CN112468297A - Key backup method and device based on block chain - Google Patents

Key backup method and device based on block chain Download PDF

Info

Publication number
CN112468297A
CN112468297A CN202011375568.3A CN202011375568A CN112468297A CN 112468297 A CN112468297 A CN 112468297A CN 202011375568 A CN202011375568 A CN 202011375568A CN 112468297 A CN112468297 A CN 112468297A
Authority
CN
China
Prior art keywords
key
backup
nodes
node
recovery
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011375568.3A
Other languages
Chinese (zh)
Other versions
CN112468297B (en
Inventor
陈杭
段毅
钟亮
林嘉文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202011375568.3A priority Critical patent/CN112468297B/en
Publication of CN112468297A publication Critical patent/CN112468297A/en
Application granted granted Critical
Publication of CN112468297B publication Critical patent/CN112468297B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention discloses a key backup method and a device based on a block chain, relating to the technical field of the block chain, wherein the method comprises the following steps: sending a key backup agreement request to key management chain codes of all block chain nodes in a preset key backup recovery channel; determining a key backup node set; generating N key fragments according to the user key, the number N of key backup nodes in the key backup node set and the number of preset key recovery satisfying nodes; respectively sending the encrypted key fragments to the key management chain codes of the corresponding key backup nodes; and sending a key backup transaction request to the key management chain codes of all the block chain nodes so that the key management chain codes store the locally temporarily stored key fragments into a local fragment storage database after verifying the key fragments. The invention provides a user key backup method with higher safety and usability.

Description

Key backup method and device based on block chain
Technical Field
The present invention relates to the field of blockchain technology, and in particular, to a method and an apparatus for key backup based on blockchain.
Background
The user key plays a very important role in the blockchain system, and many system function operations can be completed only by using the key, which is the security guarantee of data and access control in the blockchain system. Generally, keys exist in a blockchain system in a physical form, such as a number, a hash string or a file, and are managed and stored by a user, if the keys are lost, the user cannot continue to perform related functional operations in the blockchain system, and how to effectively backup the user keys is a technical problem to be solved in the field.
Disclosure of Invention
In order to solve the technical problems in the background art, the present invention provides a key backup method and device based on a block chain.
In order to achieve the above object, according to an aspect of the present invention, there is provided a key backup method based on a blockchain, the method including:
sending a key backup agreement request to key management chain codes of all block chain nodes in a preset key backup recovery channel;
determining a key backup node set according to key backup consent information, wherein if the block chain node agrees to become a key backup node, key backup consent information is generated when the key management chain code receives the key backup consent request;
generating N key fragments according to the user key, the number N of key backup nodes in the key backup node set and the number of preset key recovery satisfying nodes;
encrypting the key fragments by respectively adopting the public keys of the key backup nodes in the key backup node set, and respectively sending the encrypted key fragments to the key management chain codes of the corresponding key backup nodes, so that the key management chain codes decrypt the encrypted key fragments according to the private keys of the key backup nodes and then temporarily store the decrypted key fragments in the local;
and sending a key backup transaction request to the key management chain codes of all the block chain nodes according to the key fragment set so that the key management chain codes of all the block chain nodes can identify the key backup transaction request, and storing the locally temporarily stored key fragments into a local fragment storage database after the key management chain codes of the key backup nodes verify the locally temporarily stored key fragments.
Optionally, the block chain-based key backup method further includes:
sending a user key recovery transaction request to key management chain codes of all the key backup nodes, wherein the user key recovery transaction request comprises user information and node identifications, so that the key management chain codes of all the key backup nodes can identify the user key recovery transaction request commonly, key fragments corresponding to the user information are searched from the fragment storage database, and the searched key fragments are encrypted by adopting node public keys corresponding to the node identifications;
and when the number of the encrypted key fragments sent by the received key management chain code of the key backup node according to the user key recovery transaction request meets the number of the key recovery meeting nodes, decrypting the encrypted key fragments according to the node private key, and generating the user key according to the key fragments with the number meeting the number of the nodes obtained by decryption.
Optionally, the sending a key backup transaction request to the key management chain codes of all the block chain nodes according to the key fragment set includes:
performing hash calculation on the key fragment set to obtain a hash set;
and generating the key backup transaction request according to the hash set.
Optionally, after verifying the key fragment temporarily stored locally, the key management chain code of the key backup node stores the key fragment temporarily stored locally into a local fragment storage database, specifically:
and calculating the hash value of the key fragment temporarily stored locally by the key management chain code of the key backup node, and storing the key fragment temporarily stored locally into a local fragment storage database when the hash value is verified to belong to the hash set.
Optionally, the block chain-based key backup method further includes:
obtaining backup recovery channel information, wherein a plurality of block chain nodes in a block chain network are added into the backup recovery channel;
and determining the key management chain code corresponding to each block chain link point in the backup recovery channel.
In order to achieve the above object, according to another aspect of the present invention, there is provided a key backup apparatus based on a block chain, the apparatus including:
a key backup approval request sending unit, configured to send a key backup approval request to key management chain codes of all block chain nodes in a preset key backup recovery channel;
a key backup node set determining unit, configured to determine a key backup node set according to key backup agreement information, where if the block link node agrees to become a key backup node, key backup agreement information is generated when the key management link code receives the key backup agreement request;
the key fragment generating unit is used for generating N key fragments according to the user key, the number N of key backup nodes in the key backup node set and the number of preset key recovery satisfying nodes;
the key fragment sending unit is used for encrypting the key fragments by respectively adopting the public keys of the key backup nodes in the key backup node set and respectively sending the encrypted key fragments to the key management chain codes of the corresponding key backup nodes so that the key management chain codes decrypt the encrypted key fragments according to the private keys of the key backup nodes and then temporarily store the decrypted key fragments in the local area;
and the key backup transaction request sending unit is used for sending a key backup transaction request to the key management chain codes of all the block chain nodes according to the key fragment set so that the key management chain codes of all the block chain nodes can identify the key backup transaction request, and the key management chain codes of the key backup nodes can store the locally temporarily stored key fragments into a local fragment storage database after verifying the locally temporarily stored key fragments.
Optionally, the device for backing up a key based on a blockchain further includes:
a user key recovery transaction request sending unit, configured to send a user key recovery transaction request to key management chain codes of all the key backup nodes, where the user key recovery transaction request includes user information and node identifiers, so that the key management chain codes of all the key backup nodes agree on the user key recovery transaction request, and search for a key fragment corresponding to the user information from the fragment storage database, and encrypt the searched key fragment with a node public key corresponding to the node identifier;
and the user key generation unit is used for decrypting the encrypted key fragments according to the node private key when the number of the encrypted key fragments sent by the received key management chain code of the key backup node according to the user key recovery transaction request meets the number of the node nodes through key recovery, and generating the user key according to the key fragments meeting the number of the node nodes through the key recovery obtained through decryption.
In order to achieve the above object, according to another aspect of the present invention, there is also provided a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps in the above block chain based key backup method when executing the computer program.
In order to achieve the above object, according to another aspect of the present invention, there is also provided a computer-readable storage medium storing a computer program which, when executed in a computer processor, implements the steps in the above blockchain-based key backup method.
The user key is divided into a plurality of key fragments based on the key sharing technology and is stored by a plurality of block chain nodes, the user key can be safely backed up by using the block chain decentralization performance, and in addition, the backed-up user key can be effectively recovered by using the traceable characteristic of the block chain.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts. In the drawings:
FIG. 1 is a first flowchart of a method for block chain based key backup according to an embodiment of the present invention;
FIG. 2 is a second flowchart of a method for block chain based key backup according to an embodiment of the present invention;
FIG. 3 is a block chain network according to an embodiment of the present invention;
FIG. 4 is a block link point structure of an embodiment of the present invention;
FIG. 5 is a schematic diagram of a straight-line equation key sharing technique;
FIG. 6 is a diagram of a curve equation key sharing technique;
fig. 7 is a first block diagram of a key backup apparatus based on a block chain according to an embodiment of the present invention;
fig. 8 is a second block diagram of a key backup apparatus based on a block chain according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of a user key backup process according to an embodiment of the present invention;
FIG. 10 is a schematic diagram illustrating a user key recovery process according to an embodiment of the present invention;
FIG. 11 is a schematic diagram of a computer apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
It should be noted that the terms "comprises" and "comprising," and any variations thereof, in the description and claims of the present invention and the above-described drawings, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to solve the problem of user key loss in a block chain system, the invention provides a block chain key backup and recovery method based on key Sharing. The method has the characteristics of high safety and high availability, and has the main technical characteristics that:
1. by utilizing the verifiable calculation characteristic of the block chain, the whole key recovery process is certified on the chain, and the non-key user is strictly controlled and audited to recover the key at will;
2. the key fragments are stored in a private data form, the block chain system verifies the private data set in the recovered key request, and if the key fragment does not contain the key holding user, the key recovery is not allowed;
3. the key sharing technology allows multiple parties meeting the specified number to perform key recovery, and when some nodes cannot respond to the key recovery request, the key recovery can still be successfully completed.
Fig. 3 is a schematic diagram of a blockchain network according to an embodiment of the present invention, as shown in fig. 3, the blockchain network of the present invention includes a plurality of blockchain nodes 1, and any one of the blockchain nodes 1 can complete functions of transaction broadcasting, transaction execution, transaction verification, consensus, storage, and the like. The method has the general characteristics of the block chain, in the invention, the block chain node 1 also has the functions of key backup and recovery, all nodes can be used as holders of key fragment backup, and simultaneously can initiate key recovery requests to cooperate with a sufficient number of nodes to use the key fragments thereof for key recovery. The implementation subject of the key backup method based on the blockchain of the present invention may be any blockchain node 1, and more specifically, a node client of any blockchain node 1, where each blockchain node 1 corresponds to one or more node clients.
Fig. 4 is a schematic block link node structure diagram according to an embodiment of the present invention, and as shown in fig. 4, each "block link node 1" includes a "configuration module 11", a "communication module 12", a "consensus module 13", an "authentication module 14", a "key backup module 15", and a "key recovery module 16", and it is noted that the functional modules described herein only relate to the technical solution of the present invention, and do not include all functional modules of a complete block link node.
The "configuration module 11" includes static configuration information and dynamic configuration information, where the static configuration information is related to basic configurations of the blockchain network system and the nodes, and after the nodes are started, the static configuration information of the configuration module, such as network information of other nodes, is read, and finally the starting of the blockchain network system is completed according to the information. In the technical scheme of the invention, the dynamic configuration information of the configuration module 11 is mainly related to the configuration information registered in the system operation process, and the part of the configuration information is related to the key backup module 15. after the key backup interface is called by the node through the key backup module 15, the related information of key backup and recovery, such as which nodes participate in backup and the number of nodes required by key recovery, can be generated, and the part of the information is stored in the configuration module 11.
The communication module 12 is mainly used for communication interaction of each node, and is responsible for distributing and transmitting key fragments besides completing communication information of general block chain nodes.
The 'consensus module 13', namely the blockchain transaction consensus module, and the key backup and recovery are also regarded as one of transaction types, common transaction types include common transactions and configuration transactions.
The verification module 14 mainly relates to key backup transaction and key recovery transaction, and for the key backup transaction, the verification module 14 mainly verifies whether the node belongs to the key backup node, and if not, no key backup fragment is obtained, because the key backup and the key recovery are transmitted to each node in a transaction form, but whether the key backup is really the key backup is determined by an initiator of the key backup; for the key recovery transaction, the "verification module 14" mainly verifies whether the current node meets the recovery condition of the specified key, and if so, the recovered key can be obtained.
The key backup module 15 constructs a key backup transaction, splits the key into a plurality of key fragment components by using the key sharing technology mentioned above, distributes the key fragment components to the designated key backup node through the communication module 12, and updates and stores the related information in the configuration module 11.
The key recovery module 16 constructs a key recovery transaction, reads the relevant information of the key to be recovered from the configuration module 11, and then obtains the corresponding key fragments from other nodes through the communication module 12, and finally recovers the key.
The "channel module 17" is a technical means for distinguishing and isolating different service data. Different channels can be added to each node on the block chain according to the division of the application service line, one service scene is a channel, data is recorded in a single account book, and account book data among different channels cannot be accessed mutually. In the technical scheme of the invention, all the 'block chain link points 1' are added into the same channel, and the channel mainly processes the transactions of key backup and key recovery types. Each channel has its own channel name as an identifier, when a node initiates a key backup recovery transaction, the name of the current channel needs to be specified, and the related transaction information of the key backup recovery is stored in the ledger of the current channel.
The private data module 18 isolates the ledger data among different channels, but nodes joining the same channel can access the ledger data of the channel, so a data isolation means with smaller granularity is needed, and the private data can hide some data from some nodes in the same channel. In the scheme of the invention, when the key is backed up, only part of the nodes in the channel are appointed to become the key backup nodes, then the key fragment components are only distributed to the appointed nodes, the non-appointed nodes can not obtain the key fragment, the key fragment is the private data, the private data is stored by the private database at the visible node, and only the private data hash value is recorded in the hidden node.
The following describes the key backup and key recovery of two main operation steps in the technical solution of the present invention.
Fig. 1 is a first flowchart of a key backup method based on a blockchain according to an embodiment of the present invention, where an implementation subject may be a client of a blockchain node in a blockchain network corresponding to a backup process of a user key, and as shown in fig. 1, the key backup of the present invention includes steps S101 to S105.
Step S101, a key backup approval request is sent to the key management chain codes of all block chain nodes in the preset key backup recovery channel.
In an embodiment of the present invention, before step S101, a backup restoration channel SecretSharingChannel is created in a blockchain network, and a plurality of blockchain nodes in the blockchain network are added to the backup restoration channel, and key management is performed in the channel, so that isolation from other services can be achieved, and meanwhile, a blockchain node without access right of the channel cannot access data in the channel. The invention can add some preset block chain link points or all preset block chain link points in the block chain network into the backup recovery channel. And further determining a key management chain code corresponding to each block chain link point in the backup recovery channel, wherein the key management chain code is mainly used for processing key related transaction requests such as key backup and key recovery. In an alternative embodiment of the invention, the key management chain code may be a smart contract.
In an embodiment of the present invention, the backup recovery tunnel is formed by initiating a backup recovery tunnel establishment transaction through an administrator node in a blockchain network.
In specific implementation, the administrator node generates a backup recovery channel according to preset backup recovery channel data to establish a transaction, wherein the backup recovery channel data comprises: all block link points that are added to the backup recovery channel. And then the administrator node initiates a backup recovery channel establishment transaction to all the blockchain nodes in the blockchain network. After the transaction of establishing the backup recovery channel is known and the final transaction is successful, each block chain node in the block chain network stores the backup recovery channel data in the local, and the establishment of the backup recovery channel is completed.
In one embodiment of the present invention, the key management chain code is formed by the administrator node initiating a key management chain code deployment transaction to all blockchain nodes in the backup recovery channel.
In specific implementation, after the backup recovery channel is established, the administrator node generates a key management chain code deployment transaction according to a preset key management chain code. And then the administrator node initiates a key management chain code deployment transaction to all the block chain nodes in the backup recovery channel. After the key management chain code deployment transaction is agreed and the final transaction is successful, each block chain node in the backup recovery channel locally deploys the key management chain code.
In the embodiment of the invention, when a node client of a certain blockchain node added into the key backup recovery channel performs user key backup, a key backup approval request is firstly sent to the key management chain codes of all blockchain nodes added into the key backup recovery channel.
Step S102, a key backup node set is determined according to key backup consent information, wherein if the block chain node agrees to become a key backup node, the key backup consent information is generated when the key management chain code receives the key backup consent request.
In the embodiment of the present invention, if a certain block chain node in the key backup recovery channel agrees to become a key backup node, key backup agreement information is generated when the key management chain code receives the key backup agreement request sent by the client node, and the key backup agreement information is sent to the client node.
Step S103, generating N key fragments according to the user key, the number N of the key backup nodes in the key backup node set and the number of the nodes which are satisfied by the preset key recovery.
In the embodiment of the invention, a plurality of key fragments are generated according to a user key by adopting a key sharing technology, the key sharing is to divide a key into a plurality of parts, namely fragments, and distribute the fragments to a plurality of participants (also called key backup nodes in the invention), and a plurality of key backup nodes meeting certain conditions are combined to reconstruct the key. Taking the key digital recovery as an example, the key sharing uses the geometric principle to express the key as a point coordinate in a two-dimensional space (the coordinate value of an x axis is 0, and the value of a y axis is the key digital), then some points in the space are randomly generated, a curve is generated by the points and the points expressed by the key, the randomly generated points are the key synthesis components shared by each key backup party, theoretically, the points on the curve can be used as the sharing components, the key is recovered as long as enough points are obtained, then the curve equation is calculated, then x is made to be 0, and the value of y, that is, the key digital, is calculated.
The high availability of the method is mainly embodied in that the key recovery can be carried out by a specified number of key backup parties so as to ensure the availability of the scheme, and the key recovery can still be carried out when part of the key backup parties fail.
The main realization method comprises the following steps: the curve equation depends on that at least several key backup methods are needed to recover the key (by using the characteristics that two points can determine a unique straight line, three points can determine a unitary quadratic function curve, etc.), for example, at least 2 key backups are needed to recover the key, and the curve equation is actually a straight line equation: y is bx + c, and the key number is the y coordinate value of the intersection of the straight line and the y axis, to calculate the linear equation, only b and c need to be obtained, and the points on the straight line (except the key points) can be distributed to n key parties, but as long as two parties calculate the linear equation by using the points taken by each other, the key can be successfully recovered. As shown in fig. 5.
If at least 3 key backups are required to recover the key, a unitary quadratic function, a curve equation, can be constructed: y is ax2+ bx + c, a, b and c are needed to solve the curve equation, and the key can be obtained by making x equal to 0. Two point coordinates and key point coordinates are randomly generated to construct a curve, and at least three point coordinates are needed for solving the unitary quadratic function, namely 3 key backup parties in the n key backup parties are needed to successfully recover the key. As shown in fig. 6:
three, four, five, etc. curves may also be constructed for applications requiring at least 4, 5, 6, or more key backups. In general, assuming that at least t key backups are required to recover the key, a polynomial is constructed:
f(x)=a0+a1x+a2x2+...+at-1xt-1
f(0)=a0the polynomial can be solved by using a Lagrange interpolation method or a variable elimination method.
The key sharing technology is one of core technologies of the invention, and a key is split into different key fragments by constructing a polynomial and distributed to each node on a block chain. By utilizing the verifiable, traceable and non-falsifiable characteristics of the block chain, the key fragments distributed to each node cannot be modified, meanwhile, the use records of the key fragments are registered on the chain, and any non-key holder trying to recover the key which does not belong to the non-key holder is recorded on the block chain. When the key needs to be recovered, the original key holder initiates a recovery request operation, and all nodes on the chain jointly recover the key, and the recovery key is generated at the initiating node.
And step S104, encrypting the key fragments by respectively adopting the public keys of the key backup nodes in the key backup node set, and respectively sending the encrypted key fragments to the key management chain codes of the corresponding key backup nodes, so that the key management chain codes decrypt the encrypted key fragments according to the private keys of the key backup nodes and then temporarily store the decrypted key fragments in the local area.
In the embodiment of the invention, the node client encrypts the key fragment by using the public key of the key backup node in the step, and then sends the encrypted key fragment to the key management chain code of the corresponding key backup node. And when receiving the encrypted key fragment, the key management chain code of the key backup node decrypts the encrypted key fragment by using the own private key, locally and temporarily stores the decrypted key fragment, for example, in a local temporary database, and simultaneously returns an execution success message to the node client.
Step S105, sending a key backup transaction request to the key management chain codes of all the block chain nodes according to the key fragment set, so that the key management chain codes of all the block chain nodes agree with the key backup transaction request, and the key management chain codes of the key backup nodes store the locally temporarily stored key fragments in a local fragment storage database after verifying the locally temporarily stored key fragments.
In the embodiment of the present invention, in this step, the node client sends the key backup transaction request to the key management chain codes of all the blockchain nodes in the key backup recovery channel, so that the key management chain codes of all the blockchain nodes in the key backup recovery channel agree with the key backup transaction request. And meanwhile, the key backup node in the key backup recovery channel also verifies the locally temporarily stored key fragments, stores the key fragments into a local fragment storage database after the verification is passed, and finally returns the successful transaction to the client node. And for the non-key backup node in the key backup recovery channel, as the non-key backup node does not store the key fragment and cannot be successfully verified, returning the completion transaction to the client node.
In an embodiment of the present invention, the sending a key backup transaction request to the key management chain codes of all the blockchain nodes according to the key fragment set in this step specifically includes: performing hash calculation on the key fragment set to obtain a hash set; and generating the key backup transaction request according to the hash set.
In an embodiment of the present invention, after verifying the key fragment temporarily stored locally, the key management chain code of the key backup node stores the key fragment temporarily stored locally in a local fragment storage database, which may specifically be: and calculating the hash value of the key fragment temporarily stored locally by using the key management chain code of the key backup node, and storing the key fragment temporarily stored locally into a local fragment storage database when the hash value is verified to belong to the hash set.
The invention completes the backup of the user key through the steps.
Fig. 2 is a second flowchart of a key backup method based on a blockchain according to an embodiment of the present invention, where an implementation subject may be a client of a blockchain node in a blockchain network corresponding to a recovery process of a user key, and as shown in fig. 2, the key backup method based on a blockchain according to the embodiment further includes steps S201 to S202.
Step S201, sending a user key recovery transaction request to the key management chain codes of all the key backup nodes, where the user key recovery transaction request includes user information and node identifiers, so that the key management chain codes of all the key backup nodes agree on the user key recovery transaction request, and search for the key fragment corresponding to the user information from the fragment storage database, and encrypt the searched key fragment by using the node public key corresponding to the node identifier.
In the embodiment of the invention, when the user key is recovered, the node client sends the user key recovery transaction request to the key management chain codes of all the key backup nodes in the backup recovery channel. The key management chain code of each key backup node agrees on the transaction upon receipt of a key recovery transaction request.
Step S202, when the number of the encrypted key fragments sent by the received key management chain code of the key backup node according to the user key recovery transaction request meets the number of the key recovery meeting nodes, the encrypted key fragments are decrypted according to the node private key, and the user key is generated according to the key fragments with the number meeting the number of the nodes obtained by decryption.
In the embodiment of the invention, the node client continuously receives the encrypted key fragments sent by the key management chain code of the key backup node, and stops receiving when the number of the received encrypted key fragments meets the key recovery and meets the node number t. And after decrypting the encrypted key fragments, generating a user key according to the t key fragments to finish the recovery of the user key.
Fig. 9 is a schematic diagram of a user key backup process according to an embodiment of the present invention, and as shown in fig. 9, in an embodiment of the present invention, the user key backup process specifically includes steps S401 to S412.
Step S401, after the blockchain network is started, a key backup recovery channel SecretSharingChannel is created, and all nodes on the blockchain are added to the SecretSharingChannel, and key management is performed in this channel, which can implement isolation from other services, and meanwhile, a node without access right of this channel cannot access data in this channel.
Step S402, a key management chain code is deployed on the channel secretsharringchannel, which may be an intelligent contract, and the key management chain code mainly processes key-related transaction requests such as key backup and key recovery.
In step S403, the node client initiates a user key backup approval request to the blockchain system.
Step S404, the key management chain code receives the user key backup agreement request, if the node agrees to become a backup node, the transaction is completed and the signature is returned to the node client, and after the node client receives the response, the node client respectively uses the public keys of the nodes to confirm the public key set of the agreement node of the signature transaction and confirm the key sharing parameter M.
In step S405, the node client sets the relevant parameter information, and then may call the "key backup module 15". Using key sharing technique, a set of key backup nodes S ═ P needs to be specifiedi,i=0,1,2...,M.(M<N, N is the total number of nodes) } and the key recovery satisfies the number of nodes t (t<M), which then includes agreement that the node assembly will be saved to the "configuration module 11".
In step S406, the "key backup module 15" of the node client splits the user key, and according to the key sharing technique, a unitary (t-1) polynomial equation y (f) (x) is first constructed, and when x is 0, y is the user key, then M key fragments S 'are generated according to S, and the key fragment set S' is encrypted one-to-one by using the agreement node public key set obtained in step S4.
In step S407, the "key backup module 15" of the node client distributes the encrypted key fragments to the key management chain codes of the corresponding nodes through the "communication module 12".
Step S408, after the key management chain code of the corresponding node receives the encrypted key fragment, firstly, the key management chain code uses the private key of the corresponding node to decrypt, then, the key fragment is stored in the local temporary database, and meanwhile, an execution success message is returned to the node client.
In step S409, the node client performs hash calculation on the key fragment set S 'obtained in step S6 to obtain a hash set H (S'), and then initiates a key backup transaction request to the blockchain system.
In step S410, after receiving the transaction request, each node key management chain code is processed, and performs consensus by using the consensus module 13, and then enters the verification module 14 for verification.
In step S411, in the verification process of the "verification module 14", each node acquires the key fragment of the corresponding user from the temporary database, calculates the hash of the key fragment thereof, checks whether the hash exists in H (S'), and if not, completes the transaction return.
If the step S412 exists in H (S'), the key fragment is saved in the local private database, and a transaction success is returned to the client.
Fig. 10 is a schematic diagram of a user key recovery process according to an embodiment of the present invention, and as shown in fig. 10, in an embodiment of the present invention, the user key recovery process specifically includes steps S301 to S309.
In step S301, the node client obtains key recovery related parameters from the "configuration module 11", including the key backup node sets S and t.
Step S302, the node client initiates a key recovery transaction request, and needs to specify a channel name SecretSharingChannel, a user name (user information), and a key management chain code.
Step S303, packaging the current node identifier Pi and the transaction request together, and sending the packaged current node identifier Pi and the transaction request to all nodes in the agreement set on the SecretSharingChannel channel by using the "communication module 12".
In step S304, each "block chain node 1" receives the key recovery transaction request, and then invokes the key management chain code to perform a corresponding operation.
In step S305, the key fragment of the relevant user is obtained from the database through the chain code.
Step S306, the key fragment is encrypted using the node identity Pi.
Step S307, after the transaction is performed, the block is written into finally, the key recovery operation is recorded on the block chain and exists every time, and each node returns the encrypted key fragment to the node client through the "communication module 12".
In step S308, the node client receives the encrypted key fragments sent from other nodes, and is processed by the "key recovery module 16", and if the number of the received key fragments is less than t, the node client continues to wait until t key fragments are obtained.
Step S309, having received t key fragments, sequentially decrypting the key fragments by using the private key of Pi, and then recovering by using the key sharing technology to finally obtain the recovered user key.
It can be seen from the above embodiments that the scheme of the present invention provides a method for recovering and backing up a blockchain key based on key sharing, which solves the problems of centralization and poor usability of the conventional key backup recovery, and improves the security of user key backup and recovery. The method is mainly based on a key sharing technology, key backup and recovery are converted into a relation between points and curves in a plane through constructing a polynomial, a key is split into a plurality of key components through a curve equation and distributed to designated nodes for storage, and when the key is recovered, the key components are obtained by combining a sufficient number of nodes for recovery. The scheme of the invention has the following advantages:
1. by utilizing the decentralization and traceability characteristics of the block chain, key components are kept by other block chain nodes, and key recovery can be carried out only by combining a sufficient number of nodes;
2. the key component is encrypted by using a public key of a node to which the user key belongs, and the recovery node can decrypt the key component only by holding a corresponding private key so as to realize key recovery;
3. the key backup and recovery operations need to be identified on a block chain system, and finally stored and recorded on a chain, any illegal operation can be monitored, and the key recovery behavior of an illegal user can be traced and punished;
4. by utilizing the characteristics of the key sharing technology, the key can be recovered as long as a sufficient number of key components are obtained, namely, the user key recovery can be completed as long as a sufficient number of nodes respond, and the usability is high.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
Based on the same inventive concept, an embodiment of the present invention further provides a key backup device based on a block chain, which can be used to implement the key backup method based on the block chain described in the foregoing embodiment, as described in the following embodiment. As the principle of solving the problem of the key backup apparatus based on the block chain is similar to that of the key backup method based on the block chain, the embodiment of the key backup apparatus based on the block chain can refer to the embodiment of the key backup method based on the block chain, and repeated details are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 7 is a first structural block diagram of a key backup apparatus based on a block chain according to an embodiment of the present invention, and as shown in fig. 7, the key backup apparatus based on a block chain according to an embodiment of the present invention includes:
a key backup approval request sending unit 101, configured to send a key backup approval request to the key management chain codes of all block chain nodes in the preset key backup recovery channel. In an embodiment of the present invention, the key backup approval request sending unit 101 corresponds to the communication module 12 in fig. 4, and optionally, the key backup approval request sending unit 101 is a part of the communication module 12.
A key backup node set determining unit 102, configured to determine a key backup node set according to key backup agreement information, where if the block chain node agrees to become a key backup node, the key backup agreement information is generated when the key management chain code receives the key backup agreement request. In an embodiment of the present invention, the key backup node set determining unit 102 corresponds to the key backup module 15 in fig. 4, and optionally, the key backup node set determining unit 102 belongs to a part of the key backup module 15.
And the key fragment generating unit 103 is configured to generate N key fragments according to the user key, the number N of key backup nodes in the key backup node set, and the preset number of key recovery satisfying nodes. In an embodiment of the present invention, the key fragment generation unit 103 corresponds to the key backup module 15 in fig. 4, and optionally, the key fragment generation unit 103 belongs to a part of the key backup module 15.
And the key fragment sending unit 104 is configured to encrypt the key fragments by respectively using the public keys of the key backup nodes in the key backup node set, and send the encrypted key fragments to the key management chain codes of the corresponding key backup nodes, so that the key management chain codes decrypt the encrypted key fragments according to the private keys of the key backup nodes and then temporarily store the decrypted key fragments in the local area. In an embodiment of the present invention, the key fragment sending unit 104 corresponds to the communication module 12 in fig. 4, and optionally, the key fragment sending unit 104 is a part of the communication module 12.
A key backup transaction request sending unit 105, configured to send a key backup transaction request to the key management chain codes of all the blockchain nodes according to the key fragment set, so that the key management chain codes of all the blockchain nodes identify the key backup transaction request, and the key management chain codes of the key backup nodes store the locally temporarily stored key fragments in a local fragment storage database after verifying the locally temporarily stored key fragments. In an embodiment of the present invention, the key backup transaction request sending unit 105 corresponds to the consensus module 13 in fig. 4, and optionally, the key backup transaction request sending unit 105 belongs to a part of the consensus module 13.
Fig. 8 is a second structural block diagram of the key backup apparatus based on the block chain according to the embodiment of the present invention, and as shown in fig. 8, the key backup apparatus based on the block chain according to the embodiment of the present invention further includes:
a user key recovery transaction request sending unit 106, configured to send a user key recovery transaction request to the key management chain codes of all the key backup nodes, where the user key recovery transaction request includes user information and node identifiers, so that the key management chain codes of all the key backup nodes agree on the user key recovery transaction request, search the key fragment corresponding to the user information from the fragment storage database, and encrypt the searched key fragment with the node public key corresponding to the node identifier.
And the user key generation unit 107 is configured to, when the number of the encrypted key fragments sent by the received key management chain code of the key backup node according to the user key recovery transaction request satisfies the number of the node according to the key recovery, decrypt the encrypted key fragments according to the node private key, and generate the user key according to the key fragments satisfying the number of the node according to the key recovery obtained by decryption.
In an embodiment of the present invention, the user key recovery transaction request sending unit 106 and the user key generating unit 107 correspond to the key recovery module 16 in fig. 4, and optionally, the user key recovery transaction request sending unit 106 and the user key generating unit 107 belong to a part of the key recovery module 16.
In an embodiment of the present invention, the key backup transaction request sending unit 105 includes:
the hash calculation module is used for carrying out hash calculation on the key fragment set to obtain a hash set;
and the key backup transaction request generation module is used for generating the key backup transaction request according to the hash set.
In an embodiment of the present invention, the key backup apparatus based on a block chain of the present invention further includes:
a backup recovery channel information obtaining unit, configured to obtain backup recovery channel information, where a plurality of blockchain nodes in a blockchain network are added to a backup recovery channel;
and the key management chain code determining unit is used for determining the key management chain code corresponding to each block chain link point in the backup recovery channel.
To achieve the above object, according to another aspect of the present application, there is also provided a computer apparatus. As shown in fig. 11, the computer device comprises a memory, a processor, a communication interface and a communication bus, wherein a computer program that can be run on the processor is stored in the memory, and the steps of the method of the embodiment are realized when the processor executes the computer program.
The processor may be a Central Processing Unit (CPU). The Processor may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or a combination thereof.
The memory, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and units, such as the corresponding program units in the above-described method embodiments of the present invention. The processor executes various functional applications of the processor and the processing of the work data by executing the non-transitory software programs, instructions and modules stored in the memory, that is, the method in the above method embodiment is realized.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor, and the like. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and such remote memory may be coupled to the processor via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more units are stored in the memory and when executed by the processor perform the method of the above embodiments.
The specific details of the computer device may be understood by referring to the corresponding related descriptions and effects in the above embodiments, and are not described herein again.
In order to achieve the above object, according to another aspect of the present application, there is also provided a computer-readable storage medium storing a computer program which, when executed in a computer processor, implements the steps in the above blockchain-based key backup method. It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and they may alternatively be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, or fabricated separately as individual integrated circuit modules, or fabricated as a single integrated circuit module from multiple modules or steps. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (13)

1. A key backup method based on a block chain is characterized by comprising the following steps:
sending a key backup agreement request to key management chain codes of all block chain nodes in a preset key backup recovery channel;
determining a key backup node set according to key backup consent information, wherein if the block chain node agrees to become a key backup node, key backup consent information is generated when the key management chain code receives the key backup consent request;
generating N key fragments according to the user key, the number N of key backup nodes in the key backup node set and the number of preset key recovery satisfying nodes;
encrypting the key fragments by respectively adopting the public keys of the key backup nodes in the key backup node set, and respectively sending the encrypted key fragments to the key management chain codes of the corresponding key backup nodes, so that the key management chain codes decrypt the encrypted key fragments according to the private keys of the key backup nodes and then temporarily store the decrypted key fragments in the local;
and sending a key backup transaction request to the key management chain codes of all the block chain nodes according to the key fragment set so that the key management chain codes of all the block chain nodes can identify the key backup transaction request, and storing the locally temporarily stored key fragments into a local fragment storage database after the key management chain codes of the key backup nodes verify the locally temporarily stored key fragments.
2. The blockchain-based key backup method according to claim 1, further comprising:
sending a user key recovery transaction request to key management chain codes of all the key backup nodes, wherein the user key recovery transaction request comprises user information and node identifications, so that the key management chain codes of all the key backup nodes can identify the user key recovery transaction request commonly, key fragments corresponding to the user information are searched from the fragment storage database, and the searched key fragments are encrypted by adopting node public keys corresponding to the node identifications;
and when the number of the encrypted key fragments sent by the received key management chain code of the key backup node according to the user key recovery transaction request meets the number of the key recovery meeting nodes, decrypting the encrypted key fragments according to the node private key, and generating the user key according to the key fragments with the number meeting the number of the nodes obtained by decryption.
3. The blockchain-based key backup method according to claim 1, wherein the sending a key backup transaction request to the key management chain codes of all blockchain nodes according to the key shard set comprises:
performing hash calculation on the key fragment set to obtain a hash set;
and generating the key backup transaction request according to the hash set.
4. The blockchain-based key backup method according to claim 3, wherein the key management chain code of the key backup node verifies the local temporary stored key fragment and then stores the local temporary stored key fragment in a local fragment storage database, specifically:
and calculating the hash value of the key fragment temporarily stored locally by the key management chain code of the key backup node, and storing the key fragment temporarily stored locally into a local fragment storage database when the hash value is verified to belong to the hash set.
5. The blockchain-based key backup method according to claim 1, further comprising:
obtaining backup recovery channel information, wherein a plurality of block chain nodes in a block chain network are added into the backup recovery channel;
and determining the key management chain code corresponding to each block chain link point in the backup recovery channel.
6. The blockchain-based key backup method according to claim 1, wherein the backup recovery tunnel is formed by initiating a backup recovery tunnel establishment transaction by an administrator node in a blockchain network; the key management chain code is formed by initiating a key management chain code deployment transaction to all block chain nodes in the backup recovery channel through the administrator node.
7. A key backup apparatus based on a block chain, comprising:
a key backup approval request sending unit, configured to send a key backup approval request to key management chain codes of all block chain nodes in a preset key backup recovery channel;
a key backup node set determining unit, configured to determine a key backup node set according to key backup agreement information, where if the block link node agrees to become a key backup node, key backup agreement information is generated when the key management link code receives the key backup agreement request;
the key fragment generating unit is used for generating N key fragments according to the user key, the number N of key backup nodes in the key backup node set and the number of preset key recovery satisfying nodes;
the key fragment sending unit is used for encrypting the key fragments by respectively adopting the public keys of the key backup nodes in the key backup node set and respectively sending the encrypted key fragments to the key management chain codes of the corresponding key backup nodes so that the key management chain codes decrypt the encrypted key fragments according to the private keys of the key backup nodes and then temporarily store the decrypted key fragments in the local area;
and the key backup transaction request sending unit is used for sending a key backup transaction request to the key management chain codes of all the block chain nodes according to the key fragment set so that the key management chain codes of all the block chain nodes can identify the key backup transaction request, and the key management chain codes of the key backup nodes can store the locally temporarily stored key fragments into a local fragment storage database after verifying the locally temporarily stored key fragments.
8. The blockchain-based key backup apparatus according to claim 7, further comprising:
a user key recovery transaction request sending unit, configured to send a user key recovery transaction request to key management chain codes of all the key backup nodes, where the user key recovery transaction request includes user information and node identifiers, so that the key management chain codes of all the key backup nodes agree on the user key recovery transaction request, and search for a key fragment corresponding to the user information from the fragment storage database, and encrypt the searched key fragment with a node public key corresponding to the node identifier;
and the user key generation unit is used for decrypting the encrypted key fragments according to the node private key when the number of the encrypted key fragments sent by the received key management chain code of the key backup node according to the user key recovery transaction request meets the number of the node nodes through key recovery, and generating the user key according to the key fragments meeting the number of the node nodes through the key recovery obtained through decryption.
9. The blockchain-based key backup apparatus according to claim 7, wherein the key backup transaction request transmission unit includes:
the hash calculation module is used for carrying out hash calculation on the key fragment set to obtain a hash set;
and the key backup transaction request generation module is used for generating the key backup transaction request according to the hash set.
10. The device according to claim 9, wherein the key management chain code of the key backup node, after verifying the local temporary stored key fragment, stores the local temporary stored key fragment in a local fragment storage database, specifically:
and calculating the hash value of the key fragment temporarily stored locally by the key management chain code of the key backup node, and storing the key fragment temporarily stored locally into a local fragment storage database when the hash value is verified to belong to the hash set.
11. The blockchain-based key backup apparatus according to claim 7, further comprising:
a backup recovery channel information obtaining unit, configured to obtain backup recovery channel information, where a plurality of blockchain nodes in a blockchain network are added to a backup recovery channel;
and the key management chain code determining unit is used for determining the key management chain code corresponding to each block chain link point in the backup recovery channel.
12. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 6 when executing the computer program.
13. A computer-readable storage medium, in which a computer program is stored which, when executed in a computer processor, implements the method of any one of claims 1 to 6.
CN202011375568.3A 2020-11-30 2020-11-30 Key backup method and device based on block chain Active CN112468297B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011375568.3A CN112468297B (en) 2020-11-30 2020-11-30 Key backup method and device based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011375568.3A CN112468297B (en) 2020-11-30 2020-11-30 Key backup method and device based on block chain

Publications (2)

Publication Number Publication Date
CN112468297A true CN112468297A (en) 2021-03-09
CN112468297B CN112468297B (en) 2022-10-18

Family

ID=74804958

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011375568.3A Active CN112468297B (en) 2020-11-30 2020-11-30 Key backup method and device based on block chain

Country Status (1)

Country Link
CN (1) CN112468297B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113434905A (en) * 2021-07-05 2021-09-24 网易(杭州)网络有限公司 Data sharing method and device, computer equipment and storage medium
CN114124373A (en) * 2021-11-02 2022-03-01 广东省通信产业服务有限公司 Video key management method and system for automatic backup and recovery
CN114448632A (en) * 2022-04-11 2022-05-06 中国工商银行股份有限公司 Block chain-based secret key backup and recovery method and system
CN115310132A (en) * 2022-08-25 2022-11-08 北京华宜信科技有限公司 Data identity identification and data fragmentation method and device
CN115567203A (en) * 2022-09-23 2023-01-03 太保科技有限公司 Method, device, equipment and storage medium for recovering secret information

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110086612A (en) * 2019-04-26 2019-08-02 山大地纬软件股份有限公司 A kind of public and private key backup of block chain and lose method for retrieving and system
CN110912688A (en) * 2019-10-18 2020-03-24 如般量子科技有限公司 Anti-quantum-computation private key backup, loss reporting and recovery method and system based on alliance chain
CN111339199A (en) * 2020-02-28 2020-06-26 中国工商银行股份有限公司 Block chain key recovery method and device
US10790976B1 (en) * 2018-08-01 2020-09-29 Bloomio Ag System and method of blockchain wallet recovery
CN111988419A (en) * 2020-08-28 2020-11-24 深圳壹账通智能科技有限公司 File uploading method, file downloading method, file uploading device, file downloading device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10790976B1 (en) * 2018-08-01 2020-09-29 Bloomio Ag System and method of blockchain wallet recovery
CN110086612A (en) * 2019-04-26 2019-08-02 山大地纬软件股份有限公司 A kind of public and private key backup of block chain and lose method for retrieving and system
CN110912688A (en) * 2019-10-18 2020-03-24 如般量子科技有限公司 Anti-quantum-computation private key backup, loss reporting and recovery method and system based on alliance chain
CN111339199A (en) * 2020-02-28 2020-06-26 中国工商银行股份有限公司 Block chain key recovery method and device
CN111988419A (en) * 2020-08-28 2020-11-24 深圳壹账通智能科技有限公司 File uploading method, file downloading method, file uploading device, file downloading device, computer equipment and storage medium

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113434905A (en) * 2021-07-05 2021-09-24 网易(杭州)网络有限公司 Data sharing method and device, computer equipment and storage medium
CN114124373A (en) * 2021-11-02 2022-03-01 广东省通信产业服务有限公司 Video key management method and system for automatic backup and recovery
CN114448632A (en) * 2022-04-11 2022-05-06 中国工商银行股份有限公司 Block chain-based secret key backup and recovery method and system
CN114448632B (en) * 2022-04-11 2022-08-05 中国工商银行股份有限公司 Block chain-based secret key backup and recovery method and system
CN115310132A (en) * 2022-08-25 2022-11-08 北京华宜信科技有限公司 Data identity identification and data fragmentation method and device
CN115567203A (en) * 2022-09-23 2023-01-03 太保科技有限公司 Method, device, equipment and storage medium for recovering secret information

Also Published As

Publication number Publication date
CN112468297B (en) 2022-10-18

Similar Documents

Publication Publication Date Title
CN112468297B (en) Key backup method and device based on block chain
CN111541727B (en) Block chain all-in-one machine and automatic chain building method and device thereof
US11082482B2 (en) Block chain encoding with fair delay for distributed network devices
TW202011246A (en) Blockchain-based transaction consensus processing method and apparatus, and electronic device
TW202011329A (en) Blockchain-based transaction consensus processing method and apparatus, and electrical device
CN112751673B (en) Supervision-capable data privacy sharing method based on end side cloud cooperation
CN110289968B (en) Private key recovery method, collaborative address creation method, collaborative address signature device and storage medium
CN108833385A (en) User data anonymity sharing method based on the encryption of alliance&#39;s chain
CN111339199B (en) Block chain key recovery method and device
CN109767218B (en) Block chain certificate processing method and system
CN109873801B (en) Method, device, storage medium and computing equipment for establishing trusted channel between user and trusted computing cluster
CN108768647B (en) Random number generation method for block chain
CN113239403A (en) Data sharing method and device
CN114528601B (en) Access method and device based on block chain data, processor and electronic equipment
CN112818061A (en) Unstructured data storage method and block chain system
CN112287366A (en) Data encryption method and device, computer equipment and storage medium
CN115314191A (en) Fusion key application method and system
CN112631836A (en) Method and device for block chain, storage medium and electronic equipment
CN114117406A (en) Data processing method, device, equipment and storage medium
KR102269753B1 (en) Method for performing backup and recovery private key in consortium blockchain network, and device using them
CN115001719B (en) Private data processing system, method, device, computer equipment and storage medium
CN117675216A (en) Data processing method and related equipment
CN111784338A (en) Information processing method, device, system and storage medium
CN115459918A (en) Identity authentication method and device
US20230336998A1 (en) Safe mode configuration method, device and system, and computer-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant