CN112597527B - A data access method to prevent data leakage of consortium chain - Google Patents

A data access method to prevent data leakage of consortium chain Download PDF

Info

Publication number
CN112597527B
CN112597527B CN202110242456.9A CN202110242456A CN112597527B CN 112597527 B CN112597527 B CN 112597527B CN 202110242456 A CN202110242456 A CN 202110242456A CN 112597527 B CN112597527 B CN 112597527B
Authority
CN
China
Prior art keywords
node
data
area
receiving area
send
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110242456.9A
Other languages
Chinese (zh)
Other versions
CN112597527A (en
Inventor
张金琳
袁超
俞学劢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Shuqin Technology Co Ltd
Original Assignee
Zhejiang Shuqin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Shuqin Technology Co Ltd filed Critical Zhejiang Shuqin Technology Co Ltd
Priority to CN202110242456.9A priority Critical patent/CN112597527B/en
Publication of CN112597527A publication Critical patent/CN112597527A/en
Application granted granted Critical
Publication of CN112597527B publication Critical patent/CN112597527B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

本发明涉及区块链技术领域,具体涉及一种防止联盟链数据外泄的数据存取方法,包括以下步骤:A)向节点

Figure 100004_DEST_PATH_IMAGE001
发送数据存储信号,将数据
Figure 718333DEST_PATH_IMAGE002
分为
Figure 100004_DEST_PATH_IMAGE003
份;B)将数据块
Figure 60452DEST_PATH_IMAGE004
加密后发送给节点
Figure 100004_DEST_PATH_IMAGE005
;C)节点
Figure 112722DEST_PATH_IMAGE005
随机决定将接收区和交换区交换;D)后续节点同样执行步骤C);E)节点
Figure 22426DEST_PATH_IMAGE006
将数据块
Figure 100004_DEST_PATH_IMAGE007
发送给节点
Figure 883066DEST_PATH_IMAGE005
后,发送结束标志,节点
Figure 458404DEST_PATH_IMAGE005
收到结束标志后,将接收区和交换区交换;F)节点
Figure 794707DEST_PATH_IMAGE001
将数据块存储为数据
Figure 254638DEST_PATH_IMAGE008
;G)节点
Figure 796216DEST_PATH_IMAGE006
根据每个节点
Figure 542455DEST_PATH_IMAGE006
的标志位
Figure 100004_DEST_PATH_IMAGE009
,复原数据
Figure 38158DEST_PATH_IMAGE002
。本发明的实质性效果是:对数据
Figure 301781DEST_PATH_IMAGE008
进行解密需要每个联盟链节点参与,确保隐私数据仅能够存在于联盟链内。

Figure 202110242456

The present invention relates to the technical field of blockchain, in particular to a data access method for preventing data leakage of consortium chain, comprising the following steps: A) sending data to a node

Figure 100004_DEST_PATH_IMAGE001
send the data store signal, the data
Figure 718333DEST_PATH_IMAGE002
divided into
Figure 100004_DEST_PATH_IMAGE003
copy; B) the data block
Figure 60452DEST_PATH_IMAGE004
encrypted and sent to the node
Figure 100004_DEST_PATH_IMAGE005
;C) Node
Figure 112722DEST_PATH_IMAGE005
Randomly decide to exchange the receiving area and the exchange area; D) Subsequent nodes also perform step C); E) Node
Figure 22426DEST_PATH_IMAGE006
the data block
Figure 100004_DEST_PATH_IMAGE007
send to node
Figure 883066DEST_PATH_IMAGE005
After sending the end flag, the node
Figure 458404DEST_PATH_IMAGE005
After receiving the end flag, the receiving area and the exchange area are exchanged; F) Node
Figure 794707DEST_PATH_IMAGE001
Store data blocks as data
Figure 254638DEST_PATH_IMAGE008
;G) Node
Figure 796216DEST_PATH_IMAGE006
According to each node
Figure 542455DEST_PATH_IMAGE006
flag bit
Figure 100004_DEST_PATH_IMAGE009
, restore data
Figure 38158DEST_PATH_IMAGE002
. The substantial effect of the present invention is:
Figure 301781DEST_PATH_IMAGE008
Decryption requires the participation of each consortium chain node to ensure that private data can only exist in the consortium chain.

Figure 202110242456

Description

Data access method for preventing alliance chain data leakage
Technical Field
The invention relates to the technical field of block chains, in particular to a data access method for preventing alliance chain data from leaking.
Background
A federation chain is a block chain managed by multiple enterprises in common, each organization or enterprise managing one or more nodes whose data only allows different enterprises in the system to read, write, and transmit. Each node of the federation chain usually has a corresponding entity organization, and can join and leave the network only after authorization. Organizations form interest-related alliances that collectively maintain healthy operation of blockchains. The federation chain is only for members of a certain group and limited third parties, and a plurality of preselected nodes are internally designated as billers, and the generation of each block is jointly determined by all the preselected nodes. Their main groups of use are banks, insurance, securities, business associations, corporate enterprises and upstream and downstream enterprises. The processing performance, privacy protection, compliance and the like of the existing block chain can not meet the service requirements of the existing block chain; and burden the risk of significant data leakage.
Controlling access to data on the federation chain can prevent enterprises outside the federation from acquiring data on the federation chain. The access control of the alliance chain data is mainly divided into two aspects: access control of data communicated over the chain and access control of data stored by the node. The access control of the communication data on the chain is completed through the node certificate and the SSL. And the current access control of the node stored data uses a disk-dropping encryption mode. The data on the hard disk of the node in the alliance chain are encrypted, and when the data need to be accessed, the data are managed through a Key Manager service. Key Manager service is deployed in an intra-organization network, node hard disk data access Key service is managed specially, and an external network cannot access the Key service. When the hard disk in the alliance chain is brought outside the intranet environment and started, the local data cannot be decrypted due to the fact that Key Manager service cannot be connected, and secrecy of the data in the alliance chain is achieved. However, the above method has a problem that if the hard disk and the encrypted key are leaked at the same time, data leakage on the federation chain is caused.
For example, chinese patent CN109714170A, published 2019, 5, month and 3, discloses a data isolation method in a federation chain and a corresponding federation chain system, where the data isolation method includes: s1, when the node links the original data, the original data is encrypted and stored in the local data pool; after the encrypted data is successfully stored in the local data pool, carrying out hash operation on the original data by the node, and storing the hash value obtained after the operation in the main chains of all nodes of the alliance chain; and storing the authorization information of each piece of encrypted data in the local data pool in the authorization chain of the node. In the technical scheme, only the uplink data of the node is stored in the local data pool of each node, and the uplink data of other nodes is not stored, so that the data is stored in an isolated manner. However, once the storage device of the node is leaked, the private data on the node is leaked, and both privacy and security are poor.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the data privacy and the security on the existing alliance chain are poor. The method can effectively prevent the data in the alliance chain from leaking and protect the security of the private data on the alliance chain.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a data access method for preventing federation chain data leakage comprises the following steps: A) each federation chain node
Figure DEST_PATH_IMAGE002
Each having a locally corresponding storage node
Figure DEST_PATH_IMAGE004
Union link point
Figure DEST_PATH_IMAGE006
Need to store data
Figure DEST_PATH_IMAGE008
To the node
Figure DEST_PATH_IMAGE010
Transmitting data storage signals and then storing the data
Figure 989647DEST_PATH_IMAGE008
Is divided into
Figure DEST_PATH_IMAGE012
Copies, marked as data blocks
Figure DEST_PATH_IMAGE014
Data block
Figure DEST_PATH_IMAGE016
Fixed length, data block
Figure DEST_PATH_IMAGE018
If the length is not enough, zero filling is carried out,
Figure DEST_PATH_IMAGE020
for data identification, storage node
Figure DEST_PATH_IMAGE022
Is provided with length and data block
Figure 805026DEST_PATH_IMAGE016
Receiving area and switching area with same length, the switching area having initialized random data, storage node
Figure 106694DEST_PATH_IMAGE022
Also is provided with a mark position
Figure DEST_PATH_IMAGE024
(ii) a B) Federation link points
Figure 795164DEST_PATH_IMAGE006
Sequentially dividing the data block
Figure 447862DEST_PATH_IMAGE016
Encrypted and sent to the node
Figure DEST_PATH_IMAGE026
Of the receiving area, data block
Figure 882910DEST_PATH_IMAGE016
By federation chain node
Figure 304665DEST_PATH_IMAGE006
Storing; C) node point
Figure 367298DEST_PATH_IMAGE026
Randomly deciding whether to exchange data between the receiving area and the switching area, and if so, marking bit
Figure 241714DEST_PATH_IMAGE024
Setting 1, otherwise, marking the bit
Figure 946364DEST_PATH_IMAGE024
The setting is carried out at 0, and the operation is finished,
Figure DEST_PATH_IMAGE028
representing nodes
Figure 488204DEST_PATH_IMAGE026
Slave node
Figure 987319DEST_PATH_IMAGE006
Number of times data is received, node
Figure 349030DEST_PATH_IMAGE026
Transmitting data in a receiving area to a node
Figure DEST_PATH_IMAGE030
The receiving area of (a); D) node point
Figure 326213DEST_PATH_IMAGE030
And the subsequent node also executes the step C), the node
Figure 988139DEST_PATH_IMAGE010
Will continuously receive data blocks, nodes
Figure 392575DEST_PATH_IMAGE010
Storing the received data blocks according to the receiving sequence; E) node point
Figure 241582DEST_PATH_IMAGE006
Data block
Figure 756877DEST_PATH_IMAGE018
Is sent to the node
Figure 273309DEST_PATH_IMAGE026
After receiving the area, continuously sending an end mark to the node
Figure 848647DEST_PATH_IMAGE026
Receiving area, node
Figure 184951DEST_PATH_IMAGE026
After receiving the end mark, the data in the receiving area and the exchange area are forced to be exchanged, and the mark bit
Figure 769516DEST_PATH_IMAGE024
Put 1, node
Figure 874875DEST_PATH_IMAGE026
Transmitting data in a receiving area to a node
Figure 621114DEST_PATH_IMAGE030
The receiving area of (a); F) node point
Figure 444714DEST_PATH_IMAGE030
After the subsequent nodes receive the end mark, the data in the receiving area and the data in the exchange area are all forced to be exchanged and transmitted downwards until the nodes receive the end mark
Figure 400398DEST_PATH_IMAGE010
Receiving the end mark, the node
Figure 360264DEST_PATH_IMAGE010
After receiving the end mark, the node
Figure 542984DEST_PATH_IMAGE010
Storing received data blocks as data in sequence
Figure DEST_PATH_IMAGE032
Figure DEST_PATH_IMAGE034
And then node
Figure 181775DEST_PATH_IMAGE010
Sending an end flag to a node
Figure 842564DEST_PATH_IMAGE006
Node of
Figure 922515DEST_PATH_IMAGE006
Stopping the node after receiving the end mark
Figure 276136DEST_PATH_IMAGE026
Transmitting data and transmitting the data
Figure 74328DEST_PATH_IMAGE008
Deleting the node after the preset communication timeout time is exceeded
Figure 273228DEST_PATH_IMAGE006
Clearing the receiving area, filling the switching area with random data again, and waiting for next data transmission; G) node point
Figure 473265DEST_PATH_IMAGE006
Need to fetch data
Figure 997788DEST_PATH_IMAGE008
Time, slave node
Figure 752117DEST_PATH_IMAGE010
Reading data
Figure 285866DEST_PATH_IMAGE032
Node of
Figure 74831DEST_PATH_IMAGE006
According to each node
Figure 770254DEST_PATH_IMAGE006
Is marked with
Figure 277459DEST_PATH_IMAGE024
Obtaining
Figure DEST_PATH_IMAGE036
Removing random data, correctly ordering, decrypting, splicing decrypted data blocks, and connecting nodes
Figure 614900DEST_PATH_IMAGE006
Obtaining data
Figure 258371DEST_PATH_IMAGE008
. Data to be recorded
Figure 393204DEST_PATH_IMAGE008
The data are divided into data blocks, and then random data are added after the data blocks are disordered in sequence, so that the data can be finished
Figure 122126DEST_PATH_IMAGE008
To obtain encrypted data
Figure 997678DEST_PATH_IMAGE032
. To data
Figure 761235DEST_PATH_IMAGE032
Decrypt to obtain data
Figure 532882DEST_PATH_IMAGE008
Therefore, after the hard disk of the alliance chain node is separated from the alliance chain, the recovered data cannot be obtained, privacy of the alliance chain privacy data is achieved, and the fact that the privacy data can only exist in the alliance chain is guaranteed.
Preferably, the federation chain node
Figure 280258DEST_PATH_IMAGE006
Flag bit serial number identification
Figure 428342DEST_PATH_IMAGE028
Initial value of 0, node
Figure 46405DEST_PATH_IMAGE006
Receive its node one at a time
Figure 254533DEST_PATH_IMAGE010
Flag bit sequence number identification at the time of a transmitted data block
Figure 958047DEST_PATH_IMAGE028
Adding 1, when the preset communication timeout time is exceeded, not receiving the previous node
Figure 175401DEST_PATH_IMAGE010
Flag bit sequence number identification at the time of a transmitted data block
Figure 647971DEST_PATH_IMAGE028
And setting 0.
Preferably, in step C), the nodes
Figure 27000DEST_PATH_IMAGE026
Transmitting data in a receiving area to a node
Figure 483389DEST_PATH_IMAGE030
After the receiving area, to the node
Figure 973276DEST_PATH_IMAGE006
Transmitting signal, node
Figure 831511DEST_PATH_IMAGE006
After receiving the signal, if the node
Figure 381441DEST_PATH_IMAGE006
There is data to send to the node
Figure 59547DEST_PATH_IMAGE026
Then to the node immediately
Figure 353125DEST_PATH_IMAGE026
And (5) sending. Implementing a node
Figure 65866DEST_PATH_IMAGE006
When data are transmitted between the alliance chains, the data can be transmitted in parallel, and the data transmission speed between the alliance chains is improved.
Preferably, in step C), the nodes
Figure 786697DEST_PATH_IMAGE026
The method for exchanging data of the receiving area and the switching area comprises the following steps: node point
Figure 952099DEST_PATH_IMAGE026
Recording the storage addresses of the receiving area and the switching area if the node
Figure 49368DEST_PATH_IMAGE026
And determining data exchange between the receiving area and the exchange area, and exchanging the storage addresses of the receiving area and the exchange area.
Preferably, in step G), the node
Figure 348107DEST_PATH_IMAGE006
According to each node
Figure 505419DEST_PATH_IMAGE006
Is marked with
Figure 892538DEST_PATH_IMAGE024
Obtaining
Figure 527919DEST_PATH_IMAGE036
The method for correct order and interspersed random data comprises: G1) setting variables
Figure DEST_PATH_IMAGE038
And
Figure DEST_PATH_IMAGE040
Figure DEST_PATH_IMAGE042
let us order
Figure DEST_PATH_IMAGE044
Node of
Figure 339886DEST_PATH_IMAGE006
Will be provided with
Figure DEST_PATH_IMAGE046
Is sent to the next node
Figure 933678DEST_PATH_IMAGE026
(ii) a G2) Node point
Figure 808093DEST_PATH_IMAGE026
Receive from
Figure 247165DEST_PATH_IMAGE046
Then, inquire
Figure DEST_PATH_IMAGE048
A value of, if
Figure 320163DEST_PATH_IMAGE048
Is equal to 1, step G3) is entered, if
Figure 819277DEST_PATH_IMAGE048
Is equal to 0, step G4) is entered; G3)
Figure 180989DEST_PATH_IMAGE040
self-add 1, re-query
Figure 423751DEST_PATH_IMAGE048
A value of, if
Figure 820097DEST_PATH_IMAGE048
If the value of (A) is 0, the step is re-executed, if so, the step is repeated
Figure 493043DEST_PATH_IMAGE048
If 1, go to step G4); G4) will be provided with
Figure 76471DEST_PATH_IMAGE046
Is sent to the next node
Figure 122924DEST_PATH_IMAGE030
(ii) a G5) Repeating the steps G2) to G4) until the node is reached
Figure 373777DEST_PATH_IMAGE010
Will be provided with
Figure 949115DEST_PATH_IMAGE046
Is sent to the node
Figure 285418DEST_PATH_IMAGE006
Data block
Figure DEST_PATH_IMAGE050
I.e. as a data block
Figure 666721DEST_PATH_IMAGE016
Data of
Figure 772080DEST_PATH_IMAGE032
Non-corresponding data block
Figure 518319DEST_PATH_IMAGE016
The data blocks of (1) are random data to be eliminated. By aligning flag bits
Figure 341919DEST_PATH_IMAGE024
Can quickly obtain the restored data
Figure 464596DEST_PATH_IMAGE008
In restoring data
Figure 690041DEST_PATH_IMAGE008
In the process of (1), the node
Figure 607181DEST_PATH_IMAGE006
Only the data of the node is needed to be checked
Figure 918077DEST_PATH_IMAGE006
Without the need of using flag bits
Figure 578865DEST_PATH_IMAGE024
To other nodes, each node
Figure 658817DEST_PATH_IMAGE006
Can not determine other nodes in between
Figure 12438DEST_PATH_IMAGE006
Is marked with
Figure 545050DEST_PATH_IMAGE024
Can ensure that only within a federation chainPrivate data is not leaked.
Preferably, the following steps are also performed between step F) and step G): node point
Figure 9530DEST_PATH_IMAGE010
Receiving the end mark, completing the data
Figure 209567DEST_PATH_IMAGE032
After storage, after waiting for a preset time, the node
Figure 468510DEST_PATH_IMAGE010
Data to be recorded
Figure 488418DEST_PATH_IMAGE032
Step G) is executed after the steps A) to F) are executed as data to be stored. And the encryption is carried out for the second time to ensure the data security. At the same time as data
Figure 753659DEST_PATH_IMAGE032
To backup. When the alliance link node is to be exited, the stored flag bit is needed
Figure 808203DEST_PATH_IMAGE024
Stored within the federation intra-chain network.
Preferably, the storage node
Figure 238047DEST_PATH_IMAGE022
Also provided with a task flag bit
Figure DEST_PATH_IMAGE052
Task flag bit
Figure 276410DEST_PATH_IMAGE052
Initial value of 0, alliance link node
Figure 82692DEST_PATH_IMAGE006
Need to store data
Figure 726163DEST_PATH_IMAGE008
Time, node
Figure 592488DEST_PATH_IMAGE006
First to the node
Figure 586989DEST_PATH_IMAGE026
Query task flag bit
Figure DEST_PATH_IMAGE054
If the task flag bit
Figure 993699DEST_PATH_IMAGE054
Is 0, then the node is reached
Figure 491677DEST_PATH_IMAGE030
Query task flag bit
Figure DEST_PATH_IMAGE056
If the task flag bit
Figure 60061DEST_PATH_IMAGE054
Figure 60061DEST_PATH_IMAGE054
1, after waiting for a preset time, inquiring the task flag bit again
Figure 276279DEST_PATH_IMAGE054
Storage node
Figure 424364DEST_PATH_IMAGE022
Queried task flag bit
Figure 308006DEST_PATH_IMAGE052
Then, within a preset time length, the device will
Figure 516133DEST_PATH_IMAGE052
Set to 1, if the link point is united
Figure 219647DEST_PATH_IMAGE006
Query to node
Figure 437002DEST_PATH_IMAGE010
OfService flag bit
Figure DEST_PATH_IMAGE058
If it is still 0, the data storage according to steps A) to F) is started
Figure 175151DEST_PATH_IMAGE008
The substantial effects of the invention are as follows: by counting data
Figure 554180DEST_PATH_IMAGE008
Encrypting to obtain encrypted data
Figure 13498DEST_PATH_IMAGE032
To data
Figure 503386DEST_PATH_IMAGE032
Decrypt to obtain data
Figure 361620DEST_PATH_IMAGE008
Therefore, after the hard disk of the alliance chain node is separated from the alliance chain, the recovered data cannot be obtained, privacy of the alliance chain privacy data is achieved, and the fact that the privacy data can only exist in the alliance chain is guaranteed.
Drawings
FIG. 1 is a block diagram illustrating a data access method according to an embodiment.
FIG. 2 is a diagram illustrating data transfer by a storage node according to an embodiment.
Fig. 3 is a schematic diagram of an embodiment of a recovery data Dk.
Detailed Description
The following provides a more detailed description of the present invention, with reference to the accompanying drawings.
The first embodiment is as follows:
a data access method for preventing federation chain data leakage, as shown in fig. 1, includes the following steps:
A) each federation chain node
Figure 645971DEST_PATH_IMAGE002
Each having a locally corresponding storage node
Figure 324077DEST_PATH_IMAGE004
Union link point
Figure 617655DEST_PATH_IMAGE006
Need to store data
Figure 330396DEST_PATH_IMAGE008
To the node
Figure 51227DEST_PATH_IMAGE010
Transmitting data storage signals and then storing the data
Figure 951050DEST_PATH_IMAGE008
Is divided into
Figure 48319DEST_PATH_IMAGE012
Copies, marked as data blocks
Figure 615567DEST_PATH_IMAGE014
Data block
Figure 304037DEST_PATH_IMAGE016
Fixed length, data block
Figure 691156DEST_PATH_IMAGE018
If the length is not enough, zero filling is carried out,
Figure 326537DEST_PATH_IMAGE020
for data identification, storage node
Figure 13870DEST_PATH_IMAGE022
Is provided with length and data block
Figure 607663DEST_PATH_IMAGE016
Receiving area and switching area with same length, the switching area having initialized random data, storage node
Figure 747657DEST_PATH_IMAGE022
Also is provided with a mark position
Figure 921149DEST_PATH_IMAGE024
B) Federation link points
Figure 462989DEST_PATH_IMAGE006
Sequentially dividing the data block
Figure 962103DEST_PATH_IMAGE016
Encrypted and sent to the node
Figure 852043DEST_PATH_IMAGE026
Of the receiving area, data block
Figure 829227DEST_PATH_IMAGE016
By federation chain node
Figure 959994DEST_PATH_IMAGE006
And (5) storing.
C) Node point
Figure 364430DEST_PATH_IMAGE026
It is randomly determined whether to exchange data between the receiving area and the switching area, and if it is determined to exchange data, the flag bit is set as shown in FIG. 2
Figure 479017DEST_PATH_IMAGE024
Setting 1, otherwise, marking the bit
Figure 259891DEST_PATH_IMAGE024
The setting is carried out at 0, and the operation is finished,
Figure 900957DEST_PATH_IMAGE028
representing nodes
Figure 7453DEST_PATH_IMAGE026
Slave node
Figure 343756DEST_PATH_IMAGE006
Number of times data is received, node
Figure 662742DEST_PATH_IMAGE026
Transmitting data in a receiving area to a node
Figure 33681DEST_PATH_IMAGE030
The receiving area of (a). Node point
Figure 779920DEST_PATH_IMAGE026
Transmitting data in a receiving area to a node
Figure 603519DEST_PATH_IMAGE030
After the receiving area, to the node
Figure 726196DEST_PATH_IMAGE006
Transmitting signal, node
Figure 686062DEST_PATH_IMAGE006
After receiving the signal, if the node
Figure 137291DEST_PATH_IMAGE006
There is data to send to the node
Figure 448186DEST_PATH_IMAGE026
Then to the node immediately
Figure 108975DEST_PATH_IMAGE026
And (5) sending. Node point
Figure 454505DEST_PATH_IMAGE026
The method for exchanging data of the receiving area and the switching area comprises the following steps: node point
Figure 542547DEST_PATH_IMAGE026
Recording the storage addresses of the receiving area and the switching area if the node
Figure 340739DEST_PATH_IMAGE026
Determining receiving and switching zonesAnd exchanging the storage addresses of the receiving area and the exchange area.
D) Node point
Figure 805218DEST_PATH_IMAGE030
And the subsequent node also executes the step C), the node
Figure 5255DEST_PATH_IMAGE010
Will continuously receive data blocks, nodes
Figure 264198DEST_PATH_IMAGE010
And storing the received data blocks according to the receiving sequence.
E) Node point
Figure 284107DEST_PATH_IMAGE006
Data block
Figure 552277DEST_PATH_IMAGE018
Is sent to the node
Figure 341242DEST_PATH_IMAGE026
After receiving the area, continuously sending an end mark to the node
Figure 302245DEST_PATH_IMAGE026
Receiving area, node
Figure 809449DEST_PATH_IMAGE026
After receiving the end mark, the data in the receiving area and the exchange area are forced to be exchanged, and the mark bit
Figure 615731DEST_PATH_IMAGE024
Put 1, node
Figure 524781DEST_PATH_IMAGE026
Transmitting data in a receiving area to a node
Figure 125527DEST_PATH_IMAGE030
The receiving area of (a).
F) Node point
Figure 385607DEST_PATH_IMAGE030
After the subsequent nodes receive the end mark, the data in the receiving area and the data in the exchange area are all forced to be exchanged and transmitted downwards until the nodes receive the end mark
Figure 730001DEST_PATH_IMAGE010
Receiving the end mark, the node
Figure 493557DEST_PATH_IMAGE010
After receiving the end mark, the node
Figure 796363DEST_PATH_IMAGE010
Storing received data blocks as data in sequence
Figure 12580DEST_PATH_IMAGE032
Figure 446752DEST_PATH_IMAGE034
And then node
Figure 64815DEST_PATH_IMAGE010
Sending an end flag to a node
Figure 272943DEST_PATH_IMAGE006
Node of
Figure 242036DEST_PATH_IMAGE006
Stopping the node after receiving the end mark
Figure 928232DEST_PATH_IMAGE026
Transmitting data and transmitting the data
Figure 666381DEST_PATH_IMAGE008
Deleting the node after the preset communication timeout time is exceeded
Figure 310989DEST_PATH_IMAGE006
Clearing the receiving area and refilling the switching area with random data, etcAnd waiting for the next data transfer. Node point
Figure 501799DEST_PATH_IMAGE010
Receiving the end mark, completing the data
Figure 257265DEST_PATH_IMAGE032
After storage, after waiting for a preset time, the node
Figure 584341DEST_PATH_IMAGE010
Data to be recorded
Figure 399850DEST_PATH_IMAGE032
Step G) is executed after the steps A) to F) are executed as data to be stored.
As shown in fig. 3, data
Figure DEST_PATH_IMAGE060
After encryption, data is obtained
Figure DEST_PATH_IMAGE062
. Data to be recorded
Figure 468170DEST_PATH_IMAGE032
Stored in a node
Figure 761748DEST_PATH_IMAGE006
Inner, node
Figure 208909DEST_PATH_IMAGE006
Cannot recover data alone
Figure 929741DEST_PATH_IMAGE008
G) Node point
Figure 95143DEST_PATH_IMAGE006
Need to fetch data
Figure 926833DEST_PATH_IMAGE008
Time, slave node
Figure 762589DEST_PATH_IMAGE010
Reading data
Figure 654322DEST_PATH_IMAGE032
Node of
Figure 307020DEST_PATH_IMAGE006
According to each node
Figure 942401DEST_PATH_IMAGE006
Is marked with
Figure 364155DEST_PATH_IMAGE024
Obtaining
Figure 426789DEST_PATH_IMAGE036
Removing random data, correctly ordering, decrypting, splicing decrypted data blocks, and connecting nodes
Figure 301204DEST_PATH_IMAGE006
Obtaining data
Figure 5855DEST_PATH_IMAGE008
Node point
Figure 282115DEST_PATH_IMAGE006
According to each node
Figure 781230DEST_PATH_IMAGE006
Is marked with
Figure 142941DEST_PATH_IMAGE024
Obtaining
Figure 120124DEST_PATH_IMAGE036
The method for correct order and interspersed random data comprises: G1) setting variables
Figure 516470DEST_PATH_IMAGE038
And
Figure 920907DEST_PATH_IMAGE040
Figure 769914DEST_PATH_IMAGE042
let us order
Figure 550788DEST_PATH_IMAGE044
Node of
Figure 67220DEST_PATH_IMAGE006
Will be provided with
Figure 642558DEST_PATH_IMAGE046
Is sent to the next node
Figure 244441DEST_PATH_IMAGE026
(ii) a G2) Node point
Figure 563427DEST_PATH_IMAGE026
Receive from
Figure 668786DEST_PATH_IMAGE046
Then, inquire
Figure 415025DEST_PATH_IMAGE048
A value of, if
Figure 235695DEST_PATH_IMAGE048
Is equal to 1, step G3) is entered, if
Figure 358372DEST_PATH_IMAGE048
Is equal to 0, step G4) is entered; G3)
Figure 583817DEST_PATH_IMAGE040
self-add 1, re-query
Figure 500957DEST_PATH_IMAGE048
A value of, if
Figure 811853DEST_PATH_IMAGE048
If the value of (A) is 0, the step is re-executed, if so, the step is repeated
Figure 472641DEST_PATH_IMAGE048
If 1, go to step G4); G4) will be provided with
Figure 552593DEST_PATH_IMAGE046
Is sent to the next node
Figure 906214DEST_PATH_IMAGE030
(ii) a G5) Repeating the steps G2) to G4) until the node is reached
Figure 438826DEST_PATH_IMAGE010
Will be provided with
Figure 168885DEST_PATH_IMAGE046
Is sent to the node
Figure 837763DEST_PATH_IMAGE006
Data block
Figure 627865DEST_PATH_IMAGE050
I.e. as a data block
Figure 647774DEST_PATH_IMAGE016
Data of
Figure 650365DEST_PATH_IMAGE032
Non-corresponding data block
Figure 704908DEST_PATH_IMAGE016
The data blocks of (1) are random data to be eliminated. Federation link points
Figure 400332DEST_PATH_IMAGE006
Flag bit serial number identification
Figure 641957DEST_PATH_IMAGE028
Initial value of 0, node
Figure 713819DEST_PATH_IMAGE006
Receive its node one at a time
Figure 622869DEST_PATH_IMAGE010
Flag bit sequence number identification at the time of a transmitted data block
Figure 223614DEST_PATH_IMAGE028
Adding 1, when the preset communication timeout time is exceeded, not receiving the previous node
Figure 218115DEST_PATH_IMAGE010
Flag bit sequence number identification at the time of a transmitted data block
Figure 828088DEST_PATH_IMAGE028
And setting 0. By aligning flag bits
Figure 591645DEST_PATH_IMAGE024
Can quickly obtain the restored data
Figure 628871DEST_PATH_IMAGE008
In restoring data
Figure 113597DEST_PATH_IMAGE008
In the process of (1), the node
Figure 527261DEST_PATH_IMAGE006
Only the data of the node is needed to be checked
Figure 676483DEST_PATH_IMAGE006
Without the need of using flag bits
Figure 150190DEST_PATH_IMAGE024
To other nodes, each node
Figure 119283DEST_PATH_IMAGE006
Can not determine other nodes in between
Figure 71058DEST_PATH_IMAGE006
Is marked with
Figure 809207DEST_PATH_IMAGE024
Can ensure that only private data in the federation chain is not leaked. Data to be recorded
Figure 922656DEST_PATH_IMAGE008
The data are divided into data blocks, and then random data are added after the data blocks are disordered in sequence, so that the data can be finished
Figure 379046DEST_PATH_IMAGE008
To obtain encrypted data
Figure 868933DEST_PATH_IMAGE032
. To data
Figure 727167DEST_PATH_IMAGE032
Decrypt to obtain data
Figure 277097DEST_PATH_IMAGE008
Therefore, after the hard disk of the alliance chain node is separated from the alliance chain, the recovered data cannot be obtained, privacy of the alliance chain privacy data is achieved, and the fact that the privacy data can only exist in the alliance chain is guaranteed.
As shown in fig. 3, the federation chain in this embodiment has 5 nodes in total,
Figure DEST_PATH_IMAGE064
to
Figure DEST_PATH_IMAGE066
When node
Figure 283099DEST_PATH_IMAGE066
Need to store data
Figure 576678DEST_PATH_IMAGE008
Time, node
Figure 23839DEST_PATH_IMAGE066
Data to be recorded
Figure 744671DEST_PATH_IMAGE008
Is divided into
Figure DEST_PATH_IMAGE068
9 data blocks in total, the length of the data blocks is the same, if the data blocks are the same
Figure DEST_PATH_IMAGE070
If the length is not enough, the length of the preset character is the same as that of the rest data block by zero padding or filling. Then node
Figure 500619DEST_PATH_IMAGE066
In turn will
Figure DEST_PATH_IMAGE072
To
Figure 863467DEST_PATH_IMAGE070
To the next node, i.e. node
Figure 165135DEST_PATH_IMAGE064
Final data
Figure 322447DEST_PATH_IMAGE032
By node
Figure DEST_PATH_IMAGE074
And (4) generating. Node point
Figure 506304DEST_PATH_IMAGE064
To
Figure 876105DEST_PATH_IMAGE074
The values of the switch flags of the receiving area and the switching area at each transfer are shown in the figure. When node
Figure 563438DEST_PATH_IMAGE066
Will be provided with
Figure 626072DEST_PATH_IMAGE070
Is sent to the node
Figure 766067DEST_PATH_IMAGE064
Then, the node is not turned to
Figure 205138DEST_PATH_IMAGE064
And transmitting the END identification. Up to the node
Figure 481399DEST_PATH_IMAGE074
After receiving the first END identification, the node
Figure 980513DEST_PATH_IMAGE074
Sending END identification to node
Figure 342224DEST_PATH_IMAGE066
Node of
Figure 319408DEST_PATH_IMAGE066
Ceasing to send data to a node
Figure 715754DEST_PATH_IMAGE064
. Node point
Figure 385770DEST_PATH_IMAGE074
Subsequently sending the data
Figure 234777DEST_PATH_IMAGE032
Supply node
Figure 750072DEST_PATH_IMAGE066
And finishing the storage and encryption of the data.
When data is processed
Figure 269434DEST_PATH_IMAGE032
When decrypting: node point
Figure 844772DEST_PATH_IMAGE066
Build values
Figure DEST_PATH_IMAGE076
And then the value is calculated
Figure 774550DEST_PATH_IMAGE076
Is sent to the node
Figure 93536DEST_PATH_IMAGE064
Node of
Figure 464475DEST_PATH_IMAGE064
Query
Figure DEST_PATH_IMAGE078
The values of (a), as shown in figure 3,
Figure 741872DEST_PATH_IMAGE078
is 1, then the node
Figure 299892DEST_PATH_IMAGE064
Will be provided with
Figure 422569DEST_PATH_IMAGE040
The self-adding of 1 is carried out,
Figure 648014DEST_PATH_IMAGE076
become into
Figure DEST_PATH_IMAGE080
And then re-inquired
Figure DEST_PATH_IMAGE082
The value of (c).
Figure 361892DEST_PATH_IMAGE082
Is 0, then continue to be
Figure 672788DEST_PATH_IMAGE040
From adding 1 to
Figure DEST_PATH_IMAGE084
Inquire to
Figure DEST_PATH_IMAGE086
Is 1, and then the value is compared
Figure DEST_PATH_IMAGE088
Is sent to the node
Figure DEST_PATH_IMAGE090
. Reason node
Figure 783177DEST_PATH_IMAGE066
Informing nodes of data storage requirements only
Figure 863128DEST_PATH_IMAGE074
Therefore, node
Figure 216749DEST_PATH_IMAGE090
It cannot be known which node sends out the data decryption requirement, that is, the node
Figure 749362DEST_PATH_IMAGE090
Can not know
Figure 213841DEST_PATH_IMAGE046
Has undergone several node modifications, and thus cannot learn about the node
Figure 148299DEST_PATH_IMAGE064
Is marked with
Figure DEST_PATH_IMAGE092
The value of (c).
Node point
Figure 203980DEST_PATH_IMAGE090
Receive from
Figure 958309DEST_PATH_IMAGE088
Then, inquire
Figure DEST_PATH_IMAGE094
Is given a value of
Figure 757638DEST_PATH_IMAGE094
Is 1, then will
Figure 77761DEST_PATH_IMAGE040
The self-adding of 1 is carried out,
Figure 507605DEST_PATH_IMAGE088
become into
Figure DEST_PATH_IMAGE096
Then inquired
Figure DEST_PATH_IMAGE098
The value of (c). And will once again
Figure 673532DEST_PATH_IMAGE040
The self-adding of 1 is carried out,
Figure 745393DEST_PATH_IMAGE096
become into
Figure DEST_PATH_IMAGE100
Then inquired
Figure DEST_PATH_IMAGE102
The value of (c).
Figure 982339DEST_PATH_IMAGE102
Is 1, the value is added
Figure 114243DEST_PATH_IMAGE100
Is sent to the node
Figure DEST_PATH_IMAGE104
Node of
Figure 639902DEST_PATH_IMAGE104
Also cannot be determined
Figure 515455DEST_PATH_IMAGE046
Several node modifications have been previously undertaken.
Node point
Figure 544590DEST_PATH_IMAGE104
Receive from
Figure 316237DEST_PATH_IMAGE100
Then, inquire
Figure DEST_PATH_IMAGE106
The value of (a) is,
Figure 329193DEST_PATH_IMAGE106
if the value of (1) is 0, the value is directly added
Figure 742857DEST_PATH_IMAGE100
Is sent to the node
Figure 360920DEST_PATH_IMAGE074
Node point
Figure 303468DEST_PATH_IMAGE074
Receive from
Figure 293069DEST_PATH_IMAGE100
Then, inquire
Figure DEST_PATH_IMAGE108
The value of (a) is,
Figure 41582DEST_PATH_IMAGE108
is 1, then will
Figure 779731DEST_PATH_IMAGE040
Self-add 1 until will
Figure 424339DEST_PATH_IMAGE040
When adding to 10, query
Figure DEST_PATH_IMAGE110
Is 1, when the node is
Figure 411886DEST_PATH_IMAGE074
Will value
Figure DEST_PATH_IMAGE112
Is sent to the node
Figure 698511DEST_PATH_IMAGE066
Node of
Figure 556746DEST_PATH_IMAGE066
Received value
Figure 106676DEST_PATH_IMAGE112
Then, it can know
Figure DEST_PATH_IMAGE114
I.e. by
Figure DEST_PATH_IMAGE116
Thereby obtaining
Figure 909416DEST_PATH_IMAGE072
The data of (1).
Then node
Figure 202994DEST_PATH_IMAGE066
Will value
Figure DEST_PATH_IMAGE118
Is sent to the node
Figure 715402DEST_PATH_IMAGE064
After the same operation, the node
Figure 436233DEST_PATH_IMAGE066
Receiving node
Figure 601636DEST_PATH_IMAGE074
Transmitted value
Figure DEST_PATH_IMAGE120
Can obtain
Figure DEST_PATH_IMAGE122
. Repeating the process for 9 times to obtain
Figure 823538DEST_PATH_IMAGE072
To
Figure 390786DEST_PATH_IMAGE070
To restore the data
Figure 282519DEST_PATH_IMAGE008
. In the recovery process, each alliance link node participates in, and each alliance link node only knows own data, cannot know the data of other alliance link nodes, and can finish the data without exposing the data of itself to other alliance link nodes
Figure 731954DEST_PATH_IMAGE008
And (5) recovering. Thereby data
Figure 367335DEST_PATH_IMAGE008
The recovery can be only carried out in the alliance chain intranet, and once the alliance chain intranet is separated, any data cannot be recovered. In order to avoid that data cannot be accessed due to the fact that a certain node in a alliance chain is in fault, the data should be stored
Figure 789089DEST_PATH_IMAGE008
And selecting part of the alliance link nodes to finish the storage process. And multiple groups of nodes are selected to finish the storage process for multiple times. And no cross exists among a plurality of groups of alliance chain nodes. If M groups are selected to complete the storage process, when M-1 nodes of the alliance link node have faults, the data can be necessarily recovered
Figure 117302DEST_PATH_IMAGE008
The beneficial technical effects of this embodiment are: by counting data
Figure 991717DEST_PATH_IMAGE008
Encrypting to obtain encrypted data
Figure 165210DEST_PATH_IMAGE032
To data
Figure 441470DEST_PATH_IMAGE032
Decrypt to obtain data
Figure 675006DEST_PATH_IMAGE008
Therefore, after the hard disk of the alliance chain node is separated from the alliance chain, the recovered data cannot be obtained, privacy of the alliance chain privacy data is achieved, and the fact that the privacy data can only exist in the alliance chain is guaranteed.
Example two:
in this embodiment, a storage node is used as a data access method for preventing data leakage of a federation chain
Figure 299366DEST_PATH_IMAGE022
Also provided with a task flag bit
Figure 73287DEST_PATH_IMAGE052
Task flag bit
Figure 792DEST_PATH_IMAGE052
Initial value of 0, alliance link node
Figure 405228DEST_PATH_IMAGE006
Need to store data
Figure 785394DEST_PATH_IMAGE008
Time, node
Figure 566268DEST_PATH_IMAGE006
First to the node
Figure 817121DEST_PATH_IMAGE026
Query task flag bit
Figure 923617DEST_PATH_IMAGE054
If the task flag bit
Figure 994342DEST_PATH_IMAGE054
Is 0, then the node is reached
Figure 578907DEST_PATH_IMAGE030
Query task flag bit
Figure 684266DEST_PATH_IMAGE056
If the task flag bit
Figure 492822DEST_PATH_IMAGE054
Figure 492822DEST_PATH_IMAGE054
1, after waiting for a preset time, inquiring the task flag bit again
Figure 316422DEST_PATH_IMAGE054
Storage node
Figure 173519DEST_PATH_IMAGE022
Queried task flag bit
Figure 398964DEST_PATH_IMAGE052
Then, within a preset time length, the device will
Figure 316105DEST_PATH_IMAGE052
Set to 1, if the link point is united
Figure 629930DEST_PATH_IMAGE006
Query to node
Figure 290718DEST_PATH_IMAGE010
Task flag bit of
Figure 167407DEST_PATH_IMAGE058
If it is still 0, the data storage according to steps A) to F) is started
Figure 255449DEST_PATH_IMAGE008
. The rest steps are the same as the first embodiment.
The above embodiment is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and other variations and modifications may be made without departing from the technical scope of the claims.

Claims (6)

1.一种防止联盟链数据外泄的数据存取方法,其特征在于,1. a data access method for preventing data leakage of alliance chain, it is characterized in that, 包括以下步骤:Include the following steps: A)每个联盟链节点
Figure DEST_PATH_IMAGE001
均具有本地相应的存储节点
Figure 629330DEST_PATH_IMAGE002
,联盟链节点
Figure DEST_PATH_IMAGE003
需要存储数据
Figure 654792DEST_PATH_IMAGE004
时,向节点
Figure DEST_PATH_IMAGE005
发送数据存储信号,而后将数据
Figure 821813DEST_PATH_IMAGE004
分为
Figure 184399DEST_PATH_IMAGE006
份,记为数据块
Figure DEST_PATH_IMAGE007
,数据块
Figure 973274DEST_PATH_IMAGE008
长度固定,数据块
Figure DEST_PATH_IMAGE009
长度不足则补零,
Figure 264578DEST_PATH_IMAGE010
为数据标识,存储节点
Figure DEST_PATH_IMAGE011
设 有长度与数据块
Figure 734873DEST_PATH_IMAGE008
长度相同的接收区和交换区,交换区具有初始化的随机数据,存储节点
Figure 74719DEST_PATH_IMAGE011
还设有标志位
Figure 9177DEST_PATH_IMAGE012
A) Each consortium chain node
Figure DEST_PATH_IMAGE001
Both have local corresponding storage nodes
Figure 629330DEST_PATH_IMAGE002
, the consortium chain node
Figure DEST_PATH_IMAGE003
need to store data
Figure 654792DEST_PATH_IMAGE004
, to the node
Figure DEST_PATH_IMAGE005
send the data store signal, then the data
Figure 821813DEST_PATH_IMAGE004
divided into
Figure 184399DEST_PATH_IMAGE006
shares, recorded as data blocks
Figure DEST_PATH_IMAGE007
,data block
Figure 973274DEST_PATH_IMAGE008
Fixed length, data block
Figure DEST_PATH_IMAGE009
If the length is insufficient, it will be filled with zeros.
Figure 264578DEST_PATH_IMAGE010
For data identification, storage nodes
Figure DEST_PATH_IMAGE011
with length and data blocks
Figure 734873DEST_PATH_IMAGE008
The receiving area and the exchange area have the same length, the exchange area has initialized random data, and the storage node
Figure 74719DEST_PATH_IMAGE011
There is also a marker
Figure 9177DEST_PATH_IMAGE012
; B)联盟链节点
Figure 438759DEST_PATH_IMAGE003
依次将数据块
Figure 458668DEST_PATH_IMAGE008
加密后发送给节点
Figure DEST_PATH_IMAGE013
的接收区,数据块
Figure 867783DEST_PATH_IMAGE008
的解密秘 钥由联盟链节点
Figure 922327DEST_PATH_IMAGE003
保存; B) Consortium chain node
Figure 438759DEST_PATH_IMAGE003
Data blocks in turn
Figure 458668DEST_PATH_IMAGE008
encrypted and sent to the node
Figure DEST_PATH_IMAGE013
Receive area, data block
Figure 867783DEST_PATH_IMAGE008
The decryption key of the consortium chain node
Figure 922327DEST_PATH_IMAGE003
save; C)联盟链节点
Figure 493117DEST_PATH_IMAGE013
随机决定是否将接收区和交换区的数据交换,若决定交换数据则标 志位
Figure 321DEST_PATH_IMAGE012
置1,反之,则标志位
Figure 541024DEST_PATH_IMAGE012
置0,
Figure 591020DEST_PATH_IMAGE014
表示节点
Figure 191765DEST_PATH_IMAGE013
从节点
Figure 186266DEST_PATH_IMAGE003
收到数据的次数,节点
Figure 530660DEST_PATH_IMAGE013
将接收区内的数据发送到节点
Figure DEST_PATH_IMAGE015
的接收区; C) Consortium chain node
Figure 493117DEST_PATH_IMAGE013
Randomly decide whether to exchange the data in the receiving area and the exchange area, if it decides to exchange data, the flag bit
Figure 321DEST_PATH_IMAGE012
Set to 1, otherwise, the flag bit
Figure 541024DEST_PATH_IMAGE012
set to 0,
Figure 591020DEST_PATH_IMAGE014
represents a node
Figure 191765DEST_PATH_IMAGE013
slave node
Figure 186266DEST_PATH_IMAGE003
The number of times the data was received, the node
Figure 530660DEST_PATH_IMAGE013
Send the data in the receive area to the node
Figure DEST_PATH_IMAGE015
the receiving area; D)联盟链节点
Figure 202206DEST_PATH_IMAGE015
以及后续节点同样执行步骤C),节点
Figure 239432DEST_PATH_IMAGE005
将不断收到数据块,节点
Figure 331016DEST_PATH_IMAGE005
将收到的数据块按接收顺序存储; D) Consortium chain node
Figure 202206DEST_PATH_IMAGE015
And subsequent nodes also perform step C), the node
Figure 239432DEST_PATH_IMAGE005
will continue to receive blocks of data, the node
Figure 331016DEST_PATH_IMAGE005
Store the received data blocks in the order in which they were received; E)联盟链节点
Figure 744680DEST_PATH_IMAGE003
将数据块
Figure 362743DEST_PATH_IMAGE009
发送给节点
Figure 446237DEST_PATH_IMAGE013
的接收区后,不断的发送结束标志给节 点
Figure 149751DEST_PATH_IMAGE013
的接收区,节点
Figure 835947DEST_PATH_IMAGE013
收到结束标志后,强制将接收区和交换区的数据交换,且标志位
Figure 715041DEST_PATH_IMAGE012
置1,节点
Figure 94070DEST_PATH_IMAGE013
将接收区内的数据发送到节点
Figure 284880DEST_PATH_IMAGE015
的接收区; E) Consortium chain node
Figure 744680DEST_PATH_IMAGE003
the data block
Figure 362743DEST_PATH_IMAGE009
send to node
Figure 446237DEST_PATH_IMAGE013
After the receiving area, the end flag is continuously sent to the node
Figure 149751DEST_PATH_IMAGE013
the receiving area, the node
Figure 835947DEST_PATH_IMAGE013
After receiving the end flag, the data in the receiving area and the exchange area are forced to be exchanged, and the flag bit
Figure 715041DEST_PATH_IMAGE012
set to 1, node
Figure 94070DEST_PATH_IMAGE013
Send the data in the receive area to the node
Figure 284880DEST_PATH_IMAGE015
the receiving area; F)节点
Figure 774767DEST_PATH_IMAGE015
以及后续节点收到结束标志后,均强制将接收区和交换区的数据交换并向 下传递,直到节点
Figure 741324DEST_PATH_IMAGE005
收到结束标志,节点
Figure 291254DEST_PATH_IMAGE005
收到结束标志后,节点
Figure 969360DEST_PATH_IMAGE005
将收到的数据块 按顺序存储为数据
Figure 138304DEST_PATH_IMAGE016
Figure DEST_PATH_IMAGE017
,而后节点
Figure 54307DEST_PATH_IMAGE005
发送结束标志为给节点
Figure 384926DEST_PATH_IMAGE003
,节点
Figure 550328DEST_PATH_IMAGE003
收到结束标志后,停止向节点
Figure 382018DEST_PATH_IMAGE013
发送数据并将数据
Figure 949265DEST_PATH_IMAGE004
删除,超过预设通信超 时时间后,节点
Figure 211969DEST_PATH_IMAGE003
清空接收区,并将交换区再次填充随机数据,等待下一次数据传递; f) Node
Figure 774767DEST_PATH_IMAGE015
And after the subsequent nodes receive the end flag, the data in the receiving area and the exchange area are forced to be exchanged and passed down until the node
Figure 741324DEST_PATH_IMAGE005
end flag received, node
Figure 291254DEST_PATH_IMAGE005
After receiving the end flag, the node
Figure 969360DEST_PATH_IMAGE005
Store the received data blocks as data in order
Figure 138304DEST_PATH_IMAGE016
,
Figure DEST_PATH_IMAGE017
, and then the node
Figure 54307DEST_PATH_IMAGE005
Send the end flag to the node
Figure 384926DEST_PATH_IMAGE003
,node
Figure 550328DEST_PATH_IMAGE003
After receiving the end flag, stop sending to the node
Figure 382018DEST_PATH_IMAGE013
send data and send data
Figure 949265DEST_PATH_IMAGE004
Deleted, after the preset communication timeout time is exceeded, the node
Figure 211969DEST_PATH_IMAGE003
Empty the receiving area, and fill the exchange area with random data again, waiting for the next data transfer; G)节点
Figure 864668DEST_PATH_IMAGE003
需要取出数据
Figure 500048DEST_PATH_IMAGE004
时,从节点
Figure 531589DEST_PATH_IMAGE005
读取数据
Figure 859803DEST_PATH_IMAGE016
,节点
Figure 734218DEST_PATH_IMAGE003
根据每个节点
Figure 48656DEST_PATH_IMAGE003
的标志 位
Figure 324916DEST_PATH_IMAGE012
,获得
Figure 558451DEST_PATH_IMAGE018
的正确顺序以及夹杂的随机数据,去除随机数据并正确排序后进行解密, 将解密后的数据块拼接,节点
Figure 592266DEST_PATH_IMAGE003
获得数据
Figure 569450DEST_PATH_IMAGE004
G) Node
Figure 864668DEST_PATH_IMAGE003
need to retrieve data
Figure 500048DEST_PATH_IMAGE004
when the slave node
Figure 531589DEST_PATH_IMAGE005
read data
Figure 859803DEST_PATH_IMAGE016
,node
Figure 734218DEST_PATH_IMAGE003
According to each node
Figure 48656DEST_PATH_IMAGE003
flag bit
Figure 324916DEST_PATH_IMAGE012
,get
Figure 558451DEST_PATH_IMAGE018
The correct sequence and mixed random data, remove the random data and sort it correctly, decrypt it, splicing the decrypted data blocks, node
Figure 592266DEST_PATH_IMAGE003
get data
Figure 569450DEST_PATH_IMAGE004
; 步骤G)中,节点
Figure 74118DEST_PATH_IMAGE003
根据每个节点
Figure 478555DEST_PATH_IMAGE003
的标志位
Figure 593141DEST_PATH_IMAGE012
,获得
Figure 983802DEST_PATH_IMAGE018
的正确顺序以及夹杂的随机 数据的方法包括: In step G), the node
Figure 74118DEST_PATH_IMAGE003
According to each node
Figure 478555DEST_PATH_IMAGE003
flag bit
Figure 593141DEST_PATH_IMAGE012
,get
Figure 983802DEST_PATH_IMAGE018
Methods of correct ordering and inclusion of random data include: G1)设置变量
Figure DEST_PATH_IMAGE019
Figure 765814DEST_PATH_IMAGE020
Figure DEST_PATH_IMAGE021
,令
Figure 685359DEST_PATH_IMAGE022
,节点
Figure 929652DEST_PATH_IMAGE003
Figure DEST_PATH_IMAGE023
发送给下一个节点
Figure 920742DEST_PATH_IMAGE013
G1) Set variables
Figure DEST_PATH_IMAGE019
and
Figure 765814DEST_PATH_IMAGE020
,
Figure DEST_PATH_IMAGE021
,make
Figure 685359DEST_PATH_IMAGE022
,node
Figure 929652DEST_PATH_IMAGE003
Will
Figure DEST_PATH_IMAGE023
send to the next node
Figure 920742DEST_PATH_IMAGE013
; G2)节点
Figure 26101DEST_PATH_IMAGE013
收到
Figure 772340DEST_PATH_IMAGE023
后,查询
Figure 471306DEST_PATH_IMAGE024
的值,若
Figure 266087DEST_PATH_IMAGE024
的值等于1,则进入步骤G3),若
Figure 225952DEST_PATH_IMAGE024
的值等于0,则进入步骤G4); G2) Node
Figure 26101DEST_PATH_IMAGE013
receive
Figure 772340DEST_PATH_IMAGE023
After the query
Figure 471306DEST_PATH_IMAGE024
value, if
Figure 266087DEST_PATH_IMAGE024
The value of is equal to 1, then go to step G3), if
Figure 225952DEST_PATH_IMAGE024
The value of is equal to 0, then go to step G4); G3)
Figure 782573DEST_PATH_IMAGE020
自加1,重新查询
Figure 93469DEST_PATH_IMAGE024
的值,若
Figure 754257DEST_PATH_IMAGE024
的值为0,则重新执行本步骤,若
Figure 568630DEST_PATH_IMAGE024
的值为1,则进入步骤G4); G3)
Figure 782573DEST_PATH_IMAGE020
Self-increment 1, re-query
Figure 93469DEST_PATH_IMAGE024
value, if
Figure 754257DEST_PATH_IMAGE024
is 0, then perform this step again, if
Figure 568630DEST_PATH_IMAGE024
is 1, then go to step G4); G4)将
Figure 63196DEST_PATH_IMAGE023
的值发送给下一个节点
Figure 595809DEST_PATH_IMAGE015
G4) will
Figure 63196DEST_PATH_IMAGE023
The value is sent to the next node
Figure 595809DEST_PATH_IMAGE015
; G5)重复步骤G2)至步骤G4),直到节点
Figure 60288DEST_PATH_IMAGE005
Figure 604533DEST_PATH_IMAGE023
的最新值发送给节点
Figure 129055DEST_PATH_IMAGE003
,数据块
Figure DEST_PATH_IMAGE025
即 为数据块
Figure 555488DEST_PATH_IMAGE008
,数据
Figure 558079DEST_PATH_IMAGE016
中未对应数据块
Figure 612623DEST_PATH_IMAGE008
的数据块为随机数据应予剔除。 G5) Repeat steps G2) to G4) until the node
Figure 60288DEST_PATH_IMAGE005
Will
Figure 604533DEST_PATH_IMAGE023
The latest value of is sent to the node
Figure 129055DEST_PATH_IMAGE003
,data block
Figure DEST_PATH_IMAGE025
data block
Figure 555488DEST_PATH_IMAGE008
,data
Figure 558079DEST_PATH_IMAGE016
There is no corresponding data block in
Figure 612623DEST_PATH_IMAGE008
The data blocks that are random data should be discarded. 2.根据权利要求1所述的一种防止联盟链数据外泄的数据存取方法,其特征在于,2. a kind of data access method for preventing consortium chain data leakage according to claim 1, is characterized in that, 联盟链节点
Figure 679018DEST_PATH_IMAGE003
的标志位序号标识
Figure 920644DEST_PATH_IMAGE014
初值为0,节点
Figure 726926DEST_PATH_IMAGE003
每次收到其上一个节点
Figure 776921DEST_PATH_IMAGE005
发送的 数据块时,标志位序号标识
Figure 377667DEST_PATH_IMAGE014
自加1,当超过预设通信超时时间未收到其上一个节点
Figure 372168DEST_PATH_IMAGE005
发 送的数据块时,标志位序号标识
Figure 857507DEST_PATH_IMAGE014
置0。 Consortium chain node
Figure 679018DEST_PATH_IMAGE003
The mark bit serial number identification
Figure 920644DEST_PATH_IMAGE014
The initial value is 0, the node
Figure 726926DEST_PATH_IMAGE003
each time its previous node is received
Figure 776921DEST_PATH_IMAGE005
When sending a data block, the flag bit sequence number identifies
Figure 377667DEST_PATH_IMAGE014
Self-increment by 1, when the preset communication timeout time is exceeded, the previous node has not been received
Figure 372168DEST_PATH_IMAGE005
When sending a data block, the flag bit sequence number identifies
Figure 857507DEST_PATH_IMAGE014
Set to 0. 3.根据权利要求1或2所述的一种防止联盟链数据外泄的数据存取方法,其特征在于,3. a kind of data access method for preventing consortium chain data leakage according to claim 1 or 2, is characterized in that, 步骤C)中,节点
Figure 621064DEST_PATH_IMAGE013
将接收区内的数据发送到节点
Figure 392711DEST_PATH_IMAGE015
的接收区后,向节点
Figure 874507DEST_PATH_IMAGE003
发送信 号,节点
Figure 163538DEST_PATH_IMAGE003
接收到信号后,若节点
Figure 781601DEST_PATH_IMAGE003
有数据需要发送给节点
Figure 989728DEST_PATH_IMAGE013
,则立即向节点
Figure 67143DEST_PATH_IMAGE013
发送。 In step c), the node
Figure 621064DEST_PATH_IMAGE013
Send the data in the receive area to the node
Figure 392711DEST_PATH_IMAGE015
After the receiving area, to the node
Figure 874507DEST_PATH_IMAGE003
send signal, node
Figure 163538DEST_PATH_IMAGE003
After receiving the signal, if the node
Figure 781601DEST_PATH_IMAGE003
There is data to send to the node
Figure 989728DEST_PATH_IMAGE013
, then immediately send to the node
Figure 67143DEST_PATH_IMAGE013
send. 4.根据权利要求1或2所述的一种防止联盟链数据外泄的数据存取方法,其特征在于,4. a kind of data access method for preventing consortium chain data leakage according to claim 1 and 2, is characterized in that, 步骤C)中,节点
Figure 18919DEST_PATH_IMAGE013
将接收区和交换区的数据交换的方法为:节点
Figure 757068DEST_PATH_IMAGE013
记录接收区和 交换区的存储地址,若节点
Figure 745883DEST_PATH_IMAGE013
决定接收区和交换区的数据交换,则将接收区和交换区的 存储地址交换。 In step c), the node
Figure 18919DEST_PATH_IMAGE013
The method of exchanging data in the receiving area and the exchange area is: Node
Figure 757068DEST_PATH_IMAGE013
Record the storage address of the receiving area and the exchange area, if the node
Figure 745883DEST_PATH_IMAGE013
If the data exchange between the receiving area and the exchange area is determined, the storage addresses of the receiving area and the exchange area are exchanged. 5.根据权利要求1或2所述的一种防止联盟链数据外泄的数据存取方法,其特征在于,5. a kind of data access method preventing consortium chain data leakage according to claim 1 or 2, is characterized in that, 步骤F)和步骤G)之间还执行以下步骤:The following steps are also performed between steps F) and G): 节点
Figure 936693DEST_PATH_IMAGE005
收到结束标志,完成数据
Figure 426580DEST_PATH_IMAGE016
存储后,等待预设时长后,节点
Figure 160181DEST_PATH_IMAGE005
将数据
Figure 710111DEST_PATH_IMAGE016
作 为待存储数据,按步骤A)至F)执行后,执行步骤G)。 node
Figure 936693DEST_PATH_IMAGE005
Receive end flag, complete data
Figure 426580DEST_PATH_IMAGE016
After storing, after waiting for a preset time, the node
Figure 160181DEST_PATH_IMAGE005
convert the data
Figure 710111DEST_PATH_IMAGE016
As the data to be stored, after steps A) to F) are performed, step G) is performed. 6.根据权利要求1或2所述的一种防止联盟链数据外泄的数据存取方法,其特征在于,6. a kind of data access method preventing consortium chain data leakage according to claim 1 or 2, is characterized in that, 存储节点
Figure 388217DEST_PATH_IMAGE011
还设有任务标志位
Figure 416216DEST_PATH_IMAGE026
,任务标志位
Figure 177892DEST_PATH_IMAGE026
初值为0,联盟链节点
Figure 898723DEST_PATH_IMAGE003
需要存储数 据
Figure 64126DEST_PATH_IMAGE004
时,节点
Figure 36761DEST_PATH_IMAGE003
首先向节点
Figure 338429DEST_PATH_IMAGE013
查询任务标志位
Figure DEST_PATH_IMAGE027
,若任务标志位
Figure 167845DEST_PATH_IMAGE027
为0,则向节点
Figure 961489DEST_PATH_IMAGE015
查询任务标志位
Figure 331290DEST_PATH_IMAGE028
,若任务标志位
Figure 18623DEST_PATH_IMAGE027
为1,则等待预设时间后,再次查询任务标志 位
Figure 720738DEST_PATH_IMAGE027
,存储节点
Figure 595153DEST_PATH_IMAGE011
被查询任务标志位
Figure 34225DEST_PATH_IMAGE026
后,在预设的时长内,将
Figure 185851DEST_PATH_IMAGE026
置为1,若联盟链节点
Figure 684966DEST_PATH_IMAGE003
查询到节点
Figure 46677DEST_PATH_IMAGE005
的任务标志位
Figure DEST_PATH_IMAGE029
仍为0,则开始按步骤A)至F)存储数据
Figure 571330DEST_PATH_IMAGE004
storage node
Figure 388217DEST_PATH_IMAGE011
There is also a task flag
Figure 416216DEST_PATH_IMAGE026
, the task flag
Figure 177892DEST_PATH_IMAGE026
The initial value is 0, the alliance chain node
Figure 898723DEST_PATH_IMAGE003
need to store data
Figure 64126DEST_PATH_IMAGE004
when the node
Figure 36761DEST_PATH_IMAGE003
first to the node
Figure 338429DEST_PATH_IMAGE013
query task flags
Figure DEST_PATH_IMAGE027
, if the task flag
Figure 167845DEST_PATH_IMAGE027
is 0, then to the node
Figure 961489DEST_PATH_IMAGE015
query task flags
Figure 331290DEST_PATH_IMAGE028
, if the task flag
Figure 18623DEST_PATH_IMAGE027
If it is 1, after waiting for the preset time, query the task flag again
Figure 720738DEST_PATH_IMAGE027
, the storage node
Figure 595153DEST_PATH_IMAGE011
The queried task flag
Figure 34225DEST_PATH_IMAGE026
After that, within the preset time period, the
Figure 185851DEST_PATH_IMAGE026
Set to 1, if the alliance chain node
Figure 684966DEST_PATH_IMAGE003
query to node
Figure 46677DEST_PATH_IMAGE005
task flag
Figure DEST_PATH_IMAGE029
is still 0, then start to store data according to steps A) to F)
Figure 571330DEST_PATH_IMAGE004
.
CN202110242456.9A 2021-03-05 2021-03-05 A data access method to prevent data leakage of consortium chain Active CN112597527B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110242456.9A CN112597527B (en) 2021-03-05 2021-03-05 A data access method to prevent data leakage of consortium chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110242456.9A CN112597527B (en) 2021-03-05 2021-03-05 A data access method to prevent data leakage of consortium chain

Publications (2)

Publication Number Publication Date
CN112597527A CN112597527A (en) 2021-04-02
CN112597527B true CN112597527B (en) 2021-06-08

Family

ID=75210261

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110242456.9A Active CN112597527B (en) 2021-03-05 2021-03-05 A data access method to prevent data leakage of consortium chain

Country Status (1)

Country Link
CN (1) CN112597527B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112989428B (en) * 2021-05-08 2021-08-03 浙江数秦科技有限公司 A fast encrypted storage method for consortium chain data
CN113378192B (en) * 2021-06-02 2022-06-10 浙江数秦科技有限公司 A consortium chain data encryption method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201703562D0 (en) * 2017-03-06 2017-04-19 Nchain Holdings Ltd Computer-implemented system and method
CN108712429B (en) * 2018-05-24 2020-07-10 西安电子科技大学 Privacy protection method based on blockchain cloud outsourcing computing data
CN109302495A (en) * 2018-11-20 2019-02-01 北京邮电大学 A data storage method and device
CN109587132B (en) * 2018-11-29 2021-03-26 南京苏宁软件技术有限公司 Data transmission method and device based on alliance chain

Also Published As

Publication number Publication date
CN112597527A (en) 2021-04-02

Similar Documents

Publication Publication Date Title
DE60127096T2 (en) DEVICE AND METHOD FOR INFORMATION PROCESSING
CN112597527B (en) A data access method to prevent data leakage of consortium chain
US7529834B1 (en) Method and system for cooperatively backing up data on computers in a network
EP1470660B1 (en) Method and system for securely storing and transmitting data by applying a one-time pad
US20120134495A1 (en) Cloud Storage Data Access Method, Apparatus and System Based on OTP
US8195956B2 (en) Re-keying data in place
US7650499B2 (en) Encryption apparatus and decryption apparatus
CN110213041A (en) Data ciphering method, decryption method, device, electronic equipment and storage medium
US11973867B2 (en) Encrypted search
EP0840476A2 (en) Encrypted communication system that limits the damage caused when a secret key has been leaked
US11005663B2 (en) Secure audit scheme in a distributed data storage system
CN108768663A (en) A kind of block chain access control method and its processing system
CN109241754A (en) A kind of cloud file data de-duplication method based on block chain
CN109510700A (en) A kind of data transmission system based on chaos encryption
CN105681031A (en) Storage encryption gateway key management system and method
CN101572601A (en) Data encryption and transmission method and device thereof
US20190068366A1 (en) Methods and systems for linear key agreement with forward secrecy using an insecure shared communication medium
CN114629652B (en) Key management system based on physical non-copyable function and operation method thereof
CN113095826B (en) Hidden communication method and system based on block chain multi-signature
CN116318657A (en) Relay key transmission method
CN107864129B (en) Method and device for ensuring network data security
CN111357023A (en) Method and system for transferring data in a blockchain system
JP2010250656A (en) Data storage system and data storage method
CN108632027A (en) Managing device and management method
CN112989428B (en) A fast encrypted storage method for consortium chain data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A data access method to prevent data leakage in consortium chains

Granted publication date: 20210608

Pledgee: Bank of Beijing Co.,Ltd. Hangzhou Yuhang sub branch

Pledgor: ZHEJIANG SHUQIN TECHNOLOGY CO.,LTD.

Registration number: Y2024330002485