CN113240418B - Block chain-based intelligent access control method and equipment for private data - Google Patents
Block chain-based intelligent access control method and equipment for private data Download PDFInfo
- Publication number
- CN113240418B CN113240418B CN202110442759.5A CN202110442759A CN113240418B CN 113240418 B CN113240418 B CN 113240418B CN 202110442759 A CN202110442759 A CN 202110442759A CN 113240418 B CN113240418 B CN 113240418B
- Authority
- CN
- China
- Prior art keywords
- transaction proposal
- abstract
- public key
- transaction
- proposal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000007246 mechanism Effects 0.000 claims abstract description 8
- 230000006870 function Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 9
- 230000003993 interaction Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a private data intelligent access control method and equipment based on a blockchain, which relate to the technical field of blockchains, and comprise the following steps: constructing a transaction proposal according to the transaction request, and generating a unique public key and a private key of the transaction proposal; assigning the public key to the authorized node; the authorized node receives the transaction proposal abstract, the encrypted transaction proposal abstract and the public key; decrypting the encrypted transaction proposal abstract by the authorized node by adopting the public key to obtain the transaction proposal abstract to be compared; and comparing the transaction proposal abstract to be compared with the transaction proposal abstract. By the method, even if unauthorized nodes can acquire partial data in the blockchain, the public key is not available, the transaction proposal in the unauthorized nodes cannot be extracted, the specific transaction information cannot be known, and an access control mechanism is realized.
Description
Technical Field
The invention relates to the technical field of blockchains, in particular to a private data intelligent access control method based on a blockchain.
Background
The ledger of the blockchain refers to a string of encrypted blocks, each block containing block information and some transaction data, such as read-write sets, contract parameters, etc. In the ethernet network, the account book maintained by all nodes is the same, data can be acquired by all nodes in the node cluster, although the data does not show specific transaction contents in a clear text, some nodes with contracts can execute intelligent contracts again according to known conditions, and the transaction contents contained in the data are deduced through analysis of output results and block information, so that an access control method capable of aiming at the account book design is urgently needed.
Disclosure of Invention
In order to overcome or at least partially solve the above problems, an embodiment of the present invention provides a blockchain-based intelligent access control method for private data.
Embodiments of the present invention are implemented as follows:
in one aspect, the invention provides a blockchain-based intelligent access control method for private data, which comprises the following steps:
constructing a transaction proposal according to the transaction request, and generating a unique public key and a private key of the transaction proposal; processing the transaction proposal to obtain a transaction proposal abstract, and encrypting the transaction proposal abstract by using a private key to obtain an encrypted transaction proposal abstract; broadcasting the encrypted transaction proposal abstract to each node on the blockchain, and distributing a public key to authorized nodes; the authorized node receives the transaction proposal abstract, the encrypted transaction proposal abstract and the public key; decrypting the encrypted transaction proposal abstract by the authorized node by adopting the public key to obtain the transaction proposal abstract to be compared; comparing the abstract of the transaction proposal to be compared with the abstract of the transaction proposal, if the abstract of the transaction proposal is the same as the abstract of the proposal to be compared, the authentication is successful, the transaction proposal is sent to the node, otherwise, the authentication is failed.
The method comprises the steps of broadcasting an encrypted transaction proposal abstract to each node on a blockchain, distributing a public key to an authorized node, decrypting the encrypted transaction proposal abstract by the authorized node by using the public key to obtain a transaction proposal abstract to be compared, comparing the transaction proposal abstract to be compared with the transaction proposal abstract, and if the transaction proposal abstract is the same as the transaction proposal abstract to be compared, successfully authenticating. Therefore, even if unauthorized nodes can obtain partial data in the blockchain, the unauthorized nodes cannot extract transaction proposals in the unauthorized nodes without public keys, so that an access control mechanism is realized.
Based on the first aspect, in some embodiments of the present invention, the step of processing the transaction proposal to obtain a transaction proposal abstract includes:
and processing the transaction proposal by adopting a one-way hash function to obtain a transaction proposal abstract.
Based on the first aspect, in some embodiments of the invention, the transaction proposal digest is 128 bits in size.
Based on the first aspect, in some embodiments of the present invention, the step of decrypting the encrypted transaction proposal digest with the public key by the authorized node further comprises:
the authorized node authenticates the public key, and after the authentication is passed, the authorized node believes that the received public key is true.
Based on the first aspect, in some embodiments of the invention, the step of authenticating the public key by the authorized node includes:
the authorized node obtains an authentication public key issued by an authentication mechanism;
the authorized node firstly uses the public key of the certification authority issued by the certification authority to certify whether the public key of the transaction proposal is issued by the same certification authority or not and whether the public key is changed after the public key is issued;
after passing the authentication, the authorized node believes that the public key of the received transaction requester is authentic.
Based on the first aspect, in some embodiments of the invention, the certification authority generates a certificate based on the transaction proposal, the certificate including the public key, the private key, and the digital signature of the certification authority.
Based on the first aspect, in some embodiments of the invention, the certification authority itself has a pair of keys.
Based on the first aspect, in some embodiments of the invention, further comprising:
if the certificate issued by the certification authority is lost or leaked, the certification authority records the certificate into a certificate revocation list and is disclosed on the internet;
the authorized node can enter the certification authority's website to view the list of certificate revocation to confirm whether the public key has been revoked by the certification authority as an invalid certificate.
In a second aspect, an embodiment of the present invention provides an electronic device, including:
a memory for storing one or more programs;
a processor;
and when the one or more programs are executed by the processor, implementing a blockchain-based intelligent access control method for private data.
In a third aspect, an embodiment of the present invention provides a computer readable storage medium having a computer program stored thereon, wherein the computer program when executed by a processor implements a blockchain-based intelligent access control method for private data.
The embodiment of the invention has at least the following advantages or beneficial effects:
a privacy data intelligent access control method based on a blockchain comprises the following steps: constructing a transaction proposal according to the transaction request, and generating a unique public key and a private key of the transaction proposal; processing the transaction proposal to obtain a transaction proposal abstract, and encrypting the transaction proposal abstract by using a private key to obtain an encrypted transaction proposal abstract; broadcasting the encrypted transaction proposal abstract to each node on the blockchain, and distributing a public key to authorized nodes; the authorized node receives the transaction proposal abstract, the encrypted transaction proposal abstract and the public key; decrypting the encrypted transaction proposal abstract by the authorized node by adopting the public key to obtain the transaction proposal abstract to be compared; comparing the abstract of the transaction proposal to be compared with the abstract of the transaction proposal, if the abstract of the transaction proposal is the same as the abstract of the proposal to be compared, the authentication is successful, the transaction proposal is sent to the node, otherwise, the authentication is failed.
The method comprises the steps of broadcasting an encrypted transaction proposal abstract to each node on a blockchain, distributing a public key to an authorized node, decrypting the encrypted transaction proposal abstract by the authorized node by using the public key to obtain a transaction proposal abstract to be compared, comparing the transaction proposal abstract to be compared with the transaction proposal abstract, and if the transaction proposal abstract is the same as the transaction proposal abstract to be compared, successfully authenticating. Therefore, even if unauthorized nodes can obtain partial data in the blockchain, the unauthorized nodes cannot extract transaction proposals in the unauthorized nodes without public keys, so that an access control mechanism is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of an embodiment of a blockchain-based intelligent access control method for private data;
FIG. 2 is a schematic diagram illustrating information interaction of an embodiment of a blockchain-based intelligent access control method for private data;
FIG. 3 is a schematic diagram illustrating information interaction of an embodiment of a blockchain-based intelligent access control method for private data;
FIG. 4 is a schematic diagram illustrating information interaction of an embodiment of a blockchain-based intelligent access control method for private data;
FIG. 5 is a schematic diagram illustrating information interaction of an embodiment of a blockchain-based intelligent access control method for private data;
fig. 6 is a schematic diagram illustrating information interaction of an embodiment of a blockchain-based intelligent access control method for private data.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
In the embodiments provided in the present application, it should be understood that the disclosed method may be implemented in other manners as well. The method embodiments are illustrative only, and the block diagrams in the figures, for example, illustrate the architecture, functionality, and operation of possible implementations of systems and computer program products according to various embodiments of the present application. In this regard, each block in the block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored on a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device, which may be a personal computer, a server, or a network device, to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In the description of the embodiments of the present invention, "plurality" means at least 2.
In the description of the embodiments of the present invention, it should also be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" should be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art according to the specific circumstances.
Examples
Referring to fig. 1, in one aspect of the present embodiment, the present invention provides a blockchain-based intelligent access control method for private data, including the following steps:
s10, constructing a transaction proposal according to a transaction request, and generating a unique public key and a private key of the transaction proposal;
the transaction request is initiated by a transaction requester, and the specific transaction request of the transaction requester generates a transaction proposal with a uniform format and endows the transaction proposal with a unique public key and a private key.
S20, processing the transaction proposal to obtain a transaction proposal abstract, and encrypting the transaction proposal abstract by using a private key to obtain an encrypted transaction proposal abstract;
referring to fig. 4, in this step, a one-way hash function is used to process the transaction proposal to obtain a transaction proposal digest. The one-way Hash function, also called one-way Hash function or Hash function, is a function that changes an input message string of any length into an output string of a fixed length, and it is difficult to obtain the input string from the output string. The transaction proposal digest corresponds to the fingerprint of the transaction proposal, can uniquely identify the transaction proposal, and is dynamically balanced with the transaction proposal digest, namely, the transaction proposal digest obtained after being processed by the one-way hash function is transmitted and changed as long as the transaction proposal is changed. The size of the transaction proposal abstract is 128 bits. The process of encrypting the 128-bit transaction proposal digest generated from the transaction proposal using the private key is referred to as a digital signature process, and the resulting encrypted transaction proposal digest is referred to as a data signature of the document. The core problems solved by the digital signature are as follows: ensuring that the received file has not been altered. It is noted that the private key is used to encrypt the transaction proposal digest rather than the transaction proposal.
S30, broadcasting the encrypted transaction proposal abstract to each node on the blockchain, and distributing a public key to authorized nodes;
in this step, each node can obtain the encrypted transaction proposal digest, but a public key is required to open the encrypted transaction proposal digest to obtain the transaction proposal digest to be compared, and the authorized node has the public key and can use the public key to open the encrypted transaction proposal digest.
S40, receiving the transaction proposal abstract, encrypting the transaction proposal abstract and the public key by the authorized node;
referring to fig. 5, the authorized node receives the transaction proposal digest, the public key, and the encrypted transaction proposal digest. In this step, the public key is used to open the encrypted transaction proposal abstract to obtain the transaction proposal abstract to be compared, and the transaction proposal abstract is used to compare with the transaction proposal abstract to be compared.
S60, decrypting the encrypted transaction proposal abstract by the authorized node by adopting the public key to obtain the transaction proposal abstract to be compared;
in this step, the transaction proposal abstract to be compared is only obtained by decrypting the encrypted transaction proposal abstract with the public key.
And S70, comparing the transaction proposal abstract to be compared with the transaction proposal abstract, if the transaction proposal abstract is the same as the transaction proposal abstract to be compared, the authentication is successful, the transaction proposal is sent to the node, otherwise, the authentication is failed.
According to the method, the encrypted transaction proposal abstract is broadcast to each node on the blockchain, the public key is distributed to the authorized node, the authorized node can decrypt the encrypted transaction proposal abstract by using the public key to obtain the transaction proposal abstract to be compared, the transaction proposal abstract to be compared is compared with the transaction proposal abstract, if the transaction proposal abstract is the same as the transaction proposal abstract to be compared, authentication is successful, and the received file is ensured not to be changed. Therefore, even if unauthorized nodes can obtain partial data in the blockchain, the unauthorized nodes cannot extract transaction proposals in the unauthorized nodes without public keys, so that an access control mechanism is realized.
Referring to fig. 2, in some embodiments of the invention, the step of decrypting the encrypted transaction proposal digest with the public key by the authorized node further includes, based on the first aspect:
s50: the authorized node authenticates the public key, and after the authentication is passed, the authorized node believes that the received public key is true.
Referring to fig. 3, the step of authenticating the public key by the authorized node includes:
s51: the authorized node obtains an authentication public key issued by an authentication mechanism;
in this step, the certification authority belongs to a third party authority, and is used for identifying whether the received public key is real, each transaction proposal has a certificate sent by the certification authority, and the public key and the identification information thereof are contained in the certificate. This certificate is digitally signed by the certification authority. Any user may obtain the public key of the authentication center from a trusted location, which public key is used to verify whether a certain public key is owned by a certain transaction proposal.
Referring to fig. 6, when generating a transaction proposal, a certification authority generates a certificate of the transaction proposal, where the certificate includes a public key and a private key of the transaction proposal and a digital signature of the certification authority. The certification authority itself has a pair of keys, which is the basis for digitally signing and securing certificates issued by the certification authority, and cannot be compromised.
S52: the authorized node firstly uses the public key of the certification authority issued by the certification authority to certify whether the public key of the transaction proposal is issued by the same certification authority or not and whether the public key is changed after the public key is issued;
referring to fig. 6, in this step, after the authorized node receives the public key, it is verified whether the received public key is legal, and is the public key with signature issued by the certification authority? The authorizing node asks whether the transaction proposal is authentic, but the authorizing node trusts the certification authority. Therefore, user B first verifies, using the certification authority public key issued by the certification authority, whether the received public key was issued by the same certification authority, and whether it was changed after the issuance.
S53: after passing the authentication, the authorized node believes that the public key of the received transaction requester is authentic.
In this step, after verification is passed, the authorised node believes that the received public key is indeed the public key of the transaction proposal. And then decrypting the encrypted transaction proposal abstract by using the public key, and comparing to judge whether the file is changed.
Based on the first aspect, in some embodiments of the invention, further comprising:
if the certificate issued by the certification authority is lost or leaked, the certification authority records the certificate into a certificate revocation list and is disclosed on the internet;
the authorized node can enter the certification authority's website to view the list of certificate revocation to confirm whether the public key has been revoked by the certification authority as an invalid certificate.
In a second aspect, an embodiment of the present invention provides an electronic device, including:
a memory for storing one or more programs;
a processor;
and when the one or more programs are executed by the processor, implementing a blockchain-based intelligent access control method for private data.
In a third aspect, an embodiment of the present invention provides a computer readable storage medium having a computer program stored thereon, wherein the computer program when executed by a processor implements a blockchain-based intelligent access control method for private data.
In summary, an embodiment of the present invention provides a blockchain-based intelligent access control method and device for private data, where the method includes the following steps: constructing a transaction proposal according to the transaction request, and generating a unique public key and a private key of the transaction proposal; processing the transaction proposal to obtain a transaction proposal abstract, and encrypting the transaction proposal abstract by using a private key to obtain an encrypted transaction proposal abstract; broadcasting the encrypted transaction proposal abstract to each node on the blockchain, and distributing a public key to authorized nodes; the authorized node receives the transaction proposal abstract, the encrypted transaction proposal abstract and the public key; decrypting the encrypted transaction proposal abstract by the authorized node by adopting the public key to obtain the transaction proposal abstract to be compared; comparing the abstract of the transaction proposal to be compared with the abstract of the transaction proposal, if the abstract of the transaction proposal is the same as the abstract of the proposal to be compared, the authentication is successful, the transaction proposal is sent to the node, otherwise, the authentication is failed.
According to the method and the device, the encrypted transaction proposal abstract is broadcast to each node on the blockchain, the public key is distributed to the authorized node, the authorized node can decrypt the encrypted transaction proposal abstract by using the public key to obtain the transaction proposal abstract to be compared, the transaction proposal abstract to be compared is compared with the transaction proposal abstract, if the transaction proposal abstract is the same as the transaction proposal abstract to be compared, authentication is successful, and the received file is ensured not to be changed. Therefore, even if unauthorized nodes can obtain partial data in the blockchain, the unauthorized nodes cannot extract transaction proposals in the unauthorized nodes without public keys, so that an access control mechanism is realized.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (7)
1. The intelligent access control method for the private data based on the blockchain is characterized by comprising the following steps of:
constructing a transaction proposal according to the transaction request, and generating a unique public key and a private key of the transaction proposal;
processing the transaction proposal to obtain a transaction proposal abstract, and encrypting the transaction proposal abstract by using a private key to obtain an encrypted transaction proposal abstract;
broadcasting the encrypted transaction proposal abstract to each node on the blockchain, and distributing a public key to authorized nodes;
the authorized node receives the transaction proposal abstract, the encrypted transaction proposal abstract and the public key;
decrypting the encrypted transaction proposal abstract by the authorized node by adopting the public key to obtain the transaction proposal abstract to be compared;
comparing the transaction proposal abstract to be compared with the transaction proposal abstract, if the transaction proposal abstract is the same as the transaction proposal abstract to be compared, the authentication is successful, the transaction proposal is sent to the node, otherwise, the authentication is failed;
the step of decrypting the encrypted transaction proposal abstract by the authorized node by adopting the public key further comprises the following steps: the authorized node authenticates the public key, and after the authentication is passed, the authorized node believes that the received public key is true;
the step of authenticating the public key by the authorized node comprises the following steps: the authorized node obtains an authentication public key issued by an authentication mechanism; the authorized node firstly uses the public key of the certification authority issued by the certification authority to certify whether the public key of the transaction proposal is issued by the same certification authority or not and whether the public key is changed after the public key is issued; wherein the certification authority belongs to a third party authority and is used for authenticating whether the received public key is real; when generating a transaction proposal, the certification authority generates a certificate of the transaction proposal, wherein the certificate comprises a public key, a private key and a digital signature of the certification authority of the transaction proposal;
after passing the authentication, the authorized node believes that the public key of the received transaction requester is authentic.
2. The blockchain-based intelligent access control method of private data according to claim 1, wherein the step of processing the transaction proposal to obtain a transaction proposal abstract comprises the steps of:
and processing the transaction proposal by adopting a one-way hash function to obtain a transaction proposal abstract.
3. The blockchain-based intelligent access control method of private data according to claim 2, wherein the size of the transaction proposal abstract is 128 bits.
4. The blockchain-based intelligent access control method of private data according to claim 1, wherein the certification authority itself has a pair of keys.
5. The blockchain-based intelligent access control method of private data of claim 1, further comprising:
if the certificate issued by the certification authority is lost or leaked, the certification authority records the certificate into a certificate revocation list and is disclosed on the internet;
the authorized node can enter the certification authority's website to view the list of certificate revocation to confirm whether the public key has been revoked by the certification authority as an invalid certificate.
6. An electronic device, comprising:
a memory for storing one or more programs;
a processor;
the method of any of claims 1-5 is implemented when the one or more programs are executed by the processor.
7. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110442759.5A CN113240418B (en) | 2021-04-23 | 2021-04-23 | Block chain-based intelligent access control method and equipment for private data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110442759.5A CN113240418B (en) | 2021-04-23 | 2021-04-23 | Block chain-based intelligent access control method and equipment for private data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113240418A CN113240418A (en) | 2021-08-10 |
| CN113240418B true CN113240418B (en) | 2024-01-12 |
Family
ID=77129030
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110442759.5A Active CN113240418B (en) | 2021-04-23 | 2021-04-23 | Block chain-based intelligent access control method and equipment for private data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113240418B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107392040A (en) * | 2017-04-28 | 2017-11-24 | 阿里巴巴集团控股有限公司 | A kind of method and device for checking of knowing together |
| CN109672518A (en) * | 2019-03-02 | 2019-04-23 | 西安邮电大学 | The node data processing of the block chain of anti-quantum attack |
| CN110061846A (en) * | 2019-03-14 | 2019-07-26 | 深圳壹账通智能科技有限公司 | Identity authentication method and relevant device are carried out to user node in block chain |
| CN110785783A (en) * | 2019-03-04 | 2020-02-11 | 阿里巴巴集团控股有限公司 | Method and apparatus for testing signature verification for blockchain systems |
| CN112311735A (en) * | 2019-07-30 | 2021-02-02 | 华为技术有限公司 | Credible authentication method, network equipment, system and storage medium |
| CN112564906A (en) * | 2020-12-28 | 2021-03-26 | 广东长盈科技股份有限公司 | Block chain-based data security interaction method and system |
-
2021
- 2021-04-23 CN CN202110442759.5A patent/CN113240418B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107392040A (en) * | 2017-04-28 | 2017-11-24 | 阿里巴巴集团控股有限公司 | A kind of method and device for checking of knowing together |
| CN109672518A (en) * | 2019-03-02 | 2019-04-23 | 西安邮电大学 | The node data processing of the block chain of anti-quantum attack |
| CN110785783A (en) * | 2019-03-04 | 2020-02-11 | 阿里巴巴集团控股有限公司 | Method and apparatus for testing signature verification for blockchain systems |
| CN110061846A (en) * | 2019-03-14 | 2019-07-26 | 深圳壹账通智能科技有限公司 | Identity authentication method and relevant device are carried out to user node in block chain |
| CN112311735A (en) * | 2019-07-30 | 2021-02-02 | 华为技术有限公司 | Credible authentication method, network equipment, system and storage medium |
| CN112564906A (en) * | 2020-12-28 | 2021-03-26 | 广东长盈科技股份有限公司 | Block chain-based data security interaction method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113240418A (en) | 2021-08-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2021206913B2 (en) | Systems and methods for distributed data sharing with asynchronous third-party attestation | |
| US8086842B2 (en) | Peer-to-peer contact exchange | |
| CN109547445B (en) | Method and system for verifying legality of network request of client | |
| CN108933667B (en) | Management method and management system of public key certificate based on block chain | |
| US7398396B2 (en) | Electronic signature method, program and server for implementing the method | |
| CN1961523B (en) | Token provision | |
| KR101658501B1 (en) | Digital signature service system based on hash function and method thereof | |
| US7308574B2 (en) | Method and system for key certification | |
| US20050132201A1 (en) | Server-based digital signature | |
| EP2882156A1 (en) | Computer implemented method and a computer system to prevent security problems in the use of digital certificates in code signing and a computer program product thereof | |
| CN101395624A (en) | Verification of electronic signatures | |
| JPH11225142A (en) | Authentication system and method | |
| US20100098246A1 (en) | Smart card based encryption key and password generation and management | |
| KR101817152B1 (en) | Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential | |
| EP2747377A2 (en) | Trusted certificate authority to create certificates based on capabilities of processes | |
| KR20010040248A (en) | Method and system for transient key digital time stamps | |
| CN110719167B (en) | Block chain-based signcryption method with timeliness | |
| JP4846464B2 (en) | System for issuing and verifying multiple public key certificates, and method for issuing and verifying multiple public key certificates | |
| JP2004248220A (en) | Public key certificate issuing apparatus, public key certificate recording medium, certification terminal equipment, public key certificate issuing method, and program | |
| WO2021027982A1 (en) | System and method for electronic signature creation and management for long-term archived documents | |
| CN113240418B (en) | Block chain-based intelligent access control method and equipment for private data | |
| WO2024014017A1 (en) | Message presentation system, presentation device, and message presentation method | |
| EP4239510B1 (en) | Collaborative verification of certification computing system based on consistency proofs | |
| Corella et al. | Strong and convenient multi-factor authentication on mobile devices | |
| CN117811738A (en) | Method and equipment for generating and authenticating authorization certificate in network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |