CN113127818A - Block chain-based data authorization method and device and readable storage medium - Google Patents
Block chain-based data authorization method and device and readable storage medium Download PDFInfo
- Publication number
- CN113127818A CN113127818A CN201911425833.1A CN201911425833A CN113127818A CN 113127818 A CN113127818 A CN 113127818A CN 201911425833 A CN201911425833 A CN 201911425833A CN 113127818 A CN113127818 A CN 113127818A
- Authority
- CN
- China
- Prior art keywords
- data
- authorization
- request
- terminal
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The embodiment of the invention discloses a data authorization method, a device and a readable storage medium based on a block chain, wherein the data authorization method based on the block chain comprises the following steps: the block chain network receives a data acquisition request sent by an authorization terminal, the data acquisition request is generated by the authorization terminal according to the data authorization request sent by the request terminal, the data acquisition request comprises a data identifier, further, the block chain network can obtain double-encrypted data according to the data identifier, carry out first re-decryption on the double-encrypted data to obtain intermediate encrypted data, and further send a data decryption request to the authorization terminal by the block chain network, the data decryption request comprises the intermediate encrypted data, the request authorization terminal carries out second re-decryption on the intermediate encrypted data, and sends the decrypted authorization data to the request terminal. By adopting the data authorization method based on the block chain, the safety of data in the data authorization process can be ensured.
Description
Technical Field
The present invention relates to the field of computer applications, and in particular, to a block chain-based data authorization method, apparatus, and readable storage medium.
Background
In recent years, personal data such as selling of personal trace records, stealing of personal information, leakage of e-commerce data and the like are leaked or illegal, so that a user does not have a secure channel to authorize enterprises to use personal data of the user. In other words, the information security problem has become one of the focus issues of public concern, and how to provide a data authorization method to ensure the security of data in the data authorization process is a problem to be solved urgently.
Disclosure of Invention
The embodiment of the invention provides a data authorization method and device based on a block chain and a readable storage medium.
In a first aspect, an embodiment of the present invention provides a data authorization method based on a block chain, which is applied to a data processing system, where the data processing system includes: a requesting terminal, a data source, a blockchain network, and an authorizing terminal, the method comprising:
the block chain network receives a data acquisition request sent by the authorization terminal, wherein the data acquisition request is generated by the authorization terminal according to the data authorization request sent by the request terminal, and the data acquisition request comprises a data identifier;
the block chain network obtains double encrypted data according to the data identification;
the block chain network performs first re-decryption on the double-encrypted data to obtain intermediate encrypted data;
and the block chain network sends a data decryption request to the authorization terminal, the data decryption request comprises the intermediate encrypted data, and the data decryption request is used for requesting the authorization terminal to perform second decryption on the intermediate encrypted data and sending the decrypted authorization data to the request terminal.
In a second aspect, an embodiment of the present invention provides a data authorization method based on a block chain, which is applied to a data processing system, where the data processing system includes: the method comprises the following steps that a request terminal, a data source, a blockchain network and an authorization terminal are adopted, and the method is applied to the authorization terminal and comprises the following steps:
the authorization terminal sends a data acquisition request to the blockchain network according to a data authorization request submitted by the request terminal, wherein the data acquisition request comprises a data identifier, and the data acquisition request is used for requesting the blockchain network to acquire intermediate encrypted data according to the data identifier;
the authorization terminal receives a data decryption request sent by the block chain network, wherein the data decryption request comprises the intermediate encrypted data;
and the authorization terminal responds to the data decryption request to perform second decryption on the intermediate encrypted data to obtain authorization data, and sends the authorization data to the request terminal.
In a third aspect, an embodiment of the present invention provides a data authorization apparatus based on a block chain, which is applied to a data processing system, where the data processing system includes: a requesting terminal, a data source, a blockchain network, and an authorizing terminal, the apparatus configured to a blockchain network device, the apparatus comprising:
the data acquisition module is used for receiving a data acquisition request sent by the authorization terminal, wherein the data acquisition request is generated by the authorization terminal according to the data authorization request sent by the request terminal, and the data acquisition request comprises a data identifier;
the data acquisition module is also used for acquiring double encrypted data according to the data identifier;
the data processing module is used for carrying out first re-decryption on the double-encrypted data to obtain intermediate encrypted data;
and the data sending module is used for sending a data decryption request to the authorization terminal, wherein the data decryption request comprises the intermediate encrypted data, and the data decryption request is used for requesting the authorization terminal to perform second decryption on the intermediate encrypted data and sending the decrypted authorization data to the request terminal.
In a fourth aspect, an embodiment of the present invention provides a data authorization apparatus based on a block chain, which is applied to a data processing system, where the data processing system includes: a requesting terminal, a data source, a blockchain network, and an authorizing terminal, the apparatus configured at the authorizing terminal, the apparatus comprising:
the data acquisition module is used for requesting the blockchain network to acquire intermediate encrypted data according to the data identifier;
a data obtaining module, configured to receive a data decryption request sent by the blockchain network, where the data decryption request includes the intermediate encrypted data;
the data processing module is used for responding to the data decryption request to perform second decryption on the intermediate encrypted data to obtain authorized data;
the data sending module is further configured to send the authorization data to the request terminal.
In a fifth aspect, an embodiment of the present invention provides a blockchain network device, where the blockchain network device includes an input device and an output device, and the terminal device further includes a processor, and is adapted to implement one or more instructions, where the one or more first instructions are adapted to be loaded by the processor and execute the method for authorizing data based on blockchain according to the first aspect.
In a sixth aspect, an embodiment of the present invention provides an authorization terminal, where the authorization terminal includes an input device and an output device, the terminal device further includes a processor, and is adapted to implement one or more instructions, where the one or more second instructions are adapted to be loaded by the processor and execute the block chain-based data authorization method according to the second aspect.
In a seventh aspect, an embodiment of the present invention provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a computer, the computer is caused to execute the method for data authorization based on a blockchain according to the first aspect and/or the second aspect.
In the embodiment of the application, the blockchain network receives a data acquisition request sent by an authorization terminal, the data acquisition request is generated by the authorization terminal according to the data authorization request sent by a request terminal, the data acquisition request comprises a data identifier, and further, the blockchain network acquires double encrypted data according to the data identifier. And carrying out first re-decryption on the double-encrypted data to obtain intermediate encrypted data, and further, the block chain network can send a data decryption request to the authorization terminal, wherein the data decryption request comprises the intermediate encrypted data, and the data decryption request is used for requesting the authorization terminal to carry out second re-decryption on the intermediate encrypted data and sending the decrypted authorization data to the request terminal. By adopting the data authorization method based on the block chain, the safety of data in the data authorization process can be ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a block chain network-based data processing system according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a data authorization method based on a block chain according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of another block chain-based data authorization method according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of another block chain-based data authorization method according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a data authorization apparatus based on a block chain according to an embodiment of the present invention;
fig. 6 is a schematic diagram of another block chain-based data authorization apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a blockchain network device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an authorized terminal according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a schematic diagram of an architecture of a data processing system based on a blockchain network according to an embodiment of the present invention is shown, where the data processing system includes: 10 authorized terminal, 11 requesting terminal, 12 block chain network, 13 application server. The 10 authorization terminal is a terminal device corresponding to a data authorization party, and the 11 request terminal is a terminal device corresponding to a data request party, where the terminal device includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a desktop computer, and the like. The application server stores a designated data source of data for a data authority, including but not limited to a server or a cluster of servers.
The data request party sends a data authorization request to the 10 authorization terminal through the 11 request terminal, the 10 authorization terminal generates a data acquisition request according to the data authorization request and sends the data acquisition request to the 12-blockchain network, the 12-blockchain network obtains double-encrypted data according to the data acquisition request and carries out first re-decryption on the double-encrypted data to obtain intermediate encrypted data, further, the 12-blockchain network can send the intermediate encrypted data to the 10 authorization terminal corresponding to the data authorization party, so that the 10 authorization terminal carries out second re-decryption on the intermediate encryption under the condition that the data authorization party agrees to obtain authorization data and sends the authorization data to the 11 request terminal. By adopting the mode, the data can be obtained only by carrying out double decryption under the condition that the data authorization party knows when the data request party obtains the data, the data is prevented from leaking under the condition that the data authorization party does not know, and the operation log of the data request party for obtaining the data is recorded by adopting the block chain technology, so that the safety of the data in the data authorization process is ensured.
Referring to fig. 2, a flowchart of a block chain-based data authorization method according to an embodiment of the present invention is shown, where the method is applied to a data processing system, and the data processing system includes: the method can be executed by the blockchain network, and the data authorization method based on the blockchain comprises the following steps:
s201: the block chain network receives a data acquisition request sent by an authorization terminal, the data acquisition request is generated by the authorization terminal according to the data authorization request sent by a request terminal, and the data acquisition request comprises a data identifier.
The request terminal sends a data authorization request to the authorization terminal, the authorization terminal verifies the data authorization request, after the verification is passed, the authorization terminal generates a data acquisition request, and then the authorization terminal can send the data acquisition request to the blockchain network. The data identifier may be a character string, a data name, or the like, and is not limited specifically herein, and the data uniquely corresponding to the data identifier may be queried through the data identifier. The data acquisition request is sent to the block chain network by the authorization terminal, so that the data request can pass the authorization terminal, and the data authorization party is protected from being informed of all the data acquisition requests aiming at the data.
S202: the block chain network obtains double encrypted data according to the data identification.
And the block chain acquires the original data according to the data identifier, and performs double encryption on the original data to acquire double-encrypted data.
In one embodiment, the data acquisition request further includes a data source, a first key, and a data attribute, and the blockchain network acquires original data from the data source in response to the data acquisition request and encrypts the original data based on the first key to obtain intermediate encrypted data. Further, the blockchain network may generate a second key based on the data attribute, and encrypt the intermediate encrypted data based on the second key to obtain the dual encrypted data. The data attribute can be a data life cycle or a data effective frequency, both the data life cycle and the data effective frequency can be specified by a data authority and can be adjusted according to specific data. The first key may be a public key encrypted asymmetrically, and a unique private key corresponding to the first key is kept by the authorized terminal.
For example, the above process of generating the doubly encrypted data by the blockchain can be described as the following formula:
c=sdecrypt(adecrypt(data,sk),1k)
wherein c represents encrypted double-encrypted data, data represents authorized data, sk is a public key of the authorized terminal (i.e. the first key), adecrypt () represents an encryption function of an asymmetric encryption algorithm used for performing first double encryption, lk represents the second key generated based on the data life cycle or the data effective frequency, and sdescript () represents an encryption function of a symmetric encryption algorithm used for performing second double encryption based on the second key.
Optionally, the data attribute may also be a security level, and the blockchain network may determine a data lifetime or a data valid frequency corresponding to the security level based on the security level, so that the blockchain network may generate the second key according to the data lifetime or the data valid frequency. The corresponding relation between the security level and the data life cycle or the data effective frequency can be set by a developer according to the sensitivity degree of the data, and the data sensitivity degree is determined according to the correlation degree of the data and property information or identity information of a data authority.
Illustratively, the data containing the user identity information or the asset information is primary security level data, which corresponds to a data life cycle of 1 day or a data validity frequency of 1 time, the data containing the user academic information or the medical information may be secondary security level data, which corresponds to a data life cycle of 1 year or a data validity frequency of 50 times.
S203: and the block chain network performs first re-decryption on the double encrypted data to obtain intermediate encrypted data.
The blockchain network may perform a first re-decryption on the doubly encrypted data using a second key generated based on the aforementioned data attribute, resulting in intermediate encrypted data.
In one embodiment, the data request may include a data purpose of a data requester, the dual encrypted data includes a data purpose specified by a data authorizer, the blockchain network matches the data purpose of the data requester with the data purpose specified by the data authorizer, and if the matching is successful, the blockchain network performs a first re-decryption on the dual encrypted data to obtain intermediate encrypted data.
In one implementation, the blockchain network determines whether the second key is valid according to the data life cycle or the data valid frequency, and if so, the blockchain network performs first re-decryption on the double-encrypted data based on the second key to obtain intermediate encrypted data. If not, the block chain network destroys the second key and outputs prompt information of invalidation of the second key to the request terminal.
Optionally, if the second key is generated by the blockchain network based on the data lifecycle, the blockchain network determines whether the current time is within the data lifecycle, if so, the blockchain network determines that the second key is valid, illustratively, the data lifecycle is 1 day, the blockchain network detects a duration between the current time and a system time for generating the second key by the blockchain, and if the duration is less than or equal to 1 day, the blockchain determines that the current time is within the data lifecycle, and determines that the second key is valid. Further, the blockchain network may perform a first re-decryption on the doubly encrypted data based on the second key to obtain intermediate encrypted data.
Alternatively, if the second key is generated by the blockchain network based on the data valid frequency, the blockchain network may detect the used times of the second key, compare the used times with the data valid frequency, and determine that the second key is valid if the used times are less than the data valid frequency. Illustratively, the data validity frequency is 50 times, and if the blockchain network detects that the second key has been used 30 times, and the used times are less than the data validity frequency, the blockchain network determines that the second key is valid. Further, the blockchain network may perform a first re-decryption on the doubly encrypted data based on the second key to obtain intermediate encrypted data.
S204: and the block chain network sends a data decryption request to the authorization terminal, the data decryption request comprises the intermediate encrypted data, and the data decryption request is used for requesting the authorization terminal to perform second decryption on the intermediate encrypted data and sending the decrypted authorization data to the request terminal.
For example, the process of block chain decrypting the dual encrypted data can be described as shown in the following formula:
data=adecrypt(sdecrypt(c,1k),pk)
the data is authorization data, sdecrypt () represents a decryption function of a symmetric encryption algorithm, adecrypt () represents a decryption function of an asymmetric encryption algorithm, pk represents a private key corresponding to a public key of an authorization terminal (namely, the first key), and lk represents the second key generated based on a data life cycle or data valid frequency.
In one embodiment, if a private key for the authorized terminal to perform the second re-decryption on the intermediate data is lost, and the private key corresponds to the public key (the first key) for performing the first re-encryption one to one, the authorized terminal sends notification information for the loss of the private key to the blockchain network, and the notification information is used for instructing the blockchain network to destroy the double-encrypted data. The authorization terminal generates a pair of a new private key and a new public key (namely a new first secret key), and sends the new first secret key to the blockchain network, so that the blockchain network performs first re-encryption on original data by adopting the new first secret key to obtain intermediate encrypted data, and performs second re-encryption on the intermediate encrypted data by adopting a second secret key generated based on data attributes to obtain dual encrypted data. By carrying out double encryption on the secret keys, data leakage caused by leakage or loss of any secret key is avoided, and the safety of the data is improved.
In the embodiment of the application, the blockchain network receives a data acquisition request sent by an authorization terminal, the data acquisition request is generated by the authorization terminal according to the data authorization request sent by a request terminal, the data acquisition request comprises a data identifier, further, the blockchain network can obtain double-encrypted data according to the data identifier, and perform first re-decryption on the double-encrypted data to obtain intermediate encrypted data. Furthermore, the blockchain network may send a data decryption request to the authorization terminal, where the data decryption request includes the intermediate encrypted data, and the data decryption request is used to request the authorization terminal to perform second decryption on the intermediate encrypted data, and send the decrypted authorization data to the request terminal. By adopting the data authorization method based on the block chain, the safety of data in the data authorization process can be ensured.
Referring to fig. 3, a flow chart of another block chain-based data authorization method according to an embodiment of the present invention is shown, where the method is applied to a data processing system, and the data processing system includes: the method can be executed by the blockchain network, and the data authorization method based on the blockchain comprises the following steps:
s301: the authorization terminal sends a data acquisition request to the blockchain network according to a data authorization request submitted by the request terminal, wherein the data acquisition request comprises a data identifier, and the data acquisition request is used for requesting the blockchain network to acquire intermediate encrypted data according to the data identifier.
The block chain network obtains double data encryption data according to the data identifier and performs first re-decryption on the double encryption data to obtain intermediate encryption data, and the block chain network sends a data decryption request comprising the intermediate encryption data to the authorization terminal.
In one embodiment, the authorization terminal receives a data authorization request submitted by the request terminal, verifies the data authorization request, and if the data authorization request passes the verification, the authorization terminal generates a data acquisition request according to the data authorization request and sends the data acquisition request to the blockchain network.
Optionally, the data authorization request includes identity information of a data requestor and the data usage, the data authorizer confirms the identity information of the data requestor and the data usage through an authorization terminal, and if the confirmation is passed, the authorization terminal sends a data acquisition request to the blockchain network. If the data authorization request is not confirmed, the authorization terminal sends notification prompt information for rejecting the data authorization request to the request terminal.
S302: and the authorized terminal receives a data decryption request sent by the blockchain network, wherein the data decryption request comprises intermediate encrypted data.
The intermediate encrypted data is obtained by encrypting the original data by the blockchain network according to a public key (namely, a first secret key) sent by the authorized terminal, and a unique private key corresponding to the first secret key is kept by the authorized terminal.
S303: the authorization terminal responds to the data decryption request to perform second decryption on the intermediate encrypted data to obtain authorization data, and the authorization terminal sends the authorization data to the request terminal.
The authorization terminal performs second decryption on the intermediate data by adopting a private key corresponding to the public key (namely, the first secret key) to obtain authorization data, and sends the authorization data obtained by performing second decryption on the authorization terminal to the request terminal. By adopting the data decryption method, the double encrypted data can be finally decrypted only through the authorized terminal, and the controllability of the data authorized party on the authorized data is ensured.
The data decryption request may further include a request terminal identifier, where the request terminal identifier may be a character string, a request terminal name, an Internet Protocol (IP) address of the request terminal, or a physical address of the request terminal, and is not limited herein. The request terminal identification corresponds to the request terminal one by one and is used for indicating the authorization terminal to send the data to the request terminal corresponding to the request terminal identification. And the authorization terminal obtains the unique request terminal corresponding to the request terminal identification based on the request terminal identification, and sends authorization data obtained by the second decryption of the authorization terminal to the request terminal.
In the embodiment of the application, the authorization terminal sends a data acquisition request to the blockchain network according to a data authorization request submitted by the request terminal, wherein the data acquisition request comprises a data identifier, and the data acquisition request is used for requesting the blockchain network to acquire intermediate encrypted data according to the data identifier. Further, the authorization terminal may receive a data decryption request sent by the blockchain network, where the data decryption request includes the intermediate encrypted data, and perform second decryption on the intermediate encrypted data in response to the data decryption request to obtain authorization data, and further, the authorization terminal may send the authorization data to the request terminal. By adopting the data authorization method based on the block chain, the safety of data in the data authorization process can be ensured.
Referring to fig. 4, a flowchart of another block chain-based data authorization method according to an embodiment of the present invention is shown, where the method is applied to a data processing system, and the data processing system includes: the data authorization method based on the block chain comprises the following steps:
s401: and the authorization terminal receives the data authorization request sent by the request terminal and generates a data acquisition request according to the data authorization request.
S402: and the authorization terminal sends a data acquisition request to the blockchain network, wherein the data acquisition request is generated by the authorization terminal according to the data authorization request sent by the request terminal, and the data acquisition request comprises a data identifier.
S403: and the block chain network obtains the double encrypted data from the block chain according to the data identification.
S404: and the block chain network performs first re-decryption on the double encrypted data to obtain intermediate encrypted data.
S405: and the blockchain network sends a data decryption request to an authorized terminal, wherein the data decryption request comprises the intermediate encrypted data.
For a specific implementation process of step S401, reference may be made to the specific implementation process of step S301 in the foregoing embodiment. For the specific implementation process of steps S402-S405, reference may be made to the specific implementation process of steps S201-S204 in the foregoing embodiment, and redundant description is not repeated here.
S406: and the authorization terminal receives the block chain network data decryption request and performs second decryption on the intermediate encrypted data to obtain the authorization data.
S407: and the authorization terminal sends the authorization data to the request terminal.
The specific implementation of steps S406 to S407 may refer to the specific implementation of steps S302 to S303 in the foregoing embodiment, and will not be described in detail herein.
In the embodiment of the application, the authorization terminal sends a data acquisition request to the blockchain network, the data acquisition request is generated by the authorization terminal according to the data authorization request sent by the request terminal, and the data acquisition request comprises a data identifier. And the block chain network obtains the double encrypted data from the block chain according to the data identifier, and performs first re-decryption on the double encrypted data to obtain intermediate encrypted data. Further, the blockchain network may send a data decryption request to an authorized terminal, the data decryption request including the intermediate encrypted data. And the authorization terminal receives the block chain network data decryption request and performs second decryption on the intermediate encrypted data to obtain the authorization data. And then, the authorization terminal sends the authorization data to the request terminal. By adopting the data authorization method based on the block chain, the safety of data in the data authorization process can be ensured.
Based on the description of the above method embodiment, an embodiment of the present invention further provides a data authorization apparatus based on a block chain, which is applied to a data processing system, where the data processing system includes: the device comprises a request terminal, a data source, a blockchain network and an authorization terminal, wherein the device is configured on blockchain network equipment. Referring to fig. 5, the data authorization apparatus based on a block chain includes the following modules:
a data obtaining module 50, configured to receive a data obtaining request sent by the authorization terminal, where the data obtaining request is generated by the authorization terminal according to the data authorization request sent by the request terminal, and the data obtaining request includes a data identifier;
the data obtaining module 50 is further configured to obtain dual encrypted data according to the data identifier;
a data processing module 51, configured to perform first re-decryption on the dual-encrypted data to obtain intermediate encrypted data;
a data sending module 52, configured to send a data decryption request to the authorization terminal, where the data decryption request includes the intermediate encrypted data, and the data decryption request is used to request the authorization terminal to perform second decryption on the intermediate encrypted data, and send the decrypted authorization data to the request terminal.
In an embodiment, the data processing module 51 is further configured to obtain original data from the data source in response to the data obtaining request, and encrypt the original data based on a first key to obtain intermediate encrypted data; and generating a second key based on the data attribute, and encrypting the intermediate encrypted data based on the second key to obtain double encrypted data.
In one embodiment, the data processing module 51 is further configured to determine a data lifecycle or a data valid frequency corresponding to the security level based on the security level; and generating a second key according to the data life cycle or the data effective frequency.
In an embodiment, the data processing module 51 is further configured to determine whether the second key is valid according to the data lifecycle or the data valid frequency; and if so, the block chain network performs first re-decryption on the double-encrypted data based on the second key to obtain intermediate encrypted data.
It should be noted that the functions of each module of the data authorization apparatus based on the block chain described in the embodiment of the present invention may be specifically implemented according to the method in the method embodiment described in fig. 2 or fig. 4, and the specific implementation process may refer to the description related to the method embodiment in fig. 2 or fig. 4, which is not described herein again.
Based on the description of the above method embodiment, an embodiment of the present invention further provides another data authorization apparatus based on a block chain, which is applied to a data processing system, where the data processing system includes: the device comprises a request terminal, a data source, a block chain network and an authorization terminal, wherein the device is configured at the authorization terminal. Referring to fig. 6, the data authorization apparatus based on a block chain includes the following modules:
a data sending module 60, configured to send a data obtaining request to the blockchain network according to a data authorization request submitted by the requesting terminal, where the data obtaining request includes a data identifier, and the data obtaining request is used to request the blockchain network to obtain intermediate encrypted data according to the data identifier;
a data obtaining module 61, configured to receive a data decryption request sent by the blockchain network, where the data decryption request includes the intermediate encrypted data;
the data processing module 62 is configured to perform second decryption on the intermediate encrypted data in response to the data decryption request, so as to obtain authorized data;
the data sending module 60 is further configured to send the authorization data to the requesting terminal.
In one embodiment, the data processing module 62 is further configured to receive a data authorization request submitted by the requesting terminal, and verify the data authorization request; if the verification is passed, the authorization terminal sends a data acquisition request to the blockchain network, the data acquisition request comprises a first secret key, a data source and a data attribute, the data acquisition request is used for requesting the blockchain network to encrypt target data in the data source based on the first secret key to obtain intermediate encrypted data, the intermediate encrypted data is encrypted by using a second secret key generated based on the data attribute to obtain double encrypted data, and the second secret key is associated with the double encrypted data and then written into the blockchain.
It should be noted that the functions of each module of the data authorization apparatus based on the block chain described in the embodiment of the present invention may be specifically implemented according to the method in the method embodiment described in fig. 3 or fig. 4, and the specific implementation process may refer to the description related to the method embodiment in fig. 3 or fig. 4, which is not described herein again.
Based on the description of the method embodiment and the apparatus item embodiment, an embodiment of the present invention further provides a block chain network device. Referring to fig. 7, the blockchain network device may include at least a processor 701, an input device 702, an output device 703 and a memory 704; the processor 701, the input device 702, the output device 703, and the memory 704 may be connected by a bus or other connection. The memory 704 is used for storing a computer program comprising program instructions, and the processor 701 is used for executing the program instructions stored by the memory 704. The processor 701 (or CPU) is a computing core and a control core of the blockchain network device, and is adapted to implement one or more instructions, and specifically, adapted to load and execute the one or more instructions so as to implement the corresponding method flow or the corresponding function in the above data authorization method embodiment based on the blockchain. Wherein the processor 701 is configured to call the program instruction to perform: receiving a data acquisition request sent by the authorization terminal, wherein the data acquisition request is generated by the authorization terminal according to the data authorization request sent by the request terminal, and the data acquisition request comprises a data identifier; obtaining double encrypted data according to the data identification; performing first re-decryption on the double-encrypted data to obtain intermediate encrypted data; and sending a data decryption request to the authorization terminal, wherein the data decryption request comprises the intermediate encrypted data, and the data decryption request is used for requesting the authorization terminal to perform second decryption on the intermediate encrypted data and sending the decrypted authorization data to the request terminal.
In an embodiment, the processor 701 is further specifically configured to: responding to the data acquisition request to acquire original data from the data source, and encrypting the original data based on a first secret key to obtain intermediate encrypted data; and generating a second key based on the data attribute, and encrypting the intermediate encrypted data based on the second key to obtain double encrypted data.
In one embodiment, the data attribute is a data lifecycle or a data valid frequency.
In an embodiment, the data attribute is a privacy level, and the processor 701 is further specifically configured to: determining a data life cycle or a data effective frequency corresponding to the security level based on the security level; and generating a second key according to the data life cycle or the data effective frequency.
In an embodiment, the processor 701 is further specifically configured to: judging whether the second secret key is valid according to the data life cycle or the data valid frequency; and if so, the block chain network performs first re-decryption on the double-encrypted data based on the second key to obtain intermediate encrypted data.
It should be understood that, in the embodiment of the present invention, the Processor 701 may be a Central Processing Unit (CPU), and the Processor 701 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete a hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 704 may include both read-only memory and random-access memory, and provides instructions and data to the processor 701. A portion of the memory 704 may also include non-volatile random access memory. For example, the memory 704 may also store device type information. The input device 702 may include a touch pad, a fingerprint sensor (for collecting fingerprint information of a user), a microphone, a physical keyboard, etc., and the output device 703 may include a display (LCD, etc.), a speaker, etc.
In specific implementation, the processor 701, the memory 704, the input device 702, and the output device 703, which are described in this embodiment of the present invention, may execute the implementation manner described in the method embodiment described in fig. 2 or fig. 4 provided in this embodiment of the present invention, and may also execute the implementation method of the data authorization apparatus based on the block chain described in fig. 5 in this embodiment of the present invention, which is not described herein again.
Based on the description of the method embodiment and the apparatus item embodiment, the embodiment of the present invention further provides an authorization terminal. Referring to fig. 8, the authorized terminal may include at least a processor 801, an input device 802, an output device 803, and a memory 804; the processor 801, the input device 802, the output device 803, and the memory 804 may be connected by a bus or other connection means. The memory 804 is used for storing a computer program comprising program instructions, and the processor 801 is used for executing the program instructions stored by the memory 804. The processor 801 (or CPU) is a computing core and a control core of the authorization terminal, and is adapted to implement one or more instructions, and in particular, is adapted to load and execute the one or more instructions so as to implement the corresponding method flow or the corresponding function in the above data authorization method embodiment based on the block chain. Wherein the processor 801 is configured to call the program instructions to perform: the authorization terminal sends a data acquisition request to the blockchain network according to a data authorization request submitted by the request terminal, wherein the data acquisition request comprises a data identifier, and the data acquisition request is used for requesting the blockchain network to acquire intermediate encrypted data according to the data identifier; the authorization terminal receives a data decryption request sent by the block chain network, wherein the data decryption request comprises the intermediate encrypted data; and the authorization terminal responds to the data decryption request to perform second decryption on the intermediate encrypted data to obtain authorization data, and sends the authorization data to the request terminal.
In an embodiment, the processor 801 is further specifically configured to: receiving a data authorization request submitted by the request terminal; the authorization terminal verifies the data authorization request; and if the verification is passed, the authorization terminal generates a data acquisition request according to the data authorization request and sends the data acquisition request to the block chain network.
It should be understood that, in the embodiment of the present invention, the Processor 801 may be a Central Processing Unit (CPU), and the Processor 801 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete a hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 804 may include both read-only memory and random access memory, and provides instructions and data to the processor 801. A portion of the memory 804 may also include non-volatile random access memory. For example, the memory 804 may also store device type information. The input device 802 may include a touch pad, a fingerprint sensor (for collecting fingerprint information of a user), a microphone, a physical keyboard, etc., and the output device 803 may include a display (LCD, etc.), a speaker, etc.
In specific implementation, the processor 801, the memory 804, the input device 802, and the output device 803 described in this embodiment of the present invention may execute the implementation manner described in the method embodiment shown in fig. 3 or fig. 4 provided in this embodiment of the present invention, and may also execute the implementation method of the data authorization apparatus based on the block chain described in fig. 6 in this embodiment of the present invention, which is not described herein again.
In another embodiment of the present invention, a computer-readable storage medium is provided, which stores a computer program, where the computer program includes program instructions, and the program instructions, when executed by a processor, implement the implementation described in the method implementation described in fig. 2, fig. 3, or fig. 4 provided in the embodiment of the present invention, where the computer-readable storage medium may be an internal storage unit of the blockchain network device or the authorized terminal, such as a hard disk or a memory of the blockchain network device or the authorized terminal, described in any of the foregoing embodiments. The computer readable storage medium may also be an external storage device of the blockchain network device or the authorized terminal, such as a plug-in hard disk equipped on the blockchain network device or the authorized terminal, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the computer-readable storage medium may also include both an internal storage unit and an external storage device of the terminal device. The computer-readable storage medium is used for storing the computer program and other programs and data required by the terminal device. The computer readable storage medium may also be used to temporarily store data that has been output or is to be output.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer readable storage medium, and when executed, can include the processes of the embodiments of the methods described above.
The readable storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
Claims (10)
1. A data authorization method based on a block chain is applied to a data processing system, and the data processing system comprises: a request terminal, a data source, a blockchain network and an authorization terminal, wherein the method is applied to the blockchain network, and the method comprises the following steps:
the block chain network receives a data acquisition request sent by the authorization terminal, wherein the data acquisition request is generated by the authorization terminal according to the data authorization request sent by the request terminal, and the data acquisition request comprises a data identifier;
the block chain network obtains double encrypted data according to the data identification;
the block chain network performs first re-decryption on the double-encrypted data to obtain intermediate encrypted data;
and the block chain network sends a data decryption request to the authorization terminal, the data decryption request comprises the intermediate encrypted data, and the data decryption request is used for requesting the authorization terminal to perform second decryption on the intermediate encrypted data and sending the decrypted authorization data to the request terminal.
2. The method of claim 1, wherein the data acquisition request further includes a data attribute, and wherein obtaining, by the blockchain network, doubly encrypted data based on the data identification comprises:
the block chain network responds to the data acquisition request to acquire original data from the data source, and encrypts the original data based on a first secret key to obtain intermediate encrypted data;
and the block chain network generates a second key based on the data attribute, and encrypts the intermediate encrypted data based on the second key to obtain double encrypted data.
3. The method of claim 2, wherein the data attribute is a data lifecycle or a data validity frequency.
4. The method of claim 2, wherein the data attribute is a privacy level, and wherein generating the second key based on the data attribute by the blockchain network comprises:
the block chain network determines a data life cycle or a data effective frequency corresponding to the security level based on the security level;
and the block chain network generates a second key according to the data life cycle or the data effective frequency.
5. The method according to claim 3 or 4, wherein the first re-decryption of the dual encrypted data by the blockchain network to obtain intermediate encrypted data comprises:
the block chain network judges whether the second secret key is valid according to the data life cycle or the data valid frequency;
and if so, the block chain network performs first re-decryption on the double-encrypted data based on the second key to obtain intermediate encrypted data.
6. A data authorization method based on a block chain is applied to a data processing system, and the data processing system comprises: a requesting terminal, a data source, a blockchain network and an authorized terminal, wherein the method is applied to the authorized terminal, and the method comprises the following steps:
the authorization terminal sends a data acquisition request to the blockchain network according to a data authorization request submitted by the request terminal, wherein the data acquisition request comprises a data identifier, and the data acquisition request is used for requesting the blockchain network to acquire intermediate encrypted data according to the data identifier;
the authorization terminal receives a data decryption request sent by the block chain network, wherein the data decryption request comprises the intermediate encrypted data;
and the authorization terminal responds to the data decryption request to perform second decryption on the intermediate encrypted data to obtain authorization data, and sends the authorization data to the request terminal.
7. The method of claim 6, wherein the step of the authorization terminal sending a data acquisition request to the blockchain network according to the data authorization request submitted by the request terminal comprises:
the authorization terminal receives a data authorization request submitted by the request terminal;
the authorization terminal verifies the data authorization request;
and if the verification is passed, the authorization terminal generates a data acquisition request according to the data authorization request and sends the data acquisition request to the block chain network.
8. A data authorization device based on a block chain is applied to a data processing system, and the data processing system comprises: a requesting terminal, a data source, a blockchain network, and an authorizing terminal, wherein the apparatus is configured in the blockchain network, and the apparatus comprises:
the data acquisition module is used for receiving a data acquisition request sent by the authorization terminal, wherein the data acquisition request is generated by the authorization terminal according to the data authorization request sent by the request terminal, and the data acquisition request comprises a data identifier;
the data acquisition module is also used for acquiring double encrypted data according to the data identifier;
the data processing module is used for carrying out first re-decryption on the double-encrypted data to obtain intermediate encrypted data;
and the data sending module is used for sending a data decryption request to the authorization terminal, wherein the data decryption request comprises the intermediate encrypted data, and the data decryption request is used for requesting the authorization terminal to perform second decryption on the intermediate encrypted data and sending the decrypted authorization data to the request terminal.
9. A data authorization device based on a block chain is applied to a data processing system, and the data processing system comprises: a requesting terminal, a data source, a blockchain network, and an authorizing terminal, wherein the apparatus is configured at the authorizing terminal, the apparatus comprising:
the data acquisition module is used for requesting the blockchain network to acquire intermediate encrypted data according to the data identifier;
a data obtaining module, configured to receive a data decryption request sent by the blockchain network, where the data decryption request includes the intermediate encrypted data;
the data processing module is used for responding to the data decryption request to perform second decryption on the intermediate encrypted data to obtain authorized data;
the data sending module is further configured to send the authorization data to the request terminal.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program, which is executed by a processor to implement the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911425833.1A CN113127818A (en) | 2019-12-31 | 2019-12-31 | Block chain-based data authorization method and device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911425833.1A CN113127818A (en) | 2019-12-31 | 2019-12-31 | Block chain-based data authorization method and device and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113127818A true CN113127818A (en) | 2021-07-16 |
Family
ID=76771071
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911425833.1A Pending CN113127818A (en) | 2019-12-31 | 2019-12-31 | Block chain-based data authorization method and device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113127818A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115514578A (en) * | 2022-11-01 | 2022-12-23 | 中国信息通信研究院 | Block chain based data authorization method and device, electronic equipment and storage medium |
| WO2024016954A1 (en) * | 2022-07-17 | 2024-01-25 | 华为技术有限公司 | Authorization method and communication apparatus |
-
2019
- 2019-12-31 CN CN201911425833.1A patent/CN113127818A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024016954A1 (en) * | 2022-07-17 | 2024-01-25 | 华为技术有限公司 | Authorization method and communication apparatus |
| CN115514578A (en) * | 2022-11-01 | 2022-12-23 | 中国信息通信研究院 | Block chain based data authorization method and device, electronic equipment and storage medium |
| CN115514578B (en) * | 2022-11-01 | 2023-03-21 | 中国信息通信研究院 | Block chain based data authorization method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9875368B1 (en) | Remote authorization of usage of protected data in trusted execution environments | |
| US10671733B2 (en) | Policy enforcement via peer devices using a blockchain | |
| CN110061846B (en) | Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain | |
| US20220255920A1 (en) | System and method for proximity-based authentication | |
| US11741461B2 (en) | Method for performing non-repudiation, and payment managing server and user device therefor | |
| US20160125180A1 (en) | Near Field Communication Authentication Mechanism | |
| CN111708991A (en) | Service authorization method, service authorization device, computer equipment and storage medium | |
| EP3206329B1 (en) | Security check method, device, terminal and server | |
| CN109831435B (en) | Database operation method, system, proxy server and storage medium | |
| CN113691502A (en) | Communication method, communication device, gateway server, client and storage medium | |
| US11546159B2 (en) | Long-lasting refresh tokens in self-contained format | |
| US11706022B1 (en) | Method for trusted data decryption based on privacy-preserving computation | |
| CN114257382A (en) | Method, device and system for key management and service processing | |
| US20110154436A1 (en) | Provider Management Methods and Systems for a Portable Device Running Android Platform | |
| CN106992978B (en) | Network security management method and server | |
| CN113127818A (en) | Block chain-based data authorization method and device and readable storage medium | |
| CN112528268B (en) | Cross-channel applet login management method and device and related equipment | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| US11399015B2 (en) | Data security tool | |
| TWI546698B (en) | Login system based on servers, login authentication server, and authentication method thereof | |
| CN113691508B (en) | Data transmission method, system, device, computer equipment and storage medium | |
| CN115834051A (en) | DID (digital information device) certificate data based secure storage method and device, authorization method and device, electronic equipment and storage medium | |
| CN115865445A (en) | DID certificate data-based secure transfer method, DID certificate data system and storage medium | |
| CN113810178B (en) | Key management method, device, system and storage medium | |
| CN113329004B (en) | Authentication method, system and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |