CN112818365B - User privacy data protection method and system based on block chain - Google Patents

User privacy data protection method and system based on block chain Download PDF

Info

Publication number
CN112818365B
CN112818365B CN202110135329.9A CN202110135329A CN112818365B CN 112818365 B CN112818365 B CN 112818365B CN 202110135329 A CN202110135329 A CN 202110135329A CN 112818365 B CN112818365 B CN 112818365B
Authority
CN
China
Prior art keywords
data
domain
distribution
mapping
isomorphic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110135329.9A
Other languages
Chinese (zh)
Other versions
CN112818365A (en
Inventor
刘斌
韩士腾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jingdong Technology Co Ltd
Original Assignee
Shanghai Jingdong Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jingdong Technology Co Ltd filed Critical Shanghai Jingdong Technology Co Ltd
Priority to CN202110135329.9A priority Critical patent/CN112818365B/en
Publication of CN112818365A publication Critical patent/CN112818365A/en
Application granted granted Critical
Publication of CN112818365B publication Critical patent/CN112818365B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention provides a user privacy data protection method and system based on a block chain. According to the condition of user data needing to be added into a block chain account book, user privacy data are extracted from the user data, the user privacy data are converted into encrypted representation data after isomorphic mapping processing, and isomorphism exists between the encrypted representation data and original user privacy data; further converting the encrypted representation data into blocks by the data processing nodes; and linking the block to the ledger by hash header verification by the data processing node. Therefore, the data is represented by the encryption, so that the effective content of the user privacy data is shielded in the data loaded into the block chain account book, the user privacy data is prevented from being shared among the block chain link points along with the account book, the privacy disclosure risk is fundamentally reduced, and the user privacy rights and interests are guaranteed.

Description

User privacy data protection method and system based on block chain
Technical Field
The invention relates to the technical field of internet security, in particular to a user privacy data protection method and system based on a block chain.
Background
The block chain technology provides a network architecture with decentration, high reliability, tamper resistance and traceability, and has wide application prospects in many scenes such as virtual currency, electronic transactions, certificate archiving, traceability and the like.
One core advantage of blockchain technology over traditional network architectures is that it enables complete decentralization.
As is well known, conventional network architectures always have a hub, and most network services use the server of the service provider as the actual hub. Information related to network services is stored, aggregated, relayed, and interactively queried on the service provider's servers. Accordingly, the server needs to have a robust and reliable security guarantee to avoid information leakage and to prevent information theft, tampering and illegal transmission by using the operation authority of the server. Meanwhile, the network center is also easy to attack, and once a problem occurs, the network center can cause the abnormity and the paralysis of the whole system and even the large-scale leakage of information.
The block chain technique cancels the network center in the traditional network architecture, and all nodes added into the block chain are taken as equal and symmetrical nodes. The network service related information is stored on a blockchain account book, the account book is fully shared among all nodes, each node stores and updates the account book, and the account book can be inquired at any time to obtain all service related information on the whole blockchain, wherein the service related information also comprises related information related to other nodes. In order to avoid the divergence of different nodes in the process of storing and sharing the account, the unified consensus on the account can be realized in the block chain system based on consensus mechanisms such as maximum workload certification and share certification. The block chain account book is formed by linking individual blocks (blocks) based on Hash Head verification, in the process of adding a new block to the account book, the new block also comprises verification information contained in a Hash Head (Hash Head) besides body information, and the new block and the existing block of the account book are linked together through the Hash Head. Therefore, any node can verify and trace all relevant information of the whole block chain, and tampering and counterfeiting of the relevant information are avoided.
However, the application of the blockchain brings new problems to the protection of the user privacy data. Most of the service or transaction information recorded in the blockchain account book comes from the user, wherein relevant sensitive information such as individual identity, transaction record, time and place and the like of the user exists, and if the private data is illegally acquired and applied, the rights and interests of the user can be greatly damaged, safety risks in the aspects of personal and property are brought, and social public order and customs can be harmed. As described above, the blockchain ledger itself is shared among nodes, and the ledger records all service-related information on the whole blockchain, and although the information on the blockchain ledger is subjected to necessary processing such as encryption, there is still a large risk that the information is cracked, thereby causing leakage of user privacy data.
Disclosure of Invention
In view of the above problems, the present invention provides a block chain-based user privacy data protection method and system. According to the condition of user data needing to be added into a block chain account book, user privacy data are extracted from the user data, the user privacy data are converted into encrypted representation data after isomorphic mapping processing, and isomorphism exists between the encrypted representation data and original user privacy data; further converting the encrypted representation data into blocks by the data processing nodes; and linking the block to the ledger by hash header verification by the data processing node. Therefore, the data is represented by the encryption, so that the effective content of the user privacy data is shielded in the data loaded into the block chain account book, the user privacy data is prevented from being shared among the block chain link points along with the account book, the privacy disclosure risk is fundamentally reduced, and the user privacy rights and interests are guaranteed.
The invention provides a user privacy data protection method based on a block chain, which is characterized by comprising the following steps:
extracting user privacy data from the user data needing to be added into the block chain account book by the block chain link point;
the block chain nodes convert the user privacy data into isomorphic mapping-processed encrypted representation data based on an isomorphic distribution template, and the encrypted representation data is used as data to be booked;
converting the data to be billed into blocks by the billing node, and linking the blocks to the ledger through hash header verification;
and sharing the account book among the block link points, and forming consensus on the updated account book.
Preferably, when the block link point needs to verify the encrypted representation data in the account block, a verification authorization code is sent to a trusted third party, and the trusted third party performs verification according to the encrypted representation data to be verified and the isomorphic distribution template.
Preferably, the converting, based on the isomorphic distribution template, the user privacy data into the encrypted representation data after the isomorphic mapping process specifically includes: constructing a mapping association structure, wherein the mapping association structure comprises mapping domains which are logically associated with each other and domain attributes of each mapping domain; for initial user data containing privacy data, extracting a domain value of a corresponding mapping domain from the initial user data according to the correlation degree of the domain attributes of the initial user data and the mapping domain; and matching the domain value of the mapping domain with the isomorphic distribution template, and forming the encrypted representation data of the initial user data through the matching degree of the domain value and the isomorphic distribution template.
Preferably, the isomorphic distribution template includes a plurality of distribution units, each distribution unit includes a unit field corresponding to the mapping domain, and each unit field has a preset value interval; and acquiring the encrypted representation data according to the matching degree of the domain value of the mapping domain and the distribution units in the isomorphic distribution template and the weight estimation value of the distribution units.
Preferably, in the isomorphic distribution template, the weight estimation value of each distribution unit is calculated as follows:
Figure BDA0002926669120000031
wherein, N represents the total number of unit fields of the distribution unit, k represents the serial number of the distribution unit in the isomorphic distribution template, i.e. the k-th distribution unit, WkRepresents the weight estimation value of the k-th distribution unit, i represents the unit field number of the k-th distribution unit, i is the i-th unit field of the k-th distribution unit, β 1 represents the weight estimation coefficient, β 1 is a constant, RiAn interval length quantized value representing the preset value interval of the ith unit field; according to the matching degree of the domain value of the mapping domain and the distribution units in the isomorphic distribution template and the weight estimation value of the distribution units, the encrypted representation data is calculated according to the following modes: first, the number of representations of the domain values of the mapping domain with respect to each distribution unit in the isomorphic distribution template is calculated:
Figure BDA0002926669120000041
wherein, WkIs a weight estimate for the kth distribution unit, MkThe matching degree of the domain value of the mapping domain and the kth distribution unit is obtained, and beta 2 is a constant coefficient; representing the domain values of the mapping domain corresponding to the representing numbers of all the distribution units in the isomorphic distribution template as:<E1,E2,...Ek...>as the encrypted presentation data.
In order to implement the above method, the present invention provides a user privacy data protection system based on a block chain, which is characterized by comprising: an interface layer and a block chain layer;
wherein the interface layer comprises: the data source interface module is used for acquiring user data needing to be added into the block chain account book from one or more data sources; the information analysis module is used for analyzing the user data needing to be added into the block chain account book and extracting user privacy data from the user data; the allocation module is used for allocating the user privacy data to the block chain link points corresponding to the interface layer in the block chain layer, and directly allocating the user data except the user privacy data to the accounting nodes in the block chain layer as data to be accounted;
the block chain layer comprises a certain number of distributed block chain link points which share an account book; the block chain node forms consensus on the account book according to a preset rule; the block chain nodes convert the user privacy data provided by the corresponding interface layer into isomorphic mapping-processed encrypted representation data based on the isomorphic distribution template, and send the encrypted representation data serving as data to be billed to the billing nodes of the block chain layer;
the block chain layer comprises accounting nodes, the accounting nodes convert data to be accounted into blocks, and the blocks are linked to the account book through hash head verification; and the accounting node shares the account book to the block chain nodes of the block chain layer, so that the block chain nodes form consensus on the account book according to a preset rule.
Preferably, the system further comprises a validation layer comprising one or more trusted third parties, the trusted third parties having the ledger; when the block link points need to verify the encrypted representation data in the account book block, sending verification authorization codes to a trusted third party; and the trusted third party obtains randomly selected local user privacy data from the block link points providing the encrypted representation data according to the encrypted representation data to be verified, and verifies the data based on the isomorphic distribution template.
Preferably, the block link point converts the user privacy data into the encrypted representation data after the isomorphic mapping processing based on the isomorphic distribution template, and specifically includes: constructing a mapping association structure, wherein the mapping association structure comprises mapping domains which are logically associated with each other and domain attributes of each mapping domain; for initial user data containing privacy data, extracting a domain value of a corresponding mapping domain from the initial user data according to the correlation degree of the domain attributes of the initial user data and the mapping domain; and matching the domain value of the mapping domain with the isomorphic distribution template, and forming the encrypted representation data of the initial user data through the matching degree of the domain value and the isomorphic distribution template.
Preferably, the isomorphic distribution template includes a plurality of distribution units, each distribution unit includes a unit field corresponding to the mapping domain, and each unit field has a preset value interval; and acquiring the encrypted representation data according to the matching degree of the domain value of the mapping domain and the distribution units in the isomorphic distribution template and the weight estimation value of the distribution units.
Preferably, in the isomorphic distribution template, the weight estimation value of each distribution unit is calculated as follows:
Figure BDA0002926669120000051
wherein, N represents the total number of unit fields of the distribution unit, k represents the serial number of the distribution unit in the isomorphic distribution template, i.e. the k-th distribution unit, WkRepresents the weight estimation value of the k-th distribution unit, i represents the unit field number of the k-th distribution unit, i is the i-th unit field of the k-th distribution unit, β 1 represents the weight estimation coefficient, β 1 is a constant, RiAn interval length quantized value representing the preset value interval of the ith unit field; according to the matching degree of the domain value of the mapping domain and the distribution units in the isomorphic distribution template and the weight estimation value of the distribution units, the encrypted representation data is calculated according to the following modes: first, the number of representations of the domain values of the mapping domain with respect to each distribution unit in the isomorphic distribution template is calculated:
Figure BDA0002926669120000052
wherein, WkIs a weight estimate for the kth distribution unit, MkThe matching degree of the domain value of the mapping domain and the kth distribution unit is obtained, and beta 2 is a constant coefficient; representing the domain values of the mapping domain corresponding to the representing numbers of all the distribution units in the isomorphic distribution template as:<E1,E2,...Ek...>as the encrypted presentation data.
The invention has the beneficial effects that: data related to user privacy information are converted into encrypted representation data, and then encrypted protection data are written into a block chain account book, so that the advantages of decentralization, difficulty in attack and no tampering of a block chain network system are enjoyed, meanwhile, effective contents of the user privacy data are shielded in the data loaded into the block chain account book, the user privacy data are prevented from being shared among block chain link points along with the account book, privacy disclosure risks are fundamentally reduced, and the user privacy rights and interests are guaranteed; the zero-knowledge verification function of the original privacy data is realized by encrypting the isomorphism between the representation data and the original user privacy data.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart of a block chain-based user privacy data protection method according to an embodiment of the present invention;
FIG. 2 is a detailed flow chart of converting encrypted representation data according to an embodiment of the present invention;
fig. 3 is a block diagram of a block chain-based user privacy data protection system according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, the present invention provides a block chain-based user privacy data protection method, including the following steps:
s101: extracting user privacy data from the user data needing to be added into the block chain account book by the block chain link point;
s102: the block chain nodes convert the user privacy data into isomorphic mapping-processed encrypted representation data based on an isomorphic distribution template, and the encrypted representation data is used as data to be booked;
s103: converting the data to be billed into blocks by the billing node, and linking the blocks to the ledger through hash header verification;
s104: and sharing the account book among the block link points, and forming consensus on the updated account book.
For step S101, for a block link point added to a block chain, user data to be loaded into a block chain ledger may be obtained from one or more data sources by binding interface layers connecting the data sources. The data source can be a virtual currency transaction platform, an electronic transaction platform, a certificate filing and handling mechanism, a tracing and tracing platform, an internet financial platform, a credit information platform and the like. The user data obtained from the data source may be text data, metadata in XML or other markup languages, form data, or even media format data such as images, and the user data includes user privacy data. In this step, the user data which is obtained from the data sources and needs to be loaded into the block chain account book is divided from the aspects of data sources, data classification, data description fields, data sensitive words and the like according to a preset standard, and user privacy data which meets the standard is extracted from the user data. For user privacy data, the interface layer assigns it to a bound blockchain node. And for user data except the user privacy data, the interface layer takes the user data as data to be billed and directly distributes the data to the billing nodes in the blockchain layer.
For step S102, after the blockchain node obtains the user privacy data from the interface layer bound to itself, in this step, a specific manner shown in fig. 2 is adopted, based on the isomorphic distribution template, the user privacy data is converted into the encrypted representation data after isomorphic mapping processing, and the encrypted representation data is used as the data to be billed. First, a mapping association structure construction step S102A is performed to construct a mapping association structure including mapping domains logically associated with each other and domain attributes of each mapping domain. And constructing a mapping association structure matched with the user privacy data according to the specific data content and data format of the user privacy data. The mapping association structure comprises a certain number of mapping domains, and each mapping domain corresponds to one dimension of user privacy data, such as user basic information, user related objects, user behaviors, location time, track paths, transaction processes and the like, and can respectively correspond to one mapping domain. For each mapped domain, its domain attributes are also defined, including the domain name of the mapped domain and the domain index. The domain name represents a dimension of the user privacy data corresponding to the mapping domain, and the domain index is a set of index reference words constructed for the type or the dimension of the user privacy data. The mapping domains are not isolated from each other, but are related to each other according to a logical relationship, wherein the logical relationship comprises a parallel relationship, an inclusion relationship, a causal relationship, a progressive relationship and the like. A data mapping step S102B, regarding the user privacy data as initial user data, extracting a domain value of a corresponding mapping domain from the initial user data according to the correlation between the initial user data and the domain attribute of the mapping domain. As initial user data. Sensitive information in the initial user data that is relevant to user privacy is present in the unencrypted initial form. And extracting the domain value of the corresponding mapping domain from the initial user data according to the correlation degree of the domain attributes of the initial user data and the mapping domain. The correlation between the initial user data and the domain attribute of the mapping domain may be determined by domain name matching, domain index matching, and joint logical matching between the domain name and the domain index. If the initial user data is in a text format, keywords can be extracted from the initial user data by means of word frequency statistics, and the keywords are matched with the domain name and the domain index of each mapping domain, so that the accumulated number of the keywords matched with the domain name and the domain index is used as the domain value of the mapping domain. If the initial user data is in a markup language format such as XML, determining the matching relationship between each markup language field and the domain name of each mapping domain, further determining the matching relationship between each markup language field and the domain index of the mapping domain matched with the domain name according to the content value of each markup language field, and taking the accumulated number of the content values of the markup language fields matched with the domain name and the domain index as the domain value of the mapping domain. And a homogeneous encryption step S102C, matching the domain value of the mapping domain with a homogeneous distribution template, and forming encrypted representation data of the initial user data according to the matching degree of the domain value and the homogeneous distribution template. The invention realizes isomorphic encryption, converts the initial user data into the encrypted representation data, and ensures isomorphic attributes between the encrypted representation data and the initial user data, thereby realizing the verification of the initial user data by utilizing the encrypted representation data subsequently. In order to realize isomorphic encryption, the invention sets an isomorphic distribution template, the isomorphic distribution template comprises a plurality of distribution units, each distribution unit comprises a unit field corresponding to a mapping domain, and each unit field has a preset value interval. Each distribution unit of the isomorphic distribution template corresponds to one or more mapping domains based on the field name of each unit field; and, each unit field has a preset value interval. Each distribution unit has its own weight estimation value, and the weight estimation value is inversely proportional to the preset value interval of the unit field of the distribution unit, i.e. the larger the coverage of the preset value interval of the unit field of the distribution unit, the lower the weight estimation value corresponding to the unit field of the distribution unit, otherwise, the smaller the coverage of the preset value interval of the unit field of the distribution unit, the higher the weight estimation value corresponding to the unit field of the distribution unit. Specifically, the weight estimation value of each distribution unit is calculated as follows:
Figure BDA0002926669120000091
wherein, N represents the total number of unit fields of the distribution unit, k represents the serial number of the distribution unit in the isomorphic distribution template, i.e. the k-th distribution unit, WkRepresents the weight estimation value of the k-th distribution unit, i represents the unit field number of the k-th distribution unit, i is the i-th unit field of the k-th distribution unit, β 1 represents the weight estimation coefficient, β 1 is a constant, RiAnd the quantized value of the interval length of the preset value interval of the ith unit field is represented. In the isomorphic encryption step, the domain value of the mapping domain is matched with an isomorphic distribution template, and the encrypted representation data is calculated according to the matching degree of the domain value of the mapping domain and the distribution units in the isomorphic distribution template and the weight estimation values of the distribution units in the following modes: first, the number of representations of the domain values of the mapping domain with respect to each distribution unit in the isomorphic distribution template is calculated:
Figure BDA0002926669120000092
wherein, WkIs a weight estimate for the kth distribution unit, MkThe matching degree of the domain value of the mapping domain and the kth distribution unit is obtained, and beta 2 is a constant coefficient; wherein the domain value of the mapping domain is matched with the degree M of the k distribution unitkThe domain value of the mapping domain may be multiplied by a conversion coefficient corresponding to each distribution unit to represent; representing the domain values of the mapping domain corresponding to the representing numbers of all the distribution units in the isomorphic distribution template as:<E1,E2,...Ek...>as the encrypted presentation data. Therefore, the block link point converts the initial user data into the encrypted representation data of the user privacy data, the encrypted representation data serves as data to be billed, and the data to be billed is transmitted to the billing node of the block chain.
With respect to step S103, the data to be billed is converted into blocks by the billing node, and the blocks are linked to the ledger by hash header verification. The user data except the user privacy data transmitted by the interface layer and the encrypted representation data transmitted by the block link nodes are used as data to be billed by the billing node. And the accounting node converts the data to be accounted into one or more blocks according to the set block size, and then adds the blocks into the block chain account book one by taking the blocks as units. The block added into the account book also comprises a Hash Head (Hash Head) obtained through Hash calculation, the Hash Head is used as verification information, and the new block and the original block of the account book are linked together through the Hash Head.
Regarding step S104: and sharing the account book among the block link points, and forming consensus on the updated account book. In the block chain system, based on the consensus mechanisms such as the maximum workload certification and the share certification, the unified consensus on the account book is realized, and details are not repeated herein.
The consensus-proven blockchain ledger is shared among all blockchain nodes, and the interface layer bound to a blockchain node can obtain the indicated blockchain ledger from that node. The user privacy data stored in the blockchain account book is presented in the form of encrypted representation data. When any one of the blockchain nodes and the interface layer bound thereto need to verify the encrypted representation data provided by other blockchain nodes, so as to determine the authenticity of the user privacy data actually represented by the blockchain node, the method may be implemented as follows according to step S105 of fig. 2. Firstly, the block chain node which provides the verification requirement requests authorization from the block chain node which provides the verified encrypted representation data, and if the block chain node which provides the verified encrypted representation data agrees with the authorization for verification, the block chain node which provides the verification requirement feeds back a verification authorization code. And further, the block chain node which puts forward the verification requirement sends a verification authorization code to a trusted third party of the verification layer and indicates the encrypted representation data which needs to be verified. The validation layer includes one or more of the trusted third parties, and each trusted third party obtains the ledger from a blockchain. And the trusted third party provides a verification authorization code to the block link point providing the encrypted representation data according to the encrypted representation data to be verified. After the block chain node providing the encrypted representation data confirms the verification authorization code, providing local user privacy data corresponding to the encrypted representation data to a trusted third party; local user privacy data here corresponds to one or more mapping domains of the mapping association structure; the mapping domain corresponding to the local user privacy data may be one or more mapping domains specified from all mapping domains, or one or more mapping domains randomly selected from all mapping domains. And the trusted third party converts the local user privacy data into a domain value of a corresponding mapping domain according to the mapping association structure. And then, the trusted third party calls the isomorphic distribution template, the mapping domain value converted by the local user privacy data is utilized, the representing number of the domain value relative to all distribution units in the isomorphic distribution template is calculated, the array of the representing number is compared with the array of the representing number corresponding to the domain value in the encrypted representing data, and if the representing number is consistent with the array of the representing number, the verification is passed. And the trusted third party feeds back the verification result to the block chain node which provides the verification requirement. Therefore, the verification of the user privacy information does not need direct participation of the block chain nodes, and does not need to provide all the user privacy information, so that the safety of the user privacy is protected to the greatest extent while the characteristics of non-falsification, traceability and verifiability of the block chain are kept.
In order to implement the above method, as shown in fig. 3, the present invention provides a user privacy data protection system based on a blockchain, which is characterized by comprising: interface layer 1, blockchain layer 2, and verification layer 3.
The interface layer 1 specifically includes: the data source interface module 101 is configured to obtain user data to be added to a block chain ledger from one or more data sources; the information analysis module 102 is configured to analyze the user data that needs to be added to the block chain ledger, and extract user privacy data from the user data; and the allocating module 103 is configured to allocate the user privacy data to the block link point corresponding to the interface layer in the block link layer, and directly allocate user data other than the user privacy data as data to be billed to a billing node in the block link layer.
The blockchain layer 2 includes a number of distributed blockchain link points 201 and accounting nodes 202. The accounting node 202 converts the data to be accounted into blocks and links the blocks to an account book through hash header verification; and accounting node 202 shares the ledger to the blockchain link points of the blockchain layer. After the accounting node 202 finishes writing the data to be accounted of one block into the account book, the account book is shared among the block link points 201, and the block link nodes 201 form consensus on the account book according to a predetermined rule, for example, based on consensus mechanisms such as maximum workload certification and share certification, the uniform consensus on the account book is realized, and details are not repeated here.
And, the block link point 201 converts the user privacy data provided by the interface layer corresponding to the block link point into the encrypted representation data after isomorphic mapping processing based on the isomorphic distribution template, and sends the encrypted representation data as the data to be billed to the billing node of the block link layer. The specific mode is as follows: the blockchain node 201 constructs a mapping association structure including mapping domains logically associated with each other, and domain attributes of each mapping domain. And constructing a mapping association structure matched with the user privacy data according to the specific data content and data format of the user privacy data. The mapping association structure comprises a certain number of mapping domains, and each mapping domain corresponds to one dimension of user privacy data, such as user basic information, user related objects, user behaviors, location time, track paths, transaction processes and the like, and can respectively correspond to one mapping domain. For each mapped domain, its domain attributes are also defined, including the domain name of the mapped domain and the domain index. The domain name represents a dimension of the user privacy data corresponding to the mapping domain, and the domain index is a set of index reference words constructed for the type or the dimension of the user privacy data. The mapping domains are not isolated from each other, but are related to each other according to a logical relationship, wherein the logical relationship comprises a parallel relationship, an inclusion relationship, a causal relationship, a progressive relationship and the like. And regarding the user privacy data as initial user data, and extracting the domain value of the corresponding mapping domain from the initial user data according to the correlation degree of the domain attributes of the initial user data and the mapping domain. As initial user data. Sensitive information in the initial user data that is relevant to user privacy is present in the unencrypted initial form. And extracting the domain value of the corresponding mapping domain from the initial user data according to the correlation degree of the domain attributes of the initial user data and the mapping domain. The correlation between the initial user data and the domain attribute of the mapping domain may be determined by domain name matching, domain index matching, and joint logical matching between the domain name and the domain index. If the initial user data is in a text format, keywords can be extracted from the initial user data by means of word frequency statistics, and the keywords are matched with the domain name and the domain index of each mapping domain, so that the accumulated number of the keywords matched with the domain name and the domain index is used as the domain value of the mapping domain. If the initial user data is in a markup language format such as XML, determining the matching relationship between each markup language field and the domain name of each mapping domain, further determining the matching relationship between each markup language field and the domain index of the mapping domain matched with the domain name according to the content value of each markup language field, and taking the accumulated number of the content values of the markup language fields matched with the domain name and the domain index as the domain value of the mapping domain. And matching the domain value of the mapping domain with the isomorphic distribution template, and forming the encrypted representation data of the initial user data through the matching degree of the domain value and the isomorphic distribution template. The invention realizes isomorphic encryption, converts the initial user data into the encrypted representation data, and ensures isomorphic attributes between the encrypted representation data and the initial user data, thereby realizing the verification of the initial user data by utilizing the encrypted representation data subsequently. In order to realize isomorphic encryption, the invention sets an isomorphic distribution template, the isomorphic distribution template comprises a plurality of distribution units, each distribution unit comprises a unit field corresponding to a mapping domain, and each unit field has a preset value interval. Each distribution unit of the isomorphic distribution template corresponds to one or more mapping domains based on the field name of each unit field; and, each unit field has a preset value interval. Each distribution unit has its own weight estimation value, and the weight estimation value is inversely proportional to the preset value interval of the unit field of the distribution unit, i.e. the larger the coverage of the preset value interval of the unit field of the distribution unit, the lower the weight estimation value corresponding to the unit field of the distribution unit, otherwise, the smaller the coverage of the preset value interval of the unit field of the distribution unit, the higher the weight estimation value corresponding to the unit field of the distribution unit. Specifically, the weight estimation value of each distribution unit is calculated as follows:
Figure BDA0002926669120000131
wherein, N represents the total number of unit fields of the distribution unit, k represents the serial number of the distribution unit in the isomorphic distribution template, i.e. the k-th distribution unit, WkRepresents the weight estimation value of the k-th distribution unit, i represents the unit field number of the k-th distribution unit, i is the i-th unit field of the k-th distribution unit, β 1 represents the weight estimation coefficient, β 1 is a constant, RiAnd the quantized value of the interval length of the preset value interval of the ith unit field is represented. In the isomorphic encryption step, the domain value of the mapping domain is matched with an isomorphic distribution template, and the encrypted representation data is calculated according to the matching degree of the domain value of the mapping domain and the distribution units in the isomorphic distribution template and the weight estimation values of the distribution units in the following modes: first, the number of representations of the domain values of the mapping domain with respect to each distribution unit in the isomorphic distribution template is calculated:
Figure BDA0002926669120000132
wherein, WkIs a weight estimate for the kth distribution unit, MkThe matching degree of the domain value of the mapping domain and the kth distribution unit is obtained, and beta 2 is a constant coefficient; wherein the domain value of the mapping domain is equal to the kth distributionDegree of matching M of elementskThe domain value of the mapping domain may be multiplied by a conversion coefficient corresponding to each distribution unit to represent; representing the domain values of the mapping domain corresponding to the representing numbers of all the distribution units in the isomorphic distribution template as:<E1,E2,...Ek...>as the encrypted presentation data. Therefore, the block link point converts the initial user data into the encrypted representation data of the user privacy data, the encrypted representation data serves as data to be billed, and the data to be billed is transmitted to the billing node of the block chain.
The validation layer 3 includes one or more trusted third parties 301, the trusted third parties 301 having the ledger. When the block chain node 201 needs to verify the encrypted representation data in the ledger block, the block chain node 201 which provides the verification requirement requests authorization from the block chain node which provides the verified encrypted representation data, and if the block chain node which provides the verified encrypted representation data agrees with the authorization for verification, a verification authorization code is fed back to the block chain node 201 which provides the verification requirement. The blockchain node 201 sends a verification authorization code to the trusted third party 301 indicating that the encrypted representation data needs to be verified. The trusted third party 301 provides a verification authorization code to the block link point providing the encrypted representation data according to the encrypted representation data to be verified. And after the blockchain node providing the encrypted representation data confirms the verification authorization code, providing local user privacy data corresponding to the encrypted representation data to the trusted third party 301; local user privacy data here corresponds to one or more mapping domains of the mapping association structure; the mapping domain corresponding to the local user privacy data may be one or more mapping domains specified from all mapping domains, or one or more mapping domains randomly selected from all mapping domains. And the trusted third party 301 converts the local user privacy data into a domain value of a corresponding mapping domain according to the mapping association structure. Furthermore, the trusted third party 301 invokes the isomorphic distribution template, calculates the number of representations of the domain value with respect to all distribution units in the isomorphic distribution template using the mapping domain value converted from the local user privacy data, compares the array of representations with the array of representations corresponding to the domain value in the encrypted representation data, and if the two are identical, the verification is passed. The trusted third party 301 feeds back the verification result to the blockchain node which provides the verification requirement, and simultaneously, the security of the user privacy is protected to the greatest extent.
The invention has the beneficial effects that: data related to user privacy information are converted into encrypted representation data, and then encrypted protection data are written into a block chain account book, so that the advantages of decentralization, difficulty in attack and no tampering of a block chain network system are enjoyed, meanwhile, effective contents of the user privacy data are shielded in the data loaded into the block chain account book, the user privacy data are prevented from being shared among block chain link points along with the account book, privacy disclosure risks are fundamentally reduced, and the user privacy rights and interests are guaranteed; the zero-knowledge verification function of the original privacy data is realized by encrypting the isomorphism between the representation data and the original user privacy data.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (4)

1. A user privacy data protection method based on a block chain is characterized by comprising the following steps:
extracting user privacy data from the user data needing to be added into the block chain account book by the block chain link point;
the block chain nodes convert the user privacy data into isomorphic mapping-processed encrypted representation data based on an isomorphic distribution template, and the encrypted representation data is used as data to be booked;
converting the data to be billed into blocks by the billing node, and linking the blocks to the ledger through hash header verification;
sharing the account book among the block link points, and forming consensus on the updated account book;
when the block link points need to verify the encrypted representation data in the account block, sending a verification authorization code to a trusted third party, and verifying by the trusted third party according to the encrypted representation data to be verified and the isomorphic distribution template;
converting user privacy data into isomorphic mapping-processed encrypted representation data based on an isomorphic distribution template, and specifically comprising the following steps: constructing a mapping association structure, wherein the mapping association structure comprises mapping domains which are logically associated with each other and domain attributes of each mapping domain; for initial user data containing privacy data, extracting a domain value of a corresponding mapping domain from the initial user data according to the correlation degree of the domain attributes of the initial user data and the mapping domain; matching the domain values of the mapping domain with an isomorphic distribution template; each mapping domain corresponds to one dimension of user privacy data and comprises user basic information, user related objects, user behaviors, location time, track paths and transaction processes; the domain attribute comprises a domain name and a domain index of the mapping domain, the domain name represents the dimension of the user privacy data corresponding to the mapping domain, and the domain index is a group of index reference words constructed aiming at the type or the dimension of the user privacy data;
the isomorphic distribution template comprises a plurality of distribution units, each distribution unit comprises a unit field corresponding to the mapping domain, and each unit field has a preset value interval; and acquiring the encrypted representation data according to the matching degree of the domain value of the mapping domain and the distribution units in the isomorphic distribution template and the weight estimation value of the distribution units.
2. The method according to claim 1, wherein the weight estimation value of each distribution unit in the isomorphic distribution template is calculated as follows:
Figure 891293DEST_PATH_IMAGE001
wherein N represents the total number of unit fields of the distribution unit, k represents the distribution unit in the isomorphic distribution templateThe sequence number, i.e. the kth distribution unit,
Figure 401909DEST_PATH_IMAGE002
represents the weight estimation value of the k-th distribution unit, i represents the unit field sequence number of the k-th distribution unit, namely the i-th unit field of the k-th distribution unit,
Figure 650487DEST_PATH_IMAGE003
which represents the weight estimation coefficients, is,
Figure 639172DEST_PATH_IMAGE003
is a constant number of times that the number of the first,
Figure 187965DEST_PATH_IMAGE004
an interval length quantized value representing the preset value interval of the ith unit field; calculating the encrypted representation data according to the matching degree of the domain value of the mapping domain and the distribution units in the isomorphic distribution template and the weight estimation value of the distribution units: first, the number of representations of the domain values of the mapping domain with respect to each distribution unit in the isomorphic distribution template is calculated:
Figure 338323DEST_PATH_IMAGE005
wherein the content of the first and second substances,
Figure 74198DEST_PATH_IMAGE006
is the degree of matching of the domain value of the mapping domain with the kth distribution unit,
Figure 368039DEST_PATH_IMAGE007
is a constant coefficient; representing the domain values of the mapping domain corresponding to the representing numbers of all the distribution units in the isomorphic distribution template as:
Figure 771338DEST_PATH_IMAGE008
as the encrypted presentation data.
3. A system for protecting user privacy data based on a blockchain, comprising: an interface layer and a block chain layer;
wherein the interface layer comprises: the data source interface module is used for acquiring user data needing to be added into the block chain account book from one or more data sources; the information analysis module is used for analyzing the user data needing to be added into the block chain account book and extracting user privacy data from the user data; the allocation module is used for allocating the user privacy data to the block chain link points corresponding to the interface layer in the block chain layer, and directly allocating the user data except the user privacy data to the accounting nodes in the block chain layer as data to be accounted;
the block chain layer comprises a certain number of distributed block chain link points which share an account book; the block chain node forms consensus on the account book according to a preset rule; the block chain nodes convert the user privacy data provided by the corresponding interface layer into isomorphic mapping-processed encrypted representation data based on the isomorphic distribution template, and send the encrypted representation data serving as data to be billed to the billing nodes of the block chain layer;
the block chain layer comprises accounting nodes, the accounting nodes convert data to be accounted into blocks, and the blocks are linked to the account book through hash head verification; the accounting node shares the account book to the block chain node of the block chain layer, so that the block chain node forms consensus on the account book according to a preset rule; the system further includes a validation layer comprising one or more trusted third parties, the trusted third parties having the ledger; when the block link points need to verify the encrypted representation data in the account book block, sending verification authorization codes to a trusted third party; the trusted third party obtains randomly selected local user privacy data from the block link points providing the encrypted representation data according to the encrypted representation data to be verified, and verifies the data based on the isomorphic distribution template; the block link point converts the user privacy data into isomorphic mapping-processed encrypted representation data based on an isomorphic distribution template, and specifically includes: constructing a mapping association structure, wherein the mapping association structure comprises mapping domains which are logically associated with each other and domain attributes of each mapping domain; for initial user data containing privacy data, extracting a domain value of a corresponding mapping domain from the initial user data according to the correlation degree of the domain attributes of the initial user data and the mapping domain; matching the domain values of the mapping domain with an isomorphic distribution template; each mapping domain corresponds to one dimension of user privacy data and comprises user basic information, user related objects, user behaviors, location time, track paths and transaction processes; the domain attribute comprises a domain name and a domain index of the mapping domain, the domain name represents the dimension of the user privacy data corresponding to the mapping domain, and the domain index is a group of index reference words constructed aiming at the type or the dimension of the user privacy data; the isomorphic distribution template comprises a plurality of distribution units, each distribution unit comprises a unit field corresponding to the mapping domain, and each unit field has a preset value interval; and acquiring the encrypted representation data according to the matching degree of the domain value of the mapping domain and the distribution units in the isomorphic distribution template and the weight estimation value of the distribution units.
4. The system according to claim 3, wherein the weight estimation value of each distribution unit in the isomorphic distribution template is calculated as follows:
Figure 581348DEST_PATH_IMAGE010
wherein N represents the total number of unit fields of the distribution unit, k represents the sequence number of the distribution unit in the isomorphic distribution template, namely the kth distribution unit,
Figure 787202DEST_PATH_IMAGE011
represents the weight estimation value of the k-th distribution unit, i represents the unit field sequence number of the k-th distribution unit, namely the i-th unit field of the k-th distribution unit,
Figure 904062DEST_PATH_IMAGE012
which represents the weight estimation coefficients, is,
Figure 661803DEST_PATH_IMAGE012
is a constant number of times that the number of the first,
Figure 637849DEST_PATH_IMAGE013
an interval length quantized value representing the preset value interval of the ith unit field; calculating the encrypted representation data according to the matching degree of the domain value of the mapping domain and the distribution units in the isomorphic distribution template and the weight estimation value of the distribution units: first, the number of representations of the domain values of the mapping domain with respect to each distribution unit in the isomorphic distribution template is calculated:
Figure 739404DEST_PATH_IMAGE014
wherein the content of the first and second substances,
Figure 851716DEST_PATH_IMAGE015
is the degree of matching of the domain value of the mapping domain with the kth distribution unit,
Figure 780358DEST_PATH_IMAGE016
is a constant coefficient; representing the domain values of the mapping domain corresponding to the representing numbers of all the distribution units in the isomorphic distribution template as:
Figure 978121DEST_PATH_IMAGE017
as the encrypted presentation data.
CN202110135329.9A 2021-02-01 2021-02-01 User privacy data protection method and system based on block chain Active CN112818365B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110135329.9A CN112818365B (en) 2021-02-01 2021-02-01 User privacy data protection method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110135329.9A CN112818365B (en) 2021-02-01 2021-02-01 User privacy data protection method and system based on block chain

Publications (2)

Publication Number Publication Date
CN112818365A CN112818365A (en) 2021-05-18
CN112818365B true CN112818365B (en) 2021-07-23

Family

ID=75860880

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110135329.9A Active CN112818365B (en) 2021-02-01 2021-02-01 User privacy data protection method and system based on block chain

Country Status (1)

Country Link
CN (1) CN112818365B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040012A (en) * 2018-06-19 2018-12-18 西安电子科技大学 A kind of data security protecting and sharing method based on block chain and system and application
CN109840770A (en) * 2019-01-31 2019-06-04 北京瑞卓喜投科技发展有限公司 A kind of intelligence contract execution method and intelligent contract execute system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8731199B2 (en) * 2012-09-28 2014-05-20 Sap Ag Zero knowledge proofs for arbitrary predicates over data

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040012A (en) * 2018-06-19 2018-12-18 西安电子科技大学 A kind of data security protecting and sharing method based on block chain and system and application
CN109840770A (en) * 2019-01-31 2019-06-04 北京瑞卓喜投科技发展有限公司 A kind of intelligence contract execution method and intelligent contract execute system

Also Published As

Publication number Publication date
CN112818365A (en) 2021-05-18

Similar Documents

Publication Publication Date Title
KR101974060B1 (en) Method and system for validating ownership of digital assets using distributed hash tables and peer-to-peer distributed decoys
US7076652B2 (en) Systems and methods for secure transaction management and electronic rights protection
US7124302B2 (en) Systems and methods for secure transaction management and electronic rights protection
US7133845B1 (en) System and methods for secure transaction management and electronic rights protection
US8291238B2 (en) Systems and methods for secure transaction management and electronic rights protection
KR20190004310A (en) METHOD AND SYSTEM FOR CONTROLLING PERFORMANCE OF AGREEMENT USING DISTRIBUTED HASH Tables AND DECISIONS
KR20180114942A (en) Method and system for protecting computer software using distributed hash tables and block chains
US20080209575A1 (en) License Management in a Privacy Preserving Information Distribution System
US20030191719A1 (en) Systems and methods for secure transaction management and electronic rights protection
US20080148056A1 (en) Systems and methods for secure transaction management and electronic rights protection
JP2005502927A (en) System and method for electronic transmission, storage and retrieval of authenticated electronic original documents
JP2004054905A (en) Access control system, device, and program
Michiels et al. Towards a software architecture for DRM
Danezis et al. Towards ensuring client-side computational integrity
CN113010861B (en) Identity verification method and system in financing transaction based on block chain
Aïmeur et al. Privacy-preserving demographic filtering
CN112052474A (en) Blu-ray copy service
CN111444261A (en) Enterprise data sharing model based on block chain
CN111583041A (en) Block chain-based bond issue data storage and verification processing method and device
CN102624698B (en) Evidence management and service system for electronic records
CN110232569A (en) A kind of read method of transaction record, device and storage medium
CN112818365B (en) User privacy data protection method and system based on block chain
CN112470150A (en) Control method, content management system, program, and data structure
Zhang A multi-transaction mode consortium blockchain
CN116830181A (en) Service providing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant