CN113824553A (en) Key management method, device and system
Thilakanathan et al. Secure multiparty data sharing in the cloud using hardware-based TPM devices
CN114398623A (en) Method for determining security policy
CN112084536B (en) Key storage method and device based on blockchain
US9135449B2 (en) Apparatus and method for managing USIM data using mobile trusted module
Kumar et al. Data security and encryption technique for cloud storage
CN108985109A (en) A kind of date storage method and device
KR102211937B1 (en) A System of the Role-based Data Protection by using of the Off-Chain Ledger on the Blockchain Network
CN114691034A (en) Data storage method and data processing equipment
CN112995109B (en) Data encryption system, data encryption method, data processing device and electronic equipment
KR102526114B1 (en) Apparatus and method for encryption and decryption
Mishra et al. Improved cloud security approach with threshold cryptography
WO2022012575A1 (en) Data sharing method and related apparatus
CN116074110B (en) Method, system, equipment and medium for realizing encrypted file sharing in cloud environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant