CN113221169A - Method and device for inquiring block chain private data - Google Patents
Method and device for inquiring block chain private data Download PDFInfo
- Publication number
- CN113221169A CN113221169A CN202110540608.3A CN202110540608A CN113221169A CN 113221169 A CN113221169 A CN 113221169A CN 202110540608 A CN202110540608 A CN 202110540608A CN 113221169 A CN113221169 A CN 113221169A
- Authority
- CN
- China
- Prior art keywords
- query
- data
- transaction
- quota
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2471—Distributed queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
One or more embodiments of the present specification provide a method and an apparatus for querying block chain private data, which are applied to a block chain node in a block chain network; the method comprises the following steps: receiving inquiry transaction aiming at target privacy data initiated by an inquirer, wherein the target privacy data is encrypted and stored at each block chain node in the block chain network; determining a query quota allocated by the querier for the target private data; reading the target privacy data into a trusted execution environment of the block chain node for decryption under the condition that a data query condition is met, so that the query party obtains corresponding decrypted data, and decrementing and updating the query quota; wherein the data query condition includes that the query quota has not been exhausted.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of blockchain technologies, and in particular, to a method and an apparatus for querying block chain privacy data.
Background
The blockchain technique is built on top of a transport network, such as a point-to-point network. Network nodes in a transport network utilize a chained data structure to validate and store data and employ a distributed node consensus algorithm to generate and update data.
The two biggest challenges in the current enterprise-level blockchain platform technology are privacy and performance, which are often difficult to solve simultaneously. Most solutions trade privacy for loss of performance or do not consider privacy much to pursue performance. Common encryption technologies for solving privacy problems, such as Homomorphic encryption (Homomorphic encryption) and Zero-knowledge proof (Zero-knowledge proof), have high complexity and poor universality, and may cause serious performance loss.
Trusted Execution Environment (TEE) is another way to address privacy concerns. The TEE can play a role of a black box in hardware, a code and data operating system layer executed in the TEE cannot be peeped, and the TEE can be operated only through an interface defined in advance in the code. In the aspect of efficiency, due to the black box property of the TEE, plaintext data is operated in the TEE instead of complex cryptography operation in homomorphic encryption, and the efficiency of the calculation process is not lost, so that the safety and privacy of a block chain can be improved to a great extent on the premise of small performance loss by combining with the TEE. The industry is concerned with TEE solutions, and almost all mainstream chip and Software consortiums have their own TEE solutions, including Software-oriented TPM (Trusted Platform Module) and hardware-oriented Intel SGX (Software Guard Extensions), ARM Trustzone (Trusted zone), and AMD PSP (Platform Security Processor).
Disclosure of Invention
In view of this, one or more embodiments of the present disclosure provide a method and an apparatus for querying block chain privacy data.
To achieve the above object, one or more embodiments of the present disclosure provide the following technical solutions:
according to a first aspect of one or more embodiments of the present specification, a method for querying block chain privacy data is provided, which is applied to a block chain node in a block chain network; the method comprises the following steps:
receiving inquiry transaction aiming at target privacy data initiated by an inquirer, wherein the target privacy data is encrypted and stored at each block chain node in the block chain network;
determining a query quota allocated by the querier for the target private data;
reading the target privacy data into a trusted execution environment of the block chain node for decryption under the condition that a data query condition is met, so that the query party obtains corresponding decrypted data, and decrementing and updating the query quota; wherein the data query condition includes that the query quota has not been exhausted.
According to a second aspect of one or more embodiments of the present specification, an apparatus for querying block chain privacy data is provided, which is applied to a block chain node in a block chain network; the device comprises:
the receiving unit is used for receiving inquiry transaction aiming at target privacy data initiated by an inquiring party, and the target privacy data is encrypted and stored at each block chain node in the block chain network;
a determining unit, configured to determine a query quota allocated by the querying party for the target privacy data;
the updating unit is used for reading the target privacy data into a trusted execution environment of the block chain node for decryption under the condition that a data query condition is met, so that the query party acquires corresponding decrypted data, and decrementing and updating the query quota; wherein the data query condition includes that the query quota has not been exhausted.
According to a third aspect of one or more embodiments of the present specification, there is provided an electronic apparatus including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of the first aspect by executing the executable instructions.
According to a fourth aspect of one or more embodiments of the present description, a computer-readable storage medium is presented, having stored thereon computer instructions which, when executed by a processor, implement the steps of the method according to the first aspect.
Drawings
Fig. 1 is a flowchart of a method for querying block chain privacy data according to an exemplary embodiment.
FIG. 2 is a schematic diagram of creating an intelligent contract, provided by an exemplary embodiment.
FIG. 3 is a schematic diagram of a calling smart contract provided by an exemplary embodiment.
Fig. 4 is a schematic structural diagram of an apparatus according to an exemplary embodiment.
Fig. 5 is a block diagram of a query device for blockchain private data according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
Blockchains are generally divided into three types: public chain (Public Blockchain), Private chain (Private Blockchain) and alliance chain (Consortium Blockchain). In addition, there are various types of combinations, such as private chain + federation chain, federation chain + public chain, and other different combinations. The most decentralized of these is the public chain. The public chain is represented by bitcoin and ether house, and the participators joining the public chain can read the data record on the chain, participate in transaction, compete for accounting right of new blocks, and the like. Furthermore, each participant (i.e., node) is free to join and leave the network and perform related operations. Private chains are the opposite, with the network's write rights controlled by an organization or organization and the data read rights specified by the organization. Briefly, a private chain can be a weakly centralized system with strictly limited and few participating nodes. This type of blockchain is more suitable for use within a particular establishment. A federation chain is a block chain between a public chain and a private chain, and "partial decentralization" can be achieved. Each node in a federation chain typically has a physical organization or organization corresponding to it; participants jointly maintain blockchain operation by authorizing to join the network and forming a benefit-related alliance.
Whether public, private, or federated, there may be a need for data privacy protection. For a blockchain network supporting a privacy protection function, block data (i.e., a plurality of blocks in a chain structure), ledger data (e.g., external account data, contract codes, contract states, transaction receipts, etc.), etc. maintained by blockchain nodes are all stored in a ciphertext form, so that even if the block data is obtained, no loss is caused, and only through a trusted execution environment configured on the blockchain nodes, the stored ciphertext data can be decrypted. In the related art, the authority management of the user may be performed to control the user to obtain the private data (such as the data stored in the form of the above ciphertext), so as to ensure that only the user with the acquired authority may obtain the plaintext data decrypted by the trusted execution environment. However, the requirement of the authority management for the user may be dynamic, so that the administrator needs to frequently give and recover the authority for the user, and omission or misoperation is easily caused, thereby generating a data security risk.
In view of the above situation, the present specification provides a private data query scheme based on a query quota, so that the recovery operation of the permission is not manually performed by an administrator, so as to eliminate the above data security risk.
Fig. 1 is a flowchart of a method for querying block chain privacy data according to an exemplary embodiment.
As shown in fig. 1, the method is applied to a blockchain node in a blockchain network, and may include the following steps:
The blockchain network includes members having respective blockchain nodes in the blockchain network, where each member may correspond to one or more blockchain nodes. There may be multiple types of identities for members in a blockchain network, such as an administrator with administrative privileges, a general user without administrative privileges, or other identities.
The querying party may be any user who wishes to query for private data. For example, the querier may be a member of the blockchain network, or the querier may be another user who is not a member, which is not limited in this specification. The inquiring party submits a blockchain transaction, namely the inquiring transaction, to the blockchain network, wherein the inquiring transaction can contain the description information of the target privacy data, so that the blockchain nodes meet the inquiring requirement of the inquiring party. The inquiring party may generate a query transaction on the client from which the above-mentioned tile link points may be received; alternatively, the client may send the query transaction to another blockchain node, and the blockchain node may receive the query transaction from the other blockchain node; alternatively, the above-mentioned blockchain node may obtain the query transaction in other ways.
The target privacy data may include a specific transaction, i.e., the original transaction itself of the specific transaction, and a transaction hash of the specific transaction may be included in the query transaction to query the specific transaction based on the transaction hash.
The target privacy data may include a receipt (receipt) generated after the designated transaction is executed, and the receipt is used for recording relevant information of a transaction execution result of the designated transaction. Taking the ether house as an example, the receipt data obtained by the node executing the transaction may include the following: a Result field indicating the execution Result of the transaction; a Gas used field representing a Gas value consumed by the transaction; a Logs field for representing a Log generated by the transaction, wherein the Log may further comprise a From field for representing an account address of an initiator of the call, a To field for representing an account address of an object (such as a smart contract) To be called, a Topic field for representing a subject of the Log, a Log data field for representing Log data, and the like; an Output field, representing the Output of the transaction.
Intelligent contracts as referred to herein refer to contracts that can be executed by a transaction trigger on a blockchain system. Taking the ethernet as an example, the support user creates and invokes some complex logic in the ethernet network, which is the biggest challenge of ethernet to distinguish from bitcoin blockchain technology. The core of the ethernet plant as a programmable blockchain is the ethernet plant virtual machine (EVM), each ethernet plant node can run the EVM. The EVM is a well-behaved virtual machine, which means that a variety of complex logic can be implemented through it. The user issuing and invoking smart contracts in the etherhouse is running on the EVM. In fact, what the virtual machine directly runs is virtual machine code (virtual machine bytecode, hereinafter referred to as "bytecode"). The intelligent contracts deployed on the blockchain may be in the form of bytecodes.
For example, as shown in fig. 2, after Bob sends a transaction containing information to create an intelligent contract to the ethernet network, the EVM of node 1 may execute the transaction and generate a corresponding contract instance. The "0 x6f8ae93 …" in fig. 2 represents the address of the contract, the data field of the transaction holds the byte code, and the to field of the transaction is empty. After agreement is reached between the nodes through the consensus mechanism, this contract is successfully created and can be invoked in subsequent procedures. After the contract is created, a contract account corresponding to the intelligent contract appears on the blockchain and has a specific address, and the contract code is stored in the contract account. The behavior of the intelligent contract is controlled by the contract code. In other words, an intelligent contract causes a virtual account to be generated on a blockchain that contains a contract code and an account store (Storage). For example, as shown in fig. 3, still taking an ethernet house as an example, after Bob sends a transaction for invoking an intelligent contract to the ethernet house network, the EVM of a certain node may execute the transaction and generate a corresponding contract instance. The from field of the transaction in fig. 3 is the address of the account of the transaction initiator (i.e., Bob), the "0 x6f8ae93 …" in the to field represents the address of the smart contract called, and the value field is the value of tai-currency in the etherhouse, and the data field of the transaction holds the method and parameters for calling the smart contract. The intelligent contract is independently executed at each node in the blockchain network in a specified mode, and all execution records and data are stored on the blockchain, so that after the transaction is completed, transaction certificates which cannot be tampered and cannot be lost are stored on the blockchain.
The target privacy data may include a specific account, for example, the specific account may be an external account (external owned accounts) or a contract account (contract accounts). Taking an ethernet as an example, the designated account may include fields such as balance, nonce, codeHash (the external account is empty), and storageRoot (the external account is empty), and obtaining the value of the designated account is actually obtaining the fields.
The target privacy data may include contract data, which may include contract code (such as bytecode as described above, or code written in a high-level language that is compilable as bytecode) and/or values of contract states to which the contract code refers, and so on.
The target privacy data described above may include chain data that may include a total number of transactions, a total number of contracts, a number of invocations of one or all contracts, an amount of data included for one or all contracts, and the like in the blockchain network.
The target privacy data may be of other types than those listed above, and this specification is not intended to be limiting. The target privacy data may include one or more types of data as described above based on the setting of the inquiring party, and this specification does not limit this.
And 104, determining the query quota distributed by the inquirer for the target private data.
By allocating the query quota to the querier, the querier can have the query authority for the target private data before the query quota is not exhausted, and at this time, the block chain node can provide the decrypted data obtained by decryption in the trusted execution environment to the querier. And when the query quota is exhausted, the block chain node does not provide the decrypted data to the inquirer without manual configuration by an administrator, which is equivalent to that the inquirer loses the query authority for the target private data.
There may be multiple possible characterization dimensions for the query quota. For example, the query quota may include at least one of: the remaining query times, the remaining query duration, the remaining query data amount, and the like, which is not limited in this specification.
The query quota may include a private query quota corresponding to the target private data. The private query quota is a query quota that is dedicated to the target private data and cannot be applied to other private data. Therefore, the inquiring party may have a plurality of private query quotas for performing query authority management on a plurality of private data, respectively.
The query quota may include a category query quota corresponding to a data category to which the target private data belongs. The category query quota can be used for all data of a data category to which the target private data belongs, so that the querying party can query the data, that is, the category query quota can be shared among the data.
The query quota may include a universal query quota corresponding to all private data. The universal query quota can be applied to all private data, regardless of the data category to which the private data belongs, so that the querying party can query for the data, that is, the universal query quota can be shared among all data.
Of course, the inquiring party may have one or more of the above query quotas at the same time to meet the diversified private data query requirements of the inquiring party.
The inquiring party can apply for obtaining or increasing the inquiry quota in a mode of combining online with offline. For example, the querier may come into a line-down protocol with the authority controller of the target private data, i.e., the authority controller agrees to open a specified amount of the query quota corresponding to the target private data to the querier. Then, the right controller may initiate a quota management transaction to the blockchain network, so that the blockchain link point may receive and execute the quota management transaction to adjust a value of the query quota corresponding to the querying party, for example, increase the remaining query times, prolong the remaining query duration, increase the remaining query data volume, and the like, where the quota management transaction may include a variation of the query quota or a value after the variation.
Multiple identity types may exist for the authority controlling party of the target privacy data. For example, the authority controlling party may be a general user, and the target privacy data may have a certain association with the general user, so that the general user can perform authority control on the target privacy data, for example, a transaction corresponding to the target privacy data is initiated by the general user or an intelligent contract invoked by the transaction is deployed by the general user. The query quota of the query party can be recorded in a user intelligent contract deployed by the common user, so that the block chain node can invoke the user intelligent contract by executing the quota management transaction, and the contract state corresponding to the query quota in the user intelligent contract is subjected to value adjustment. The common user may implement the deployment of the user intelligent contract through the embodiment shown in fig. 2, which is not described herein again.
As another example, the authority controller may be an administrator that can implement authority control over all data in the blockchain network, including the target privacy data described above. The query quota of the querier can be recorded in the system intelligent contract, so that the block chain node can call the system intelligent contract by executing the quota management transaction, and the value of the contract state corresponding to the query quota in the system intelligent contract is adjusted. The system intelligent contract is different from the user intelligent contract, the system intelligent contract cannot be freely deployed by a common user and needs to be deployed by an administrator, and the deployment process is similar to the embodiment shown in fig. 2; the block chain network may include a plurality of administrators, and then the system intelligent contract may be deployed by any administrator, but the transaction for deploying the system intelligent contract needs to be signed by the deployed administrator, and sometimes needs to be signed by other administrators and needs to ensure that the proportion of the signature administrators in all administrators is not less than a preset proportion. Similarly, when an administrator initiates the quota management transaction described above, the quota management transaction may also be required to be signed by no less than a preset percentage of administrators in the blockchain network.
The inquiring party can apply for obtaining or increasing the inquiry quota in an online mode. For example, the query quota of the querying party may be recorded in a certain intelligent contract, and then the querying party may invoke the intelligent contract through the quota application transaction described above, and the invoking manner may refer to the embodiment shown in fig. 3 described above; correspondingly, after receiving a quota application transaction initiated by the inquiring party, the block link calls the intelligent contract by executing the quota application transaction, and the logic implemented by the intelligent contract can be used for adjusting the value of the inquiry quota recorded by the intelligent contract, so that the inquiry quota corresponding to the inquiring party is updated (usually, the value is increased).
By providing some limiting conditions, the inquiring party can be prevented from randomly initiating the online inquiry quota application by initiating quota application transactions. For example, when the quota application transaction calls the above-mentioned intelligent contract to apply for the query quota, the intelligent contract may be used to update the value of the query quota corresponding to the querying party, and also needs to transfer at least a part of the blockchain assets held by the querying party on the blockchain network as the cost of applying for the query quota, and the number of the transferred blockchain assets may positively correlate to the number of the applied query quota. Due to the fact that the number of the block chain assets held by the inquirer is limited, the inquirer can be limited to apply for the inquiry quota at will to a certain extent through the scheme. The blockchain assets may be of any type, such as being distributed by a system when the inquiring party joins the blockchain network, being distributed based on the behavior of the inquiring party (for example, the inquiring party obtains accounting right and completes block packaging uplink distribution), being transferred to the inquiring party by other members, being distributed to the inquiring party based on anchored offline assets, and the like, which is not limited in this specification.
For example, in the case where the authority controller of the target private data is a normal user and the intelligent contract includes a user intelligent contract deployed by the authority controller, the quota application transaction initiated by the inquiring party may be used to transfer at least a part of the blockchain assets held by the inquiring party to the authority controller in exchange for a corresponding amount of the query quota, and the ownership of the part of the blockchain assets is equivalent to being transferred to the authority controller, and the authority controller may use the part of the blockchain assets in a subsequent process, for example, the authority controller may apply the part of the blockchain assets to redeem the query quota. For another example, in a case where the authority controller of the target privacy data is an administrator and the intelligent contract includes a system intelligent contract, the quota application transaction initiated by the querying party may be used to transfer at least a portion of the blockchain assets held by the querying party to a preset system account in exchange for a corresponding amount of query quota. The preset system account may not belong to any member, and is dedicated to recovering the blockchain assets used for exchanging the query quota, and the recovered blockchain assets may be frozen, cleared, or re-issued.
The TEE is a trusted execution environment that is based on a secure extension of the CPU hardware and is completely isolated from the outside. TEE was originally proposed by Global Platform to address the secure isolation of resources on mobile devices, providing a trusted and secure execution environment for applications parallel to the operating system. The Trust Zone technology of ARM realizes the real commercial TEE technology at the earliest. Along with the rapid development of the internet, the security requirement is higher and higher, and more requirements are provided for the TEE by mobile equipment, cloud equipment and a data center. The concept of TEE has also been developed and expanded at a high rate. The concept now referred to as TEE has been a more generalized TEE than the concept originally proposed. For example, server chip manufacturers Intel, AMD, etc. have introduced hardware-assisted TEE in turn and enriched the concept and characteristics of TEE, which have gained wide acceptance in the industry. The mention of TEE now is more generally directed to such hardware assisted TEE techniques.
Taking the Intel SGX technology as an example, SGX provides an enclosure (also called enclave), that is, an encrypted trusted execution area in memory, and a CPU protects data from being stolen. Taking the example that the first block link point adopts a CPU supporting SGX, a part of an area EPC (enclosure Page Cache, Enclave Page Cache, or Enclave Page Cache) may be allocated in the memory by using a newly added processor instruction, and data therein is encrypted by an Encryption engine mee (memory Encryption engine) in the CPU. The encrypted content in the EPC is decrypted into plaintext only after entering the CPU. Therefore, in the SGX, a user may not trust an operating System, a VMM (Virtual Machine Monitor), or even a BIOS (Basic Input Output System), and only need to trust the CPU to ensure that private data is not leaked. The enclosure thus corresponds to the TEE produced under SGX technology.
Therefore, the target private data can be correctly decrypted only in the TEE, the target private data maintained by the blockchain node can be ensured to be in a safe state, and data leakage occurs due to the fact that the target private data cannot be correctly decrypted even if the target private data is acquired by a user without a query quota. Based on the operating principle of the TEE, the TEE belongs to a space with high security on a blockchain node, and a secret key related to decryption target private data can be safely stored in the TEE without leakage.
As previously mentioned, the target privacy data may include transactions. For example, a user Ua may submit a transaction Tx _ a in the blockchain network, which may invoke an intelligent contract Za that may be deployed by the user Ua or another user Ub. For privacy protection purposes, the user Ua may encrypt the transaction Tx _ a: the user Ua can maintain a symmetric key Ma, which can be randomly generated by the user Ua, for example, so that the user Ua can encrypt the plaintext transaction content of the transaction Tx _ a based on the symmetric key Ma to obtain corresponding ciphertext transaction content; each block chain link point can maintain a node private key, for example, the node private key can be deployed by a Key Management Server (KMS) in a remote certification mode when each block chain node newly joins the block chain network, and a node public key corresponding to the node private key is published, so that the user Ua can encrypt the symmetric key Ma through the node public key to obtain a corresponding encrypted key Ma'; therefore, the transaction Tx _ a actually contains the above-mentioned ciphertext transaction content and the encrypted key Ma'. Since the symmetric key Ma is only maintained by the user Ua initiating the transaction Tx _ a, and the node private key is maintained in the TEE by the block chain node and only the CPU can achieve access, for example, for the user Uc or other inquiring parties, even if the transaction Tx _ a is obtained from the block chain node, the plaintext transaction content cannot be correctly decrypted, only the technical solution of the present specification requests the block chain node, so that the block chain node is decrypted in the TEE by consuming the inquiry quota, and the obtained plaintext transaction content is provided to the user Uc.
The block link node may decrypt the transaction Tx _ a in the TEE to obtain the plaintext transaction content, where the decryption operation usually occurs during the process that the block link node needs to verify or execute the transaction Tx _ a, and may also be performed in response to the query request of the user Uc for the transaction Tx _ a. After reading the transaction Tx _ a into the TEE, the block chain node may obtain the above-mentioned ciphertext transaction content and encrypted key Ma', respectively, and the decryption operation may include: firstly, the block chain node decrypts the encrypted key Ma' through a maintained node private key to obtain the symmetric key Ma, and then the block chain node decrypts the ciphertext transaction content through the symmetric key Ma to obtain the plaintext transaction content, wherein the plaintext transaction content is the content requested to be queried by the user Uc.
Similarly, for example, when the user Uc initiates an inquiry transaction to a block link point to inquire the target privacy data, the user Uc may encrypt the plaintext transaction content included in the inquiry transaction by using a symmetric key maintained by the user Uc, and encrypt the symmetric key by using a node public key, thereby avoiding exposing the inquiry behavior of the user Uc on the relevant target privacy data, and the block link point may correspondingly decrypt and determine the target privacy data required by the user Uc, which is not described herein again in detail.
As previously mentioned, the target privacy data may include receipts, account data, contract data, chain data, etc., which may be stored on blockchain nodes (typically stored in a storage space outside the TEE) after being encrypted in the TEE by the blockchain nodes. The TEE at the blockchain node deploys a symmetric key for storing the data, and the symmetric key can be deployed by a KMS server when the blockchain node newly joins the blockchain network, for example. In fact, the block chain nodes can directly adopt the symmetric key to encrypt and store the target private data; or, for the purpose of improving security, the block chain node may use the above symmetric key as a root key, and further generate a corresponding derivative key from the root key, so as to encrypt and store the target private data based on the derivative key. Blockchain nodes may generate derivative keys based on multiple dimensions, for example: the block chain nodes can respectively generate derived keys aiming at different types of target privacy data, so that the same type adopts the same derived key, and different types adopt different derived keys; the block chain nodes can respectively generate derived keys aiming at target privacy data generated by different transactions, so that the same derived key is adopted for data of the same transaction, and different derived keys are adopted for data of different transactions; the block chain nodes can respectively generate derived keys aiming at target private data generated by different contracts, so that the data (such as contract codes, contract states and the like) of the same intelligent contract adopt the same derived key, and the data of different contracts adopt different derived keys; the block chain nodes can respectively generate derivative keys aiming at different accounts, so that the same derivative key is adopted by the data of the same account, and different derivative keys are adopted by the data of different accounts; the blockchain nodes may generate derivative keys for different contract states, respectively, such that different derivative keys are employed even for different contract states produced by the same contract.
Then, in response to a query transaction initiated by, for example, the user Uc, the chunk node may determine the corresponding target privacy data (e.g., the target privacy data may be determined after the query transaction is decrypted in the TEE), and decrypt the target privacy data by reading the target privacy data into the TEE, so as to obtain the corresponding decrypted data, which is the content of the query requested by the user Uc. Here, when the block chain node decrypts the target private data read into the TEE, the used key may be the root key or its derivative key used in the above encryption process, in short, if the key is a symmetric key, the encryption is the same as the decryption key, if the key is an asymmetric key, the encryption is a public key, and the decryption is a private key, and these keys are maintained in the TEE to ensure sufficient security.
In the foregoing embodiment, the data query conditions that the querier needs to satisfy include: the query quota for the target private data has not been exhausted; besides, the query operation of the querying party may be further limited by other types of data query conditions, which is described in the following.
The data query condition may include a restriction condition for the target privacy data, for example, the target privacy data may be restricted to satisfy at least one of the following conditions: belonging to a predetermined block height range and belonging to a predetermined data type. The predetermined block height range may be from a specified block height to another specified block height, or before or after the specified block height, and the like, and may be in any limited form. The preset data types may include: a raw transaction data type, a transaction receipt type, an account data type, a contract code type, a contract status type, a chain data type, etc. Based on the above-mentioned preset block height range and/or preset data type, etc., the data that restricts the allowed inquirer to perform inquiry can be selected from the dimension of the data range.
The data query condition may include a restriction condition for the identity of the querying party. For example, a white list of querying parties may be recorded in an intelligent contract, and a querying party has the possibility to query the target privacy data only if the querying party is recorded in the white list of querying parties, otherwise the querying party is not allowed to query the target privacy data. Similarly, a blacklist of querying parties may be recorded in an intelligent contract, and a querying party has the possibility to query the target privacy data only if the querying party is not recorded in the blacklist of querying parties, otherwise the querying party is not allowed to query the target privacy data. The inquiring party white list (or inquiring party black list) may be specific to the target privacy data specified by the inquiring party in the inquiry transaction; alternatively, the inquiring party white list (or inquiring party black list) is not dedicated to the target privacy data described above, but may be used for a batch of data, such as in the case where there is an associated historical transaction for the target privacy data, the inquiring party white list (or inquiring party black list) may be located in the intelligent contract invoked for the historical transaction and thus may be applied to the associated data for all transactions invoking the intelligent contract; alternatively, the querying party white list (or querying party black list) may be located in a system intelligence contract that may be applied to all data in the blockchain network (or a portion of data specified in the system intelligence contract), including the target privacy data described above.
The data query condition may include an identity restriction condition for all parties to the target private data. For example, a white list of the inquired party may be recorded in a certain intelligent contract, and the inquirer has the possibility of inquiring the target privacy data only in the case that all the inquired parties are recorded in the white list of the inquired party, otherwise, the inquirer is not allowed to inquire the target privacy data. Similarly, a blacklist of queried parties may be recorded in an intelligent contract, and a querying party has the possibility of querying target privacy data only in the case that all the parties are not recorded in the blacklist of queried parties, otherwise the querying party is not allowed to query the target privacy data. For example, in the case of historical transactions with associated target privacy data, the queried party white list (or queried party black list) may be located in the intelligent contract invoked by the historical transactions, and thus may be applied to the associated data of all transactions invoking the intelligent contract; alternatively, the queried party white list (or queried party black list) may be located in a system intelligence contract that may be applied to all data in the blockchain network (or a portion of data specified in the system intelligence contract), including the target privacy data described above.
The data query condition may include a restriction condition for the contract version number. For example, where the target privacy data is related to a particular transaction, the intelligent contract invoked by the particular transaction has a corresponding version number, and the version number may change as the intelligent contract is upgraded. Therefore, the inquiring party can be limited to have the possibility of inquiring the target privacy data only in the case that the version number of the intelligent contract belongs to the preset contract version number range, otherwise, the inquiring party is not allowed to inquire the target privacy data.
The data query condition may include a restriction condition for a version number of the chain code. For example, there is a corresponding version number for the chain code at which the block chain nodes run, and this version number may change as the chain code is upgraded. Therefore, the querying party may be limited to have the possibility of querying the target privacy data only if the version number of the chain code belongs to the preset chain version number range, otherwise the querying party will not be allowed to query the target privacy data.
The data query conditions may include restrictions for member users of the blockchain network. For example, the member users of the blockchain network may include a common user, an administrator, or both, and thus, in the case where a change occurs in the member users of the blockchain network, whether the querying party has the possibility of querying the target private data is limited based on the change. Under a strict limiting condition, as long as member users of the block chain network change, the query operation of the query party can be limited, so that the query party cannot query the target privacy data unless the query authorization is started for the query party after the change. Under a relatively loose limiting condition, common users of the block chain network are allowed to change without influencing the query operation of the query party, but the query party cannot query the target private data under the condition that the administrator changes, unless the query authorization is opened for the query party again after the change. Under a relatively loose constraint condition, it is required to determine whether a scene of a member change meets a preset scene, for example, when the scene of the member change is a user who joins a predefined conflict or a predefined cooperative user leaves, the querying party cannot query the target privacy data, and the joining or leaving of other users does not affect the target privacy data.
A plurality of data query conditions are listed, and can be used as an additional condition of 'the query quota is not exhausted', and one or more additional conditions can exist at the same time; of course, the additional condition is not a requirement. In some embodiments, these additional conditions may also be implemented independently of each other to control the querying action for the querying party.
FIG. 4 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 4, at the hardware level, the apparatus includes a processor 402, an internal bus 404, a network interface 406, a memory 408, and a non-volatile memory 410, but may also include hardware required for other services. The processor 402 reads a corresponding computer program from the non-volatile memory 410 into the memory 408 and then runs the computer program to form a query device of the block chain privacy data on a logical level. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Referring to fig. 5, in a software implementation, the query apparatus for the blockchain privacy data is applied to a blockchain node in a blockchain network; the apparatus may include:
a first receiving unit 51, configured to receive an inquiry transaction initiated by an inquiring party for target privacy data, where the target privacy data is stored at each blockchain link point in the blockchain network in an encrypted manner;
a determining unit 52, configured to determine a query quota allocated by the querying party for the target private data;
the updating unit 53, when the data query condition is satisfied, reads the target private data into the trusted execution environment of the block chain node, decrypts the target private data to obtain corresponding decrypted data by the querying party, and performs decremental updating on the query quota; wherein the data query condition includes that the query quota has not been exhausted.
Optionally, the query quota includes at least one of: the remaining query times, the remaining query duration, and the remaining query data volume.
Optionally, the query quota includes: the private query quota corresponding to the target private data, the category query quota corresponding to the data category to which the target private data belongs, and the general query quota corresponding to all private data.
Optionally, the method further includes:
a second receiving unit 54, configured to receive a quota management transaction initiated by a rights controller of the target private data, where the quota management transaction is initiated after the rights controller and the querying party reach an offline agreement;
the execution unit 55 executes the quota management transaction to adjust the value of the query quota corresponding to the querying party.
Optionally, the transaction executing unit 55 is specifically configured to:
under the condition that the authority controller is a common user and the query quota is recorded in a user intelligent contract deployed by the authority controller, calling the user intelligent contract by executing the quota management transaction, and carrying out value adjustment on a contract state corresponding to the query quota in the user intelligent contract;
under the condition that the authority controller is an administrator and the query quota is recorded in a system intelligent contract, calling the system intelligent contract by executing the quota management transaction, and carrying out value adjustment on a contract state corresponding to the query quota in the system intelligent contract; and signing the quota management transaction by an administrator not less than a preset proportion in the block chain network.
Optionally, the method further includes:
a third receiving unit 56, configured to receive a quota application transaction initiated by the querying party, where an intelligent contract called by the quota application transaction is used to record the query quota;
the invoking unit 57 invokes the intelligent contract by executing the quota application transaction to adjust a value of the query quota recorded in the intelligent contract.
Alternatively to this, the first and second parts may,
in the case that the authority controller of the target private data is a common user and the intelligent contract comprises a user intelligent contract deployed by the authority controller, the quota application transaction is further used for transferring at least a part of blockchain assets held by the inquirer to the authority controller in exchange for a corresponding amount of inquiry quota;
and under the condition that the authority controller of the target privacy data is an administrator and the intelligent contract comprises a system intelligent contract, the quota application transaction is also used for transferring at least a part of the blockchain assets held by the inquirer to a preset system account so as to replace a corresponding amount of inquiry quota.
Optionally, the data query condition further includes at least one of:
the target privacy data satisfies at least one of the following conditions: belonging to a preset block height range and a preset data type;
the inquiring party is recorded in an inquiring party white list, or the inquiring party is not recorded in an inquiring party black list;
all parties of the target privacy data are recorded in a white list of inquired parties, or all parties are not recorded in a black list of inquired parties;
under the condition that the target privacy data is related to a specific transaction, the version number of the intelligent contract called by the specific transaction belongs to the range of the preset contract version number;
the version number of the chain code operated by the block chain node belongs to the range of the preset chain version number;
member users of the blockchain network change, and the member users comprise common users and/or administrators.
Optionally, the target privacy data includes at least one of: a designated transaction, a receipt generated after execution of the designated transaction, a designated account, contract data, chain data.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.
Claims (18)
1. A block chain private data query method is applied to block chain nodes in a block chain network; the method comprises the following steps:
receiving inquiry transaction aiming at target privacy data initiated by an inquirer, wherein the target privacy data is encrypted and stored at each block chain node in the block chain network;
determining a query quota which is distributed by the query party and aims at the target private data, wherein the value of the query quota is adjusted by the block chain transaction executed by the block chain nodes;
under the condition that the data query condition is met, decrypting the target privacy data to obtain corresponding decrypted data by the query party, and performing decrement updating on the query quota; wherein the data query condition includes that the query quota has not been exhausted.
2. The method of claim 1, the query quota comprising at least one of: the remaining query times, the remaining query duration, and the remaining query data volume.
3. The method of claim 1, the query quota comprising: the private query quota corresponding to the target private data, the category query quota corresponding to the data category to which the target private data belongs, and the general query quota corresponding to all private data.
4. The method of claim 1, the blockchain transaction initiated by the inquiring party and/or an authority controller of the target privacy data.
5. The method of claim 1, the blockchain transaction initiated by an authority controller of the target privacy data after an offline agreement with the querying party.
6. The method of claim 1, the blockchain transaction comprising a quota managed transaction, the performing the blockchain transaction comprising:
under the condition that the authority controller of the target privacy data is a common user and the query quota is recorded in a user intelligent contract deployed by the authority controller, calling the user intelligent contract by executing the quota management transaction, and carrying out value adjustment on a contract state corresponding to the query quota in the user intelligent contract;
and under the condition that the authority controller is an administrator and the query quota is recorded in a system intelligent contract, calling the system intelligent contract by executing the quota management transaction, and carrying out value adjustment on a contract state corresponding to the query quota in the system intelligent contract.
7. The method of claim 6, the quota managed transaction signed by no less than a preset percentage of administrators in the blockchain network.
8. The method of claim 1, the intelligent contract of blockchain transaction calls to record the query quota.
9. The method of claim 6, the blockchain transaction comprising a quota application transaction, the executing the blockchain transaction comprising:
in the case that the authority controller of the target private data is a common user and the intelligent contract comprises a user intelligent contract deployed by the authority controller, the quota application transaction is further used for transferring at least a part of blockchain assets held by the inquirer to the authority controller in exchange for a corresponding amount of inquiry quota;
and under the condition that the authority controller of the target privacy data is an administrator and the intelligent contract comprises a system intelligent contract, the quota application transaction is also used for transferring at least a part of the blockchain assets held by the inquirer to a preset system account so as to replace a corresponding amount of inquiry quota.
10. The method of claim 1, the decrypting the target privacy data comprising:
and reading the target privacy data into the trusted execution environment of the block chain node for decryption.
11. The method of claim 10, the receiving an inquirer-initiated inquiry transaction for target privacy data, comprising:
and receiving a ciphertext transaction obtained by encrypting the query transaction aiming at the target privacy data by the query party, reading the ciphertext transaction into a trusted execution environment of the block chain node, and decrypting the ciphertext transaction to obtain the query transaction.
12. The method of claim 11, further comprising:
receiving an encrypted key sent by the inquiring party, wherein the encrypted key is obtained by encrypting a symmetric key maintained by the inquiring party through a node public key of the block chain node by the inquiring party, and the ciphertext transaction is obtained by encrypting the inquiry transaction through the symmetric key by the inquiring party;
the reading the ciphertext transaction into the trusted execution environment of the block chain node, decrypting the ciphertext transaction to obtain the query transaction includes:
reading the ciphertext transaction into a trusted execution environment of the blockchain node, decrypting the encrypted key through the maintained node private key of the blockchain node to obtain the symmetric key, and decrypting the ciphertext transaction through the symmetric key to obtain the query transaction.
13. The method of claim 10, the reading the target privacy data into a trusted execution environment of the blockchain node for decryption, comprising:
reading the target privacy data into a trusted execution environment of the blockchain node, and decrypting by using a root key maintained in the trusted execution environment or a derivative key corresponding to the target privacy data, where the derivative key is generated based on a preset dimension, and the preset dimension includes: a type dimension, a transaction dimension, a contract dimension, an account dimension, or a contract status dimension of the target privacy data.
14. The method of claim 1, the data query further comprising at least one of:
the target privacy data satisfies at least one of the following conditions: belonging to a preset block height range and a preset data type;
the inquiring party is recorded in an inquiring party white list, or the inquiring party is not recorded in an inquiring party black list;
all parties of the target privacy data are recorded in a white list of inquired parties, or all parties are not recorded in a black list of inquired parties;
under the condition that the target privacy data is related to a specific transaction, the version number of the intelligent contract called by the specific transaction belongs to the range of the preset contract version number;
the version number of the chain code operated by the block chain node belongs to the range of the preset chain version number;
member users of the blockchain network change, and the member users comprise common users and/or administrators.
15. The method of claim 1, the target privacy data comprising at least one of: a designated transaction, a receipt generated after execution of the designated transaction, a designated account, contract data, chain data.
16. A query device of block chain private data is applied to block chain nodes in a block chain network; the device comprises:
the receiving unit is used for receiving inquiry transaction aiming at target privacy data initiated by an inquiring party, and the target privacy data is encrypted and stored at each block chain node in the block chain network;
the determining unit is used for determining a query quota which is distributed by the query party and aims at the target private data, and the value of the query quota is adjusted by the block chain transaction executed by the block chain nodes;
the updating unit is used for decrypting the target privacy data to obtain corresponding decrypted data by the inquirer and decrementing and updating the inquiry quota under the condition that the data inquiry condition is met; wherein the data query condition includes that the query quota has not been exhausted.
17. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1-15 by executing the executable instructions.
18. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 1 to 15.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110540608.3A CN113221169B (en) | 2019-10-30 | 2019-10-30 | Method and device for inquiring block chain private data |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110540608.3A CN113221169B (en) | 2019-10-30 | 2019-10-30 | Method and device for inquiring block chain private data |
| CN201911042758.0A CN111222157B (en) | 2019-10-30 | 2019-10-30 | Method and device for inquiring block chain private data |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911042758.0A Division CN111222157B (en) | 2019-10-30 | 2019-10-30 | Method and device for inquiring block chain private data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113221169A true CN113221169A (en) | 2021-08-06 |
| CN113221169B CN113221169B (en) | 2023-01-20 |
Family
ID=70827482
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911042758.0A Active CN111222157B (en) | 2019-10-30 | 2019-10-30 | Method and device for inquiring block chain private data |
| CN202110540608.3A Active CN113221169B (en) | 2019-10-30 | 2019-10-30 | Method and device for inquiring block chain private data |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911042758.0A Active CN111222157B (en) | 2019-10-30 | 2019-10-30 | Method and device for inquiring block chain private data |
Country Status (2)
| Country | Link |
|---|---|
| CN (2) | CN111222157B (en) |
| WO (1) | WO2021082664A1 (en) |
Families Citing this family (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111222157B (en) * | 2019-10-30 | 2021-03-23 | 支付宝(杭州)信息技术有限公司 | Method and device for inquiring block chain private data |
| CN112612849A (en) | 2020-07-24 | 2021-04-06 | 支付宝(杭州)信息技术有限公司 | Data processing method, device, equipment and medium |
| CN111815420B (en) | 2020-08-28 | 2021-07-06 | 支付宝(杭州)信息技术有限公司 | Matching method, device and equipment based on trusted asset data |
| CN111741036B (en) | 2020-08-28 | 2020-12-18 | 支付宝(杭州)信息技术有限公司 | Trusted data transmission method, device and equipment |
| CN111814172A (en) | 2020-08-28 | 2020-10-23 | 支付宝(杭州)信息技术有限公司 | Method, device and equipment for acquiring data authorization information |
| CN111818094B (en) | 2020-08-28 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | Identity registration method, device and equipment |
| CN113434849A (en) | 2020-09-04 | 2021-09-24 | 支付宝(杭州)信息技术有限公司 | Data management method, device and equipment based on trusted hardware |
| CN111814156B (en) * | 2020-09-04 | 2022-04-29 | 支付宝(杭州)信息技术有限公司 | Data acquisition method, device and equipment based on trusted equipment |
| CN111814196B (en) | 2020-09-04 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | Data processing method, device and equipment |
| CN111932426B (en) | 2020-09-15 | 2021-01-26 | 支付宝(杭州)信息技术有限公司 | Identity management method, device and equipment based on trusted hardware |
| CN111930846B (en) | 2020-09-15 | 2021-02-23 | 支付宝(杭州)信息技术有限公司 | Data processing method, device and equipment |
| CN113255005A (en) | 2020-09-15 | 2021-08-13 | 支付宝(杭州)信息技术有限公司 | Block chain-based data asset transfer method, device and equipment |
| CN112506987B (en) * | 2020-11-19 | 2022-05-20 | 杭州趣链科技有限公司 | Query method, device and equipment based on block chain and storage medium |
| CN112667689A (en) * | 2021-01-04 | 2021-04-16 | 拉卡拉支付股份有限公司 | Data query method, data query device, electronic equipment, storage medium and program product |
| CN113034138A (en) * | 2021-03-12 | 2021-06-25 | 三一智造(深圳)有限公司 | Privacy protection method based on block chain |
| CN113364771B (en) * | 2021-06-04 | 2023-08-11 | 佳乔(深圳)投资有限公司 | Block chain-based data sharing method for Internet of things |
| CN113434906B (en) * | 2021-07-05 | 2024-01-16 | 平安科技(深圳)有限公司 | Data query method, device, computer equipment and storage medium |
| CN113609156B (en) * | 2021-08-02 | 2023-12-12 | 北京百度网讯科技有限公司 | Data query and write method and device, electronic equipment and readable storage medium |
| CN113343286B (en) * | 2021-08-05 | 2021-11-23 | 江西农业大学 | Data encryption and decryption method, data uploading end, data receiving end and system |
| CN115641210A (en) * | 2022-10-31 | 2023-01-24 | 贵州电网有限责任公司信息中心 | Electric power transaction storage method, device, equipment and storage medium |
| CN115834789B (en) * | 2022-11-24 | 2024-02-23 | 南京信息工程大学 | Medical image encryption and recovery method based on encryption domain |
| CN116662376B (en) * | 2023-08-01 | 2024-02-13 | 腾讯科技(深圳)有限公司 | Data query method, device, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108540484A (en) * | 2018-04-23 | 2018-09-14 | 北京云图科瑞科技有限公司 | A kind of method of commerce, apparatus and system based on block chain |
| CN109214197A (en) * | 2018-08-14 | 2019-01-15 | 上海点融信息科技有限责任公司 | The method, apparatus and storage medium of private data are handled based on block chain |
| CN110020856A (en) * | 2019-01-31 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of three handed deal are realized in block chain |
| CN110020549A (en) * | 2019-02-19 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of secret protection are realized in block chain |
| CN110033265A (en) * | 2019-02-19 | 2019-07-19 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of secret protection are realized in block chain |
| CN110032885A (en) * | 2019-02-19 | 2019-07-19 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of secret protection are realized in block chain |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109792386B (en) * | 2016-09-29 | 2022-08-02 | 诺基亚技术有限公司 | Method and apparatus for trusted computing |
| CN106651346A (en) * | 2016-11-28 | 2017-05-10 | 上海凯岸信息科技有限公司 | Block chain-based credit investigation data sharing and trading system |
| CN108573381B (en) * | 2017-03-09 | 2020-06-05 | 北京京东尚科信息技术有限公司 | Data processing method and device |
| MX2019008597A (en) * | 2018-12-13 | 2019-09-09 | Alibaba Group Holding Ltd | Off-chain smart contract service based on trusted execution environment. |
| CN109660358B (en) * | 2019-01-08 | 2022-04-08 | 余炀 | Data circulation method based on block chain and safe execution environment |
| CN110032884B (en) * | 2019-01-31 | 2020-04-17 | 阿里巴巴集团控股有限公司 | Method for realizing privacy protection in block chain, node and storage medium |
| CA3058236C (en) * | 2019-03-27 | 2020-08-25 | Alibaba Group Holding Limited | Retrieving public data for blockchain networks using highly available trusted execution environments |
| CN110263543B (en) * | 2019-05-20 | 2021-06-01 | 创新先进技术有限公司 | Object-level receipt storage method and node based on code labeling |
| CN110049066B (en) * | 2019-05-23 | 2020-05-26 | 中国科学院软件研究所 | Resource access authorization method based on digital signature and block chain |
| CN111222157B (en) * | 2019-10-30 | 2021-03-23 | 支付宝(杭州)信息技术有限公司 | Method and device for inquiring block chain private data |
-
2019
- 2019-10-30 CN CN201911042758.0A patent/CN111222157B/en active Active
- 2019-10-30 CN CN202110540608.3A patent/CN113221169B/en active Active
-
2020
- 2020-08-24 WO PCT/CN2020/110741 patent/WO2021082664A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108540484A (en) * | 2018-04-23 | 2018-09-14 | 北京云图科瑞科技有限公司 | A kind of method of commerce, apparatus and system based on block chain |
| CN109214197A (en) * | 2018-08-14 | 2019-01-15 | 上海点融信息科技有限责任公司 | The method, apparatus and storage medium of private data are handled based on block chain |
| CN110020856A (en) * | 2019-01-31 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of three handed deal are realized in block chain |
| CN110020549A (en) * | 2019-02-19 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of secret protection are realized in block chain |
| CN110033265A (en) * | 2019-02-19 | 2019-07-19 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of secret protection are realized in block chain |
| CN110032885A (en) * | 2019-02-19 | 2019-07-19 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of secret protection are realized in block chain |
Non-Patent Citations (1)
| Title |
|---|
| 极客公园: "区块链技术 + 英特尔 SGX,构建可信数据流通环境", 《HTTPS://WWW.GEEKPARK.NET/NEWS/229373》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111222157B (en) | 2021-03-23 |
| WO2021082664A1 (en) | 2021-05-06 |
| CN111222157A (en) | 2020-06-02 |
| CN113221169B (en) | 2023-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111222157B (en) | Method and device for inquiring block chain private data | |
| CN110580414B (en) | Private data query method and device based on block chain account | |
| CN110580418B (en) | Private data query method and device based on block chain account | |
| CN110580262B (en) | Private data query method and device based on intelligent contract | |
| WO2020238255A1 (en) | Smart contract management method and apparatus based on blockchain, and electronic device | |
| CN110580413B (en) | Private data query method and device based on down-link authorization | |
| WO2021184963A1 (en) | Contract calling method and apparatus | |
| WO2021179743A1 (en) | Method and apparatus for querying account privacy information in blockchain | |
| WO2021184961A1 (en) | Contract deploying method and apparatus | |
| WO2021184973A1 (en) | External data accessing method and device | |
| WO2021184970A1 (en) | Method and device for calling contract | |
| CN110580412B (en) | Permission query configuration method and device based on chain codes | |
| WO2021103794A1 (en) | Method for realizing highly efficient privacy-preserving transaction in blockchain, and device | |
| CN110580245B (en) | Private data sharing method and device | |
| CN110580411B (en) | Permission query configuration method and device based on intelligent contract | |
| CN110580417B (en) | Private data query method and device based on intelligent contract | |
| WO2020233631A1 (en) | Transaction type-based receipt storage method and node | |
| WO2020233633A1 (en) | Receipt storage method and node based on determination condition | |
| CN114866409B (en) | Password acceleration method and device based on password acceleration hardware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |