CN112182609A - Block chain-based data uplink storage method and tracing method, device and equipment - Google Patents

Block chain-based data uplink storage method and tracing method, device and equipment Download PDF

Info

Publication number
CN112182609A
CN112182609A CN202011025688.0A CN202011025688A CN112182609A CN 112182609 A CN112182609 A CN 112182609A CN 202011025688 A CN202011025688 A CN 202011025688A CN 112182609 A CN112182609 A CN 112182609A
Authority
CN
China
Prior art keywords
data
key
block chain
identifier
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011025688.0A
Other languages
Chinese (zh)
Other versions
CN112182609B (en
Inventor
熊潇
邢金港
刘俊杰
雷刚
黄发培
胡伟
余昌龙
洪蜀宁
钱程
王雪
尹涛
郁微
庄磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202011025688.0A priority Critical patent/CN112182609B/en
Publication of CN112182609A publication Critical patent/CN112182609A/en
Application granted granted Critical
Publication of CN112182609B publication Critical patent/CN112182609B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the invention discloses a block chain-based data uplink storage method, a block chain-based data uplink tracing device and a block chain-based data uplink tracing device. The block chain-based data uplink storage method comprises the following steps: the method comprises the steps that according to a data uplink storage request sent by a data provider, a first identifier of the data provider and public keys of a plurality of first managers are obtained, and the data uplink storage request comprises a data hash result; encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, and encrypting each key fragment by using public keys of a plurality of first managers to obtain a plurality of key fragment ciphertexts; signing a data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party to form data to be stored; and sending the data to be stored to the block chain system to instruct the block chain link points in the block chain system to carry out uplink storage on the data to be stored. The embodiment of the invention can protect the privacy of the user.

Description

Block chain-based data uplink storage method and tracing method, device and equipment
Technical Field
The embodiment of the invention relates to the technical field of block chains, in particular to a block chain-based data uplink storage method, a block chain-based data uplink tracing method, a block chain-based data uplink storage device and a block chain-based data uplink tracing device.
Background
Privacy concerns are extremely important for individuals and businesses, and how to effectively protect user privacy on a blockchain is an important challenge facing blockchain implementation to practical applications. On this basis, since privacy protection may foster illegal transactions and activities of malicious users, it also presents a number of serious challenges to supervision. Therefore, a scheme for tracing the identity of a user while protecting the privacy of the user is needed.
Disclosure of Invention
The embodiment of the invention provides a block chain-based data uplink storage method, a block chain-based data uplink tracing device, a block chain-based data uplink storage device and a block chain-based data uplink tracing device, and aims to protect user privacy and trace user identities at the same time, so that conditions are provided for protecting the user privacy and tracing the user identities.
In a first aspect, an embodiment of the present invention provides a block chain-based data uplink storage method, which is executed by an electronic device with an authentication function, and the method includes:
according to a data uplink storage request sent by a data provider, acquiring a first identifier of the data provider and public keys of a plurality of first managers, wherein the data uplink storage request comprises a data hash result;
encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, and encrypting each key fragment by using public keys of the plurality of first managers to obtain a plurality of key fragment ciphertexts;
signing a data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party to form data to be stored;
and sending the data to be stored to a block chain system to instruct a block chain node in the block chain system to carry out uplink storage on the data to be stored.
In a second aspect, an embodiment of the present invention further provides a data tracing method based on a block chain, where the method is performed by a block chain link point, and the method includes:
when the data acquired from the block chain system is abnormal, generating a data tracing transaction, wherein the data tracing transaction comprises a data hash result and a second identifier of the block chain node;
transmitting the data trace back transaction in a blockchain system to instruct at least one first manager in the blockchain system to: responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first management party to obtain key fragments, and transmitting the key fragments in the block chain system according to the second identification of the block chain node;
determining whether the number of the key fragments acquired from the block chain system reaches a number threshold of a preset encryption algorithm;
if so, acquiring a decryption key based on all the acquired key fragments, and decrypting a first identification ciphertext corresponding to the abnormal data according to the decryption key to obtain a first identification plaintext;
and determining a data provider of the data hash result according to the first identification plaintext.
In a third aspect, an embodiment of the present invention further provides a block chain-based data uplink storage device configured in an electronic device with an authentication function, including:
the system comprises a first acquisition module, a second acquisition module and a first management module, wherein the first acquisition module is used for acquiring a first identifier of a data provider and public keys of a plurality of first managers according to a data uplink storage request sent by the data provider, and the data uplink storage request comprises a data hash result;
the first processing module is used for encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, and encrypting each key fragment by using public keys of the plurality of first managers to obtain a plurality of key fragment ciphertexts;
the second processing module is used for signing the data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party to form data to be stored;
and the data sending module is used for sending the data to be stored to a block chain system so as to instruct a block chain node in the block chain system to carry out uplink storage on the data to be stored.
In a fourth aspect, an embodiment of the present invention further provides a data tracing apparatus based on a block chain, where the data tracing apparatus is configured at a block chain node, and the data tracing apparatus includes:
the transaction generation module is used for generating a data tracing transaction when the data acquired from the block chain system is abnormal, wherein the data tracing transaction comprises a data hash result and a second identifier of the block chain node;
a third processing module, configured to transmit the data trace back transaction in a blockchain system to instruct at least one first manager in the blockchain system to perform the following operations: responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first management party to obtain key fragments, and transmitting the key fragments in the block chain system according to the second identification of the block chain node;
the first determining module is used for determining whether the number of the key fragments acquired from the block chain system reaches a number threshold of a preset encryption algorithm;
the second determining module is used for acquiring a decryption key based on all the acquired key fragments if the first identification plaintext is the first identification plaintext, and decrypting a first identification ciphertext corresponding to the abnormal data according to the decryption key;
and the third determining module is used for determining the data provider of the data hash result according to the first identification plaintext.
In a fifth aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement any of the block chain based data uplink storage methods in the embodiments of the present invention, or any of the block chain based data trace back methods in the embodiments of the present invention.
In a sixth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement any of the block chain based data uplink storage methods described in the embodiments of the present invention, or any of the block chain based data tracing back methods described in the embodiments of the present invention.
The technical scheme disclosed by the embodiment of the invention has the following beneficial effects:
when a data uplink storage request sent by a data provider is received, acquiring a first identifier of the data provider and public keys of a plurality of first managers according to the data uplink storage request, encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, and encrypts each key fragment by using public keys of a plurality of first managers to obtain a plurality of key fragment ciphertexts, carries the first identification ciphertexts and the plurality of key fragment ciphertexts in the data hash result carried by the data uplink storage request, signing the data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party to form data to be stored, and then sending the data to be stored into the blockchain system to instruct the blockchain system to carry out uplink storage on the data to be stored. Therefore, the identity identification ciphertext of the data provider and the plurality of key fragment ciphertexts of the decryption key are carried in the data provided by the data provider and are stored together in a chaining mode, so that when other users acquire the chained data from the blockchain system, only the data uploaded by the data provider can be acquired, and the provider identity information of the chained data cannot be acquired, and the user privacy is protected; the embodiment of the invention also discloses a scheme for tracing the identity of the data provider based on the data on the link, thereby providing conditions for protecting the privacy of the user and tracing the identity of the user.
Drawings
Fig. 1 is a flowchart illustrating a block chain-based data uplink storage method according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating another block chain-based data uplink storage method according to a second embodiment of the present invention;
fig. 3 is a schematic flowchart of a data tracing method based on a block chain according to a third embodiment of the present invention;
fig. 4 is a schematic flowchart of a data tracing method based on a block chain according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of a block chain-based data uplink storage device according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a data tracing apparatus based on a block chain according to a sixth embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to a seventh embodiment of the present invention.
Detailed Description
The embodiments of the present invention will be described in further detail with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad invention. It should be further noted that, for convenience of description, only some structures, not all structures, relating to the embodiments of the present invention are shown in the drawings.
The following describes a block chain-based data uplink storage method and a tracing method, apparatus, and device according to an embodiment of the present invention with reference to the accompanying drawings.
Example one
Fig. 1 is a flowchart illustrating a block chain-based data uplink storage method according to an embodiment of the present invention, where the embodiment is applicable to a scenario of protecting identity information of a data provider that uploads data in a block chain, and the applicable block chain may be a public chain, a private chain, or an alliance chain. Preferably, the block chain used in this embodiment is a federation chain. The method may be performed by a block chain based data uplink storage device, which may be comprised of hardware and/or software and may be integrated in an electronic apparatus, preferably an electronic apparatus with authentication functionality. The method comprises the following steps:
s101, according to a data uplink storage request sent by a data provider, acquiring a first identifier of the data provider and public keys of a plurality of first managers, wherein the data uplink storage request comprises a data hash result.
The first identifier refers to information that can uniquely determine the identity of the data provider, such as an organization code or a serial number.
In the embodiment of the present invention, the first manager refers to a management node for managing the blockchain system, and the plurality of managers may form a management organization (e.g., a federation committee). Wherein the first management party votes through a management organization in the blockchain system, and the plurality of first management parties in the management organization of different time periods may be different.
The data hash result specifically refers to a data hash value obtained by the data provider after performing hash processing on the data. That is, the data hash result may be digest data.
Optionally, in order to enable the data provider to upload data, in the embodiment of the present invention, before performing S101, the data provider needs to register in the blockchain system, and when the data provider successfully registers in the blockchain system, the data provider uploads data to the blockchain system.
In a specific implementation, the data provider may send a registration transaction to the blockchain system, so that the second manager assigns a first identifier to the data provider according to the registration transaction, initiates a voting proposal transaction, and then transmits the voting proposal transaction in the blockchain system, so that a plurality of first managers in the blockchain system vote based on the voting proposal transaction. And counting the voting results of the plurality of first management parties through the second management party to determine whether the votes pass. If the voting result is that the voting result is passed, determining that the data provider is successfully registered, sending registration success information carrying the first identifier to the data provider, and adding the data provider into a member table of the block chain system; and if the voting result is failure, returning registration failure information to the data provider. The second manager is a blockchain central node and is responsible for due-time investigation and blockchain system maintenance of the new member.
After receiving the registration success information sent by the second manager, the data provider can locally generate a key pair, and send the public key, the first identifier and other information in the key pair to the second manager, so that the second manager signs the received public key, the first identifier and other information to generate an admission certificate of the blockchain system, and sends the admission certificate to the data provider, so that the data provider completes the registration operation. The manner in which the data provider locally generates the key pair may be implemented by using a plurality of different encryption algorithms, such as asymmetric encryption algorithm generation, and the like, which is not specifically limited herein.
In this embodiment, the second administrator signs the public key, the first identifier, and other information sent by the data provider, which may be implemented according to different formats. Optionally, the signature is performed according to a format of the first identifier + the public key + other information, for example.
After the registration is successful, the data provider can also send a registration request to the blockchain system according to the admission certificate, so that the second manager analyzes the registration request, acquires the query address of the data provider, and registers the acquired query address to the blockchain, so that the query request which can be sent by the data provider subsequently can be responded by the blockchain nodes in the blockchain system. Wherein the query address is generated from a public key of the data provider.
Further, the data provider may send a data uplink storage request to the block chain system.
Since the identity information of the data provider and other privacy information may be leaked, in order to protect the identity information of the data provider and other privacy information, in the embodiment of the present invention, before the data hash result is written into the blockchain system, the data provider may perform anonymization on the first identifier of the data provider by using the electronic device having the authentication function, and then carry the anonymized first identifier of the data provider in the data hash result for uplink storage, so as to protect the identity information of the data provider and other privacy information, thereby eliminating the doubt of the user on privacy security.
In the embodiment of the present invention, before the electronic device with the authentication function performs anonymous processing on the first identifier of the data provider, validity verification may be performed on an admission certificate of the data provider and configuration files of a plurality of first managers in the blockchain system, so as to ensure that the configuration files of the data provider and the plurality of first managers are legal. Specifically, the electronic device with the authentication function obtains the admission certificate of the data provider and the configuration files of the plurality of first managers, and respectively performs validity verification on the obtained admission certificate and the obtained configuration files. The obtained admission certificate and the configuration file can be respectively matched with a stored admission certificate white list and a stored configuration file white list. And when at least one of the admission certificate and the configuration file does not belong to the white list, the admission certificate or the configuration file is illegal, the verification is failed, and the anonymous processing and data uploading operation on the first identifier of the data provider is finished at the moment. When the admission certificate and the configuration file are legal, a first identifier of the data provider is obtained from the admission certificate of the data provider, and public keys of the first managers are obtained from the configuration files of the first managers.
S102, encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, and encrypting each key fragment by using public keys of the first managers to obtain a plurality of key fragment ciphertexts.
In the embodiment of the present invention, the preset encryption algorithm may be an encryption algorithm such as a threshold encryption algorithm or an elliptic curve encryption algorithm, which is not specifically limited herein. In this embodiment, the preset encryption algorithm is preferably a threshold encryption algorithm. The threshold encryption algorithm is an algorithm for encrypting a piece of information to obtain an information ciphertext and a decryption key, dividing the decryption key into N parts and distributing the N parts to N members, when the information ciphertext is decrypted, all N key fragments do not need to be obtained, and the information ciphertext can be decrypted only by obtaining at least M key fragments (threshold value), wherein M is less than or equal to N. Generally, the threshold encryption algorithm is implemented by space geometry, polynomial and the like, and the object (key) of threshold encryption can be generated by the encryption algorithm such as EIGamal, SSH and the like.
Optionally, the first identifier of the data provider may be encrypted according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption. After the plurality of key fragments are obtained, the electronic device with the authentication function can also encrypt the key fragment corresponding to each first manager by using the public keys of the plurality of first managers to obtain a plurality of key fragment ciphertexts, so that the protection of each key fragment by using the public keys of different first managers is realized, when a subsequent user decrypts the first identification cipher text, the identity information of a data provider can be obtained only by performing double decryption, and the safety and reliability of the protection of the user privacy information are further improved.
S103, signing the data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party to form data to be stored.
Optionally, the first identification ciphertext, the multiple key fragment ciphertexts and the data hash result may be spliced to obtain a spliced result, and then the spliced result is signed according to a private key of a second management party to form the data to be stored, so that the signed spliced result cannot be tampered and forged, and a reliable certificate is provided for a subsequent block chain system to verify the validity of the data to be stored. The first identification ciphertext, the plurality of key fragment ciphertexts and the data hash result are spliced, and random splicing can be performed according to needs.
S104, sending the data to be stored to a block chain system to instruct a block chain node in the block chain system to carry out uplink storage on the data to be stored.
Optionally, after the data to be stored is sent to the blockchain system, the blockchain node in the blockchain system may check the signature of the data to be stored according to the pre-stored public key of the second manager, so as to determine whether the signature of the data to be stored is performed through the electronic device with the authentication function. When the data to be stored passes the verification, the data to be stored passes the signature of the electronic equipment with the authentication function, and at the moment, the data to be stored can be subjected to uplink storage. When the data to be stored is determined to fail to pass the signature verification, which indicates that the data to be stored fails to pass the signature of the electronic device with the authentication function, the information about the failure of signature verification of the data to be stored can be subjected to uplink storage, so that subsequent data query is facilitated.
The block chain-based data uplink storage method provided by the embodiment of the invention comprises the steps of acquiring a first identifier of a data provider and public keys of a plurality of first managers according to a data uplink storage request when receiving the data uplink storage request sent by the data provider, encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, encrypting each key fragment by using the public keys of the plurality of first managers to obtain a plurality of key fragment ciphertexts, carrying the first identifier ciphertext and the plurality of key fragment ciphertexts in a data hash result carried by the data uplink storage request, signing the data hash result carrying the first identifier ciphertext and the plurality of key fragment ciphertexts according to a private key of a second manager to form data to be stored, and then sending the data to be stored to a block chain system, to instruct the blockchain system to perform uplink storage on the data to be stored. Therefore, the identity identification ciphertext of the data provider and the plurality of key fragment ciphertexts of the decryption key are carried in the data provided by the data provider and are stored together in a chaining mode, so that when other users acquire the chained data from the blockchain system, only the data uploaded by the data provider can be acquired, the provider identity information of the chained data cannot be acquired, and the user privacy is protected.
Example two
Fig. 2 is a flowchart of a block chain-based data uplink storage method according to a second embodiment of the present invention, which is further optimized and expanded based on the foregoing embodiment, and can be combined with various optional technical solutions in the foregoing embodiment. As shown in fig. 2, the method may include:
s201, according to a data uplink storage request sent by a data provider, obtaining a first identifier of the data provider and public keys of a plurality of first managers, where the data uplink storage request includes a data hash result.
S202, encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a decryption key.
In the embodiment of the present invention, the preset encryption algorithm may be a threshold encryption algorithm or an elliptic curve encryption algorithm, or other encryption algorithms. In this embodiment, the preset encryption algorithm is preferably a threshold encryption algorithm.
Optionally, in this embodiment, the first identification ciphertext and the decryption key may be obtained in multiple ways, for example, the following ways:
in a first mode
And encrypting the first identifier according to a preset encryption algorithm and the random number to obtain a first identifier ciphertext and a decryption key.
When the preset encryption algorithm is the threshold encryption algorithm, a random number can be added to the threshold encryption algorithm, and then the first identifier is encrypted according to the threshold encryption algorithm added with the random number to obtain a first identifier ciphertext and a decryption key.
Mode two
And encrypting the first identifier added with the random number according to the preset encryption algorithm to obtain a first identifier ciphertext and a decryption key.
Specifically, a random number may be added to the first identifier, and then the first identifier to which the random number is added is encrypted by using a preset encryption algorithm to obtain a first identifier ciphertext and a decryption key.
In order to make the first identifier ciphertext obtained after encrypting the first identifier different each time and facilitate tracing of subsequent data, the random number in this embodiment preferably adopts a random number with a fixed length.
It should be noted that, the above-mentioned modes are only exemplary of the embodiments of the present invention, and are not specific limitations of the embodiments of the present invention.
S203, dividing the decryption key into a plurality of key fragments according to the number of the first management parties by using the preset encryption algorithm.
And S204, encrypting the key fragment corresponding to each first manager by respectively using the public key of each first manager to obtain a plurality of key fragment ciphertexts.
For example, if the number of the first managers is 8, the threshold encryption algorithm divides the decryption key into 8 key fragments, where one first manager corresponds to one key fragment. Then, the public keys of 8 first managers are used for encrypting the corresponding key fragments respectively to obtain 8 key fragment ciphertexts.
S205, signing the data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party to form data to be stored.
S206, the data to be stored is sent to a block chain system so as to instruct a block chain node in the block chain system to carry out uplink storage on the data to be stored.
The block chain-based data uplink storage method provided by the embodiment of the invention comprises the steps of acquiring a first identifier of a data provider and public keys of a plurality of first managers according to a data uplink storage request when receiving the data uplink storage request sent by the data provider, encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, encrypting each key fragment by using the public keys of the plurality of first managers to obtain a plurality of key fragment ciphertexts, carrying the first identifier ciphertext and the plurality of key fragment ciphertexts in a data hash result carried by the data uplink storage request, signing the data hash result carrying the first identifier ciphertext and the plurality of key fragment ciphertexts according to a private key of a second manager to form data to be stored, and then sending the data to be stored to a block chain system, to instruct the blockchain system to perform uplink storage on the data to be stored. Therefore, the identity identification ciphertext of the data provider and the plurality of key fragment ciphertexts of the decryption key are carried in the data provided by the data provider and are stored together in a chaining mode, so that when other users acquire the chained data from the blockchain system, only the data uploaded by the data provider can be acquired, the provider identity information of the chained data cannot be acquired, and the user privacy is protected.
EXAMPLE III
Fig. 3 is a schematic flow chart of a data tracing method based on a block chain according to a third embodiment of the present invention, where the third embodiment of the present invention is applicable to a scenario in which data stored in the block chain is traced, and the applicable block chain may be a public chain, a private chain, or an alliance chain. Preferably, the block chain used in this embodiment is a federation chain. The method may be performed by a blockchain based data trace back apparatus, which may be implemented by software and/or hardware, may be integrated inside an electronic device, which is preferably a blockchain node. The method specifically comprises the following steps:
s301, when the data acquired from the block chain system is abnormal, generating a data tracing transaction, wherein the data tracing transaction comprises a data hash result and a second identifier of the block chain node.
The second identifier refers to information capable of uniquely determining the identity of the data provider, such as an organization code, a query address or a serial number.
In practical applications, any user who successfully registers in the blockchain system can obtain the required data from the blockchain system. When an abnormal condition occurs when any user performs business processing by using the data acquired from the blockchain system, for example, a transaction failure occurs when a transaction is performed according to the acquired data, it is described that the data acquired from the blockchain system may have an abnormal condition. Therefore, in order to determine the data provider (uploader) of the abnormal data, the data inquirer in this embodiment may generate a data tracing transaction from the abnormal data, and trace back the data provider of the abnormal data based on the generated data tracing transaction.
S302, transmitting the data trace back transaction in the blockchain system to instruct at least one first manager in the blockchain system to perform the following operations: and responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first management party to obtain the key fragment, and transmitting the key fragment in the block chain system according to the second identifier of the block chain node.
Optionally, when the data tracing transaction is generated, the data tracing transaction may be transmitted to the blockchain system, so that at least one first manager in the blockchain system receives the data tracing transaction. And each first management party monitors all the transactions related to the data tracing transaction in the blockchain system, judges the environment of the blockchain system and the data hash result carried by the data tracing transaction according to the data tracing transaction, and determines whether to respond to the data tracing transaction according to the judgment result. If the data tracing transaction can be responded, the first management party can decrypt a key fragment ciphertext corresponding to the first management party according to a private key of the first management party to obtain a key fragment, and then transmits the obtained key fragment in the block chain system according to the second identifier of the block chain node, so that the data inquiry party obtains the key fragments transmitted by different first management parties from the block chain system.
S303, determining whether the number of key fragments obtained from the blockchain system reaches a number threshold of a preset encryption algorithm.
The preset encryption algorithm may be a threshold encryption algorithm or an elliptic curve encryption algorithm or other encryption algorithms. In this embodiment, the preset encryption algorithm is preferably a threshold encryption algorithm. Correspondingly, the number threshold is a threshold. The threshold value may be set according to practical applications, and is not particularly limited herein.
Optionally, the number of key fragments obtained from the blockchain system is counted, and the number of key fragments is compared with a number threshold, so as to determine whether the number of key fragments reaches the number threshold of the preset encryption algorithm. If the number of the key fragments is larger than or equal to the number threshold, determining that the number of the obtained key fragments reaches the number threshold of a preset encryption algorithm; and if the number of the key fragments is smaller than the number threshold, determining that the number of the obtained key fragments does not reach the number threshold of the preset encryption algorithm.
S304, if yes, acquiring a decryption key based on all the acquired key fragments, and decrypting the first identification ciphertext of the abnormal data according to the decryption key to obtain a first identification plaintext.
Specifically, when it is determined that the number of the obtained key fragments reaches the number threshold of the preset encryption algorithm, the preset encryption algorithm is used to obtain the decryption key according to all the key fragments. For example, when the preset encryption algorithm is a threshold encryption algorithm, the decryption key may be obtained according to all key fragments according to the threshold encryption algorithm.
And then, decrypting the first identification ciphertext of the abnormal data according to the obtained decryption key to obtain a first identification plaintext.
Further, when the data provider uploads the data to the blockchain system, and encrypts the first identifier according to the preset encryption algorithm to obtain the first identifier ciphertext and the decryption key, the first identifier added with the random number may be encrypted according to the preset encryption algorithm, so that the random number may exist in the first identifier plaintext obtained in this embodiment. The random number is known, so the data inquirer can subtract the first identification plaintext with the random number from the random number to obtain the first identification plaintext.
That is, in this embodiment, decrypting the first identification ciphertext of the abnormal data according to the decryption key to obtain the first identification plaintext, includes: decrypting a first identification ciphertext of the abnormal data according to the decryption key to obtain plaintext information comprising a first identification and a random number;
and removing the random number in the plaintext information to obtain a first identification plaintext.
S305, determining a data provider of the data hash result according to the first identification plaintext.
Optionally, the first identification plaintext may be matched with a user member table in the blockchain system, so as to determine a data provider of the data hash result. For example, if the first identification plaintext is the mechanism code 11, then when the mechanism code 11 exists in the user member table in the blockchain system, the data provider of the data hash result is determined to be the user with the mechanism code 11.
In the data tracing method based on the block chain provided in the embodiment of the present invention, when there is an abnormality in the acquired data, a data tracing transaction is generated, and the data tracing transaction is transmitted in the block chain system to instruct at least one first manager in the block chain system to perform the following operations: and responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first manager to obtain key fragments, transmitting the key fragments in the block chain system, determining whether the number of the key fragments obtained from the block chain system reaches a number threshold of a preset encryption algorithm, obtaining a decryption key based on all the obtained key fragments if the number of the key fragments obtained from the block chain system reaches the number threshold of the preset encryption algorithm, decrypting the first identification ciphertext corresponding to the abnormal data according to the decryption key to obtain a first identification plaintext, and determining the data provider of the data hash result according to the first identification plaintext. Therefore, the corresponding key fragment ciphertext is decrypted through the private key of the first manager, so that the first identification ciphertext corresponding to the abnormal data is decrypted according to the plurality of key fragments reaching the number threshold, the purpose of tracing a data provider of the data on the block chain system is achieved, and conditions are provided for the supervision of the private information of the data provider.
Example four
Fig. 4 is a schematic flow chart of a data tracing method based on a block chain according to a fourth embodiment of the present invention, which is further optimized and expanded based on the foregoing embodiment, and can be combined with various optional technical solutions in the foregoing embodiment. As shown in fig. 4, the method may include:
s401, when the data acquired from the block chain system is abnormal, generating a data tracing transaction, wherein the data tracing transaction comprises a data hash result and a second identifier of the block chain node.
S402, transmitting the data tracing transaction in the blockchain system to instruct at least one first manager in the blockchain system to execute the following operations: and responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first management party to obtain the key fragment, and transmitting the key fragment in the block chain system according to the second identifier of the block chain node.
S403, determining whether the number of key fragments obtained from the blockchain system reaches a number threshold of a preset encryption algorithm.
And S404, if not, determining whether a data tracing ending instruction sent by the data inquirer is received, otherwise, executing S405, and otherwise, executing S407.
S405, if not, continuing to wait for a preset time length, and when the number of the obtained key fragments reaches a number threshold of a preset encryption algorithm, obtaining a decryption key based on all the obtained key fragments, and decrypting a first identification ciphertext corresponding to the abnormal data according to the decryption key to obtain a first identification plaintext.
The preset duration may be adaptively set according to actual needs, and is not specifically limited herein.
Optionally, when it is determined that the number of the obtained key fragments does not reach the number threshold and a data tracing end instruction sent by the data querying party is not received, the key fragments are continuously obtained from the block chain system, and when the number of the obtained key fragments reaches the number threshold of the preset encryption algorithm, the preset encryption algorithm is used to obtain the decryption key according to all the key fragments. And then, decrypting the first identification ciphertext corresponding to the abnormal data according to the decryption key to obtain a first identification plaintext.
S406, determining a data provider of the data hash result according to the first identification plaintext.
And S407, ending the data tracing operation.
Optionally, when it is determined that the number of the obtained key fragments does not reach the number threshold and a data tracing end instruction sent by the data querying party is received, the data tracing operation is ended and the data querying party is waited to initiate a data tracing transaction of the data again.
In the data tracing method based on the block chain provided in the embodiment of the present invention, when there is an abnormality in the acquired data, a data tracing transaction is generated, and the data tracing transaction is transmitted in the block chain system to instruct at least one first manager in the block chain system to perform the following operations: responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first manager to obtain key fragments, transmitting the key fragments in the block chain system, determining whether the number of the key fragments obtained from the block chain system reaches a number threshold of a preset encryption algorithm, if not, continuing waiting for a preset time length if a data tracing end instruction sent by a data provider is not received, obtaining decryption keys based on all the obtained key fragments when the number of the obtained key fragments reaches the number threshold of the preset encryption algorithm, decrypting a first identification ciphertext corresponding to abnormal data according to the decryption keys to obtain a first identification plaintext, and then determining the data provider of the data hash result according to the first identification plaintext. Therefore, the corresponding key fragment ciphertext is decrypted through the private key of the first manager, so that the first identification ciphertext corresponding to the abnormal data is decrypted according to the plurality of key fragments reaching the number threshold, the purpose of tracing a data provider of the data on the block chain system is achieved, and conditions are provided for the supervision of the private information of the data provider.
EXAMPLE five
In order to achieve the above object, an embodiment of the present invention further provides a block chain based data uplink storage device, which is configured in an electronic device with an authentication function. Fig. 5 is a schematic structural diagram of a block chain-based data uplink storage device according to a fifth embodiment of the present invention. As shown in fig. 5, the block chain based data uplink storage device 500 according to the embodiment of the present invention includes: a first obtaining module 510, a first processing module 520, a second processing module 530 and a data sending module 540.
The first obtaining module 510 is configured to obtain, according to a data uplink storage request sent by a data provider, a first identifier of the data provider and public keys of multiple first managers, where the data uplink storage request includes a data hash result;
the first processing module 520 is configured to encrypt the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, and encrypt each key fragment by using public keys of the plurality of first managers to obtain a plurality of key fragment ciphertexts;
the second processing module 530 is configured to sign a data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party, so as to form data to be stored;
a data sending module 540, configured to send the data to be stored to a blockchain system, so as to instruct a blockchain node in the blockchain system to perform uplink storage on the data to be stored.
As an optional implementation manner of the embodiment of the present invention, the first processing module 520 includes: an encryption unit and a division unit;
the encryption unit is used for encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a decryption key;
and the dividing unit is used for dividing the decryption key into a plurality of key fragments according to the number of the plurality of first management parties by using the preset encryption algorithm.
As an optional implementation manner of the embodiment of the present invention, the encryption unit is specifically configured to:
encrypting the first identifier according to the preset encryption algorithm and the random number to obtain a first identifier ciphertext and a decryption key; alternatively, the first and second electrodes may be,
and encrypting the first identifier added with the random number according to the preset encryption algorithm to obtain a first identifier ciphertext and a decryption key.
As an optional implementation manner of the embodiment of the present invention, the first processing module 520 is specifically configured to:
and encrypting the key fragment corresponding to each first manager by respectively using the public key of each first manager to obtain a plurality of key fragment ciphertexts.
As an optional implementation manner of the embodiment of the present invention, the preset encryption algorithm is a threshold encryption algorithm.
As an optional implementation manner of the embodiment of the present invention, the apparatus 500 further includes: the system comprises a data acquisition module and a verification module;
the data acquisition module is used for acquiring the admission certificate of the data provider and the configuration files of the plurality of first managers;
and the verification module is used for respectively verifying the legality of the admission certificate of the data provider and the configuration files of the plurality of first managers.
As an optional implementation manner of the embodiment of the present invention, the first obtaining module 510 is specifically configured to:
acquiring a first identifier of the data provider from an admission certificate of the data provider; and the number of the first and second groups,
and acquiring the public keys of the plurality of first managers from the configuration files of the plurality of first managers.
It should be noted that the foregoing explanation of the embodiment of the block chain based data uplink storage method is also applicable to the block chain based data uplink storage device of the embodiment, and the implementation principle thereof is similar, and is not repeated here.
According to the block chain-based data uplink storage device provided by the embodiment of the invention, the identity identification ciphertext of the data provider and the plurality of key fragment ciphertexts of the decryption key are carried in the data provided by the data provider and are uplink-stored together, so that when other users acquire the data on the chain from the block chain system, only the data uploaded by the data provider can be acquired, and the provider identity information of the data on the chain cannot be acquired, thereby protecting the privacy of the users.
EXAMPLE six
Fig. 6 is a schematic structural diagram of a data tracing apparatus based on a block chain according to a sixth embodiment of the present invention. The data tracing device based on the block chain can be realized in a hardware and/or software mode and is configured in the block chain node. As shown in fig. 6, the data tracing apparatus 600 based on a block chain according to the embodiment of the present invention includes: a transaction generation module 610, a third processing module 620, a first determination module 630, a second determination module 640, and a third determination module 650.
The transaction generating module 610 is configured to generate a data tracing transaction when there is an abnormality in data acquired from the blockchain system, where the data tracing transaction includes a data hash result and a second identifier of the blockchain node;
a third processing module 620, configured to transmit the data trace back transaction in a blockchain system to instruct at least one first manager in the blockchain system to perform the following operations: responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first management party to obtain key fragments, and transmitting the key fragments in the block chain system according to the second identification of the block chain node;
a first determining module 630, configured to determine whether the number of key fragments obtained from the blockchain system reaches a number threshold of a preset encryption algorithm;
a second determining module 640, configured to, if yes, obtain a decryption key based on all the obtained key fragments, and decrypt, according to the decryption key, a first identifier ciphertext corresponding to the abnormal data to obtain a first identifier plaintext;
and a third determining module 650, configured to determine, according to the first identifier plaintext, a data provider of the data hash result.
As an optional implementation manner of the embodiment of the present invention, the second determining module 640 is further configured to:
if not, determining whether a data tracing ending instruction sent by the data inquirer is received;
if not, continuing to wait for the preset time length, otherwise, ending the data tracing operation.
As an optional implementation manner of the embodiment of the present invention, the second determining module 640 is specifically configured to:
and acquiring a decryption key according to all the key fragments by using a preset encryption algorithm.
As an optional implementation manner of the embodiment of the present invention, the second determining module 640 is specifically configured to:
decrypting a first identification ciphertext of the abnormal data according to the decryption key to obtain plaintext information comprising a first identification and a random number;
and removing the random number in the plaintext information to obtain a first identification plaintext.
As an optional implementation manner of the embodiment of the present invention, the third determining module 650 is specifically configured to:
and matching the first identification plaintext with a user member table in the blockchain system, and determining a data provider of the data hash result.
As an optional implementation manner of the embodiment of the present invention, the preset encryption algorithm is a threshold encryption algorithm; the quantity threshold is a threshold.
It should be noted that the foregoing explanation of the embodiment of the data tracing method based on a block chain is also applicable to the data tracing apparatus based on a block chain in this embodiment, and the implementation principle thereof is similar, and is not described herein again.
According to the technical scheme provided by the embodiment of the invention, the corresponding key fragment ciphertext is decrypted through the private key of the first manager, so that the first identification ciphertext corresponding to the abnormal data is decrypted according to the plurality of key fragments reaching the quantity threshold value, the purpose of tracing the data provider of the data on the block chain system is realized, and conditions are provided for the supervision of the private information of the data provider.
EXAMPLE seven
In order to achieve the above object, an embodiment of the present invention further provides an electronic device.
Fig. 7 is a schematic structural diagram of an electronic device according to a seventh embodiment of the present invention. FIG. 7 illustrates a block diagram of an exemplary electronic device 700 suitable for use in implementing embodiments of the present invention. The electronic device 700 shown in fig. 7 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 7, electronic device 700 is embodied in the form of a general purpose computing device. The components of the electronic device 700 may include, but are not limited to: one or more processors or processing units 710, a system memory 720, and a bus 730 that couples the various system components (including the system memory 720 and the processing unit 710).
Bus 730 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Electronic device 700 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by electronic device 700 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 720 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)721 and/or cache memory 722. The electronic device 700 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, the storage system 723 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 7, commonly referred to as a "hard disk drive"). Although not shown in FIG. 7, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 730 by one or more data media interfaces. Memory 720 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 724 having a set (at least one) of program modules 725, which may be stored for example in memory 720, such program modules 725 include, but are not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may include an implementation of a network environment. The program modules 725 generally perform the functions and/or methodologies of the described embodiments of the invention.
The electronic device 700 may also communicate with one or more external devices 740 (e.g., keyboard, pointing device, display 741, etc.), with one or more devices that enable a user to interact with the electronic device 700, and/or with any devices (e.g., network card, modem, etc.) that enable the electronic device 700 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 750. Also, the electronic device 700 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet) via the network adapter 760. As shown, the network adapter 760 communicates with the other modules of the electronic device 700 via the bus 730. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 700, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 710 executes programs stored in the system memory 720 to perform various functional applications and data processing, for example, implement a block chain based data uplink storage method or a block chain based data tracing method provided by the embodiment of the present invention.
The block chain-based data uplink storage method comprises the following steps:
according to a data uplink storage request sent by a data provider, acquiring a first identifier of the data provider and public keys of a plurality of first managers, wherein the data uplink storage request comprises a data hash result;
encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, and encrypting each key fragment by using public keys of the plurality of first managers to obtain a plurality of key fragment ciphertexts;
signing a data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party to form data to be stored;
and sending the data to be stored to a block chain system to instruct a block chain node in the block chain system to carry out uplink storage on the data to be stored.
The data tracing method based on the block chain in the embodiment of the invention comprises the following steps:
when the data acquired from the block chain system is abnormal, generating a data tracing transaction, wherein the data tracing transaction comprises a data hash result and a second identifier of the block chain node;
transmitting the data trace back transaction in a blockchain system to instruct at least one first manager in the blockchain system to: responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first management party to obtain key fragments, and transmitting the key fragments in the block chain system according to the second identification of the block chain node;
determining whether the number of the key fragments acquired from the block chain system reaches a number threshold of a preset encryption algorithm;
if so, acquiring a decryption key based on all the acquired key fragments, and decrypting a first identification ciphertext corresponding to the abnormal data according to the decryption key to obtain a first identification plaintext;
and determining a data provider of the data hash result according to the first identification plaintext.
Example eight
In order to achieve the above object, the present invention also provides a computer-readable storage medium.
The embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a block chain-based data uplink storage method or a block chain-based data tracing method according to the embodiment of the present invention.
The block chain-based data uplink storage method comprises the following steps:
according to a data uplink storage request sent by a data provider, acquiring a first identifier of the data provider and public keys of a plurality of first managers, wherein the data uplink storage request comprises a data hash result; encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, and encrypting each key fragment by using public keys of the plurality of first managers to obtain a plurality of key fragment ciphertexts; signing a data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party to form data to be stored; and sending the data to be stored to a block chain system to instruct a block chain node in the block chain system to carry out uplink storage on the data to be stored.
The data tracing method based on the block chain in the embodiment of the invention comprises the following steps:
when the data acquired from the block chain system is abnormal, generating a data tracing transaction, wherein the data tracing transaction comprises a data hash result and a second identifier of the block chain node; transmitting the data trace back transaction in a blockchain system to instruct at least one first manager in the blockchain system to: responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first management party to obtain key fragments, and transmitting the key fragments in the block chain system according to the second identification of the block chain node; determining whether the number of the key fragments acquired from the block chain system reaches a number threshold of a preset encryption algorithm; if so, acquiring a decryption key based on all the acquired key fragments, and decrypting a first identification ciphertext corresponding to the abnormal data according to the decryption key to obtain a first identification plaintext; and determining a data provider of the data hash result according to the first identification plaintext.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (17)

1. A block chain based data uplink storage method, performed by an electronic device with an authentication function, the method comprising:
according to a data uplink storage request sent by a data provider, acquiring a first identifier of the data provider and public keys of a plurality of first managers, wherein the data uplink storage request comprises a data hash result;
encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, and encrypting each key fragment by using public keys of the plurality of first managers to obtain a plurality of key fragment ciphertexts;
signing a data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party to form data to be stored;
and sending the data to be stored to a block chain system to instruct a block chain node in the block chain system to carry out uplink storage on the data to be stored.
2. The method according to claim 1, wherein the encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption comprises:
encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a decryption key;
and dividing the decryption key into a plurality of key fragments according to the number of the plurality of first management parties by using the preset encryption algorithm.
3. The method according to claim 2, wherein the encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a decryption key comprises:
encrypting the first identifier according to the preset encryption algorithm and the random number to obtain a first identifier ciphertext and a decryption key; alternatively, the first and second electrodes may be,
and encrypting the first identifier added with the random number according to the preset encryption algorithm to obtain a first identifier ciphertext and a decryption key.
4. The method of claim 2, wherein the encrypting each key slice with public keys of the first managers to obtain a plurality of key slice ciphertexts comprises:
and encrypting the key fragment corresponding to each first manager by respectively using the public key of each first manager to obtain a plurality of key fragment ciphertexts.
5. The method according to any of claims 1-4, wherein the predetermined encryption algorithm is a threshold encryption algorithm.
6. The method of claim 1, wherein prior to obtaining the first identification of the data provider and the public keys of the plurality of first managers, further comprising:
obtaining an admission certificate of the data provider and configuration files of the plurality of first managers;
and respectively carrying out validity verification on the admission certificate of the data provider and the configuration files of the plurality of first managers.
7. The method of claim 6, wherein obtaining the first identification of the data provider and public keys of the plurality of first managers comprises:
acquiring a first identifier of the data provider from an admission certificate of the data provider; and the number of the first and second groups,
and acquiring the public keys of the plurality of first managers from the configuration files of the plurality of first managers.
8. A block chain-based data tracing method, performed by block link points, the method comprising:
when the data acquired from the block chain system is abnormal, generating a data tracing transaction, wherein the data tracing transaction comprises a data hash result and a second identifier of the block chain node;
transmitting the data trace back transaction in a blockchain system to instruct at least one first manager in the blockchain system to: responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first management party to obtain key fragments, and transmitting the key fragments in the block chain system according to the second identification of the block chain node;
determining whether the number of the key fragments acquired from the block chain system reaches a number threshold of a preset encryption algorithm;
if so, acquiring a decryption key based on all the acquired key fragments, and decrypting a first identification ciphertext corresponding to the abnormal data according to the decryption key to obtain a first identification plaintext;
and determining a data provider of the data hash result according to the first identification plaintext.
9. The method according to claim 8, wherein after determining whether the number of key fragments obtained from the blockchain system reaches a number threshold of a preset encryption algorithm, further comprising:
if not, determining whether a data tracing ending instruction sent by the data inquirer is received;
if not, continuing to wait for the preset time length, otherwise, ending the data tracing operation.
10. The method according to claim 8, wherein the obtaining a decryption key based on all key slices obtained comprises:
and acquiring a decryption key according to all the key fragments by using a preset encryption algorithm.
11. The method according to claim 8, wherein the decrypting the first identification ciphertext of the abnormal data according to the decryption key to obtain a first identification plaintext, comprises:
decrypting a first identification ciphertext of the abnormal data according to the decryption key to obtain plaintext information comprising a first identification and a random number;
and removing the random number in the plaintext information to obtain a first identification plaintext.
12. The method according to claim 8, wherein the determining the data provider of the data hash result according to the first identification plaintext comprises:
and matching the first identification plaintext with a user member table in the blockchain system, and determining a data provider of the data hash result.
13. The method according to any one of claims 8-10, wherein the predetermined encryption algorithm is a threshold encryption algorithm; the quantity threshold is a threshold.
14. A block chain based data uplink storage device configured in an electronic device with an authentication function, comprising:
the system comprises a first acquisition module, a second acquisition module and a first management module, wherein the first acquisition module is used for acquiring a first identifier of a data provider and public keys of a plurality of first managers according to a data uplink storage request sent by the data provider, and the data uplink storage request comprises a data hash result;
the first processing module is used for encrypting the first identifier according to a preset encryption algorithm to obtain a first identifier ciphertext and a plurality of key fragments for decryption, and encrypting each key fragment by using public keys of the plurality of first managers to obtain a plurality of key fragment ciphertexts;
the second processing module is used for signing the data hash result carrying the first identification ciphertext and the plurality of key fragment ciphertexts according to a private key of a second management party to form data to be stored;
and the data sending module is used for sending the data to be stored to a block chain system so as to instruct a block chain node in the block chain system to carry out uplink storage on the data to be stored.
15. A data tracing device based on a block chain is characterized in that the device is configured at a block chain node and comprises:
the transaction generation module is used for generating a data tracing transaction when the data acquired from the block chain system is abnormal, wherein the data tracing transaction comprises a data hash result and a second identifier of the block chain node;
a third processing module, configured to transmit the data trace back transaction in a blockchain system to instruct at least one first manager in the blockchain system to perform the following operations: responding to the data tracing transaction, decrypting the corresponding key fragment ciphertext by using the private key of each first management party to obtain key fragments, and transmitting the key fragments in the block chain system according to the second identification of the block chain node;
the first determining module is used for determining whether the number of the key fragments acquired from the block chain system reaches a number threshold of a preset encryption algorithm;
the second determining module is used for acquiring a decryption key based on all the acquired key fragments if the first identification plaintext is the first identification plaintext, and decrypting a first identification ciphertext corresponding to the abnormal data according to the decryption key;
and the third determining module is used for determining the data provider of the data hash result according to the first identification plaintext.
16. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method for blockchain-based data uplink storage according to any one of claims 1 to 6 or the method for blockchain-based data trace-back according to any one of claims 7 to 13.
17. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the method for block chain based data uplink storage according to any one of claims 1 to 6 or the method for block chain based data tracing back according to any one of claims 7 to 13.
CN202011025688.0A 2020-09-25 2020-09-25 Block chain-based data uplink storage method, block chain-based data uplink traceability device and block chain-based data uplink traceability device Active CN112182609B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011025688.0A CN112182609B (en) 2020-09-25 2020-09-25 Block chain-based data uplink storage method, block chain-based data uplink traceability device and block chain-based data uplink traceability device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011025688.0A CN112182609B (en) 2020-09-25 2020-09-25 Block chain-based data uplink storage method, block chain-based data uplink traceability device and block chain-based data uplink traceability device

Publications (2)

Publication Number Publication Date
CN112182609A true CN112182609A (en) 2021-01-05
CN112182609B CN112182609B (en) 2024-02-02

Family

ID=73943981

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011025688.0A Active CN112182609B (en) 2020-09-25 2020-09-25 Block chain-based data uplink storage method, block chain-based data uplink traceability device and block chain-based data uplink traceability device

Country Status (1)

Country Link
CN (1) CN112182609B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112733169A (en) * 2021-01-13 2021-04-30 深圳市星际大陆科技有限公司 Data management method, system and terminal equipment based on block chain
CN113094731A (en) * 2021-04-15 2021-07-09 西南大学 Block chain privacy protection method based on different distribution recombination scheme
CN113407958A (en) * 2021-06-03 2021-09-17 广东辰宜信息科技有限公司 Signature data processing method, device, equipment and medium
CN113672993A (en) * 2021-08-26 2021-11-19 济南浪潮数据技术有限公司 Data processing method, system, equipment and computer readable storage medium
CN113824713A (en) * 2021-09-17 2021-12-21 平安银行股份有限公司 Key generation method, system and storage medium
CN114036565A (en) * 2021-11-19 2022-02-11 上海勃池信息技术有限公司 Private information retrieval system and private information retrieval method
CN114389878A (en) * 2022-01-13 2022-04-22 中国人民解放军国防科技大学 Block chain fragmentation method and block chain network system
CN114510737A (en) * 2022-04-21 2022-05-17 浙江数秦科技有限公司 Operation data time-limited open system based on block chain
CN115208630A (en) * 2022-06-15 2022-10-18 网易(杭州)网络有限公司 Block chain based data acquisition method and system and block chain system
CN115499249A (en) * 2022-11-17 2022-12-20 南京可信区块链与算法经济研究院有限公司 File storage method and system based on block chain distributed encryption
CN116155619A (en) * 2023-04-04 2023-05-23 江西农业大学 Data processing method, data request terminal, data possession terminal and data processing device
CN117097476A (en) * 2023-10-19 2023-11-21 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110909383A (en) * 2019-11-15 2020-03-24 深圳市网心科技有限公司 Electronic invoice management method and device, electronic equipment and storage medium
CN111062716A (en) * 2019-11-29 2020-04-24 支付宝(杭州)信息技术有限公司 Method and device for generating block chain signature data and block chain transaction initiating system
WO2020108114A1 (en) * 2018-11-28 2020-06-04 阿里巴巴集团控股有限公司 Blockchain-based data attestation method and apparatus, and electronic device
CN111291339A (en) * 2020-02-19 2020-06-16 上海方付通商务服务有限公司 Processing method, device and equipment of block chain data and storage medium
CN111639361A (en) * 2020-05-15 2020-09-08 中国科学院信息工程研究所 Block chain key management method, multi-person common signature method and electronic device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020108114A1 (en) * 2018-11-28 2020-06-04 阿里巴巴集团控股有限公司 Blockchain-based data attestation method and apparatus, and electronic device
CN110909383A (en) * 2019-11-15 2020-03-24 深圳市网心科技有限公司 Electronic invoice management method and device, electronic equipment and storage medium
CN111062716A (en) * 2019-11-29 2020-04-24 支付宝(杭州)信息技术有限公司 Method and device for generating block chain signature data and block chain transaction initiating system
CN111291339A (en) * 2020-02-19 2020-06-16 上海方付通商务服务有限公司 Processing method, device and equipment of block chain data and storage medium
CN111639361A (en) * 2020-05-15 2020-09-08 中国科学院信息工程研究所 Block chain key management method, multi-person common signature method and electronic device

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112733169A (en) * 2021-01-13 2021-04-30 深圳市星际大陆科技有限公司 Data management method, system and terminal equipment based on block chain
CN113094731A (en) * 2021-04-15 2021-07-09 西南大学 Block chain privacy protection method based on different distribution recombination scheme
CN113094731B (en) * 2021-04-15 2023-04-07 西南大学 Block chain privacy protection method based on different distribution recombination scheme
CN113407958A (en) * 2021-06-03 2021-09-17 广东辰宜信息科技有限公司 Signature data processing method, device, equipment and medium
CN113407958B (en) * 2021-06-03 2023-08-25 广东辰宜信息科技有限公司 Signature data processing method, device, equipment and medium
CN113672993A (en) * 2021-08-26 2021-11-19 济南浪潮数据技术有限公司 Data processing method, system, equipment and computer readable storage medium
CN113672993B (en) * 2021-08-26 2023-12-22 济南浪潮数据技术有限公司 Data processing method, system, equipment and computer readable storage medium
CN113824713A (en) * 2021-09-17 2021-12-21 平安银行股份有限公司 Key generation method, system and storage medium
CN113824713B (en) * 2021-09-17 2023-03-31 平安银行股份有限公司 Key generation method, system and storage medium
CN114036565A (en) * 2021-11-19 2022-02-11 上海勃池信息技术有限公司 Private information retrieval system and private information retrieval method
CN114036565B (en) * 2021-11-19 2024-03-08 上海勃池信息技术有限公司 Private information retrieval system and private information retrieval method
CN114389878A (en) * 2022-01-13 2022-04-22 中国人民解放军国防科技大学 Block chain fragmentation method and block chain network system
CN114389878B (en) * 2022-01-13 2024-03-19 中国人民解放军国防科技大学 Block chain slicing method and block chain network system
CN114510737B (en) * 2022-04-21 2022-07-15 浙江数秦科技有限公司 Operation data time-limited open system based on block chain
CN114510737A (en) * 2022-04-21 2022-05-17 浙江数秦科技有限公司 Operation data time-limited open system based on block chain
CN115208630A (en) * 2022-06-15 2022-10-18 网易(杭州)网络有限公司 Block chain based data acquisition method and system and block chain system
CN115208630B (en) * 2022-06-15 2024-04-09 网易(杭州)网络有限公司 Block chain-based data acquisition method and system and block chain system
CN115499249A (en) * 2022-11-17 2022-12-20 南京可信区块链与算法经济研究院有限公司 File storage method and system based on block chain distributed encryption
CN116155619A (en) * 2023-04-04 2023-05-23 江西农业大学 Data processing method, data request terminal, data possession terminal and data processing device
CN117097476B (en) * 2023-10-19 2024-01-26 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet
CN117097476A (en) * 2023-10-19 2023-11-21 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet

Also Published As

Publication number Publication date
CN112182609B (en) 2024-02-02

Similar Documents

Publication Publication Date Title
CN112182609B (en) Block chain-based data uplink storage method, block chain-based data uplink traceability device and block chain-based data uplink traceability device
US9852300B2 (en) Secure audit logging
JP6118778B2 (en) System and method for securing data in motion
US20140172830A1 (en) Secure search processing system and secure search processing method
KR101833323B1 (en) Method for Confirming Statement by Use of Block Chain Which Guarantees Anonymity and Prevents Sybil Attack
CN111835774B (en) Data processing method, device, equipment and storage medium
CN1599311A (en) Secure communication with a keyboard or related device
CN112287379B (en) Service data using method, device, equipment, storage medium and program product
US9215070B2 (en) Method for the cryptographic protection of an application
CN113849847B (en) Method, apparatus and medium for encrypting and decrypting sensitive data
CN111294203B (en) Information transmission method
CN113610526A (en) Data trust method and device, electronic equipment and storage medium
Junghanns et al. Engineering of secure multi-cloud storage
CN112910641B (en) Verification method and device for cross-link transaction supervision, relay link node and medium
CN112865965B (en) Train service data processing method and system based on quantum key
CN104735020A (en) Method, device and system for acquiring sensitive data
Simpson et al. Assured identity for enterprise level security
CN103916237B (en) Method and system for managing user encrypted-key retrieval
CN111291398A (en) Block chain-based authentication method and device, computer equipment and storage medium
CN114553566B (en) Data encryption method, device, equipment and storage medium
CN115842663A (en) IP address protection application management method and system
CN114584299A (en) Data processing method and device, electronic equipment and storage medium
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
CN112733166A (en) license authentication and authorization function realization method and system
CN112685786B (en) Financial data encryption and decryption method, system, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant