CN112540957A - File secure storage and sharing system based on mixed block chain and implementation method - Google Patents
File secure storage and sharing system based on mixed block chain and implementation method Download PDFInfo
- Publication number
- CN112540957A CN112540957A CN202011396333.2A CN202011396333A CN112540957A CN 112540957 A CN112540957 A CN 112540957A CN 202011396333 A CN202011396333 A CN 202011396333A CN 112540957 A CN112540957 A CN 112540957A
- Authority
- CN
- China
- Prior art keywords
- file
- node
- sharing
- access
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/11—File system administration, e.g. details of archiving or snapshots
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/176—Support for shared access to files; File sharing support
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a system and a method for safely storing and sharing files based on a mixed block chain, belonging to the field of file sharing, aiming at solving the technical problems of realizing file privacy protection, file forgery and falsification prevention and file authorized access and further improving the speed of file sharing, and adopting the technical scheme that: the system comprises a storage layer, a management layer and a management layer, wherein the storage layer is used for storing shared files and protecting the non-tamper property of the files; the storage layer adopts IPFS; the sharing layer is used for recording the transaction information, providing a proof for tracing the file sharing process, and simultaneously automatically executing identity authentication to ensure that the file is safely shared under the condition that no third party participates; the sharing layer comprises a multi-layer blockchain model and an intelligent contract on a blockchain; the user layer is used for managing, updating, checking and sharing the files; the user layer consists of participants. The method comprises the following specific steps: initializing; identity registration and authentication; encrypting and storing the file; and (5) sharing the files.
Description
Technical Field
The invention relates to the field of archive sharing, in particular to an archive safe storage and sharing system based on a mixed block chain and an implementation method.
Background
In recent years, with the progress of society and the development of scientific technology, the way of storing archives has undergone a series of changes. The development of information is gradually progressing from the original paper storage to the present electronic archive. Paper archives are the most common mode of archive storage, and most of the units have archive storage departments, but paper archives have many inevitable drawbacks, for example, the storage of paper archives has high environmental requirements, and the wet environment easily causes the paper archives to be unclear in writing or even damaged. Because paper archives are easy to forge and falsify, the safety of archives can not be guaranteed, and meanwhile, the paper archives have the problem of difficult sharing, and the private archives related to privacy have the risk of leakage.
With the popularization of computers, paper files are gradually changed into electronic files, and compared with paper files, the advantages of electronic files are obvious. The electronic archive solves the problem that the paper archive storage environment requires high, the electronic archive needs a certain storage space, and the situation that handwriting is damaged and is unclear does not exist. The sharing of electronic files is very convenient, but there are a series of problems:
firstly, electronic files are not absolutely secure, and there are cases where malicious persons attack and tamper with the files, and the leakage of information is extremely insecure for files involving much personal privacy; if the identity is forged by malicious personnel to carry out illegal activities, serious consequences can be caused;
secondly, the storage of most electronic files is centralized, the centralized storage has the hidden trouble of single-point failure, and the storage cost is increased along with the increase of the file data;
third, electronic files are not secure though they are convenient to share, and file owners do not have the definite ownership of their files, so that files are easy to spread maliciously without knowing, and privacy information is leaked.
With the wide attention paid to the blockchain technology, blockchains are applied in more and more fields. The blockchain has many advantages such as decentralization, tamper resistance, traceability and the like, and the characteristics make the blockchain have a large developable space in the aspect of file sharing. However, the blockchain has a certain limitation, the storage cost of the blockchain is very expensive, and even if the storage cost is neglected, the file synchronization is very difficult due to the large file data storage, so the blockchain is not suitable for storing a large number of files. The data stored in the blockchain is shared among all nodes of the blockchain, privacy is important for personal files, the files are directly stored on the blockchain, and the participating nodes can synchronize the files to expose privacy, so that the method is very unsafe.
Most of existing archive sharing based on the block chain relieves the problem of storage of a large number of archives on the block chain in an off-chain storage mode, the storage problem of a large number of data is solved to a certain extent by combination of the block chain and cloud storage, but for private data, the participation of any third party has risks; because the cloud service provider cannot be guaranteed to be credible, the file relates to a lot of personal privacy information, and once the file is revealed and utilized by malicious personnel, serious consequences can be caused. In the file sharing aspect, a secure mechanism is also needed to clarify ownership of the file owner and avoid the file from being spread and divulging privacy under the condition that the owner does not know.
The distributed file system IPFS can relieve the storage pressure of the block chain and avoid the participation of a third party, and compared with cloud storage, the IPFS is a safer choice. IPFS is based on content addressing, any slight content change can cause Hash change, although the possibility of file change is avoided, data is directly uploaded to the IPFS, and the possibility of file information leakage still exists through leakage of file Hash. The block chain can only process 7 transactions per second, the throughput is low, severe network congestion is easily caused, and a scene with high requirements on the throughput is limited.
In summary, how to achieve the protection of file privacy, the impossibility of file forgery and falsification, and the authorized access of the file, and further improve the speed of file sharing is a technical problem to be solved.
Disclosure of Invention
The technical task of the invention is to provide a system and a method for safely storing and sharing files based on a mixed block chain, so as to solve the problems of how to realize file privacy protection, file forgery prevention and falsification prevention and authorized access of the files and further improve the speed of file sharing.
The technical task of the present invention is achieved in that a system for secure storage and sharing of archives based on a hybrid blockchain, the system comprising,
the storage layer is used for storing the shared files and protecting the non-tamper property of the files; the storage layer adopts IPFS;
the sharing layer is used for recording the transaction information, providing a proof for tracing the file sharing process, and simultaneously automatically executing identity authentication to ensure that the file is safely shared under the condition that no third party participates; the sharing layer comprises a multi-layer blockchain model and an intelligent contract on a blockchain;
the user layer is used for managing, updating, checking and sharing the files; the user layer consists of participants.
Preferably, the participants include a profile authority, a profile manager, a profile owner, and a profile visitor; wherein, the file management organization manages the files of a plurality of file owners, and under the condition of confirmation of the file owner, the file management organization has the authority of updating the files; the file visitor can view the file owner's file information, only view the authority not modify the authority. For example, in a school, the school is divided into different families, each family has a plurality of students, the archive management department of the school is equivalent to an archive management organization, the archive administrator in the family is equivalent to the archive administrator in the system, the students are archive owners, and the enterprise unit needing to access the student archives is archive visitors.
The file sharing participating entity is specifically as follows:
archives management agency of school: the file administration mechanism of the school can be a leader node and is responsible for the file sharing management of the whole school. And the access node can also be used as an access node, for example, the access node can be used as a student profile for applying for accessing other child chains in the case of transfer and the like.
Department of school is file manager: schools have different institutions or grades, each institution and grade has personnel responsible for managing files as a bridge for communication between students and school management institutions, and the institution file management personnel of the schools are team nodes. The team nodes are bridges between the leader node and the common nodes.
A student: students are common nodes that share archives.
Enterprises, institutions, etc.: and enterprise units and the like are access nodes, initiate access applications to files of required students and obtain the files shared by the students.
If a public block chain is used for file sharing, all nodes need to be added, the participating nodes are numerous and have complicated transactions, and the frequent authentication and operation of the block chain wastes a large amount of resources and time and cannot meet the processing requirement of file sharing. The nodes are added into the private chain and the alliance chain through identity authentication, and nodes of different groups do not belong to the same leader node for management, so that the nodes cannot be added into the sub-chain through a uniform identity authentication scheme. We propose a multi-layer blockchain model based on this complex situation.
Preferably, the multi-layer blockchain model comprises a main chain and a plurality of sub-chains, wherein the main chain is in a form of a alliance chain, and the sub-chains are in a form of a private chain.
Preferably, the sub-chain comprises group nodes and common nodes, the group nodes deploy intelligent contracts to register and authenticate the added common nodes, and the identity registration information of the common nodes is uploaded to the main chain to be stored; when the identity of the common node is verified, only the intelligent contract of the sub-chain is needed;
the group nodes are used for simply processing and forwarding archive data of common nodes in the sub-chain;
the normal node is used to process simple data.
Preferably, the main chain comprises a leader node and an access node, the leader node and the access node are used as miner nodes and added into the main chain, the leader node is provided with an intelligent contract to register and authenticate group nodes, and after the group nodes are authenticated, registration and authentication information is stored in the main chain; the access node is added into the main chain and is required to be permitted by a 2/3 leader node on the main chain, after the permission is obtained, the access node can be added into the main chain after being registered and authenticated by the intelligent contract, and the registration and authentication information is stored on the main chain so that the intelligent contract is deployed on the main chain to carry out identity verification when the access node initiates a transaction;
the leader node is used for managing the team nodes and the access nodes of the corresponding child chains, and is also used for updating and sharing the files under the condition of confirmation of the file owner;
the access node is used for initiating a file access application in the main chain and carrying out automatic sharing operation by the intelligent contract.
A method for realizing safe storage and sharing of archives based on a mixed block chain comprises the following steps:
initialization: constructing a multi-layer block chain model based on an Ethengfang, initializing a main chain comprising leader nodes, and adding access nodes, group nodes and common nodes into the main chain through identity authentication;
identity registration and authentication: the leader node respectively registers and authenticates identities of the group node, the access node and the common node, after the legal node is successfully registered, a corresponding node id is obtained and added into a corresponding chain, and a private key and a public key distributed by the Etheng are obtained; wherein the private key is stored locally;
encrypting and storing the file: firstly, encrypting the file, then storing the file, and carrying out double protection on the storage of the file;
file sharing: the access node sends a file access application in the main chain and realizes sharing through an intelligent contract.
Preferably, the group node registration and identity authentication are specifically as follows:
the group nodes register and authenticate on the main chain, and the group nodes register and authenticate intelligent contracts through the leader node deployed on the main chain;
after the registration is successful, storing the registration information and the identity authentication information on a main chain;
the access node registration and identity authentication are specifically as follows:
in the main chain, the joining of the access node to the main chain firstly needs to obtain the permission of 2/3 leader node in the main chain;
triggering an access node registration and identity authentication intelligent contract after obtaining permission;
as with the registration of the team node, the registration and authentication are stored on the backbone.
Preferably, the common node registration and identity authentication are specifically as follows:
the common nodes are registered and authenticated in the sub-chain, and the intelligent contract is registered by the identity of the common nodes deployed in the sub-chain through the group nodes;
and adding the common node which is successfully authenticated into the sub-chain, sending the identity registration information to the main chain for storage, and storing the identity authentication information in the sub-chain.
Preferably, the encrypted archive storage specifically comprises the following steps:
carrying out AES encryption on the file through a secret key to generate a file ciphertext;
the common node encrypts a file locally and stores a file ciphertext into the IPFS;
the IPFS is a storage system based on content addressing, the IPFS returns a file Hash, and the file Hash is a key for accessing the stored content;
and finding a file ciphertext stored in the IPFS through the file Hash, and decrypting by using a file key to obtain the shared file.
Preferably, the archive sharing is as follows:
the access node sends a file access application in a main chain, signs, and triggers an access node identity authentication intelligent contract; after the verification is successful, the verification result and the access application trigger the leader node to permit the intelligent contract;
after the leader node permits, the verification result, the access application and the leader permit trigger the master file to access the intelligent contract, the intelligent contract finds the corresponding group node according to the common node id information in the access application, and sends the access application to the corresponding group node;
after the group node obtains the access application, triggering a sub-file access intelligent contract, sending the access application to a corresponding common node, after the common node agrees to access, encrypting a file key and a file Hash by using a public key of the access node, sharing the sub-file access intelligent contract by using the sub-file sharing intelligent contract, returning a transaction id to the sub-file access intelligent contract, and returning the automatic access sharing content of the sub-file access intelligent contract to the group node;
after the group nodes obtain the encrypted shared content, the main file sharing intelligent contract on the main chain is triggered, the shared content is sent to the access nodes, the access nodes decrypt through the own public keys, the file cipher texts are obtained through the file Hash, and the access files are obtained through decryption of the file secret keys.
The system for safely storing and sharing the archives based on the mixed block chain and the implementation method have the following advantages that:
the invention solves the problems of the prior electronic file technology that the owner of the file knows the right, the file privacy protection and the file can not be forged and falsified, and improves the file sharing speed by using a multi-layer chain form;
(II) the access node can initiate an access application in the main chain, and after permission of the leader node, sharing can be carried out through the main file sharing intelligent contract; adding the group nodes and the common nodes into corresponding sub-chains, wherein the sub-chains are managed by a plurality of group nodes, identity authentication and registration are carried out on the common nodes, and the group nodes carry out information interaction on the main chain and the sub-chains through intelligent contracts; the IPFS storage system is responsible for an off-link storage part, and the IPFS can ensure that the stored content is not tampered, so that the privacy protection of files, the impossibility and tampering of the files and the authorized access of the files are realized, and the file sharing speed is effectively improved;
third, because the confidentiality of the file, involve numerous personal privacy, do not want the file to reveal to the third party in storing and sharing, but the file plain text is directly stored in IPFS security can't be guaranteed, reveal the file directly if Hash that IPFS returns reveals the file, the invention stores the file after encrypting first, thus carry on the double protection to the storage of the file, first IPFS is based on addressing of the content, any minor content change will cause the change of Hash, can prevent our content from being tampered; secondly, encrypting and then storing, even if a malicious participant obtains the file Hash returned by the IPFS in an illegal way, the obtained file ciphertext is also the file ciphertext, and effective information cannot be obtained;
in the invention, the file encryption is locally carried out at a common node, the local resources are limited generally, and an AES encryption algorithm with high operation speed, high safety performance and less resource consumption is selected in order to adapt to more environments; meanwhile, the common node locally encrypts the file, uploads the encrypted file to the IPFS for storage, the IPFS is a storage system based on content addressing, and returns a file Hash, the file Hash is a key for accessing the stored content, the position of a file ciphertext is determined through sharing of the file Hash, and the file ciphertext is further obtained.
Drawings
The invention is further described below with reference to the accompanying drawings.
FIG. 1 is a block diagram of a hybrid blockchain based secure archive storage and sharing system;
FIG. 2 is a block diagram of a process for ordinary node registration and identity authentication;
FIG. 3 is a block diagram of a process for access node registration and identity authentication;
FIG. 4 is a block diagram of a process for encrypted storage of files;
FIG. 5 is a block diagram of a process for file sharing.
Detailed Description
The system and method for secure storage and sharing of archives based on mixed blockchains according to the present invention are described in detail below with reference to the drawings and the embodiments.
Example 1:
as shown in fig. 1, the archive secure storage and sharing system based on the mixed block chain of the present invention includes,
the storage layer is used for storing the shared files and protecting the non-tamper property of the files; the storage layer adopts IPFS;
the sharing layer is used for recording the transaction information, providing a proof for tracing the file sharing process, and simultaneously automatically executing identity authentication to ensure that the file is safely shared under the condition that no third party participates; the sharing layer comprises a multi-layer blockchain model and an intelligent contract on a blockchain;
the user layer is used for managing, updating, checking and sharing the files; the user layer consists of participants. The participants comprise a file management mechanism, a file manager, a file owner and a file visitor; wherein, the file management organization manages the files of a plurality of file owners, and under the condition of confirmation of the file owner, the file management organization has the authority of updating the files; the file visitor can view the file owner's file information, only view the authority not modify the authority. For example, in a school, the school is divided into different families, each family has a plurality of students, the archive management department of the school is equivalent to an archive management organization, the archive administrator in the family is equivalent to the archive administrator in the system, the students are archive owners, and the enterprise unit needing to access the student archives is archive visitors.
Wherein, the archives management of school constructs: the file administration mechanism of the school can be a leader node and is responsible for the file sharing management of the whole school. And the access node can also be used as an access node, for example, the access node can be used as a student profile for applying for accessing other child chains in the case of transfer and the like.
Department of school is file manager: schools have different institutions or grades, each institution and grade has personnel responsible for managing files as a bridge for communication between students and school management institutions, and the institution file management personnel of the schools are team nodes. The team nodes are bridges between the leader node and the common nodes.
A student: students are common nodes that share archives.
Enterprises, institutions, etc.: and enterprise units and the like are access nodes, initiate access applications to files of required students and obtain the files shared by the students.
If a public block chain is used for file sharing, all nodes need to be added, the participating nodes are numerous and have complicated transactions, and the frequent authentication and operation of the block chain wastes a large amount of resources and time and cannot meet the processing requirement of file sharing. The nodes are added into the private chain and the alliance chain through identity authentication, and nodes of different groups do not belong to the same leader node for management, so that the nodes cannot be added into the sub-chain through a uniform identity authentication scheme. We propose a multi-layer blockchain model based on this complex situation.
The multi-layer blockchain model in this embodiment includes a main chain and a plurality of sub-chains, where the main chain is in the form of a federation chain and the sub-chains are in the form of private chains. The sub-chain comprises group nodes and common nodes, the group nodes are deployed with intelligent contracts to register and authenticate identities of the added common nodes, and identity registration information of the common nodes is uploaded to the main chain to be stored; when the identity of the common node is verified, only the intelligent contract of the sub-chain is needed; the group nodes are used for simply processing and forwarding archive data of common nodes in the sub-chain; the normal node is used to process simple data.
The main chain in the embodiment comprises a leader node and an access node, wherein the leader node and the access node are used as miner nodes and added into the main chain, the leader node is provided with an intelligent contract to register and authenticate group nodes, and after the group nodes are authenticated, registration and authentication information is stored in the main chain; the access node is added into the main chain and is required to be permitted by a 2/3 leader node on the main chain, after the permission is obtained, the access node can be added into the main chain after being registered and authenticated by the intelligent contract, and the registration and authentication information is stored on the main chain so that the intelligent contract is deployed on the main chain to carry out identity verification when the access node initiates a transaction; the leader node is used for managing the team nodes and the access nodes of the corresponding child chains, and is also used for updating and sharing the files under the condition of confirmation of the file owner; the access node is used for initiating a file access application in the main chain and carrying out automatic sharing operation by the intelligent contract.
Example 2:
the invention relates to a method for realizing safe storage and sharing of archives based on a mixed block chain, which comprises the following steps:
s1, initialization: constructing a multi-layer block chain model based on an Ethengfang, initializing a main chain comprising leader nodes, and adding access nodes, group nodes and common nodes into the main chain through identity authentication;
s2, identity registration and authentication: the leader node respectively registers and authenticates identities of the group node, the access node and the common node, after the legal node is successfully registered, a corresponding node id is obtained and added into a corresponding chain, and a private key and a public key distributed by the Etheng are obtained; wherein the private key is stored locally;
s3, file encryption storage: firstly, encrypting the file, then storing the file, and carrying out double protection on the storage of the file;
s4, file sharing: the access node sends a file access application in the main chain and realizes sharing through an intelligent contract.
The registration and identity authentication of the group node in step S2 in this embodiment are specifically as follows:
(1) the group nodes are registered and authenticated on the main chain, and the group nodes are deployed on the main chain through the leader node to register and authenticate the intelligent contract;
(2) after the registration is successful, storing the registration information and the identity authentication information on the main chain;
as shown in fig. 3, the access node registration and identity authentication in step S2 in this embodiment are specifically as follows:
(1) in the main chain, the joining of the access node to the main chain first needs to obtain permission of 2/3 leader node in the main chain:
if not, returning to join failure;
if yes, executing the step (2);
(2) triggering an access node registration and identity authentication intelligent contract after obtaining the permission;
(3) the access node can initiate a file access transaction, and the registration and identity authentication are stored on the main chain, and the access node is successfully added into the main chain.
As shown in fig. 2, the ordinary node registration and identity authentication in step S2 in this embodiment are specifically as follows:
(1) and the common node performs registration and authentication on the child chain:
if the authentication is not passed, returning to join failure;
if the authentication is successful, executing the step (2);
(2) triggering nodes on the sub-chain to register the intelligent contract for registration, and synchronizing the content on the chain after the registration is successful;
(3) generating an archive sharing transaction in the block chain, wherein the common node is successfully added into the sub-chain;
(4) and adding the common node which is successfully authenticated into the sub-chain, sending the identity registration information to the main chain for storage, and storing the identity authentication information in the sub-chain.
In this embodiment, the file in step S3 adopts AES encryption algorithm;
as shown in fig. 4, the file encrypted storage in step S3 of this embodiment is as follows:
s301, AES encryption is carried out on the file through a secret key to generate a file ciphertext; AES is a block cipher where the archive information is first divided into 128-bit groups of 16 bytes each. The key can be 128 bits, 192 bits or 256 bits, different lengths of the key have different numbers of encryption rounds, the 128-bit key is used for encrypting 10 rounds, the 192-bit key is used for encrypting 12 rounds, and the 256 bits need to be encrypted for 14 rounds. The file owner can independently select the key length according to the privacy degree of the file, and the longer the key length is, the higher the security is.
S302, the common node encrypts a file locally and stores a file ciphertext into an IPFS;
s303, the IPFS is a storage system based on content addressing, the IPFS returns a file Hash, and the file Hash is a key for accessing the stored content;
s304, finding out a file cipher text stored in the IPFS through the file Hash, and decrypting the file cipher text by using a file secret key to obtain a shared file.
The file sharing in step S4 of this embodiment is as follows:
s401, an access node sends a file access application in a main chain, signs the file access application and triggers an access node identity authentication intelligent contract; after the verification is successful, the verification result and the access application trigger the leader node to permit the intelligent contract;
s402, after the node to be led permits, verifying results, access applications and leading permits trigger a main file to access an intelligent contract, the intelligent contract finds corresponding group nodes according to common node id information in the access applications, and sends the access applications to the corresponding group nodes;
s403, after the group node obtains the access application, triggering the sub-file access intelligent contract, sending the access application to the corresponding common node, after the common node agrees to access, encrypting the file key and the file Hash by using the public key of the access node, sharing the sub-file access intelligent contract through the sub-file sharing intelligent contract, returning the transaction id to the sub-file access intelligent contract, and returning the automatic access sharing content of the sub-file access intelligent contract to the group node;
s404, after the group nodes obtain the encrypted shared content, triggering the main file shared intelligent contract on the main chain, sending the shared content to the access node, decrypting by the access node through the public key of the access node, obtaining a file ciphertext through the file Hash, and decrypting by the file secret key to obtain the access file.
Example 3:
as shown in fig. 5, the present embodiment takes a student profile scenario as an example, and introduces the whole profile sharing process as follows:
firstly, a file access unit sends an access application;
triggering an identity authentication intelligent contract, and triggering a leader node to permit the intelligent contract together with an access application after the authentication is successful;
after the corresponding leader node (school file management department) agrees, calling a master file sharing contract to send an access application, a verification certificate and a leader permission to the corresponding group nodes (department managers corresponding to the student files);
accessing an application, verifying a certificate and leading permission to trigger an archive sharing intelligent contract on the child chain through the group node, and sending information to a corresponding common node (a student accessing an archive);
and (V) if the common nodes agree to share the archives, returning the sharing information to the intelligent contract shared by the sub-archives. The intelligent contract returns information to the group nodes;
the group nodes return the information to the archive sharing intelligent contract on the main chain, and then the intelligent contract sends the information to the access node;
and (seventh), the access node downloads the file from the IPFS to the local through the Hash, and the shared file can be obtained after the file is decrypted by using the file key.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A system for secure storage and sharing of archives based on a hybrid blockchain, the system comprising,
the storage layer is used for storing the shared files and protecting the non-tamper property of the files; the storage layer adopts IPFS;
the sharing layer is used for recording the transaction information, providing a proof for tracing the file sharing process, and simultaneously automatically executing identity authentication to ensure that the file is safely shared under the condition that no third party participates; the sharing layer comprises a multi-layer blockchain model and an intelligent contract on a blockchain;
the user layer is used for managing, updating, checking and sharing the files; the user layer consists of participants.
2. The hybrid blockchain-based secure storage and sharing of archives system of claim 1, wherein the participants include an archive administration authority, an archive administrator, an archive owner, and an archive visitor; wherein, the file management organization manages the files of a plurality of file owners, and under the condition of confirmation of the file owner, the file management organization has the authority of updating the files; the file visitor can view the file owner's file information, only view the authority not modify the authority.
3. The hybrid blockchain-based archive secure storage and sharing system according to claim 1, wherein the multi-tiered blockchain model includes a main chain and a plurality of sub-chains, the main chain being in the form of a federation chain and the sub-chains being in the form of private chains.
4. The system for securely storing and sharing archives based on the hybrid blockchain according to claim 3, wherein the child chain comprises team nodes and common nodes, the team nodes deploy intelligent contracts to register and authenticate identities of the joined common nodes, and upload identity registration information of the common nodes to the main chain for storage; when the identity of the common node is verified, only the intelligent contract of the sub-chain is needed;
the group nodes are used for simply processing and forwarding archive data of common nodes in the sub-chain;
the normal node is used to process simple data.
5. The system for safely storing and sharing the archives based on the hybrid block chain according to claim 3 or 4, wherein the main chain comprises a leader node and an access node, the leader node and the access node are used as miner nodes and added into the main chain, the leader node sets an intelligent contract to register and authenticate the identities of the group nodes, and after the identities of the group nodes are authenticated, the registration and authentication information is stored in the main chain; the access node is added into the main chain and is required to be permitted by a 2/3 leader node on the main chain, after the permission is obtained, the access node can be added into the main chain after being registered and authenticated by the intelligent contract, and the registration and authentication information is stored on the main chain so that the intelligent contract is deployed on the main chain to carry out identity verification when the access node initiates a transaction;
the leader node is used for managing the team nodes and the access nodes of the corresponding child chains, and is also used for updating and sharing the files under the condition of confirmation of the file owner;
the access node is used for initiating a file access application in the main chain and carrying out automatic sharing operation by the intelligent contract.
6. A method for realizing safe storage and sharing of archives based on a mixed block chain is characterized by comprising the following steps:
initialization: constructing a multi-layer block chain model based on an Ethengfang, initializing a main chain comprising leader nodes, and adding access nodes, group nodes and common nodes into the main chain through identity authentication;
identity registration and authentication: the leader node respectively registers and authenticates identities of the group node, the access node and the common node, after the legal node is successfully registered, a corresponding node id is obtained and added into a corresponding chain, and a private key and a public key distributed by the Etheng are obtained; wherein the private key is stored locally;
encrypting and storing the file: firstly, encrypting the file, then storing the file, and carrying out double protection on the storage of the file;
file sharing: the access node sends a file access application in the main chain and realizes sharing through an intelligent contract.
7. The method for securely storing and sharing archives based on hybrid blockchains according to claim 6, wherein the group node registration and identity authentication are specifically as follows:
the group nodes register and authenticate on the main chain, and the group nodes register and authenticate intelligent contracts through the leader node deployed on the main chain;
after the registration is successful, storing the registration information and the identity authentication information on a main chain;
the access node registration and identity authentication are specifically as follows:
in the main chain, the joining of the access node to the main chain firstly needs to obtain the permission of 2/3 leader node in the main chain;
triggering an access node registration and identity authentication intelligent contract after obtaining permission;
the registration and authentication are stored on the backbone.
8. The method for securely storing and sharing a record based on a hybrid blockchain according to claim 6, wherein the common node registration and identity authentication are specifically as follows:
the common nodes are registered and authenticated in the sub-chain, and the intelligent contract is registered by the identity of the common nodes deployed in the sub-chain through the group nodes;
and adding the common node which is successfully authenticated into the sub-chain, sending the identity registration information to the main chain for storage, and storing the identity authentication information in the sub-chain.
9. The method for realizing secure storage and sharing of archives based on a hybrid blockchain according to claim 6, wherein the encrypted storage of the archives is as follows:
carrying out AES encryption on the file through a secret key to generate a file ciphertext;
storing the file ciphertext into the IPFS;
the IPFS returns a file Hash which is the key for accessing the stored content;
and finding a file ciphertext stored in the IPFS through the file Hash, and decrypting by using a file key to obtain the shared file.
10. The method for securely storing and sharing archives based on mixed blockchains according to any one of claims 6 to 9, wherein the archive sharing is specifically as follows:
the access node sends a file access application in a main chain, signs, and triggers an access node identity authentication intelligent contract; after the verification is successful, the verification result and the access application trigger the leader node to permit the intelligent contract;
after the leader node permits, the verification result, the access application and the leader permit trigger the master file to access the intelligent contract, the intelligent contract finds the corresponding group node according to the common node id information in the access application, and sends the access application to the corresponding group node;
after the group node obtains the access application, triggering a sub-file access intelligent contract, sending the access application to a corresponding common node, after the common node agrees to access, encrypting a file key and a file Hash by using a public key of the access node, sharing the sub-file access intelligent contract by using the sub-file sharing intelligent contract, returning a transaction id to the sub-file access intelligent contract, and returning the automatic access sharing content of the sub-file access intelligent contract to the group node;
after the group nodes obtain the encrypted shared content, the main file sharing intelligent contract on the main chain is triggered, the shared content is sent to the access nodes, the access nodes decrypt through the own public keys, the file cipher texts are obtained through the file Hash, and the access files are obtained through decryption of the file secret keys.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011396333.2A CN112540957B (en) | 2020-12-03 | 2020-12-03 | File secure storage and sharing system based on mixed block chain and implementation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011396333.2A CN112540957B (en) | 2020-12-03 | 2020-12-03 | File secure storage and sharing system based on mixed block chain and implementation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112540957A true CN112540957A (en) | 2021-03-23 |
| CN112540957B CN112540957B (en) | 2022-06-24 |
Family
ID=75015489
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011396333.2A Active CN112540957B (en) | 2020-12-03 | 2020-12-03 | File secure storage and sharing system based on mixed block chain and implementation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112540957B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113626456A (en) * | 2021-08-18 | 2021-11-09 | 安徽宝葫芦信息科技集团股份有限公司 | File data consistency maintaining system and method based on block chain technology |
| CN114338081A (en) * | 2021-11-29 | 2022-04-12 | 上海浦东发展银行股份有限公司 | Multi-block chain unified identity authentication method and device and computer equipment |
| CN114925401A (en) * | 2022-06-14 | 2022-08-19 | 北京师范大学 | Learning condition recording system and method based on block chain and distributed storage |
| CN115174277A (en) * | 2022-09-07 | 2022-10-11 | 浙江省邮电工程建设有限公司 | Data communication and file exchange method based on block chain |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108055274A (en) * | 2017-12-22 | 2018-05-18 | 广东工业大学 | A kind of encryption based on alliance's chain storage data and shared method and system |
| CN109559117A (en) * | 2018-11-14 | 2019-04-02 | 北京科技大学 | Block chain contract method for secret protection and system based on the encryption of attribute base |
| CN109871669A (en) * | 2019-03-14 | 2019-06-11 | 哈尔滨工程大学 | A kind of data sharing solution based on block chain technology |
| CN110211651A (en) * | 2019-05-30 | 2019-09-06 | 爱多特(广东)网络技术有限公司 | The health account system of diabetes remote comprehensive intervention based on block chain |
| CN110245185A (en) * | 2019-05-21 | 2019-09-17 | 平安普惠企业管理有限公司 | Data processing method, terminal device and computer storage medium based on alliance's chain |
| CN110535833A (en) * | 2019-08-07 | 2019-12-03 | 中国石油大学(北京) | A kind of data sharing control method based on block chain |
| CN110971390A (en) * | 2019-11-29 | 2020-04-07 | 杭州云象网络技术有限公司 | Fully homomorphic encryption method for intelligent contract privacy protection |
| CN111414647A (en) * | 2020-03-23 | 2020-07-14 | 深圳市闪联信息技术有限公司 | Tamper-proof data sharing system and method based on block chain technology |
| CN111490968A (en) * | 2019-01-29 | 2020-08-04 | 上海汉澄电子设备有限公司 | Block chain technology-based alliance multi-node network identity authentication method |
| CN111598566A (en) * | 2020-04-30 | 2020-08-28 | 厦门潭宏信息科技有限公司 | Network payment system based on mixed cross-chain |
| CN111611554A (en) * | 2020-04-21 | 2020-09-01 | 哈尔滨工业大学 | Drawing file circulation and tracing system and method based on alliance block chain |
| CN111625873A (en) * | 2020-05-27 | 2020-09-04 | 山东师范大学 | Controllable information disclosure method and system based on mixed block chain |
| CN111738743A (en) * | 2020-05-27 | 2020-10-02 | 国网电力科学研究院有限公司 | Block chain-based customer service interaction method and device |
| CN111916173A (en) * | 2020-08-07 | 2020-11-10 | 安徽师范大学 | Medical data safety sharing system and method based on IPFS and alliance chain |
-
2020
- 2020-12-03 CN CN202011396333.2A patent/CN112540957B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108055274A (en) * | 2017-12-22 | 2018-05-18 | 广东工业大学 | A kind of encryption based on alliance's chain storage data and shared method and system |
| CN109559117A (en) * | 2018-11-14 | 2019-04-02 | 北京科技大学 | Block chain contract method for secret protection and system based on the encryption of attribute base |
| CN111490968A (en) * | 2019-01-29 | 2020-08-04 | 上海汉澄电子设备有限公司 | Block chain technology-based alliance multi-node network identity authentication method |
| CN109871669A (en) * | 2019-03-14 | 2019-06-11 | 哈尔滨工程大学 | A kind of data sharing solution based on block chain technology |
| CN110245185A (en) * | 2019-05-21 | 2019-09-17 | 平安普惠企业管理有限公司 | Data processing method, terminal device and computer storage medium based on alliance's chain |
| CN110211651A (en) * | 2019-05-30 | 2019-09-06 | 爱多特(广东)网络技术有限公司 | The health account system of diabetes remote comprehensive intervention based on block chain |
| CN110535833A (en) * | 2019-08-07 | 2019-12-03 | 中国石油大学(北京) | A kind of data sharing control method based on block chain |
| CN110971390A (en) * | 2019-11-29 | 2020-04-07 | 杭州云象网络技术有限公司 | Fully homomorphic encryption method for intelligent contract privacy protection |
| CN111414647A (en) * | 2020-03-23 | 2020-07-14 | 深圳市闪联信息技术有限公司 | Tamper-proof data sharing system and method based on block chain technology |
| CN111611554A (en) * | 2020-04-21 | 2020-09-01 | 哈尔滨工业大学 | Drawing file circulation and tracing system and method based on alliance block chain |
| CN111598566A (en) * | 2020-04-30 | 2020-08-28 | 厦门潭宏信息科技有限公司 | Network payment system based on mixed cross-chain |
| CN111625873A (en) * | 2020-05-27 | 2020-09-04 | 山东师范大学 | Controllable information disclosure method and system based on mixed block chain |
| CN111738743A (en) * | 2020-05-27 | 2020-10-02 | 国网电力科学研究院有限公司 | Block chain-based customer service interaction method and device |
| CN111916173A (en) * | 2020-08-07 | 2020-11-10 | 安徽师范大学 | Medical data safety sharing system and method based on IPFS and alliance chain |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113626456A (en) * | 2021-08-18 | 2021-11-09 | 安徽宝葫芦信息科技集团股份有限公司 | File data consistency maintaining system and method based on block chain technology |
| CN114338081A (en) * | 2021-11-29 | 2022-04-12 | 上海浦东发展银行股份有限公司 | Multi-block chain unified identity authentication method and device and computer equipment |
| CN114338081B (en) * | 2021-11-29 | 2024-01-23 | 上海浦东发展银行股份有限公司 | Multi-block-chain unified identity authentication method, device and computer equipment |
| CN114925401A (en) * | 2022-06-14 | 2022-08-19 | 北京师范大学 | Learning condition recording system and method based on block chain and distributed storage |
| CN115174277A (en) * | 2022-09-07 | 2022-10-11 | 浙江省邮电工程建设有限公司 | Data communication and file exchange method based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112540957B (en) | 2022-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109040012B (en) | Block chain-based data security protection and sharing method and system and application | |
| CN112540957B (en) | File secure storage and sharing system based on mixed block chain and implementation method | |
| CN109194708B (en) | Distributed storage system based on block chain technology and identity authentication method thereof | |
| AU2019204712B2 (en) | Managing sensitive data elements in a blockchain network | |
| CN109918878B (en) | Industrial Internet of things equipment identity authentication and safe interaction method based on block chain | |
| CN114172735B (en) | Double-chain hybrid block chain data sharing method and system based on intelligent contracts | |
| CN108418680B (en) | Block chain key recovery method and medium based on secure multi-party computing technology | |
| Malik et al. | Blockchain based identity verification model | |
| CN109962890A (en) | A kind of the authentication service device and node access, user authen method of block chain | |
| US11038676B2 (en) | Cryptographic systems and methods using distributed ledgers | |
| JP7114078B2 (en) | Electronic authentication method and program | |
| CN106533693B (en) | Access method and device of railway vehicle monitoring and overhauling system | |
| CN109858259A (en) | The data protection of community health service alliance and sharing method based on HyperLedger Fabric | |
| CA3016395A1 (en) | Using geographically defined, private interplanetary file system clusters for the secure storage, retrieval and sharing of encrypted business data | |
| CN112749417A (en) | Electronic academic certificate data protection and sharing system based on block chain | |
| CN113360861A (en) | Mortgage loan oriented decentralized identity method based on repeater cross-chain | |
| CN115865320A (en) | Block chain-based security service management method and system | |
| CN114254269B (en) | System and method for determining rights of biological digital assets based on block chain technology | |
| CN113014394B (en) | Electronic data certification method and system based on alliance chain | |
| CN112654972A (en) | Blockchain setup with restricted transactions | |
| CN116436708A (en) | Trusted data sharing method and system based on blockchain technology | |
| CN114124392B (en) | Data controlled circulation method, system, device and medium supporting access control | |
| Xu et al. | Cloud data security and integrity protection model based on distributed virtual machine agents | |
| CN109981662A (en) | A kind of safe communication system and method | |
| KR102357595B1 (en) | Blockchain-based authentication system and method for preventing interception hacking attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |