CN112685790A - Block chain data security and privacy protection method - Google Patents
Block chain data security and privacy protection method Download PDFInfo
- Publication number
- CN112685790A CN112685790A CN202110293526.3A CN202110293526A CN112685790A CN 112685790 A CN112685790 A CN 112685790A CN 202110293526 A CN202110293526 A CN 202110293526A CN 112685790 A CN112685790 A CN 112685790A
- Authority
- CN
- China
- Prior art keywords
- data
- access
- block chain
- server
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000013475 authorization Methods 0.000 claims abstract description 26
- 238000013500 data storage Methods 0.000 claims abstract description 7
- 238000013499 data model Methods 0.000 claims abstract description 6
- 238000004891 communication Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000011161 development Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a block chain data security and privacy protection method, which comprises the following steps: recording data generated by logging in a platform system, and caching the data into respective databases; carrying out block chain data storage; storing the encrypted information in a new data block, and checking through a consensus mechanism; data is stored on a block chain in a ciphertext mode, and authorized access is performed by relying on the encryption characteristic of a block chain account system; only a ciphertext is reserved on a block chain, a key is held by a data owner, data access authorization is carried out outside the chain, data authorization access is realized through an intelligent contract authorization list and an account system, a decrypted key is obtained through an intelligent contract and is decrypted, data are sent to a user terminal node, the data are obtained after decryption, and the data are fed back. According to the invention, the privacy data is protected through the three-layer data model, so that the data can be accessed only under the condition of obtaining authorization, and the data is stored in the intelligent contract and can be maintained and updated in real time.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a block chain data security and privacy protection method.
Background
Blockchains are distributed accounts generated and updated using a distributed node consensus algorithm, using cryptographic concatenation to protect the contents from tampering, for concatenating transaction records (also called blocks, allowing multiple transactions to produce a block). Each chunk contains the encrypted hash of the previous chunk, the corresponding timestamp, and the transaction data. Such a design makes the tile content tamper resistant. The use of distributed accounts concatenated with blockchains allows multiple parties to efficiently record transactions and to permanently validate the transaction.
The block chain can conveniently realize the digitization of the assets and the cross-platform circulation of the assets. Data network-wide public transparency is one of the most important properties of blockchains. However, in some business application scenarios such as a federation chain, data of a user is divided into public data and private data, the public data can be transparent in the whole network, and the private data can only be viewed by a data owner. However, many block chain networks at present cannot meet the data requirements in some business application scenarios such as a federation chain because data privacy cannot be protected.
Data privacy protection refers to a measure for protecting data by a data owner, so that sensitive data is prevented from being maliciously stolen. Privacy protection is always a link which users care about in a block chain scene, how to ensure the privacy of business parties under the condition of totaling one account, and meanwhile, the circulation of data in business can be ensured. The traditional centralized storage mode is convenient to maintain and high in safety, but a service bottleneck is easily generated due to large workload; the sharing requirement of the distributed storage technology is still processed by the central server, and required data is searched by distributed storage during processing, so that the complexity of the system is increased, and the privacy of a user cannot be effectively guaranteed.
The complete privacy protection is not only carried out by one layer of encryption measures, but also carried out in a mode of combining an account system and an authority dynamic control list. Therefore, a safer data security and privacy protection method is needed to protect the privacy data and perform real-time maintenance and update.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a block chain data security and privacy protection method aiming at the defects involved in the background technology, solve the problem that the user privacy cannot be effectively guaranteed, and realize the protection of the user privacy data security.
The technical problems of the invention are realized by adopting the following technical scheme:
a blockchain data security and privacy protection method, comprising:
recording data generated by logging in a platform system, and caching the data into respective databases;
block chain data storage is carried out by an SDK application service, a message queue server, a file server and four block chain link points;
the user terminal node initiates a data writing request, creates a new data block, stores the encrypted information in the new data block, and verifies through a consensus mechanism, so that the new data block is added to the data storage node of the data holder;
data is stored on a block chain in a ciphertext mode, authorized access is carried out by depending on the encryption characteristic of a block chain account system, namely all uplink data are encrypted, plaintext data are not stored on the block chain, a random key is generated through an intelligent contract when the data are uplink, data encryption is carried out, and the encrypted data are uplink stored;
only a ciphertext is reserved on a block chain, a key is held by a data owner, data access authorization is carried out outside the chain, data authorization access is realized through an intelligent contract authorization list and an account system, after block chain access permission is obtained, the node can communicate with other block chain nodes on a union chain to read data, namely after a user terminal node obtains authorization, a request is sent, after each node is verified through a consensus mechanism, a decrypted key is obtained through an intelligent contract, decryption is carried out, data are sent to the user terminal node, the data are obtained after the decryption, and the data are fed back.
Preferably, the authorization list of the intelligent contract is divided into a data ID data module, a user ID data module and a token data module, and privacy data are protected through a three-layer data model. The data ID data module, the user ID data module and the token data module are mapped to a forward tree model, the data ID data module comprises privacy-protected structured information including but not limited to indexes and IDs of data, the user ID data module comprises a list of currently-protected data target development users, user-related account information is in the list, and the token data module comprises an access authority range of the user IDs on the protected data, including but not limited to access time limit, access times and data range.
Preferably, the account system includes, but is not limited to, data access authorization, organizational structure, and support for business related to business roles.
Preferably, the method for authorizing access further comprises a blockchain token, and the blockchain token provides credit endorsements for the authorization operation.
Preferably, the SDK application service, the message queue server, the file server and the four block link points adopt a cloud server, and the server monitoring sets an alarm mechanism on the cloud server monitoring, so that an alarm notification is sent to the account mailbox when the resource load reaches a set value.
Preferably, the network layer access security deployed between the platform systems is controlled by a cloud security group, each IP defines access to a fixed cloud server, and defines an access protocol type and a port number.
Preferably, an application layer is deployed between platform systems, the access security of the application layer is configured by a security group, fixed limitation is made on an IP (Internet protocol) capable of accessing the SDK, only an outlet of the platform system can access the SDK server, the SDK is deployed in an intranet server, and the extranet cannot access the SDK.
Preferably, the data transmission protocols between the application layer SDK and different systems all adopt https protocols, and the https protocols encrypt data certificates and authenticate the real identities of the servers.
Preferably, the fixed IP restriction is performed between the servers, only approved visiting servers can perform inter-server interface communication, and the logic for identifying the IP holder as a real authorized server is as follows: and issuing a certificate to the authorized alliance chain admittance, wherein the certificate is applied to communication between the corresponding system and the SDK and between the system and the block chain link points, signing and signing are carried out in a certificate form, and if the signatures are finally consistent, the visitor is considered to be real.
According to the invention, privacy data is protected through the three-layer data model, and data is encrypted and stored by the link points of part of blocks, so that the data can be accessed only under the condition of obtaining authorization, and the data is stored in an intelligent contract, so that real-time maintenance and updating can be carried out, the business requirement for data privacy protection is met, network communication data is reduced, and the system performance is improved.
Detailed Description
The technical solution of the present invention will be described in further detail below. It is understood that the embodiments described are only a few embodiments, not all embodiments, and that all other embodiments obtained by those skilled in the art without the use of inventive faculty are within the scope of the invention.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various elements, components and/or sections, these elements, components and/or sections should not be limited by these terms.
A blockchain data security and privacy protection method, comprising:
recording data generated by logging in a platform system, and caching the data into respective databases;
block chain data storage is carried out by an SDK application service, a message queue server, a file server and four block chain link points;
the user terminal node initiates a data writing request, creates a new data block, stores the encrypted information in the new data block, and verifies through a consensus mechanism, so that the new data block is added to the data storage node of the data holder;
data is stored on a block chain in a ciphertext mode, authorized access is carried out by depending on the encryption characteristic of a block chain account system, namely all uplink data are encrypted, plaintext data are not stored on the block chain, a random key is generated through an intelligent contract when the data are uplink, data encryption is carried out, and the encrypted data are uplink stored;
only a ciphertext is reserved on a block chain, a key is held by a data owner, data access authorization is carried out outside the chain, data authorization access is realized through an intelligent contract authorization list and an account system, after block chain access permission is obtained, the node can communicate with other block chain nodes on a union chain to read data, namely after a user terminal node obtains authorization, a request is sent, after each node is verified through a consensus mechanism, a decrypted key is obtained through an intelligent contract, decryption is carried out, data are sent to the user terminal node, the data are obtained after the decryption, and the data are fed back.
Preferably, the authorization list of the intelligent contract is divided into a data ID data module, a user ID data module and a token data module, and privacy data are protected through a three-layer data model. The data ID data module, the user ID data module and the token data module are mapped to a forward tree model, the data ID data module comprises privacy-protected structured information including but not limited to indexes and IDs of data, the user ID data module comprises a list of currently-protected data target development users, user-related account information is in the list, and the token data module comprises an access authority range of the user IDs on the protected data, including but not limited to access time limit, access times and data range.
Preferably, the account system includes, but is not limited to, data access authorization, organizational structure, and support for business related to business roles.
Preferably, the method for authorizing access further comprises a blockchain token, and the blockchain token provides credit endorsements for the authorization operation.
Preferably, the SDK application service, the message queue server, the file server and the four block link points adopt a cloud server, and the server monitoring sets an alarm mechanism on the cloud server monitoring, so that an alarm notification is sent to the account mailbox when the resource load reaches a set value.
Preferably, the network layer access security deployed between the platform systems is controlled by a cloud security group, each IP defines access to a fixed cloud server, and defines an access protocol type and a port number.
Preferably, an application layer is deployed between platform systems, the access security of the application layer is configured by a security group, fixed limitation is made on an IP (Internet protocol) capable of accessing the SDK, only an outlet of the platform system can access the SDK server, the SDK is deployed in an intranet server, and the extranet cannot access the SDK.
Preferably, the data transmission protocols between the application layer SDK and different systems all adopt https protocols, and the https protocols encrypt data certificates and authenticate the real identities of the servers.
Preferably, the fixed IP restriction is performed between the servers, only approved visiting servers can perform inter-server interface communication, and the logic for identifying the IP holder as a real authorized server is as follows: and issuing a certificate to the authorized alliance chain admittance, wherein the certificate is applied to communication between the corresponding system and the SDK and between the system and the block chain link points, signing and signing are carried out in a certificate form, and if the signatures are finally consistent, the visitor is considered to be real.
According to the invention, privacy data is protected through the three-layer data model, and data is encrypted and stored by the link points of part of blocks, so that the data can be accessed only under the condition of obtaining authorization, and the data is stored in an intelligent contract, so that real-time maintenance and updating can be carried out, the business requirement for data privacy protection is met, network communication data is reduced, and the system performance is improved.
The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the specification and its practical application, to thereby enable others skilled in the art to best understand the specification and its practical application. The specification is limited only by the claims and their full scope and equivalents.
Claims (9)
1. A method for protecting block chain data security and privacy is characterized by comprising the following steps:
recording data generated by logging in a platform system, and caching the data into respective databases;
block chain data storage is carried out by an SDK application service, a message queue server, a file server and four block chain link points;
the user terminal node initiates a data writing request, creates a new data block, stores the encrypted information in the new data block, and verifies through a consensus mechanism, so that the new data block is added to the data storage node of the data holder;
data is stored on a block chain in a ciphertext mode, authorized access is carried out by depending on the encryption characteristic of a block chain account system, namely all uplink data are encrypted, plaintext data are not stored on the block chain, a random key is generated through an intelligent contract when the data are uplink, data encryption is carried out, and the encrypted data are uplink stored;
only a ciphertext is reserved on a block chain, a key is held by a data owner, data access authorization is carried out outside the chain, data authorization access is realized through an intelligent contract authorization list and an account system, after block chain access permission is obtained, the node can communicate with other block chain nodes on a union chain to read data, namely after a user terminal node obtains authorization, a request is sent, after each node is verified through a consensus mechanism, a decrypted key is obtained through an intelligent contract, decryption is carried out, data are sent to the user terminal node, the data are obtained after the decryption, and the data are fed back.
2. The method for protecting the safety and the privacy of the blockchain data according to claim 1, wherein the authorization list of the intelligent contract is divided into a data ID data module, a user ID data module and a token data module, and privacy data are protected through a three-layer data model;
the data ID data module, the user ID data module and the token data module are mapped to a forward tree model, the data ID data module comprises privacy-protected structured information including but not limited to indexes and IDs of data, the user ID data module comprises a list of currently-protected data target development users, user-related account information is in the list, and the token data module comprises an access authority range of the user IDs on the protected data, including but not limited to access time limit, access times and data range.
3. The method of claim 1, wherein the account system includes but is not limited to data access authorization, organizational structure, and support for business related to business roles.
4. The method of claim 1, wherein the method of granting access further comprises a blockchain token, the blockchain token providing credit endorsements for granting access.
5. The method as claimed in claim 1, wherein the SDK application service, the message queue server, the file server, and the four blockchain nodes employ a cloud server, and the server monitor sets an alarm mechanism on the cloud server monitor, and sends an alarm notification to the account mailbox when the resource load reaches a set value.
6. The method as claimed in claim 1, wherein the network layer access security deployed between platform systems is controlled by a cloud security group, each IP defines access to a fixed cloud server and defines access protocol type and port number.
7. The method as claimed in claim 1, wherein an application layer is deployed between platform systems, the application layer access security is configured by a security group, and a fixed limit is imposed on the IP that can access the SDK, only the platform system outlet can access the SDK server, and the SDK is deployed on an intranet server and cannot be accessed by an extranet.
8. The method as claimed in claim 7, wherein the data transmission protocol between the application layer SDK and different systems adopts https protocol, and the https protocol encrypts data certificates to authenticate the true identity of the server.
9. The method as claimed in claim 1, wherein the fixed IP restrictions are applied between servers, only authorized visiting servers can perform inter-server interface communication, and the logic for identifying the IP holder as a true authorized server is: and issuing a certificate to the authorized alliance chain admittance, wherein the certificate is applied to communication between the corresponding system and the SDK and between the system and the block chain link points, signing and signing are carried out in a certificate form, and if the signatures are finally consistent, the visitor is considered to be real.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110293526.3A CN112685790B (en) | 2021-03-19 | 2021-03-19 | Block chain data security and privacy protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110293526.3A CN112685790B (en) | 2021-03-19 | 2021-03-19 | Block chain data security and privacy protection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112685790A true CN112685790A (en) | 2021-04-20 |
| CN112685790B CN112685790B (en) | 2021-06-25 |
Family
ID=75455674
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110293526.3A Active CN112685790B (en) | 2021-03-19 | 2021-03-19 | Block chain data security and privacy protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112685790B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113722285A (en) * | 2021-11-03 | 2021-11-30 | 江苏荣泽信息科技股份有限公司 | Multi-chain-based cross-chain distributed file storage and verification system |
| CN114119043A (en) * | 2021-11-10 | 2022-03-01 | 北京华电电子商务科技有限公司 | Supplier credit information credible sharing management method based on block chain |
| CN114189387A (en) * | 2021-12-17 | 2022-03-15 | 中国电子科技网络信息安全有限公司 | Alliance chain security detection method and device |
| CN114266073A (en) * | 2022-03-02 | 2022-04-01 | 环球数科集团有限公司 | Data link privacy processing system based on block chain technology |
| CN115242370A (en) * | 2022-05-23 | 2022-10-25 | 华数云科技有限公司 | Monitoring system and method based on block chain trusted security multi-party calculation |
| CN117349900A (en) * | 2023-09-27 | 2024-01-05 | 南京财经大学 | Intelligent prediction system and prediction method based on data mining |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111143885A (en) * | 2020-04-02 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | Block chain transaction processing method and device and block chain link points |
| CN111478764A (en) * | 2019-01-24 | 2020-07-31 | 北京京东尚科信息技术有限公司 | Data processing method, node and storage medium in block chain network |
| US20200374105A1 (en) * | 2019-05-22 | 2020-11-26 | Salesforce.Com, Inc. | System or method to implement consensus on read on distributed ledger/blockchain |
| CN112132198A (en) * | 2020-09-16 | 2020-12-25 | 建信金融科技有限责任公司 | Data processing method, device and system and server |
-
2021
- 2021-03-19 CN CN202110293526.3A patent/CN112685790B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111478764A (en) * | 2019-01-24 | 2020-07-31 | 北京京东尚科信息技术有限公司 | Data processing method, node and storage medium in block chain network |
| US20200374105A1 (en) * | 2019-05-22 | 2020-11-26 | Salesforce.Com, Inc. | System or method to implement consensus on read on distributed ledger/blockchain |
| CN111143885A (en) * | 2020-04-02 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | Block chain transaction processing method and device and block chain link points |
| CN112132198A (en) * | 2020-09-16 | 2020-12-25 | 建信金融科技有限责任公司 | Data processing method, device and system and server |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113722285A (en) * | 2021-11-03 | 2021-11-30 | 江苏荣泽信息科技股份有限公司 | Multi-chain-based cross-chain distributed file storage and verification system |
| CN113722285B (en) * | 2021-11-03 | 2022-02-11 | 江苏荣泽信息科技股份有限公司 | Multi-chain-based cross-chain distributed file storage and verification system |
| CN114119043A (en) * | 2021-11-10 | 2022-03-01 | 北京华电电子商务科技有限公司 | Supplier credit information credible sharing management method based on block chain |
| CN114189387A (en) * | 2021-12-17 | 2022-03-15 | 中国电子科技网络信息安全有限公司 | Alliance chain security detection method and device |
| CN114189387B (en) * | 2021-12-17 | 2024-07-09 | 中国电子科技网络信息安全有限公司 | Alliance chain safety detection method and device |
| CN114266073A (en) * | 2022-03-02 | 2022-04-01 | 环球数科集团有限公司 | Data link privacy processing system based on block chain technology |
| CN115242370A (en) * | 2022-05-23 | 2022-10-25 | 华数云科技有限公司 | Monitoring system and method based on block chain trusted security multi-party calculation |
| CN115242370B (en) * | 2022-05-23 | 2024-04-12 | 华数云科技有限公司 | Supervision system and method based on block chain trusted security multiparty calculation |
| CN117349900A (en) * | 2023-09-27 | 2024-01-05 | 南京财经大学 | Intelligent prediction system and prediction method based on data mining |
| CN117349900B (en) * | 2023-09-27 | 2024-04-05 | 南京财经大学 | Intelligent prediction system and prediction method based on data mining |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112685790B (en) | 2021-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112685790B (en) | Block chain data security and privacy protection method | |
| US11496310B2 (en) | Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication | |
| Aujla et al. | SecSVA: secure storage, verification, and auditing of big data in the cloud environment | |
| CN109327481B (en) | Block chain-based unified online authentication method and system for whole network | |
| CN111291407A (en) | Data sharing method based on block chain privacy protection | |
| Lu et al. | A Fine‐Grained IoT Data Access Control Scheme Combining Attribute‐Based Encryption and Blockchain | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN113420319A (en) | Data privacy protection method and system based on block chain and permission contract | |
| CN110474921B (en) | Perception layer data fidelity method for local area Internet of things | |
| CN112861157A (en) | Data sharing method based on decentralized identity and proxy re-encryption | |
| US20080072280A1 (en) | Method and system to control access to a secure asset via an electronic communications network | |
| CN112671735B (en) | Data encryption sharing system and method based on block chain and re-encryption | |
| US20190005258A1 (en) | A method for encrypting data and a method for decrypting data | |
| CN115567312B (en) | Alliance chain data authority management system and method capable of meeting various scenes | |
| CN111008855A (en) | Retroactive data access control method based on improved proxy re-encryption | |
| Murala et al. | Secure dynamic groups data sharing with modified revocable attribute-based encryption in cloud | |
| CN111597583B (en) | Data sharing and exchanging method based on block chain | |
| Kim et al. | Role‐based Access Control Video Surveillance Mechanism Modeling in Smart Contract Environment | |
| Guo et al. | Using blockchain to control access to cloud data | |
| CN111444268A (en) | Data encryption method based on block chain | |
| US10764260B2 (en) | Distributed processing of a product on the basis of centrally encrypted stored data | |
| CN106301791A (en) | Method and system for realizing unified user authentication authorization based on big data platform | |
| CN112423302A (en) | Wireless network access method, terminal and wireless access equipment | |
| CN114124392B (en) | Data controlled circulation method, system, device and medium supporting access control | |
| CN109981662A (en) | A kind of safe communication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |