CN112217636A - Data processing method and device based on block chain, computer equipment and medium - Google Patents

Data processing method and device based on block chain, computer equipment and medium Download PDF

Info

Publication number
CN112217636A
CN112217636A CN202010979368.2A CN202010979368A CN112217636A CN 112217636 A CN112217636 A CN 112217636A CN 202010979368 A CN202010979368 A CN 202010979368A CN 112217636 A CN112217636 A CN 112217636A
Authority
CN
China
Prior art keywords
data
uplink
signature
block chain
local
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010979368.2A
Other languages
Chinese (zh)
Other versions
CN112217636B (en
Inventor
余昌龙
熊潇
刘俊杰
黄发培
胡伟
雷刚
邢金港
洪蜀宁
钱程
王雪
尹涛
郁微
庄磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202010979368.2A priority Critical patent/CN112217636B/en
Publication of CN112217636A publication Critical patent/CN112217636A/en
Application granted granted Critical
Publication of CN112217636B publication Critical patent/CN112217636B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a data processing method, a device, computer equipment and a medium based on a block chain, which comprises the following steps: acquiring data to be uplink; carrying out authorized signature on the uplink data abstract of the data to be uplink according to the block chain member information to obtain an uplink data authorized signature; sending the uplink data digest and the uplink data authorization signature to a block chain network so as to perform data uplink operation on the uplink data digest by using the block chain network; wherein the uplink data grant signature is used for performing data source tracing on the uplink data digest. The technical scheme of the embodiment of the invention can realize the tracing of the data source based on the block chain platform so as to meet the diversified service requirements of the block chain and ensure the fairness and the health of the block chain.

Description

Data processing method and device based on block chain, computer equipment and medium
Technical Field
The embodiment of the invention relates to the technical field of block chains, in particular to a data processing method and device based on a block chain, computer equipment and a storage medium.
Background
The block chain has the characteristic of public transparency, and more encryption calculation needs to be performed on private data to perform data protection, for example, an information sharing platform based on the block chain, and due to the characteristics of de-centering and anonymization of the block chain, the block chain nodes can call an intelligent contract to realize encrypted data uplink.
Although the above encrypted data chaining manner can ensure the security of data, the true identity of the block link point where data is uploaded cannot be traced back. Some service scenarios need to make some restrictions on the characteristics of encrypted data uplink, and if data security needs to be maintained, the traceable service requirement of a data source is also met, so that data source tracing can be performed when data has problems while business secret is protected through data sharing.
Disclosure of Invention
Embodiments of the present invention provide a data processing method and apparatus based on a block chain, a computer device, and a medium, which implement tracing back of a data source based on a block chain platform to meet diversified service requirements of the block chain and ensure fairness and health of the block chain.
In a first aspect, an embodiment of the present invention provides a data processing method based on a block chain, which is applied to a data uplink block chain node, and includes:
acquiring data to be uplink;
carrying out authorized signature on the uplink data abstract of the data to be uplink according to the block chain member information to obtain an uplink data authorized signature;
sending the uplink data digest and the uplink data authorization signature to a block chain network so as to perform data uplink operation on the uplink data digest by using the block chain network;
wherein the uplink data grant signature is used for performing data source tracing on the uplink data digest.
In a second aspect, an embodiment of the present invention further provides a data processing apparatus based on a block chain, configured at a data uplink block chain node, including:
the data to be uplink-linked acquisition module is used for acquiring data to be uplink-linked;
the data authorization signature module is used for carrying out authorization signature on the uplink data abstract of the data to be uplink according to the block chain member information to obtain an uplink data authorization signature;
a data uplink module, configured to send the uplink data digest and the uplink data authorization signature to a block chain network, so as to perform a data uplink operation on the uplink data digest by using the block chain network;
wherein the uplink data grant signature is used for performing data source tracing on the uplink data digest.
In a third aspect, an embodiment of the present invention further provides a computer device, where the computer device includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for processing data based on a blockchain according to any embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention further provides a computer storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the data processing method based on the blockchain provided in any embodiment of the present invention.
According to the embodiment of the invention, the acquired cochain data abstract of the to-be-cochain data is subjected to authorized signature according to the member information of the block chain to obtain the cochain data authorized signature, so that the cochain data abstract and the cochain data authorized signature are sent to the block chain network, the block chain network is utilized to carry out data cochain operation on the cochain data abstract, and the block chain network is utilized to carry out data source tracing on the cochain data abstract according to the cochain data authorized signature, so that the problem that the data source tracing cannot be realized by the existing block chain network is solved, the tracing of the data source based on a block chain platform is realized, the diversified service requirements of the block chain are met, and the fairness and the health of the block chain.
Drawings
Fig. 1 is a flowchart of a data processing method based on a block chain according to an embodiment of the present invention;
fig. 2 is a flowchart of a data processing method based on a block chain according to a second embodiment of the present invention;
fig. 3 is a flowchart of a data uplink according to a second embodiment of the present invention;
fig. 4 is a flowchart of a data processing method based on a block chain according to a third embodiment of the present invention;
fig. 5 is a schematic diagram of a data processing apparatus based on a block chain according to a fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a computer device according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention.
It should be further noted that, for the convenience of description, only some but not all of the relevant aspects of the present invention are shown in the drawings. Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example one
Fig. 1 is a flowchart of a block chain-based data processing method according to an embodiment of the present invention, where the present embodiment is applicable to a case of performing data uplink in a block chain network on the premise of satisfying data traceability, and the method may be executed by a block chain-based data processing apparatus, which may be implemented by software and/or hardware, and may be generally integrated in a computer device, which may be a block chain node device for performing data uplink. Accordingly, as shown in fig. 1, the method comprises the following operations:
s110, obtaining the data to be uplink.
The data to be uplink may be data that needs to be uplink at a data uplink block link point, so called uplink is to pack data into a block and store the block for acknowledgement in the block chain network. The data uplink blockchain node is also a blockchain node that transmits data to the blockchain network for data uplink.
It can be understood that, when performing data uplink, the data uplink blockchain node first needs to acquire data to be uplink.
S120, performing authorized signature on the uplink data abstract of the data to be uplink according to the block chain member information to obtain an uplink data authorized signature.
The information about the member of the blockchain may be related information about each blockchain node in the blockchain network. Alternatively, the blockchain network may be a federation chain network. The alliance chain network allows authorized nodes to join the network and can view information according to the authority. Correspondingly, the block chain member information may include alliance chain member information and local member information corresponding to the uplink block chain link point. For example, the blockchain member information may include a summary of the coalition chain member information, a local member identifier, and the like, and the embodiment of the present invention does not encrypt the specific data content of the blockchain member information. The uplink data digest may be a data digest formed according to the data to be uplink, for example, a hash value obtained by hash-encrypting the data to be uplink may be used as the uplink data digest. The uplink data authorization signature is a signature ciphertext obtained by performing authorization signature on the uplink data abstract.
In the embodiment of the present invention, in order to implement data source tracing of uplink data, after acquiring the data to be uplink, the data uplink block chain node may perform an authorized signature on an uplink data digest of the data to be uplink according to the block chain member information, so as to obtain an uplink data authorized signature. For example, the data uplink blockchain node signs the combination of the uplink data digest and blockchain member information with a local private key. The ul data grant signature generated by the ul block node is used for data source tracing of the ul data digest. The data source tracing means that after the uplink data is formed by the uplink data to be uplink-linked, if the uplink data has a problem, the data source tracing can trace to the data uplink block chain node corresponding to the uplink data so as to request the data uplink block chain node to process the uplink data having the problem. Optionally, the data uplink block chain node may perform an authorized signature on an uplink data digest of the to-be-uplink data according to the block chain member information through a local authorization module, so as to obtain an authorized signature of the uplink data. The authorization module can adopt a special packaging mode to ensure that the authorization module cannot be decompiled and becomes a completely trusted module.
S130, sending the uplink data digest and the uplink data authorization signature to a block chain network, so as to perform a data uplink operation on the uplink data digest by using the block chain network.
Correspondingly, after the data uplink block chain node acquires the uplink data authorization signature corresponding to the to-be-uplink data, the uplink data abstract and the uplink data authorization signature corresponding to the to-be-uplink data can be simultaneously sent to the block chain network, so that the block chain network is utilized to perform data uplink operation on the uplink data abstract.
In the above scheme, the security of the uplink data can be ensured by a mode of only uploading the uplink data abstract to the uplink data. Meanwhile, after other block chain nodes in the block chain network receive the uplink data authorization signature corresponding to the to-be-uplink data, the uplink data authorization signature can be used for carrying out data source tracing on the uplink data. For example, the blockchain link point decrypts and verifies the uplink data authorization signature by using the blockchain public key to obtain node information of the data uplink blockchain node, such as a local member identifier, so as to determine the data source of the uplink data according to the local member identifier, that is, determine the data uplink blockchain node. The data processing method based on the block chain can meet the diversified service requirements of the block chain and can ensure the fairness and the health of the block chain.
According to the embodiment of the invention, the acquired cochain data abstract of the to-be-cochain data is subjected to authorized signature according to the member information of the block chain to obtain the cochain data authorized signature, so that the cochain data abstract and the cochain data authorized signature are sent to the block chain network, the block chain network is utilized to carry out data cochain operation on the cochain data abstract, and the block chain network is utilized to carry out data source tracing on the cochain data abstract according to the cochain data authorized signature, so that the problem that the data source tracing cannot be realized by the existing block chain network is solved, the tracing of the data source based on a block chain platform is realized, the diversified service requirements of the block chain are met, and the fairness and the health of the block chain.
Example two
Fig. 2 is a flowchart of a data processing method based on a block chain according to a second embodiment of the present invention, which is embodied on the basis of the above embodiments, and in this embodiment, a specific optional implementation manner of performing an authorization signature on an uplink data digest of to-be-uplink data according to block chain member information and sending the uplink data digest and the uplink data authorization signature to a block chain network is provided. Correspondingly, as shown in fig. 2, the method of the present embodiment may include:
s210, obtaining the data to be uplink.
S220, obtaining a local member signature generated by the data uplink block chain node aiming at the uplink data abstract.
The local member signature is a signature generated by encrypting a local member identifier and the uplink data digest through a local member private key.
The local member private key is also a private key of the data uplink blockchain node, and the local member identifier may be a local identifier of the data uplink blockchain node, such as a member number.
In the embodiment of the present invention, after acquiring the to-be-uplink data, the uplink block chaining point needs to generate a local member signature for the uplink data digest. Accordingly, the data uplink blockchain node may simultaneously upload the uplink data digest and the local member signature generated for the uplink data digest to the local authorization module.
S230, verifying the local member signature, and after the local member signature is verified, performing threshold encryption on the local member identifier and the local member signature to obtain a threshold key fragment.
The threshold key fragment is a fragment ciphertext obtained by performing threshold encryption on the local member signature.
Correspondingly, after receiving the uplink data digest and the local member signature, the authorization module can verify the local member signature, and after determining that the local member signature passes the verification, threshold encryption is performed on the local member identifier and the local member signature by using the threshold signature private key segment to obtain the threshold key segment. Threshold encryption is carried out on the local member identification and the local member signature, so that anonymization processing on the data uplink block chain node can be realized, namely, the identity of the data uplink block chain node needs to be encrypted each time the data uplink block chain node uploads data to the block chain, and therefore anonymous data uplink is realized. The anonymous data uplink may fulfill the protection requirements of business secrets, thereby maintaining fair competition.
In an alternative embodiment of the present invention, the threshold key fragment corresponding to different ul data digests may be different. That is, the uplink block chain link point uploads data to the block chain every time, the generated threshold key fragments are different, so that 'one number and one secret' are realized, the anonymization results are different every time, and dictionary attack is effectively resisted.
S240, carrying out secondary encryption on the threshold key fragments according to the public key of the member of the block chain to obtain a threshold key ciphertext.
The public key of the member of the blockchain is also the public key of the blockchain network. The threshold key ciphertext is the ciphertext obtained by encrypting the threshold key fragment.
Correspondingly, after the threshold key fragment is obtained, the authorization module can further perform secondary encryption on the threshold key fragment by using the public key of the member of the block chain to obtain a threshold key ciphertext, so that the security of the threshold key fragment is ensured.
S250, signing the uplink data abstract according to the threshold key fragment, the threshold key ciphertext and the block chain member information abstract to obtain the uplink data authorization signature.
The blockchain member information digest may be a member information digest formed according to the blockchain member information, and for example, a hash value obtained by hash-encrypting the blockchain member information may be used as the blockchain member information digest. And the blockchain member is also a blockchain node. For example, the blockchain member information may be information such as a member number or a member address of each blockchain node, and the specific data type of the blockchain member information is not limited in the embodiment of the present invention.
Specifically, the uplink data digest can be signed according to the threshold key fragment, the threshold key ciphertext and the block chain member information digest, so as to obtain an uplink data authorization signature. For example, the authorization module encrypts a combination of the uplink data digest, the threshold key fragment, the threshold key ciphertext, and the block chain member information digest using the local private key to obtain an uplink data authorization signature.
S260, the uplink data abstract, the threshold key fragment, the threshold key ciphertext, the block chain member information abstract and the uplink data authorization signature are simultaneously sent to the block chain network.
The threshold key fragment, the threshold key ciphertext and the uplink data authorization signature are used for data source tracing when the uplink data abstract has a problem.
In the embodiment of the present invention, if the data uplink block chain node is anonymized, when performing data uplink, it is necessary to simultaneously send the uplink data digest, the threshold key fragment, the threshold key ciphertext, the block chain member information digest, and the uplink data authorization signature to the block chain network, so that other block chain nodes in the block chain network perform data uplink operation according to the received uplink data digest and the block chain member information digest, and perform data source tracing on the uplink data digest according to the received threshold key fragment, the threshold key ciphertext, and the uplink data authorization signature. Optionally, the block link point may determine a data uplink block link node for uploading the uplink data digest by using the threshold key fragment, the threshold key ciphertext and the uplink data authorization signature, thereby implementing data source tracing. For example, the uplink data authorization signature is verified to obtain a threshold key fragment and a threshold key ciphertext, the obtained threshold key fragment and the threshold key ciphertext are compared with the received threshold key fragment and the threshold key ciphertext, and when the obtained threshold key fragment and the obtained threshold key ciphertext are determined to be matched with the received threshold key fragment and the threshold key ciphertext, the threshold key fragment and the threshold key ciphertext are used for threshold decryption to determine a data source corresponding to the uplink data. When threshold decryption is carried out by using the threshold key fragments and the threshold key ciphertext, threshold decryption is carried out after the link points of each block are voted for a certain proportion. Specifically, the threshold key ciphertext needs to be decrypted by using a local private key, and then the threshold key fragment obtained by decryption is compared and matched with the received threshold key fragment. And after the matching is correct, each block chain link point decrypts the threshold key fragment by using the threshold decryption private key fragment.
In an optional embodiment of the present invention, each block link node of the block chain network is configured to, after receiving the uplink data digest, the threshold key fragment, the threshold key ciphertext, the block chain member information digest, and the uplink data authorization signature, perform identity verification on the block chain member information digest according to a local block chain member information digest, perform signature verification on the uplink data authorization signature after the identity verification is passed, and perform data uplink operation on the uplink data digest after the signature verification is passed.
The local block chain member information abstract is a block chain member information abstract locally stored by each block chain link point.
Specifically, when performing data uplink, information verification is required for other block link points in the block link network. First, the blockchain link node may perform identity verification on the received blockchain member information digest according to the local blockchain member information digest to determine identity validity of the data uplink blockchain node. And if the identity authentication is passed, continuing to perform signature authentication, otherwise, failing to perform the identity authentication, and refusing to perform data uplink. After the identity verification passes, further performing signature verification on the received uplink data authorization signature, and after the signature verification passes, performing data uplink operation on the uplink data abstract; otherwise, the signature verification fails and the data uplink is refused. Optionally, the specific process of signature verification may be: and decrypting the uplink data authorization signature by using the block chain public key to acquire information such as an uplink data abstract, a threshold ciphertext, a threshold key ciphertext set and a block chain member information abstract, and comparing and verifying the information acquired by decrypting the uplink data authorization signature with the received information such as the uplink data abstract, the threshold ciphertext, the threshold key ciphertext set and the block chain member information abstract.
According to the technical scheme, anonymization of the identity of the chain link point of the data uplink block can be realized by carrying out threshold encryption on the local member identification and the local member signature, and meanwhile, the data source tracing can be realized by using the uplink data authorization signature obtained by signing the uplink data abstract by using the threshold key fragment, the threshold key ciphertext and the block chain member information abstract so as to meet the diversified service requirements of the block chain and ensure the fairness and the health of the block chain.
The following describes, by way of example, a data processing method based on a block chain according to an embodiment of the present invention with reference to a specific application scenario:
the data processing method based on the block chain provided by the embodiment of the invention can be applied to data processing scenes in the financial field, such as application scenes of blacklist data sharing and management of financial institutions and the like. With the increasing abundance of financial products of financial institutions, the increasing diversification of service means and the deep application of the internet + in the financial industry, more behaviors of illegally acquiring financial institution funds or transferring risks to the financial institutions appear while bringing convenience to customers. At present, the demands of each financial institution for handling services in multiple self-service channels are increasing day by day, so the demands for risk management are also increasing gradually. However, many financial institutions do not have a centralized blacklist library, the existing blacklist library is only limited to a list for handling service violation in the institution, and blacklists of new customers and other financial institutions cannot be prevented and controlled, so that risk loss is caused by asymmetry of information utilized by lawbreakers, and risks cannot be comprehensively grasped. In order to solve the problems, blacklist sharing application can be realized through a alliance chain formed by financial institutions, blacklist data interconnection and intercommunication between the financial institutions and social units are realized through a block chain technology, a joint defense joint control social credit system is formed, and each alliance member (namely an alliance chain node) uploads sharing blacklist data in an anonymous or real-name mode to improve the risk prevention and control capacity of the alliance.
In a blacklist data sharing service scenario, the following requirements exist for a data sharing mode:
(1) and (4) privacy protection. During the uplink of the blacklist data, the plaintext of the blacklist cannot be directly exposed, only the uplink of the list data after desensitization can be used as a data certificate, only when other alliance members need to check a specific blacklist, a data uplink block chain node (namely, an alliance member uploading the blacklist data) can be requested to provide the plaintext of the data, and the plaintext of the data is only used for the alliance member initiating the request to check.
(2) The business is confidential. The blacklist data is a part of business or operation effect of the coalition members like other normal data, and part of potential member institutions feed back hopes to realize anonymity of data sharing to protect business secrets by referring to data sharing modes such as current credit investigation institutions and the like.
(3) And (4) data security. The blacklist data inquired by the application is shared by the member chain blacklist, and is shared by all the members of the alliance. How to ensure the correctness and the effectiveness of data quality is a very important topic. On the premise of satisfying the anonymity of the 2 nd data, after a problem is found in the data, the problem and responsibility must be identified.
Under extreme conditions, a malicious alliance member pretends to be other alliance members to carry out data uplink, and immediately, after data source tracing is carried out through alliance consensus anti-anonymity, the obtained data source is not the correct data source. Thus, an authorization and authentication mechanism for federation chain clients may be introduced: through the local authorization module of each alliance member, anonymization processing is realized on the alliance data chaining, the data can be traced through certain cost fair disclosure under the special legal condition, the source tracing result cannot be repudiated, and the accuracy and the reliability of the source tracing result are ensured.
Specifically, the "anonymous uplink data" is obtained by anonymizing the node identity of the data uplink block link node through a local authorization module, and then uplinking the data in an anonymous manner. In this process, the authorization module encrypts using a threshold algorithm based on the acquired member information (the member information is already true in the "member registration" process), the federation member information (the information is true in coordination with the checking of the federation contract). Fig. 3 is a schematic diagram of a process of data uplink according to a second embodiment of the present invention, as shown in fig. 3, the specific process is as follows:
(1) anonymous data uplink grant: and constructing a uplink data abstract according to the uplink data to be anonymized, and uploading the uplink data abstract and the member data uplink signature to an authorization module. The member data uplink signature is a signature obtained by encrypting the member number and the uplink data abstract by the member private key. Prior to anonymous data uplink grants, data uplink blockchain nodes require member registration in the blockchain network to initialize true membership.
(2) The authorization module verifies the member data uplink signature. And (4) if the verification is passed, performing the step (3), and if the verification is not passed, failing to authorize.
(3) And the authorization module carries out threshold encryption on the member number and the member data uplink signature to obtain a threshold key fragment.
(4) And the authorization module carries out asymmetric encryption on the threshold key fragments by using the public keys of the coalition members to obtain a threshold key ciphertext.
(5) The authorization module signs the uplink data summary, the threshold key fragment, the threshold key ciphertext and the alliance member information summary by using a local private key, and returns an uplink data authorization signature to the data uplink block link node.
(6) And the member calls the coalition contract uploading uplink data abstract, the threshold key fragment, the threshold key ciphertext, the coalition member information abstract and the uplink data authorization signature to carry out data cochain.
(7) The alliance contract compares the information abstract of the alliance member with the information abstract of the member existing on the chain (namely the information abstract of the local alliance member), if the comparison fails, the uplink fails, and if the comparison succeeds, the step (8) is carried out.
(8) And the alliance contract verifies the uplink data authorization signature, and the data uplink is carried out after the verification is passed.
Therefore, the technical scheme can establish a blacklist ecological environment with transparent information disclosure, non-falsification, non-repudiation and traceability, can encourage more and more alliances to join, and improves the joint defense joint control capability of the blacklist industry. Meanwhile, the method can realize anonymous data uploading to protect own business secrets, and can realize data source tracing under necessary conditions, and after the data source is traced, the source cannot be repudiated, so that the ecological fairness and the health of the alliance are ensured.
According to the technical scheme, based on a threshold encryption algorithm, by constructing the authorization module and the corresponding functional flow, the anonymity and anti-anonymity mechanism of the block chain for resisting identity forgery is realized, and three functional requirements of information safety, falsification prevention and repudiation prevention are met.
EXAMPLE III
Fig. 4 is a flowchart of a data processing method based on a block chain according to a third embodiment of the present invention, which is embodied on the basis of the foregoing embodiment, and in this embodiment, a specific optional implementation manner of performing member registration on a block chain node before acquiring data to be uplinked and updating member information of the block chain is provided. Correspondingly, as shown in fig. 4, the method of this embodiment may include:
s310, local member registration information is obtained.
The local member registration information is also local node information of the data uplink block link node.
Since the authorization module is a program that is locally and independently deployed and operated on the data uplink blockchain node, and cannot or cannot directly communicate with other blockchain nodes except the data uplink blockchain node, all information comes from the input of the data uplink blockchain node, it is necessary to ensure the authenticity of the relevant information input to the authorization model, mainly ensure the authenticity of the blockchain information input to the authorization model. To achieve the authenticity of blockchain information input to the authorization model, the identity of data-uplinked blockchain nodes may be checked during registration of the data-uplinked blockchain nodes in the blockchain network.
Specifically, when the data uplink blockchain node registers in the blockchain network, the data uplink blockchain node can also be completed through a local authorization module. The authorization module may obtain local member registration information from the data upload blockchain node for member registration.
In an optional embodiment of the present invention, the local member registration information may include a local certificate path, a local member address, a local member public key, and a local member certificate signature; the local member certificate bookmark name is a signature obtained by encrypting a local member identifier and a local member address according to a local member certificate private key.
The local certificate path may be used for the authorization module to obtain a corresponding certificate to verify certificate information in the local member registration information. The local member address is also the identity of the data uplink blockchain node in the blockchain network. The public key of the local member, that is, the public key of the data uplink blockchain node, needs to be described that the public key of the local member is different from the public key of the blockchain. The local member certificate private key may be the private key of a data uplink block chain node certificate. The local member certificate signature may be a signature obtained by encrypting a combination of a local member identifier and a local member address using a local member certificate private key.
Optionally, the data uplink block link node may upload local member registration information, such as a local certificate path, a local member address, a local member public key, a local member certificate signature, and the like, to the authorization module, so as to perform member registration.
S320, verifying the local member registration information, and after the local member registration information passes the verification, performing authorized signature on the local member registration information to obtain member registration information authorized signature.
The member registration information authorization signature may be a signature obtained by authorizing the local member registration information.
Correspondingly, after receiving the local member registration information, the authorization module needs to verify the local member registration information, and after the local member registration information passes the verification, the authorization module carries out authorization signature on the local member registration information to obtain a member registration information authorization signature.
In an optional embodiment of the present invention, the verifying the local member registration information may include: acquiring a root certificate and a member certificate through the local certificate path, and verifying the certificate correctness of the root certificate and the member certificate according to a standard certificate abstract; and after the root certificate and the member certificate pass the verification, acquiring the local member identification and the member certificate public key from the member certificate, and verifying the local member certificate signature according to the member certificate public key.
The root certificate may be a root certificate of the blockchain, and the number of the root certificates is only one. The member certificate may be a certificate under each blockchain link point for the blockchain to authorize each blockchain link point. Correspondingly, the number of the member certificates can be multiple, and the corresponding member certificates of different block chain link points are different. The standard certificate digest may be used to verify the certificate.
Before a data uplink blockchain node registers in a blockchain network, the data uplink blockchain node first needs to send a certificate acquisition request to the blockchain network. After receiving the certificate acquisition request, the blockchain network may generate a new member certificate for the data uplink blockchain link point, and feed back the root certificate and the mature member certificate to the data uplink blockchain node, so that the data uplink blockchain node performs member registration.
Specifically, when the authorization module verifies the local member registration information, the root certificate and the member certificate can be obtained through the local certificate path, and the certificate correctness of the obtained root certificate and the member certificate can be verified according to the standard certificate abstract. And if the certificate is confirmed to pass the verification, acquiring the local member identification and the member certificate public key from the member certificate, and verifying the local member certificate signature according to the member certificate public key.
In an optional embodiment of the present invention, the verifying the certificate correctness of the root certificate and the member certificate according to the standard certificate digest may include: verifying the certificate correctness of the root certificate according to the standard certificate abstract; and after the certificate correctness of the root certificate is confirmed to pass the verification, verifying the certificate correctness of the member certificate according to the root certificate.
Optionally, the standard certificate digest may be a standard root certificate digest built in the authorization module. Specifically, when the authorization module verifies the certificate, the certificate correctness of the root certificate can be verified according to the standard certificate abstract. And after the certificate correctness of the root certificate is confirmed to pass the verification, verifying the certificate correctness of the member certificate according to the reliable root certificate.
In an optional embodiment of the present invention, the signing the authorization of the local member registration information may include: and after the local member certificate signature passes verification, performing authorization signature on the local member identification, the local member address, the local member certificate signature and the hash value of the local member public key according to a block chain public key.
Correspondingly, after the local member certificate signature is verified by the authorization module, the local member identification, the local member address, the local member certificate signature and the hash value of the local member public key can be authorized and signed by using the built-in block chain public key, so that the member registration information authorization signature is obtained.
S330, calling a block chain intelligent contract to verify the member registration information authorization signature, and after the verification is passed, initiating a member registration transaction request to the block chain network so that the block chain network processes the member registration transaction request to complete local member registration operation.
The member registration transaction request may be used to request the blockchain network to register the data uplink blockchain node.
Correspondingly, after the authorization signature is completed, the authorization module can further call a block chain intelligent contract to decrypt and verify the member registration information authorization signature according to the data uplink block chain link point, and after the verification is passed, a member registration transaction request is initiated to the block chain network through the block chain intelligent contract, so that the block chain network processes the member registration transaction request, and the local member registration operation is completed. In an optional embodiment of the present invention, the initiating a member registration transaction request to the blockchain network may include: constructing the member registration transaction request according to the local member identification, the local member address, the local member public key and the member registration information authorization signature; and initiating the member registration transaction request to the blockchain network.
In an optional embodiment of the present invention, each of the block chain nodes of the block chain network is configured to process the member registration transaction request in a voting manner, and complete a local member registration operation after the voting passes.
Correspondingly, after each block chain node in the block chain network receives the member registration transaction request, the member registration transaction request can be processed in a voting mode, and after the voting is passed, the local member registration operation is completed. For example, voting may agree that more than 50% of the block link points agree to register, indicating that the voting vote passed.
In the above scheme, in the member registration process of the data uplink blockchain node, the local member identifier, the local member address and the local member public key of the member can be registered and uplinked, and the service of the blockchain platform can be used only when the identity of the member is indicated to the blockchain. In the registration process, the authorization module checks and reads the identity of the member based on the certificate, and outputs member registration information authorization signature for block chain intelligent contract verification after the verification is passed, so that the authenticity of the information of the block chain link points of the data uplink is ensured.
S340, obtaining the data to be uplink.
S350, carrying out authorized signature on the uplink data abstract of the data to be uplink according to the block chain member information to obtain an uplink data authorized signature.
S360, the uplink data abstract and the uplink data authorization signature are sent to a block chain network, so that the block chain network is utilized to perform data uplink operation on the uplink data abstract.
And S370, acquiring the member change information of the block chain in real time.
The change information of the member of the blockchain may be dynamic change information of each blockchain node in the blockchain network, such as node addition or node exit information.
In consideration of the characteristic of dynamic change of each blockchain node in the blockchain network, in order to keep consistent with the blockchain member information of the blockchain network, the authorization module needs to acquire the latest blockchain member information in real time, so as to determine the blockchain member change information according to the latest blockchain member information and the locally maintained blockchain member information, and update the locally maintained blockchain member information in real time according to the blockchain member change information.
S380, judging whether the local member information is valid, if so, executing S390; otherwise, S3a0 is executed.
And S390, updating the local blockchain member information according to the blockchain member change information.
And S3A0, abandoning the updating operation of the member information of the local block chain.
The local member information is also node information of the data uplink blockchain node, optionally, the local member information may include, but is not limited to, information such as a local member identifier, a local member address, a local member public key, and a member certificate. The local blockchain member information is also the locally maintained blockchain member information.
Accordingly, before the authorization module updates the locally maintained blockchain member information in real time, the authorization module needs to detect whether the local member information is valid. If the local member information is determined to be valid, updating the local blockchain member information according to the blockchain member change information; otherwise, the updating operation of the member information of the local block chain is abandoned.
In the scheme, the member registration process of the data uplink block chain node registers the local member identification, the local member address and the local member public key of the member in uplink, the authorization module checks and reads the member identity based on the certificate, and outputs the member registration information authorization signature for block chain intelligent contract verification after verification is passed, so that the authenticity of the data uplink block chain link point information is ensured. Meanwhile, the local maintained member information of the block chain is updated in real time, so that the authorization module can carry out data uplink operation even if the updated member information of the block chain is utilized, and the success of data uplink is ensured.
It should be noted that any permutation and combination between the technical features in the above embodiments also belong to the scope of the present invention.
Example four
Fig. 5 is a schematic diagram of a data processing apparatus based on a block chain according to a fourth embodiment of the present invention, and as shown in fig. 5, the apparatus includes: a pending uplink data acquisition module 410, a data authorization signature module 420, and a data uplink module 430, wherein:
a to-be-uplink data obtaining module 410, configured to obtain to-be-uplink data;
a data authorization signature module 420, configured to perform authorization signature on the uplink data digest of the to-be-uplink data according to the block chain member information, so as to obtain an uplink data authorization signature;
a data uplink module 430, configured to send the uplink data digest and the uplink data authorization signature to a block chain network, so as to perform a data uplink operation on the uplink data digest by using the block chain network;
wherein the uplink data grant signature is used for performing data source tracing on the uplink data digest.
According to the embodiment of the invention, the acquired cochain data abstract of the to-be-cochain data is subjected to authorized signature according to the member information of the block chain to obtain the cochain data authorized signature, so that the cochain data abstract and the cochain data authorized signature are sent to the block chain network, the block chain network is utilized to carry out data cochain operation on the cochain data abstract, and the block chain network is utilized to carry out data source tracing on the cochain data abstract according to the cochain data authorized signature, so that the problem that the data source tracing cannot be realized by the existing block chain network is solved, the tracing of the data source based on a block chain platform is realized, the diversified service requirements of the block chain are met, and the fairness and the health of the block chain.
Optionally, the data authorization signature module 420 is configured to: acquiring a local member signature generated by the data uplink block chain node aiming at the uplink data abstract; the local member signature is a signature generated by encrypting a local member identifier and the uplink data abstract through a local member private key; verifying the local member signature, and after the local member signature is verified, performing threshold encryption on the local member identifier and the local member signature to obtain a threshold key fragment; performing secondary encryption on the threshold key fragments according to the public key of the member of the block chain to obtain a threshold key ciphertext; and signing the uplink data abstract according to the threshold key fragment, the threshold key ciphertext and the block chain member information abstract to obtain the uplink data authorization signature.
Optionally, the data uplink module 430 is configured to: simultaneously sending the uplink data digest, the threshold key fragment, the threshold key ciphertext, the block chain member information digest and the uplink data authorization signature to the block chain network; the threshold key fragment, the threshold key ciphertext and the uplink data authorization signature are used for data source tracing when the uplink data abstract has a problem.
Optionally, each block link node of the block chain network is configured to perform identity verification on the block chain member information digest according to the local block chain member information digest after receiving the uplink data digest, the threshold key fragment, the threshold key ciphertext, the block chain member information digest and the uplink data authorization signature, perform signature verification on the uplink data authorization signature after the identity verification is passed, and perform data uplink operation on the uplink data digest after the signature verification is passed.
Optionally, the threshold key fragments corresponding to different uplink data digests are different.
Optionally, the data processing apparatus based on the blockchain further includes: a member registration module to: acquiring local member registration information; verifying the local member registration information, and after the local member registration information passes the verification, performing authorized signature on the local member registration information to obtain member registration information authorized signature; and calling a block chain intelligent contract to verify the member registration information authorization signature, and after the verification is passed, initiating a member registration transaction request to the block chain network so that the block chain network processes the member registration transaction request to complete local member registration operation.
Optionally, the local member registration information includes a local certificate path, a local member address, a local member public key, and a local member certificate signature; the local member certificate bookmark name is a signature obtained by encrypting a local member identifier and a local member address according to a local member certificate private key.
Optionally, the member registration module is configured to: acquiring a root certificate and a member certificate through the local certificate path, and verifying the certificate correctness of the root certificate and the member certificate according to a standard certificate abstract; and after the root certificate and the member certificate pass the verification, acquiring the local member identification and the member certificate public key from the member certificate, and verifying the local member certificate signature according to the member certificate public key.
Optionally, the member registration module is configured to: verifying the certificate correctness of the root certificate according to the standard certificate abstract; and after the certificate correctness of the root certificate is confirmed to pass the verification, verifying the certificate correctness of the member certificate according to the root certificate.
Optionally, the member registration module is configured to: and after the local member certificate signature passes verification, performing authorization signature on the local member identification, the local member address, the local member certificate signature and the hash value of the local member public key according to a block chain public key.
Optionally, the member registration module is configured to: constructing the member registration transaction request according to the local member identification, the local member address, the local member public key and the member registration information authorization signature; and initiating the member registration transaction request to the blockchain network.
Optionally, each block link point of the block link network is configured to process the member registration transaction request in a voting manner, and complete local member registration operation after the voting is passed.
Optionally, the data processing apparatus based on the blockchain further includes: a member change information module to: acquiring change information of members of the block chain in real time; and if the local member information is determined to be valid, updating the local blockchain member information according to the blockchain member change information.
Optionally, the blockchain network is a federation chain network.
The data processing device based on the block chain can execute the data processing method based on the block chain provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method. For details of the technique not described in detail in this embodiment, reference may be made to the block chain-based data processing method provided in any embodiment of the present invention.
Since the above-described data processing apparatus based on a blockchain is an apparatus capable of executing the data processing method based on a blockchain in the embodiment of the present invention, based on the data processing method based on a blockchain described in the embodiment of the present invention, a person skilled in the art can understand a specific implementation manner of the data processing apparatus based on a blockchain in the embodiment of the present invention and various variations thereof, so how the data processing apparatus based on a blockchain implements the data processing method based on a blockchain in the embodiment of the present invention is not described in detail herein. As long as a person skilled in the art implements the apparatus used in the data processing method based on the blockchain in the embodiment of the present invention, the apparatus is within the scope of the present application.
EXAMPLE five
Fig. 6 is a schematic structural diagram of a computer device according to a fifth embodiment of the present invention. FIG. 6 illustrates a block diagram of a computer device 512 suitable for use in implementing embodiments of the present invention. The computer device 512 shown in FIG. 6 is only an example and should not bring any limitations to the functionality or scope of use of embodiments of the present invention. Device 512 is typically a computing device that assumes the functionality of a node of the blockchain system.
As shown in FIG. 6, computer device 512 is in the form of a general purpose computing device. Components of computer device 512 may include, but are not limited to: one or more processors 516, a storage device 528, and a bus 518 that couples the various system components including the storage device 528 and the processors 516.
Bus 518 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, an Industry Standard Architecture (ISA) bus, a Micro Channel Architecture (MCA) bus, an enhanced ISA bus, a Video Electronics Standards Association (VESA) local bus, and a Peripheral Component Interconnect (PCI) bus.
Computer device 512 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by computer device 512 and includes both volatile and nonvolatile media, removable and non-removable media.
Storage 528 may include computer system readable media in the form of volatile Memory, such as Random Access Memory (RAM) 530 and/or cache Memory 532. The computer device 512 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 534 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 6, and commonly referred to as a "hard drive"). Although not shown in FIG. 6, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a Compact disk-Read Only Memory (CD-ROM), a Digital Video disk (DVD-ROM), or other optical media) may be provided. In these cases, each drive may be connected to bus 518 through one or more data media interfaces. Storage 528 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
Program 536 having a set (at least one) of program modules 526 may be stored, for example, in storage 528, such program modules 526 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination may include an implementation of a network environment. Program modules 526 generally perform the functions and/or methodologies of the described embodiments of the invention.
Computer device 512 may also communicate with one or more external devices 514 (e.g., keyboard, pointing device, camera, display 524, etc.), with one or more devices that enable a user to interact with computer device 512, and/or with any devices (e.g., network card, modem, etc.) that enable computer device 512 to communicate with one or more other computing devices. Such communication may be through an Input/Output (I/O) interface 522. Further, computer device 512 may also communicate with one or more networks (e.g., a Local Area Network (LAN), Wide Area Network (WAN), and/or a public Network, such as the internet) via Network adapter 520. As shown, the network adapter 520 communicates with the other modules of the computer device 512 via the bus 518. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the computer device 512, including but not limited to: microcode, device drivers, Redundant processing units, external disk drive Arrays, disk array (RAID) systems, tape drives, and data backup storage systems, to name a few.
The processor 516 executes various functional applications and data processing by executing programs stored in the storage device 528, for example, to implement the data processing method based on the block chain provided by the above-described embodiment of the present invention.
That is, the processing unit implements, when executing the program: acquiring data to be uplink; carrying out authorized signature on the uplink data abstract of the data to be uplink according to the block chain member information to obtain an uplink data authorized signature; sending the uplink data digest and the uplink data authorization signature to a block chain network so as to perform data uplink operation on the uplink data digest by using the block chain network; wherein the uplink data grant signature is used for performing data source tracing on the uplink data digest.
EXAMPLE six
An embodiment of the present invention further provides a computer storage medium storing a computer program, where the computer program is used to execute the data processing method based on a blockchain according to any one of the above embodiments of the present invention when executed by a computer processor: acquiring data to be uplink; carrying out authorized signature on the uplink data abstract of the data to be uplink according to the block chain member information to obtain an uplink data authorized signature; sending the uplink data digest and the uplink data authorization signature to a block chain network so as to perform data uplink operation on the uplink data digest by using the block chain network; wherein the uplink data grant signature is used for performing data source tracing on the uplink data digest.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM) or flash Memory), an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, Radio Frequency (RF), etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (17)

1. A data processing method based on block chain is characterized in that the method is applied to a data uplink block chain node and comprises the following steps:
acquiring data to be uplink;
carrying out authorized signature on the uplink data abstract of the data to be uplink according to the block chain member information to obtain an uplink data authorized signature;
sending the uplink data digest and the uplink data authorization signature to a block chain network so as to perform data uplink operation on the uplink data digest by using the block chain network;
wherein the uplink data grant signature is used for performing data source tracing on the uplink data digest.
2. The method of claim 1, wherein the authorized signing of the uplink data digest of the to-be-uplink data according to blockchain member information comprises:
acquiring a local member signature generated by the data uplink block chain node aiming at the uplink data abstract; the local member signature is a signature generated by encrypting a local member identifier and the uplink data abstract through a local member private key;
verifying the local member signature, and after the local member signature is verified, performing threshold encryption on the local member identifier and the local member signature to obtain a threshold key fragment;
performing secondary encryption on the threshold key fragments according to the public key of the member of the block chain to obtain a threshold key ciphertext;
and signing the uplink data abstract according to the threshold key fragment, the threshold key ciphertext and the block chain member information abstract to obtain the uplink data authorization signature.
3. The method of claim 2, wherein sending the uplink data digest and the uplink data grant signature to a blockchain network comprises:
simultaneously sending the uplink data digest, the threshold key fragment, the threshold key ciphertext, the block chain member information digest and the uplink data authorization signature to the block chain network;
the threshold key fragment, the threshold key ciphertext and the uplink data authorization signature are used for data source tracing when the uplink data abstract has a problem.
4. The method of claim 3, wherein each blockchain node of the blockchain network is configured to perform, after receiving the uplink data digest, the threshold key fragment, the threshold key ciphertext, the blockchain member information digest, and the uplink data authorization signature, the identity verification of the blockchain member information digest according to the local blockchain member information digest, the signature verification of the uplink data authorization signature after the identity verification is passed, and the data uplink operation of the uplink data digest after the signature verification is passed.
5. The method according to any of claims 2-4, wherein the threshold key slices for different UL data digests are different.
6. The method of claim 1, further comprising, prior to said obtaining data to be uplink:
acquiring local member registration information;
verifying the local member registration information, and after the local member registration information passes the verification, performing authorized signature on the local member registration information to obtain member registration information authorized signature;
and calling a block chain intelligent contract to verify the member registration information authorization signature, and after the verification is passed, initiating a member registration transaction request to the block chain network so that the block chain network processes the member registration transaction request to complete local member registration operation.
7. The method of claim 6, wherein the local member registration information comprises a local certificate path, a local member address, a local member public key, and a local member certificate signature;
the local member certificate bookmark name is a signature obtained by encrypting a local member identifier and a local member address according to a local member certificate private key.
8. The method of claim 7, wherein the verifying the local member registration information comprises:
acquiring a root certificate and a member certificate through the local certificate path, and verifying the certificate correctness of the root certificate and the member certificate according to a standard certificate abstract;
and after the root certificate and the member certificate pass the verification, acquiring the local member identification and the member certificate public key from the member certificate, and verifying the local member certificate signature according to the member certificate public key.
9. The method of claim 8, wherein verifying certificate correctness of the root certificate and the member certificate according to a standard certificate digest comprises:
verifying the certificate correctness of the root certificate according to the standard certificate abstract;
and after the certificate correctness of the root certificate is confirmed to pass the verification, verifying the certificate correctness of the member certificate according to the root certificate.
10. The method of claim 9, wherein said authorized signing of said local member registration information comprises:
and after the local member certificate signature passes verification, performing authorization signature on the local member identification, the local member address, the local member certificate signature and the hash value of the local member public key according to a block chain public key.
11. The method of claim 10, wherein initiating a member registration transaction request to the blockchain network comprises:
constructing the member registration transaction request according to the local member identification, the local member address, the local member public key and the member registration information authorization signature;
and initiating the member registration transaction request to the blockchain network.
12. The method of claim 11 wherein each of the block chain nodes of the block chain network is configured to process the member registration transaction request by voting, and complete local member registration after the voting passes.
13. The method of claim 1, further comprising:
acquiring change information of members of the block chain in real time;
and if the local member information is determined to be valid, updating the local blockchain member information according to the blockchain member change information.
14. The method of claim 1, wherein the blockchain network is a alliance-chain network.
15. A blockchain-based data processing apparatus configured to a data uplink blockchain node, comprising:
the data to be uplink-linked acquisition module is used for acquiring data to be uplink-linked;
the data authorization signature module is used for carrying out authorization signature on the uplink data abstract of the data to be uplink according to the block chain member information to obtain an uplink data authorization signature;
a data uplink module, configured to send the uplink data digest and the uplink data authorization signature to a block chain network, so as to perform a data uplink operation on the uplink data digest by using the block chain network;
wherein the uplink data grant signature is used for performing data source tracing on the uplink data digest.
16. A computer device, characterized in that the computer device comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the blockchain-based data processing method of any one of claims 1-14.
17. A computer storage medium on which a computer program is stored which, when being executed by a processor, carries out a method for blockchain-based data processing according to any one of claims 1 to 14.
CN202010979368.2A 2020-09-17 2020-09-17 Data processing method and device based on block chain, computer equipment and medium Active CN112217636B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010979368.2A CN112217636B (en) 2020-09-17 2020-09-17 Data processing method and device based on block chain, computer equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010979368.2A CN112217636B (en) 2020-09-17 2020-09-17 Data processing method and device based on block chain, computer equipment and medium

Publications (2)

Publication Number Publication Date
CN112217636A true CN112217636A (en) 2021-01-12
CN112217636B CN112217636B (en) 2023-02-17

Family

ID=74049929

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010979368.2A Active CN112217636B (en) 2020-09-17 2020-09-17 Data processing method and device based on block chain, computer equipment and medium

Country Status (1)

Country Link
CN (1) CN112217636B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113067704A (en) * 2021-03-29 2021-07-02 安徽慧可科技有限公司 Data right determining method, system and equipment based on block chain
CN113902439A (en) * 2021-08-23 2022-01-07 苏州长通互联科技有限公司 Alliance chain cross-chain transaction method and device based on threshold signature
CN116760651A (en) * 2023-08-22 2023-09-15 中国航空结算有限责任公司 Data encryption method and device, electronic equipment and readable storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778343A (en) * 2016-12-12 2017-05-31 武汉优聘科技有限公司 It is a kind of that the data sharing method of private data is related to based on block chain
CN109005036A (en) * 2017-06-06 2018-12-14 北京握奇智能科技有限公司 A kind of block chain member management method and system based on id password algorithm
WO2019061983A1 (en) * 2017-09-30 2019-04-04 深圳壹账通智能科技有限公司 Blockchain data uploading method, system, computer system and storage medium
CN109800248A (en) * 2018-12-17 2019-05-24 上海点融信息科技有限责任公司 Digital content for block chain network is traced to the source and recording method, storage medium, calculating equipment
CN109977635A (en) * 2019-04-03 2019-07-05 上海中商网络股份有限公司 Data processing method of tracing to the source, device, equipment and medium based on block chain
CN110457942A (en) * 2018-12-07 2019-11-15 深圳市智税链科技有限公司 To the signature verification method, service node and medium of uplink data block
CN110532809A (en) * 2019-08-21 2019-12-03 杭州趣链科技有限公司 A kind of block chain multistage endorsement method based on configuration block
CN111325564A (en) * 2020-03-17 2020-06-23 河南佼荣网络科技有限公司 Method and system for tracing supply chain by using block chain
US20200250764A1 (en) * 2019-04-23 2020-08-06 Alibaba Group Holding Limited Blockchain-based data processing system, method, computing device and storage medium
CN111526023A (en) * 2020-04-27 2020-08-11 南京讯石数据科技有限公司 Block chain uplink data security authentication method and system based on IPK

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778343A (en) * 2016-12-12 2017-05-31 武汉优聘科技有限公司 It is a kind of that the data sharing method of private data is related to based on block chain
CN109005036A (en) * 2017-06-06 2018-12-14 北京握奇智能科技有限公司 A kind of block chain member management method and system based on id password algorithm
WO2019061983A1 (en) * 2017-09-30 2019-04-04 深圳壹账通智能科技有限公司 Blockchain data uploading method, system, computer system and storage medium
CN110457942A (en) * 2018-12-07 2019-11-15 深圳市智税链科技有限公司 To the signature verification method, service node and medium of uplink data block
CN109800248A (en) * 2018-12-17 2019-05-24 上海点融信息科技有限责任公司 Digital content for block chain network is traced to the source and recording method, storage medium, calculating equipment
CN109977635A (en) * 2019-04-03 2019-07-05 上海中商网络股份有限公司 Data processing method of tracing to the source, device, equipment and medium based on block chain
US20200250764A1 (en) * 2019-04-23 2020-08-06 Alibaba Group Holding Limited Blockchain-based data processing system, method, computing device and storage medium
CN110532809A (en) * 2019-08-21 2019-12-03 杭州趣链科技有限公司 A kind of block chain multistage endorsement method based on configuration block
CN111325564A (en) * 2020-03-17 2020-06-23 河南佼荣网络科技有限公司 Method and system for tracing supply chain by using block chain
CN111526023A (en) * 2020-04-27 2020-08-11 南京讯石数据科技有限公司 Block chain uplink data security authentication method and system based on IPK

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张国英等: "一种基于区块链的去中心化数据溯源方法", 《南京邮电大学学报(自然科学版)》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113067704A (en) * 2021-03-29 2021-07-02 安徽慧可科技有限公司 Data right determining method, system and equipment based on block chain
CN113902439A (en) * 2021-08-23 2022-01-07 苏州长通互联科技有限公司 Alliance chain cross-chain transaction method and device based on threshold signature
CN116760651A (en) * 2023-08-22 2023-09-15 中国航空结算有限责任公司 Data encryption method and device, electronic equipment and readable storage medium

Also Published As

Publication number Publication date
CN112217636B (en) 2023-02-17

Similar Documents

Publication Publication Date Title
CN111046352B (en) Identity information security authorization system and method based on block chain
CN111542820B (en) Method and apparatus for trusted computing
US20180336554A1 (en) Secure electronic transaction authentication
CN112217636B (en) Data processing method and device based on block chain, computer equipment and medium
US20180337771A1 (en) Policy enforcement via peer devices using a blockchain
US11588638B2 (en) Digital notarization using a biometric identification service
US11921884B2 (en) Techniques for preventing collusion using simultaneous key release
CN111460525B (en) Block chain-based data processing method, device and storage medium
JP7223067B2 (en) Methods, apparatus, electronics, computer readable storage media and computer programs for processing user requests
CN113763621A (en) Access control authorization method, management client and system based on block chain
KR102211033B1 (en) Agency service system for accredited certification procedures
Kar et al. Risk analysis of blockchain application for aerospace records management
KR101856530B1 (en) Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof
Rani et al. A block chain-based approach using proof of continuous work consensus algorithm to secure the educational records
CN116881936A (en) Trusted computing method and related equipment
KR101360843B1 (en) Next Generation Financial System
KR101868564B1 (en) Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same
US20200204377A1 (en) Digital notarization station that uses a biometric identification service
US20220301376A1 (en) Method and System for Deployment of Authentication Seal in Secure Digital Voting
Liu Enhancing IoT security with blockchain
CN106603534A (en) System sharing traceable encrypted data
CN114444059A (en) Method and system for verifying user information authorization credible circulation of distributed network
TW202319998A (en) System for using multiple security levels to verify customer identity and transaction services and method thereof
CN118337396A (en) Block chain-based privacy protection transaction verification method, device, equipment and medium
CN117455489A (en) Transaction authorization method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220914

Address after: 25 Financial Street, Xicheng District, Beijing 100033

Applicant after: CHINA CONSTRUCTION BANK Corp.

Address before: 12 / F, 15 / F, 99 Yincheng Road, China (Shanghai) pilot Free Trade Zone, Pudong New Area, Shanghai, 200120

Applicant before: Jianxin Financial Science and Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant