CN112150147A - Data security storage system based on block chain - Google Patents

Data security storage system based on block chain Download PDF

Info

Publication number
CN112150147A
CN112150147A CN202011011671.XA CN202011011671A CN112150147A CN 112150147 A CN112150147 A CN 112150147A CN 202011011671 A CN202011011671 A CN 202011011671A CN 112150147 A CN112150147 A CN 112150147A
Authority
CN
China
Prior art keywords
data
transaction
block chain
platform
service platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011011671.XA
Other languages
Chinese (zh)
Inventor
杨孟勇
宣健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Jixiang Information Technology Co Ltd
Original Assignee
Anhui Jixiang Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Jixiang Information Technology Co Ltd filed Critical Anhui Jixiang Information Technology Co Ltd
Priority to CN202011011671.XA priority Critical patent/CN112150147A/en
Publication of CN112150147A publication Critical patent/CN112150147A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords

Abstract

The invention discloses a data security storage system based on a block chain, which comprises a block chain platform, a service platform and a user terminal, wherein the block chain platform comprises a first data storage unit and a second data storage unit; the service platform is used for realizing the release and the storage of the maintenance record; the data uploading module is used for receiving maintenance data sharing request information of a downloader; the proxy re-encryption module is used for acquiring maintenance data sharing request information and performing proxy re-encryption key generation operation on the first private key and the second public key according to a preset proxy re-encryption algorithm to obtain a re-encryption key; the block chain platform is used for acquiring a re-encryption key and re-encrypting the first ciphertext according to the re-encryption key to obtain a second ciphertext; the method ensures that the downloader can decrypt the ciphertext through the private key of the uploader after obtaining the ciphertext from the block chain under the condition that the private key and the decryption key of the uploader are not disclosed; the operation of one-time encryption and multiple authorization of the data is realized, and the safety of the data sharing process is effectively improved.

Description

Data security storage system based on block chain
Technical Field
The invention relates to the field of information security, in particular to a data security storage system based on a block chain.
Background
Vehicle maintenance data is an important maintenance information record, and is original information which is directly formed by maintenance personnel in various maintenance activities and has a preservation value. The essential attributes of vehicle service data are raw records that can restore the true historical state of the service process. Thus, vehicle service data has significant conservation and reference value.
The document of publication number CN108920111A provides a data sharing method and a distributed data sharing system, relates to the technical field of communications, and is used for solving the problems that the sharing mode in the existing data sharing system cannot be customized and the data sharing efficiency is low. The distributed data sharing system further comprises a sharing processing cluster, a data transmission cluster and a data storage area. The method comprises the following steps: the sharing processing cluster receives a first sharing task sent by a requester; the first sharing task carries a plurality of sharing modes; then, the sharing processing cluster allocates system resources for the available sharing mode, and instructs the data transmission cluster to send the data stored in the data storage cluster to the requester using the system resources allocated for the available sharing mode. The available sharing mode is carried by the first sharing task, and the system resource occupancy rate is smaller than a preset resource threshold value.
When a user needs to retrieve the maintenance data of the vehicle, the user often needs to authenticate on the service platform corresponding to each repair shop, the service platforms are managed by the enterprises to which the service platforms belong respectively, the service platforms are independent from each other, the data are inconsistent, the information sharing degree is low, and the authentication and the identity management of the user are troublesome; and the data independent storage management of each service platform needs to ensure the safety, the investment of hardware and software is huge, and the existing data is difficult to prevent from being tampered by external or internal factors even in practical application.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a data security storage system based on a block chain. According to the method, an uploader sends a first ciphertext to a block chain platform, wherein the first ciphertext is obtained by the uploader encrypting a maintenance data plaintext according to a first public key; the data uploading module receives maintenance data sharing request information of a downloader, wherein the maintenance data sharing request information carries a second public key; performing proxy re-encryption key generation operation on the first private key and the second public key according to a preset proxy re-encryption algorithm to obtain a re-encryption key; sending the re-encryption key to the block chain platform, so that the block chain platform re-encrypts the first ciphertext according to the re-encryption key to obtain a second ciphertext, and the second ciphertext is used for the downloader to decrypt according to a second private key to obtain the maintenance data plaintext; the safety of the data sharing process is effectively improved;
in the invention, a user enters a service platform through identity authentication performed by an information authentication module; by combining the characteristics of decentralization, tamper resistance, sharing and the like of the block chain technology, after the service platform is accessed to the block chain platform, the authentication information related to the user and the user terminal is desensitized and then added to the block chain, and other service platforms only need to be accessed to nodes in the block chain platform, so that all services related to the user and related information in each service can be read from the block chain, and the information sharing among all service platforms is realized, so that the service can be provided for the user better and confidently among all service platforms, and meanwhile, because records in the block chain cannot be tampered, the identity verification transaction cannot be repudiated and destroyed, the privacy and the safety of the information can be ensured while the information is shared.
The purpose of the invention can be realized by the following technical scheme: a data security storage system based on a block chain comprises a block chain platform, a service platform and a user terminal, wherein the block chain platform comprises at least three nodes which are mutually communicated and connected, the service platform is a service platform for providing service for the user terminal, the user terminal is connected with the service platform, and the service platform is connected with one node in the block chain platform;
the service platform is used for realizing the release and the storage of the maintenance record;
the service platform specifically comprises:
the method comprises the following steps: and (3) issuing a maintenance record: a user carries out vehicle maintenance in a repair shop, a maintainer can generate a vehicle inspection result and vehicle condition maintenance data m after inspection, hash data H (m) is generated for the maintenance data, and an information abstract digest is generated; signing and issuing the hash data and the information abstract by using a private key of a repair shop; meanwhile, the maintenance data is encrypted by a public key of a user and the encrypted maintenance data is transmitted to a service platform;
step two: and (4) storing the maintenance records: specifically, the method comprises the steps that a user decrypts the obtained maintenance data and encrypts and transmits the maintenance data to a block chain platform; the method comprises the following steps:
s21: after the user passes the identity authentication of the information authentication module, the user successfully enters the service platform;
s22: after receiving the encrypted maintenance data from the repair shop on the service platform, the user decrypts the encrypted maintenance data by using the private key of the user to decrypt the original maintenance data, the information abstract and the Hash data, and then decrypts the encrypted maintenance data by using the public key of the repair shop;
s23: for the encrypted maintenance data from the repair shop, firstly carrying out signature verification, then carrying out decryption, and classifying the decrypted maintenance data according to the vehicle model of the maintenance data;
s24: the user sends a first ciphertext to the block chain platform, wherein the first ciphertext is obtained by encrypting the maintenance data plaintext according to a first public key by the user; marking the user at the moment as an uploader;
the first ciphertext is used for an uploader to decrypt according to the first private key to obtain a maintenance data plaintext;
the encryption process of the plaintext of the maintenance data comprises the following steps:
x1: performing serialization operation on a maintenance data plaintext to obtain byte stream data;
x2: carrying out large scale system conversion on byte stream data;
x3: judging whether the plaintext serialization length of the maintenance data is a multiple of 32, if so, executing a step X4; if not, after zero padding is carried out on the plaintext codes, executing the step X4;
x4: splitting a data plaintext, wherein the splitting unit is 32-bit length;
x5: respectively encrypting the split fragments by using the first public key bls12-381, and splicing the encryption results;
x6: performing base64 encoding on the spliced encryption result to obtain a first ciphertext;
the data uploading module is used for receiving maintenance data sharing request information of a downloader and sending the maintenance data sharing request information to the block chain platform, and the maintenance data sharing request information carries a second public key;
the proxy re-encryption module is used for acquiring maintenance data sharing request information and performing proxy re-encryption key generation operation on the first private key and the second public key according to a preset proxy re-encryption algorithm to obtain a re-encryption key; the proxy re-encryption module is used for sending the re-encryption key to the block chain platform;
the block chain platform is used for acquiring a re-encryption key and re-encrypting the first ciphertext according to the re-encryption key to obtain a second ciphertext;
and the second ciphertext is used for the downloader to decrypt according to the second private key to obtain the maintenance data plaintext.
Further, the proxy re-encryption algorithm is preset to be the bls12-381 algorithm.
Further, the decryption process of the second ciphertext comprises the following steps:
XX 1: performing base64 decoding on the second ciphertext to obtain a splicing result;
XX 2: splitting the splicing result, wherein the splitting unit is 32-bit length;
XX 3: decrypting the split results by using second private keys respectively, and splicing the decrypted results to obtain a data plaintext;
XX 4: analyzing the data plaintext to obtain a serialized plaintext;
XX 5: and performing deserialization operation on the serialized plaintext to obtain the maintenance data plaintext.
Further, the specific working steps of the information verification module include:
s1: the user terminal sends an authentication request to the service platform; the method comprises the following steps:
s11: the user terminal generates a pair of keys corresponding to the service platform, wherein the pair of keys comprises a terminal private key and a terminal public key, and the terminal private key is stored in the user terminal;
s12: the user terminal sends the user terminal identification and the public key address of the terminal public key to the service platform;
s13: the service platform determines the public key address as the destination address of the authentication transaction;
s2: the service platform receives the authentication request and initiates an identity verification transaction according to the authentication request;
s3: the service platform uses the stored transaction private key to sign the verification information of the identity verification transaction to obtain a signature result;
s4: the service platform broadcasts verification data of the identity verification transaction to the blockchain platform, wherein the verification data comprises verification information, a signature result and a transaction public key, and the transaction public key and a transaction private key form a pair of keys;
s5: each node in the block chain platform verifies whether the identity verification transaction is legal or not according to the verification data; the method comprises the following steps:
s51: each node in the block chain platform detects whether a transaction public key included in the verification data has an identity verification transaction authority;
s52: each node in the block chain platform verifies whether the signature result and the verification information are valid through a transaction public key included in the verification data;
s53: when each node in the block chain platform detects that the transaction public key has the authentication transaction authority and the signature result and the authentication information are valid, determining that the authentication transaction is legal;
s6: when the authentication transaction is legal, each node in the blockchain platform adds the authentication information of the authentication transaction to the blockchain.
Further, the verification information of the authentication transaction comprises a destination address of the authentication transaction, a transaction type identifier, a service platform identifier, a user terminal identifier, an account identifier and a user terminal state identifier; the transaction type identifier is used for identifying whether identity authentication transaction is initiated, the service platform identifier is used for identifying the service platform, the user terminal identifier is used for identifying the user terminal, the account identifier is used for identifying the identity of the user in the service platform, and the user state identifier is used for identifying whether the user terminal is in a use state or a logout state.
Further, when the service platform accesses the blockchain platform through a node in the blockchain platform, a transaction key pair is generated, wherein the transaction key pair comprises a transaction public key and a transaction private key, and the transaction key pair is a key pair with identity authentication transaction authority.
The invention has the beneficial effects that:
1. according to the method, an uploader sends a first ciphertext to a block chain platform, wherein the first ciphertext is obtained by the uploader encrypting a maintenance data plaintext according to a first public key; the data uploading module receives maintenance data sharing request information of a downloader, wherein the maintenance data sharing request information carries a second public key; performing proxy re-encryption key generation operation on the first private key and the second public key according to a preset proxy re-encryption algorithm to obtain a re-encryption key; the re-encryption key is sent to the block chain platform, so that the block chain platform re-encrypts the first ciphertext according to the re-encryption key to obtain a second ciphertext, and the second ciphertext is used for a downloader to decrypt according to a second private key to obtain a maintenance data plaintext; the problem that data is transparent to a platform is solved through an encryption technology, after the encrypted data are sent to a block chain, block chain link points cannot analyze the data into a plaintext, and the block chain link points only play a role in data sharing and forwarding, so that the situation that user data are used by illegal platforms is avoided; by combining the proxy re-encryption mode, the condition that the uploading user obtains the ciphertext from the block chain without revealing the private key and the decryption key of the uploading user is ensured, and the ciphertext can be decrypted by the private key of the downloading user; the method can realize the operations of one-time encryption and multiple authorization of the data, and effectively improve the safety of the data sharing process.
2. In the invention, a user enters a service platform through identity authentication performed by an information authentication module; the user terminal sends an authentication request to the service platform, and the service platform receives the authentication request and initiates identity verification transaction according to the authentication request; the service platform uses the stored transaction private key to sign the verification information of the identity verification transaction to obtain a signature result; the service platform broadcasts verification data of the identity verification transaction to the blockchain platform, each node in the blockchain platform verifies whether the identity verification transaction is legal according to the verification data, and when the identity verification transaction is legal, each node in the blockchain platform adds verification information of the identity verification transaction to the blockchain; the invention combines the characteristics of decentralization, tamper resistance, sharing and the like of the block chain technology, after the service platform is accessed into the block chain platform, the authentication information related to the user and the user terminal is desensitized and then added to the block chain, and other service platforms can read all services related to the user and related information in each service from the block chain only by accessing nodes in the block chain platform, thereby realizing information sharing among the service platforms, leading the service platforms to be capable of providing services for the user better, simultaneously, because the records in the block chain can not be tampered, the identity verification transaction can not be repudiated and destroyed, and simultaneously, the information sharing can be realized, and simultaneously, the privacy and the safety of the information can be ensured.
Drawings
In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.
FIG. 1 is a block diagram of the system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a sender, i.e., an uploader, and a receiver, i.e., a downloader, of block chain upload data, and the sender and the receiver generate a public key and a private key offline, it should be noted that the private keys of the sender and the receiver are not recorded and propagated in any form on the chain;
a data security storage system based on a block chain comprises a block chain platform, a service platform and a user terminal, wherein the block chain platform comprises at least three nodes which are mutually communicated and connected, the service platform is a service platform for providing service for the user terminal, the user terminal is connected with the service platform, and the service platform is connected with one node in the block chain platform;
the service platform is used for realizing the release and the storage of the maintenance record;
the service platform specifically comprises:
the method comprises the following steps: and (3) issuing a maintenance record: a user carries out vehicle maintenance in a repair shop, a maintainer can generate a vehicle inspection result and vehicle condition maintenance data m after inspection, hash data H (m) is generated for the maintenance data, and an information abstract digest is generated; signing and issuing the hash data and the information abstract by using a private key of a repair shop; meanwhile, the maintenance data is encrypted by a public key of a user and the encrypted maintenance data is transmitted to a service platform;
step two: and (4) storing the maintenance records: specifically, the method comprises the steps that a user decrypts the obtained maintenance data and encrypts and transmits the maintenance data to a block chain platform; the method comprises the following steps:
s21: after the user passes the identity authentication of the information authentication module, the user successfully enters the service platform;
s22: after receiving the encrypted maintenance data from the repair shop on the service platform, the user decrypts the encrypted maintenance data by using the private key of the user to decrypt the original maintenance data, the information abstract and the Hash data, and then decrypts the encrypted maintenance data by using the public key of the repair shop;
s23: for the encrypted maintenance data from the repair shop, firstly carrying out signature verification, then carrying out decryption, and classifying the decrypted maintenance data according to the vehicle model of the maintenance data;
s24: the user sends a first ciphertext to the block chain platform, wherein the first ciphertext is obtained by encrypting the maintenance data plaintext according to a first public key by the user; marking the user at the moment as an uploader;
the first ciphertext is used for an uploader to decrypt according to the first private key to obtain a maintenance data plaintext;
the encryption process of the plaintext of the maintenance data comprises the following steps:
x1: performing serialization operation on a maintenance data plaintext to obtain byte stream data;
x2: carrying out large scale system conversion on byte stream data;
x3: judging whether the plaintext serialization length of the maintenance data is a multiple of 32, if so, executing a step X4; if not, after zero padding is carried out on the plaintext codes, executing the step X4;
x4: splitting a data plaintext, wherein the splitting unit is 32-bit length;
x5: respectively encrypting the split fragments by using the first public key bls12-381, and splicing the encryption results;
x6: performing base64 encoding on the spliced encryption result to obtain a first ciphertext;
the data uploading module is used for receiving maintenance data sharing request information of a downloader and sending the maintenance data sharing request information to the block chain platform, and the maintenance data sharing request information carries a second public key;
the proxy re-encryption module is used for acquiring maintenance data sharing request information and performing proxy re-encryption key generation operation on the first private key and the second public key according to a preset proxy re-encryption algorithm to obtain a re-encryption key; the proxy re-encryption module is used for sending the re-encryption key to the block chain platform;
presetting a proxy re-encryption algorithm as a bls12-381 algorithm;
the block chain platform is used for acquiring a re-encryption key and re-encrypting the first ciphertext according to the re-encryption key to obtain a second ciphertext;
the second ciphertext is used for the downloader to decrypt according to the second private key to obtain the maintenance data plaintext;
the decryption process of the second ciphertext comprises the following steps:
XX 1: performing base64 decoding on the second ciphertext to obtain a splicing result;
XX 2: splitting the splicing result, wherein the splitting unit is 32-bit length;
XX 3: decrypting the split results by using second private keys respectively, and splicing the decrypted results to obtain a data plaintext;
XX 4: analyzing the data plaintext to obtain a serialized plaintext;
XX 5: performing deserialization operation on the serialized plaintext to obtain a maintenance data plaintext;
according to the method, an uploader sends a first ciphertext to a block chain platform, wherein the first ciphertext is obtained by the uploader encrypting a maintenance data plaintext according to a first public key; the data uploading module receives maintenance data sharing request information of a downloader, wherein the maintenance data sharing request information carries a second public key; performing proxy re-encryption key generation operation on the first private key and the second public key according to a preset proxy re-encryption algorithm to obtain a re-encryption key; the re-encryption key is sent to the block chain platform, so that the block chain platform re-encrypts the first ciphertext according to the re-encryption key to obtain a second ciphertext, and the second ciphertext is used for a downloader to decrypt according to a second private key to obtain a maintenance data plaintext; the safety of the data sharing process is effectively improved;
the problem that data is transparent to a platform is solved through an encryption technology, after the encrypted data are sent to a block chain, block chain link points cannot analyze the data into a plaintext, and the block chain link points only play a role in data sharing and forwarding, so that the situation that user data are used by illegal platforms is avoided; by combining the proxy re-encryption mode, the condition that the uploading user obtains the ciphertext from the block chain without revealing the private key and the decryption key of the uploading user is ensured, and the ciphertext can be decrypted by the private key of the downloading user; the operation of once encryption and multiple authorization of data can be realized;
the specific working steps of the information verification module comprise:
s1: the user terminal sends an authentication request to the service platform; the method comprises the following steps:
s11: the user terminal generates a pair of keys corresponding to the service platform, wherein the pair of keys comprises a terminal private key and a terminal public key, and the terminal private key is stored in the user terminal;
s12: the user terminal sends the user terminal identification and the public key address of the terminal public key to the service platform;
s13: the service platform determines the public key address as the destination address of the authentication transaction;
s2: the service platform receives the authentication request and initiates an identity verification transaction according to the authentication request;
s3: the service platform uses the stored transaction private key to sign the verification information of the identity verification transaction to obtain a signature result;
s4: the service platform broadcasts verification data of the identity verification transaction to the blockchain platform, wherein the verification data comprises verification information, a signature result and a transaction public key, and the transaction public key and a transaction private key form a pair of keys;
s5: each node in the block chain platform verifies whether the identity verification transaction is legal or not according to the verification data; the method comprises the following steps:
s51: each node in the block chain platform detects whether a transaction public key included in the verification data has an identity verification transaction authority;
s52: each node in the block chain platform verifies whether the signature result and the verification information are valid through a transaction public key included in the verification data;
s53: when each node in the block chain platform detects that the transaction public key has the authentication transaction authority and the signature result and the authentication information are valid, determining that the authentication transaction is legal;
s6: when the identity authentication transaction is legal, each node in the block chain platform adds the authentication information of the identity authentication transaction to the block chain;
the verification information of the authentication transaction comprises a destination address of the authentication transaction, a transaction type identifier, a service platform identifier, a user terminal identifier, an account identifier and a user terminal state identifier; the transaction type identifier is used for identifying whether identity authentication transaction is initiated, the service platform identifier is used for identifying the service platform, the user terminal identifier is used for identifying the user terminal, the account identifier is used for identifying the identity of the user in the service platform, and the user state identifier is used for identifying whether the user terminal is in a use state or a logout state;
when the service platform accesses the blockchain platform through the nodes in the blockchain platform, a transaction key pair is generated, the transaction key pair comprises a transaction public key and a transaction private key, and the transaction key pair is a key pair with identity authentication transaction authority.
The invention combines the characteristics of decentralization, tamper resistance, sharing and the like of the block chain technology, after the service platform is accessed into the block chain platform, the authentication information related to the user and the user terminal is desensitized and then added to the block chain, and other service platforms can read all services related to the user and related information in each service from the block chain only by accessing nodes in the block chain platform, thereby realizing information sharing among the service platforms, leading the service platforms to be capable of providing services for the user better, simultaneously, because the records in the block chain can not be tampered, the identity verification transaction can not be repudiated and destroyed, and simultaneously, the information sharing can be realized, and simultaneously, the privacy and the safety of the information can be ensured.
A data security storage system based on a block chain is characterized in that when the data security storage system works, a user carries out vehicle maintenance in a repair shop, a maintainer can generate a vehicle inspection result and maintenance data m of a vehicle condition after the vehicle inspection, hash data H (m) is generated for the maintenance data, and an information abstract digest is generated; signing and issuing the hash data and the information abstract by using a private key of a repair shop; meanwhile, the maintenance data is encrypted by a public key of a user and the encrypted maintenance data is transmitted to a service platform; the user enters the service platform through identity authentication carried out by the information authentication module; the user terminal sends an authentication request to the service platform, and the service platform receives the authentication request and initiates identity verification transaction according to the authentication request; the service platform uses the stored transaction private key to sign the verification information of the identity verification transaction to obtain a signature result; the service platform broadcasts verification data of the identity verification transaction to the blockchain platform, each node in the blockchain platform verifies whether the identity verification transaction is legal according to the verification data, and when the identity verification transaction is legal, each node in the blockchain platform adds verification information of the identity verification transaction to the blockchain; the invention combines the characteristics of decentralization, tamper resistance, sharing and the like of the block chain technology, after a service platform is accessed into a block chain platform, authentication information related to a user and a user terminal is desensitized and then added to the block chain, other service platforms only need to be accessed into nodes in the block chain platform, all services related to the user and related information in each service can be read from the block chain, and information sharing among all service platforms is realized, so that each service platform can provide services for the user better in a confident way, and meanwhile, because records in the block chain cannot be tampered, identity verification transactions cannot be repudiated and destroyed, the privacy and safety of information can be ensured while the information is shared;
after receiving the encrypted maintenance data from the repair shop on the service platform, the user decrypts the encrypted maintenance data by using the private key of the user to decrypt the original maintenance data, the information abstract and the Hash data, and then decrypts the encrypted maintenance data by using the public key of the repair shop; for the encrypted maintenance data from the repair shop, firstly carrying out signature verification, then carrying out decryption, and classifying the decrypted maintenance data according to the vehicle model of the maintenance data; the user sends the first ciphertext to the block chain platform; the data uploading module is used for receiving maintenance data sharing request information of a downloader, and the maintenance data sharing request information carries a second public key; the proxy re-encryption module is used for acquiring maintenance data sharing request information and performing proxy re-encryption key generation operation on the first private key and the second public key according to a preset proxy re-encryption algorithm to obtain a re-encryption key; the proxy re-encryption module is used for sending the re-encryption key to the block chain platform; the block chain platform is used for acquiring a re-encryption key and re-encrypting the first ciphertext according to the re-encryption key to obtain a second ciphertext; the second ciphertext is used for the downloader to decrypt according to the second private key to obtain the maintenance data plaintext; the problem that data is transparent to a platform is solved through an encryption technology, after the encrypted data are sent to a block chain, block chain link points cannot analyze the data into a plaintext, and the block chain link points only play a role in data sharing and forwarding, so that the situation that user data are used by illegal platforms is avoided; by combining the proxy re-encryption mode, the condition that the uploading user obtains the ciphertext from the block chain without revealing the private key and the decryption key of the uploading user is ensured, and the ciphertext can be decrypted by the private key of the downloading user; the method can realize the operations of one-time encryption and multiple authorization of the data, and effectively improve the safety of the data sharing process.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims (6)

1. A data security storage system based on a block chain is characterized by comprising a block chain platform, a service platform and a user terminal, wherein the block chain platform comprises at least three nodes which are mutually communicated, the service platform is a service platform for providing service for the user terminal, the user terminal is connected with the service platform, and the service platform is connected with one node in the block chain platform;
the service platform is used for realizing the release and the storage of the maintenance records;
the service platform specifically includes:
the method comprises the following steps: and (3) issuing a maintenance record: a user carries out vehicle maintenance in a repair shop, a maintainer can generate a vehicle inspection result and vehicle condition maintenance data m after inspection, hash data H (m) is generated for the maintenance data, and an information abstract digest is generated; signing and issuing the hash data and the information abstract by using a private key of a repair shop; meanwhile, the maintenance data is encrypted by a public key of a user and the encrypted maintenance data is transmitted to a service platform;
step two: and (4) storing the maintenance records: specifically, the method comprises the steps that a user decrypts the obtained maintenance data and encrypts and transmits the maintenance data to a block chain platform; the method comprises the following steps:
s21: after the user passes the identity authentication of the information authentication module, the user successfully enters the service platform;
s22: after receiving the encrypted maintenance data from the repair shop on the service platform, the user decrypts the maintenance data, the information abstract and the Hash data by using the private key of the user, and then decrypts the maintenance data, the information abstract and the Hash data by using the public key of the repair shop;
s23: for the encrypted maintenance data from the repair shop, firstly carrying out signature verification, then carrying out decryption, and classifying the decrypted maintenance data according to the vehicle model of the maintenance data;
s24: the method comprises the steps that a user sends a first ciphertext to a block chain platform, wherein the first ciphertext is obtained by encrypting a maintenance data plaintext according to a first public key; marking the user at the moment as an uploader;
the first ciphertext is used for an uploader to decrypt according to a first private key to obtain a maintenance data plaintext;
the encryption process of the maintenance data plaintext comprises the following steps:
x1: carrying out serialization operation on the maintenance data plaintext to obtain byte stream data;
x2: carrying out large number system conversion on the byte stream data;
x3: judging whether the plaintext serialization length of the maintenance data is a multiple of 32, if so, executing a step X4; if not, after zero padding is carried out on the plaintext codes, executing the step X4;
x4: splitting a data plaintext, wherein the splitting unit is 32-bit length;
x5: respectively encrypting the split fragments by bls12-381 by using the first public key, and splicing the encryption results;
x6: performing base64 encoding on the spliced encryption result to obtain the first ciphertext;
the data uploading module is used for receiving maintenance data sharing request information of a downloader and sending the maintenance data sharing request information to the block chain platform, wherein the maintenance data sharing request information carries a second public key;
the proxy re-encryption module is used for acquiring maintenance data sharing request information and performing proxy re-encryption key generation operation on the first private key and the second public key according to a preset proxy re-encryption algorithm to obtain a re-encryption key; the proxy re-encryption module is used for sending a re-encryption key to the block chain platform;
the block chain platform is used for acquiring a re-encryption key and re-encrypting the first ciphertext according to the re-encryption key to obtain a second ciphertext;
and the second ciphertext is used for the downloader to decrypt according to the second private key to obtain the maintenance data plaintext.
2. The blockchain-based data security storage system of claim 1, wherein the predetermined proxy re-encryption algorithm is a bls12-381 algorithm.
3. The system according to claim 1, wherein the decryption process of the second ciphertext comprises the following steps:
XX 1: performing base64 decoding on the second ciphertext to obtain a splicing result;
XX 2: splitting the splicing result, wherein the splitting unit is 32-bit length;
XX 3: decrypting the splitting results by using the second private keys respectively, and splicing the decryption results to obtain a data plaintext;
XX 4: analyzing the data plaintext to obtain a serialized plaintext;
XX 5: and performing deserialization operation on the serialized plaintext to obtain the maintenance data plaintext.
4. The system according to claim 1, wherein the specific working steps of the information verification module include:
s1: the user terminal sends an authentication request to the service platform; the method comprises the following steps:
s11: a user terminal generates a pair of keys corresponding to the service platform, wherein the pair of keys comprises a terminal private key and a terminal public key, and the user terminal stores the terminal private key;
s12: the user terminal sends the user terminal identification and the public key address of the terminal public key to the service platform;
s13: the service platform determines the public key address as a destination address of the authentication transaction;
s2: the service platform receives the authentication request and initiates an identity verification transaction according to the authentication request;
s3: the service platform uses the stored transaction private key to sign the verification information of the identity verification transaction to obtain a signature result;
s4: the service platform broadcasts verification data of identity verification transaction to the blockchain platform, wherein the verification data comprises verification information, a signature result and a transaction public key, and the transaction public key and a transaction private key form a pair of keys;
s5: each node in the block chain platform verifies whether the identity verification transaction is legal or not according to the verification data; the method comprises the following steps:
s51: each node in the block chain platform detects whether the transaction public key in the verification data has an identity verification transaction authority;
s52: each node in the block chain platform verifies whether the signature result and the verification information are valid through a transaction public key included in the verification data;
s53: when each node in the block chain platform detects that the transaction public key has the authentication transaction authority and the signature result and the authentication information are valid, determining that the authentication transaction is legal;
s6: and when the authentication transaction is legal, each node in the block chain platform adds the authentication information of the authentication transaction to the block chain.
5. The blockchain-based data security storage system according to claim 4, wherein the verification information of the authentication transaction includes a destination address of the authentication transaction, a transaction type identifier, a service platform identifier, a user terminal identifier, an account identifier, and a user terminal status identifier; the transaction type identifier is used for identifying whether an identity authentication transaction is initiated, the service platform identifier is used for identifying the service platform, the user terminal identifier is used for identifying the user terminal, the account identifier is used for identifying the identity of a user in the service platform, and the user state identifier is used for identifying whether the user terminal is in a use state or a logout state.
6. The blockchain-based data security storage system according to claim 4, wherein the service platform generates a transaction key pair when accessing the blockchain platform through a node in the blockchain platform, the transaction key pair includes a transaction public key and a transaction private key, and the transaction key pair is a key pair with an authentication transaction right.
CN202011011671.XA 2020-09-23 2020-09-23 Data security storage system based on block chain Withdrawn CN112150147A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011011671.XA CN112150147A (en) 2020-09-23 2020-09-23 Data security storage system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011011671.XA CN112150147A (en) 2020-09-23 2020-09-23 Data security storage system based on block chain

Publications (1)

Publication Number Publication Date
CN112150147A true CN112150147A (en) 2020-12-29

Family

ID=73896212

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011011671.XA Withdrawn CN112150147A (en) 2020-09-23 2020-09-23 Data security storage system based on block chain

Country Status (1)

Country Link
CN (1) CN112150147A (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112887315A (en) * 2021-01-29 2021-06-01 广州市果豆科技有限责任公司 Intelligent equipment operation and maintenance method and system based on block chain
CN113408005A (en) * 2021-06-04 2021-09-17 中国联合网络通信集团有限公司 Auxiliary evaluation method and system for automobile performance, computer equipment and storage medium
CN113408259A (en) * 2021-06-09 2021-09-17 微易签(杭州)科技有限公司 Method, system, device and storage medium for filling in files based on block chain
CN113452705A (en) * 2021-06-28 2021-09-28 长春吉大正元信息技术股份有限公司 Encrypted communication method, device, electronic equipment and storage medium
CN113515496A (en) * 2021-05-25 2021-10-19 上海旺链信息科技有限公司 File transmission method and device, electronic equipment and storage medium
CN113794560A (en) * 2021-11-05 2021-12-14 深邦智能科技(青岛)有限公司 Super instrument data transmission encryption method and system
CN113810421A (en) * 2021-09-18 2021-12-17 上海万向区块链股份公司 Block chain-based PRE Internet of things data sharing method and system
CN114124402A (en) * 2021-11-03 2022-03-01 国家工业信息安全发展研究中心 Distributed data secure exchange sharing method under resource-constrained environment
CN114401148A (en) * 2022-01-28 2022-04-26 中企云链(北京)金融信息服务有限公司 Communication data encryption and decryption optimization method
CN114679319A (en) * 2022-03-25 2022-06-28 南京邮电大学 Block chain based distributed data synchronous encryption method
WO2022144643A1 (en) * 2020-12-30 2022-07-07 International Business Machines Corporation Secure memory sharing
CN114900304A (en) * 2021-12-29 2022-08-12 北京爱知之星科技股份有限公司 Digital signature method and apparatus, electronic device, and computer-readable storage medium
CN115022346A (en) * 2022-08-08 2022-09-06 湖南涉外经济学院 Online data synchronization method based on block chain
CN115297118A (en) * 2022-10-09 2022-11-04 北京航空航天大学杭州创新研究院 Data sharing method and data sharing system based on block chain
CN116090024A (en) * 2023-02-06 2023-05-09 山东昱鑫信息科技有限公司 Reliable data storage device, system and method
CN116911988A (en) * 2023-04-04 2023-10-20 深圳市奥盛通科技有限公司 Transaction data processing method, system, computer equipment and storage medium
CN116996276A (en) * 2023-07-20 2023-11-03 广州芳禾数据有限公司 Data sharing method and device based on conditional proxy re-encryption
CN115118751B (en) * 2022-07-15 2024-04-19 广东浪潮智慧计算技术有限公司 Blockchain-based supervision system, method, equipment and medium

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2616811A (en) * 2020-12-30 2023-09-20 Ibm Secure memory sharing
WO2022144643A1 (en) * 2020-12-30 2022-07-07 International Business Machines Corporation Secure memory sharing
CN112887315A (en) * 2021-01-29 2021-06-01 广州市果豆科技有限责任公司 Intelligent equipment operation and maintenance method and system based on block chain
CN113515496A (en) * 2021-05-25 2021-10-19 上海旺链信息科技有限公司 File transmission method and device, electronic equipment and storage medium
CN113408005A (en) * 2021-06-04 2021-09-17 中国联合网络通信集团有限公司 Auxiliary evaluation method and system for automobile performance, computer equipment and storage medium
CN113408005B (en) * 2021-06-04 2023-05-09 中国联合网络通信集团有限公司 Auxiliary evaluation method, system, computer equipment and storage medium for automobile performance
CN113408259A (en) * 2021-06-09 2021-09-17 微易签(杭州)科技有限公司 Method, system, device and storage medium for filling in files based on block chain
CN113452705A (en) * 2021-06-28 2021-09-28 长春吉大正元信息技术股份有限公司 Encrypted communication method, device, electronic equipment and storage medium
CN113810421A (en) * 2021-09-18 2021-12-17 上海万向区块链股份公司 Block chain-based PRE Internet of things data sharing method and system
CN114124402A (en) * 2021-11-03 2022-03-01 国家工业信息安全发展研究中心 Distributed data secure exchange sharing method under resource-constrained environment
CN113794560A (en) * 2021-11-05 2021-12-14 深邦智能科技(青岛)有限公司 Super instrument data transmission encryption method and system
CN114900304A (en) * 2021-12-29 2022-08-12 北京爱知之星科技股份有限公司 Digital signature method and apparatus, electronic device, and computer-readable storage medium
CN114900304B (en) * 2021-12-29 2023-06-09 北京爱知之星科技股份有限公司 Digital signature method and apparatus, electronic device, and computer-readable storage medium
CN114401148A (en) * 2022-01-28 2022-04-26 中企云链(北京)金融信息服务有限公司 Communication data encryption and decryption optimization method
CN114679319B (en) * 2022-03-25 2023-08-18 南京邮电大学 Distributed data synchronous encryption method based on block chain
CN114679319A (en) * 2022-03-25 2022-06-28 南京邮电大学 Block chain based distributed data synchronous encryption method
CN115118751B (en) * 2022-07-15 2024-04-19 广东浪潮智慧计算技术有限公司 Blockchain-based supervision system, method, equipment and medium
CN115022346B (en) * 2022-08-08 2022-10-21 湖南涉外经济学院 Online data synchronization method based on block chain
CN115022346A (en) * 2022-08-08 2022-09-06 湖南涉外经济学院 Online data synchronization method based on block chain
CN115297118A (en) * 2022-10-09 2022-11-04 北京航空航天大学杭州创新研究院 Data sharing method and data sharing system based on block chain
CN116090024A (en) * 2023-02-06 2023-05-09 山东昱鑫信息科技有限公司 Reliable data storage device, system and method
CN116090024B (en) * 2023-02-06 2024-01-30 上海泰锟医药技术有限公司 Reliable data storage device, system and method
CN116911988A (en) * 2023-04-04 2023-10-20 深圳市奥盛通科技有限公司 Transaction data processing method, system, computer equipment and storage medium
CN116911988B (en) * 2023-04-04 2024-04-05 深圳市奥盛通科技有限公司 Transaction data processing method, system, computer equipment and storage medium
CN116996276A (en) * 2023-07-20 2023-11-03 广州芳禾数据有限公司 Data sharing method and device based on conditional proxy re-encryption

Similar Documents

Publication Publication Date Title
CN112150147A (en) Data security storage system based on block chain
US20030081774A1 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
US20040057579A1 (en) Roaming hardware paired encryption key generation
CN108566395A (en) A kind of document transmission method, apparatus and system based on block chain
CN105100076A (en) Cloud data security system based on USB Key
CN102025503B (en) Data security implementation method in cluster environment and high-security cluster
CN101286837B (en) Message encryption device and method oriented to storage area network
CN108809936B (en) Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof
CN112671735B (en) Data encryption sharing system and method based on block chain and re-encryption
CN111082929A (en) Method for realizing encrypted instant communication
CN101305542B (en) Method for downloading digital certificate and cryptographic key
CN113114654B (en) Terminal equipment access security authentication method, device and system
JP2001177513A (en) Authenticating method in communication system, center equipment, and recording medium with authentication program recorded thereon
CN111917538A (en) Secret key derivation method and device based on vehicle-mounted equipment and vehicle-mounted equipment
CN106789963B (en) Asymmetric white-box password encryption method, device and equipment
CN110198320B (en) Encrypted information transmission method and system
CN111224958A (en) Data transmission method and system
CN110611679A (en) Data transmission method, device, equipment and system
CN114244508A (en) Data encryption method, device, equipment and storage medium
CN104468074A (en) Method and equipment for authentication between applications
US10764260B2 (en) Distributed processing of a product on the basis of centrally encrypted stored data
CN106972928B (en) Bastion machine private key management method, device and system
CN114978769A (en) Unidirectional lead-in device, method, medium, and apparatus
CN112217797B (en) Intelligent gateway Internet of things control system and method applying block chain technology
CN112035820B (en) Data analysis method used in Kerberos encryption environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20201229