CN113343286A - Data encryption and decryption method, data uploading end, data receiving end and system - Google Patents
Data encryption and decryption method, data uploading end, data receiving end and system Download PDFInfo
- Publication number
- CN113343286A CN113343286A CN202110894013.8A CN202110894013A CN113343286A CN 113343286 A CN113343286 A CN 113343286A CN 202110894013 A CN202110894013 A CN 202110894013A CN 113343286 A CN113343286 A CN 113343286A
- Authority
- CN
- China
- Prior art keywords
- data
- ciphertext
- password
- plaintext
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention provides a data encryption and decryption method, a data uploading end, a data receiving end and a system, wherein the method comprises the encryption method and the decryption method, and the encryption method comprises the following steps: acquiring a data plaintext and an AES key, and encrypting the data plaintext by combining the AES key to obtain a data ciphertext; and coding the data ciphertext to obtain a character string ciphertext and writing the character string ciphertext into the block chain database. The decryption method comprises the following steps: acquiring a data ciphertext, a decryption password and a preset password, and authenticating the decryption password and the preset password; when the authentication is passed, outputting a data plaintext; and when the authentication is not passed, outputting a data ciphertext. According to the data encryption and decryption method, the data uploading end, the data receiving end and the system, through a password authentication mode, secret key distribution is not involved, different bloom filters can be arranged for different groups of data to verify, data differentiation verification is achieved, data safety is guaranteed, and the technical problem that potential safety hazards exist in data safety due to the fact that secret keys need to be managed in an encryption algorithm in the prior art is solved.
Description
Technical Field
The present invention relates to the field of block chain technology, and in particular, to a data encryption and decryption method, a data uploading end, a data receiving end, and a system.
Background
Information security is a hotspot of widespread concern in today's society, where protection of private data is of central importance. The privacy data needs to be kept secret not only for other users except for the data owner, but also for the data storage unit, the development of cryptography provides technical support for the former, and the generation of block chain technology clears obstacles for the latter.
The intelligent contract is a key logic code in a block chain, runs in a safety isolated virtual machine, and is a middle layer from a client to a database. An intelligent contract is essentially a string of code that is automatically executed by a computer, and logic code is automatically executed when the requirements in the contract are met according to preset conditions. The early intelligent contracts are not particularly emphasized until the block chain technology is produced, the development of the intelligent contracts is greatly promoted, the intelligent contracts cannot be tampered, and the decentralization characteristic is the foundation for the correct and safe operation of the intelligent contracts. From now on, a series of application scenarios incorporating intelligent contracts arose.
In the agricultural product traceability system based on the blockchain, because the data is stored in the blockchain, all organizations belonging to the alliance chain can freely view the data, and for the private data, the data owner does not want to disclose, such as: sensitive data relating to corporate identity numbers, contact phones, home addresses, etc. are not intended to be disclosed to the manufacturer, where encryption techniques may be employed.
In the prior art, there are mainly two types of encryption algorithms: symmetric encryption and asymmetric encryption, regardless of which encryption algorithm faces the problem of key management, and once the encryption key is lost, the security of data is threatened. Therefore, the management of the key becomes a big problem restricting the development of security of the information.
Disclosure of Invention
Based on this, the invention aims to provide a data encryption and decryption method, a data uploading end, a data receiving end and a system, which are used for solving the technical problem that the encryption algorithm in the prior art needs to manage keys, so that potential safety hazards exist in data safety.
One aspect of the present invention provides a data encryption method, including:
acquiring a data plaintext, and carrying out serialization processing on the data plaintext to obtain a byte stream plaintext;
obtaining an AES key, and carrying out AES algorithm encryption on the byte stream plaintext by combining the AES key to obtain a data ciphertext;
coding the data ciphertext to obtain a character string ciphertext;
and writing the character string ciphertext into a block chain database through a data chain.
Another aspect of the present invention provides a data decryption method, including:
acquiring a data ciphertext sent by a block chain database;
acquiring a decryption password input by a user, acquiring a preset password from a bloom filter of the block chain database, and authenticating the decryption password and the preset password, wherein the preset password is a password pre-stored in the bloom filter before the data ciphertext is linked;
when the authentication is passed, carrying out AES algorithm decryption on the data ciphertext, carrying out reverse serialization on the data ciphertext decrypted by the AES algorithm to obtain a data plaintext corresponding to the data ciphertext, and outputting the data plaintext;
and when the authentication is not passed, outputting the data ciphertext.
The data encryption and decryption method comprises the steps of encrypting a byte stream plaintext obtained by combining the data plaintext with an AES key to perform serialization processing on the data plaintext by an AES algorithm, chaining the obtained data ciphertext to a block chain database through data, acquiring the data ciphertext from the block chain database when the data needs to be accessed, according to the preset password, whether the input decryption password passes or not is authenticated, the data is decrypted and the data plaintext corresponding to the data ciphertext is output after the authentication passes, the data ciphertext is output when the authentication fails, by means of password authentication, the distribution of the key is not involved, the data security is prevented from being threatened due to the loss of the key, different groups of data can be verified by setting different bloom filters, so that data differentiation verification is realized, data safety is guaranteed, and the technical problem that potential safety hazards exist in data safety due to the fact that an encryption algorithm in the prior art needs to manage keys is solved.
In addition, the data encryption and decryption method according to the present application may further have the following additional technical features:
further, the step of obtaining the AES key may be preceded by:
generating the AES key by an AES key generation algorithm.
Further, the AES key may be used repeatedly on multiple sets of data in plaintext.
Further, the step of writing the string cipher text into a block chain database via data uplink comprises:
and writing the character string ciphertext into a block chain database in a k-v key value pair mode.
Further, the step of obtaining the preset password from the bloom filter of the blockchain database comprises:
locating the bloom filter in the blockchain database;
and storing the preset password in a bloom filter, and emptying the preset password stored in the bloom filter when the storage time of the preset password in the bloom filter exceeds the preset time.
Further, the bloom filter may accommodate multiple different preset passwords at the same time.
Another aspect of the present invention provides a data uploading end, including:
the data plaintext acquisition module is used for acquiring data plaintext, and carrying out serialization processing on the data plaintext to obtain a byte stream plaintext;
the encryption module is used for acquiring an AES key and encrypting the byte stream plaintext by combining the AES key to obtain a data ciphertext;
the coding module is used for coding the data ciphertext to obtain a character string ciphertext;
and the writing module is used for writing the character string ciphertext into a block chain database through a data uplink.
Another aspect of the present invention further provides a data receiving end, including:
the data ciphertext acquisition module is used for acquiring a data ciphertext transmitted by the block chain database;
the authentication module is used for acquiring a decryption password input by a user, acquiring a preset password from a bloom filter of the block chain database, and authenticating the decryption password and the preset password, wherein the preset password is a password pre-stored in the bloom filter before the data ciphertext is linked;
the first execution module is used for decrypting the data ciphertext by the AES algorithm when the authentication is passed, performing reverse serialization on the data ciphertext decrypted by the AES algorithm to obtain a data plaintext corresponding to the data ciphertext, and outputting the data plaintext;
and the second execution module outputs the data ciphertext when the authentication is not passed.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 is a diagram of a federation chain framework in a first embodiment of the present invention;
FIG. 2 is a diagram of an intelligent contract design according to a first embodiment of the present invention;
FIG. 3 is a flow chart of data encryption according to a first embodiment of the present invention;
FIG. 4 is a diagram of an aggregate encryption process architecture according to a first embodiment of the present invention;
FIG. 5 is a flowchart of data decryption according to a first embodiment of the present invention;
FIG. 6 is a diagram of a bloom filter design in accordance with a first embodiment of the present invention;
FIG. 7 is a flowchart of password authentication according to a first embodiment of the present invention;
FIG. 8 is a diagram illustrating a data input-query process according to a first embodiment of the present invention.
Fig. 9 is a diagram of the architecture of a data encryption/decryption system according to a fourth embodiment of the present invention.
The following detailed description will further illustrate the invention in conjunction with the above-described figures.
Detailed Description
To facilitate an understanding of the invention, the invention will now be described more fully with reference to the accompanying drawings. Several embodiments of the invention are presented in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
A federation chain is a type of block chain in which each organized node is allowed admission. As shown in fig. 1, each node in the federation chain is within the same network and the nodes are able to communicate with each other. The intelligent contracts run on a federation chain, and each node is provided with the intelligent contracts. The application provides an aggregation encryption method based on an intelligent contract, wherein the aggregation encryption is mainly optimized based on the intelligent contract, data is encrypted when operation is added, password authentication is carried out when the data is inquired, and decrypted data is returned after verification. The P2P technology is used in the block chain, any two nodes can freely communicate with each other, each node is provided with a complete database, usability and fault tolerance are achieved through a consensus mechanism, different from a traditional centralized database, the chain structure of the block chain has the advantages of decentralization, non-tampering, traceability and the like, and intelligent contracts run in the block chain, so that once the contracts run, the contracts are not interfered by the outside. According to the characteristic, the key is generated on the intelligent contract and the data encryption is carried out, so that the risk of key leakage can be eliminated.
In the research, HyperLegendr Fabric is used as a block chain running platform of intelligent contracts, and the intelligent contracts are also called chain codes in Fabric. In Fabric, the chain code runs in an isolated, secure container, and when the chain code is executed, the outside cannot be accessed and the chain code cannot be changed, as shown in fig. 2.
Example one
In an embodiment of the present invention, please refer to fig. 3, fig. 3 is a schematic diagram of a data encryption method in an embodiment of the present invention, and as shown in fig. 3, the method includes steps S101 to S104:
s101, acquiring a data plaintext, and carrying out serialization processing on the data plaintext to obtain a byte stream plaintext.
Firstly, serializing data to be encrypted, wherein the data to be encrypted is data plaintext, then performing AES encryption on the serialized data by using an AES key generated by a key generation algorithm, and finally storing the encrypted data in a block chain world state in a k-v key value pair mode.
S102, an AES key is obtained, and AES algorithm encryption is carried out on the byte stream plaintext by combining the AES key to obtain a data ciphertext.
In the data input stage, a data owner uploads a password of data to be encrypted to a chain code, the data are encrypted in the chain code, an encryption key is generated in the chain code according to an algorithm, the encrypted data are written into a world state of a block chain in a k-v key value pair, and meanwhile, the password is added into a bloom filter; in the data query stage, firstly encrypted data is obtained according to the k value, a password is obtained from a data owner, and aggregation decryption is carried out by using the password to pass authentication, so that real data is obtained.
S103, coding the data ciphertext to obtain a character string ciphertext.
And S104, writing the character string ciphertext into the block chain database through the data uplink.
Specifically, the step of writing the string cipher text into the block chain database via the data uplink includes:
and writing the character string ciphertext into the block chain database in a k-v key value pair mode.
The encryption method in the application adopts a polymerization encryption method, the polymerization encryption is a method for carrying out overall encryption on data on an intelligent contract, according to the characteristic that any type of data can be serialized into a byte stream, the data is converted into a byte type, and encryption is carried out through AES. The encryption key is generated in a chain code and is invisible to anyone. As shown in fig. 4, a Json object is serialized by a Marshal function, then the serialized bytes are encrypted by AES, the encrypted data is represented in a garbled form, and is converted into visible characters by Base64 encoding, and finally stored in a block chain.
Specifically, the step of obtaining the AES key includes:
the AES key is generated by an AES key generation algorithm.
In the present application, the AES key may be used repeatedly for multiple sets of data in plaintext.
In an embodiment of the present invention, please refer to fig. 5, fig. 5 is a schematic diagram of a data decryption method in an embodiment of the present invention, as shown in fig. 5, the method includes steps S201 to S204:
s201, acquiring a data ciphertext sent by the block chain database.
In this embodiment, the data receiving end sends a request for obtaining the data ciphertext to the blockchain database, and when the blockchain database receives the request for obtaining the data ciphertext, the data receiving end sends the data ciphertext to the data receiving end. In some optional embodiments, the data receiving end may be an operation terminal, such as a computer end, a mobile phone end, and the like.
And acquiring data according to the k value of the query data. At this time, the data is of an encrypted character type. And acquiring encrypted data from the world state of the block chain according to the k value, acquiring a password from a data owner, passing authentication by using the password, performing AES decryption, and finally acquiring the decrypted data through reverse serialization.
S202, a decryption password input by a user is obtained, a preset password is obtained from a bloom filter of the block chain database, and the decryption password and the preset password are authenticated.
Specifically, the preset password is a password pre-stored in the bloom filter before the uplink of the data ciphertext. In the invention, the password is periodically distributed for authentication by combining the bloom filter, so that not only is the safety high, but also the flexibility is considered, the password has the validity period, and a new password is generated by updating the bloom filter at regular time.
The bloom filter is a data structure that can be used to detect whether elements exist in a set, and since all elements are subjected to Hash function conversion, occurrence of a probabilistic event of Hash collision causes a certain non-existing element to be detected as a present element, that is, the feature is that there is a false positive. In order to reduce the probability of false positives, as shown in fig. 6, a timer is set in the bloom filter, and when a preset time period is reached, the bloom filter performs a reset operation to empty all data. Because the password is used as a storage element, the number of the passwords is limited and less, the probability of misjudgment is low, and the setting of the timer ensures that the authentication accuracy reaches an acceptable range on one hand and the updating of the password ensures the data security on the other hand.
In the present application, a bloom filter may accommodate multiple different preset passwords at the same time.
The password authentication is that the corresponding password is input, and the password authentication has corresponding authority after passing the authentication. As shown in fig. 7, password authentication is implemented in a chain code, a bloom filter is used as an authentication function, a plurality of passwords may be provided, and the passwords may be input into the bloom filter in a manner of selecting an externally input password or an internally randomly generated password to complete binding. In the data inquiry stage, a password needs to be input for authentication, if decrypted data is returned, encrypted data is returned, otherwise, the encrypted data is returned.
If the authentication is passed, step S203 is executed;
s203, carrying out AES algorithm decryption on the data ciphertext, carrying out reverse serialization on the data ciphertext decrypted by the AES algorithm to obtain a data plaintext corresponding to the data ciphertext, and outputting the data plaintext.
If the authentication is not passed, step S204 is executed;
and S204, outputting the data ciphertext.
In the decryption query stage, four parts are mainly included, the first part is to acquire data according to the K value (i.e. Key value) of the query data, and at this time, the data is of an encrypted character type. The second part is a password authentication process, a bloom filter is used in the process, the bloom filter mainly has two functions, one is an element adding function, the other is an element detecting function, in the detecting process, only the added element returns a value of TRUE, and otherwise, the added element returns FALSE, and therefore, the element filtering is realized according to the characteristic. Whether the password passes or not is judged according to the input password, and the next part is carried out if the password passes or not without directly returning the ciphertext data. The third part is Base64 decoding, when the data is Base64 encoded data, and Base64 generally provides a corresponding decoding function which can decode the character data into binary form. The fourth part is decryption, the process uses AES algorithm for decryption, and the plaintext of the data can be obtained by using the key in the encryption process for decryption. At this point, the query process is completed by returning the plaintext data.
In this embodiment, bloom filtering is used to authenticate the password, and after the authentication is passed, the data is decrypted and the data plaintext is output, and when the authentication is failed, the data ciphertext is output. The password has a validity period, and a new password is generated by the timing update of the bloom filter. The key can be repeatedly used, and the distribution of the key is not involved, and different groups of data can be verified by setting different bloom filters, so that the differential verification of the data is realized, and the safety of the data is improved.
Specifically, in the agricultural product traceability system based on the blockchain, because data is stored in the blockchain, all organizations affiliated to the alliance chain can freely view the data, and for private data, the data owner does not want to disclose the private data, and at this time, an encryption technology can be adopted. Such as: for manufacturers, sensitive data related to legal identity numbers, contact calls, home addresses and the like can be encrypted in an aggregation mode and set passwords, when qualified organizations (such as supervision departments) need to check the data, the manufacturers can send the set passwords to the organizations, the organizations can check original data, namely data cleartext after password authentication, and the organizations without the passwords can only check the encrypted data, namely data ciphertext.
Specifically, the step of obtaining the preset password from the bloom filter of the blockchain database includes:
and arranging the bloom filter in a block chain database, storing the preset password in the bloom filter, and emptying the preset password stored in the bloom filter when the storage time of the preset password in the bloom filter exceeds the preset time.
The method comprises the following steps of firstly, initializing a bloom filter to obtain an empty bloom filter, then adding a password into the bloom filter according to requirements and setting a timer, then, when the timer expires, initializing the bloom filter again to obtain the empty bloom filter, and finally, continuously repeating the processes of adding elements and clearing the bloom filter.
In the application, a time limit may be set when the bloom filter is started to be initialized, for example, one month is implemented, and after one month, all elements in the bloom filter are empty, at this time, the previously issued password is invalid, which may reduce false positives of the bloom filter and may enhance data security. Specifically, a loop timing function may be set in the intelligent contract, so that the loop timing function is automatically executed in the intelligent contract, thereby calculating whether the storage duration of the preset password in the bloom filter exceeds the preset duration.
Fig. 8 is a schematic diagram of a flow of data input and data query in the data encryption and decryption method of the present invention, in a chain code, we perform aggregate encryption on data, and a secret key is generated in the chain code and is not transmitted externally; when data needs to be accessed, the password is authenticated by bloom filtering, so that the encryption key does not need to be transmitted and cannot be seen by anyone, and the data security is further enhanced. And the bloom filter decrypts the data and outputs a data plaintext after passing the password authentication, and outputs a data ciphertext if the authentication fails. The password has a validity period, and a new password is generated by regularly updating the bloom filter, so that the situation that a user can use the password all the time after knowing the password once is avoided, and the data security is further improved. The key can be repeatedly used, and the distribution of the key is not involved, and different groups of data can be verified by setting different bloom filters, so that the differential verification of the data is realized. The password has two generation modes, one mode is manual input, the other mode is automatic generation in chain codes, and the password generation method simultaneously considers the safety and the flexibility.
To sum up, in the data encryption and decryption method in the above embodiments of the present invention, the data plaintext is combined with the AES key to perform AES algorithm encryption on the byte stream plaintext obtained by performing serialization processing on the data plaintext, the obtained data ciphertext is linked to the block chain database through data, when data needs to be accessed, the data ciphertext is obtained from the block chain database according to the k value of the data to be checked, whether the input decryption password passes according to the preset password is authenticated, the data is decrypted and the data plaintext corresponding to the data ciphertext is output after the authentication passes, the data ciphertext is output when the authentication fails, by means of the password authentication, the distribution of the key is not involved, the data security is prevented from being threatened due to the loss of the key, the data of different groups can be verified by setting different bloom filters, differential verification of the data is realized, the data security is ensured, and the problem that the encryption algorithm in the prior art needs to manage the key is solved, the data security has the technical problem of potential safety hazard.
Example two
An embodiment of the present application further provides a data uploading end, including:
the data plaintext acquisition module is used for acquiring data plaintext and carrying out serialization processing on the data plaintext to obtain a byte stream plaintext;
the encryption module is used for acquiring an AES key and encrypting the byte stream plaintext by combining the AES key through an AES algorithm to obtain a data ciphertext;
the coding module is used for coding the data ciphertext to obtain a character string ciphertext;
and the writing module is used for writing the character string ciphertext into the block chain database through the data cochain.
To sum up, at the data uploading end in the above embodiments of the present invention, the data plaintext is combined with the AES key to perform AES algorithm encryption on the byte stream plaintext obtained by performing serialization processing on the data plaintext, the obtained data ciphertext is linked to the block chain database through data, when data needs to be accessed, the data ciphertext is obtained from the block chain database according to the k value of the data to be checked, whether the input decryption password passes or not is authenticated according to the preset password, the data is decrypted and the data plaintext corresponding to the data ciphertext is output after the authentication passes, the data ciphertext is output when the authentication fails, by means of the password authentication, the distribution of the key is not involved, the data security is prevented from being threatened due to the loss of the key, the data of different groups can be verified by setting different bloom filters, differential verification of the data is realized, the data security is ensured, and the problem that the encryption algorithm in the prior art needs to manage the key is solved, the data security has the technical problem of potential safety hazard.
EXAMPLE III
Another aspect of the embodiments of the present application provides a data receiving end, including:
the data ciphertext acquisition module is used for acquiring a data ciphertext transmitted by the block chain database;
the authentication module is used for acquiring a decryption password input by a user, acquiring a preset password from a bloom filter of a block chain database, and authenticating the decryption password and the preset password, wherein the preset password is a password pre-stored in the bloom filter before chaining of data ciphertext;
the first execution module is used for decrypting the data ciphertext by the AES algorithm when the authentication is passed, performing reverse serialization on the data ciphertext decrypted by the AES algorithm to obtain a data plaintext corresponding to the data ciphertext and outputting the data plaintext;
and the second execution module outputs the data ciphertext when the authentication is not passed.
To sum up, in the data receiving end in the above embodiments of the present invention, the data plaintext is combined with the AES key to perform AES algorithm encryption on the byte stream plaintext obtained by performing serialization processing on the data plaintext, the obtained data ciphertext is linked to the block chain database through data, when data needs to be accessed, the data ciphertext is obtained from the block chain database according to the k value of the data to be checked, whether the decryption password input according to the preset password passes or not is authenticated, after the authentication passes, the data is decrypted and the data plaintext corresponding to the data ciphertext is output, if the authentication fails, the data ciphertext is output, by means of the password authentication, the distribution of the key is not involved, thereby avoiding that the data security is threatened due to the key loss, different sets of data can be authenticated by setting different bloom filters, thereby realizing differential authentication of the data, ensuring data security, and solving the problem that the encryption algorithm in the prior art needs to manage the key, the data security has the technical problem of potential safety hazard.
Example four
Referring to fig. 9, in another aspect of the present application, a data encryption/decryption system includes a data uploading end, a data receiving end, and a block chain database;
the block chain database is connected with the data uploading end and the data receiving end, the data uploading end is used for encrypting the data plaintext, the data receiving end is used for decrypting the data ciphertext, the block chain database is used for receiving the data ciphertext encrypted by the data uploading end and acquiring the data ciphertext for the data receiving end
To sum up, in the data encryption and decryption system in the above embodiments of the present invention, the data plaintext is combined with the AES key to perform AES algorithm encryption on the byte stream plaintext obtained by performing serialization processing on the data plaintext, the obtained data ciphertext is linked to the block chain database through data, when data needs to be accessed, the data ciphertext is obtained from the block chain database according to the k value of the data to be checked, whether the input decryption password passes according to the preset password is authenticated, after the authentication passes, the data is decrypted and the data plaintext corresponding to the data ciphertext is output, if the authentication fails, the data ciphertext is output, by means of the password authentication, the distribution of the key is not involved, thereby avoiding threatening data security due to key loss, different sets of data can be authenticated by setting different bloom filters, thereby realizing differential authentication of the data, ensuring data security, and solving the problem that the encryption algorithm in the prior art needs to manage the key, the data security has the technical problem of potential safety hazard.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
Claims (9)
1. A data decryption method, applied to a data receiving end, the method comprising:
acquiring a data ciphertext sent by a block chain database;
acquiring a decryption password input by a user, acquiring a preset password from a bloom filter of the block chain database, and authenticating the decryption password and the preset password, wherein the preset password is a password pre-stored in the bloom filter before the data ciphertext is linked;
when the authentication is passed, carrying out AES algorithm decryption on the data ciphertext, carrying out reverse serialization on the data ciphertext decrypted by the AES algorithm to obtain a data plaintext corresponding to the data ciphertext, and outputting the data plaintext;
and when the authentication is not passed, outputting the data ciphertext.
2. The data decryption method of claim 1, wherein the step of obtaining the preset password from the bloom filter of the blockchain database comprises:
locating the bloom filter in the blockchain database;
and storing the preset password in a bloom filter, and emptying the preset password stored in the bloom filter when the storage time of the preset password in the bloom filter exceeds the preset time.
3. The data decryption method of claim 1, wherein the bloom filter can accommodate a plurality of different preset passwords at the same time.
4. A data encryption method is applied to a data uploading end, and the method comprises the following steps:
acquiring a data plaintext, and carrying out serialization processing on the data plaintext to obtain a byte stream plaintext;
obtaining an AES key, and carrying out AES algorithm encryption on the byte stream plaintext by combining the AES key to obtain a data ciphertext;
coding the data ciphertext to obtain a character string ciphertext;
and writing the character string ciphertext into a block chain database through a data chain.
5. The data encryption method of claim 4, wherein the step of obtaining the AES key is preceded by:
generating the AES key by an AES key generation algorithm.
6. The data encryption method of claim 4, wherein the AES key is used repeatedly over multiple sets of data in plaintext.
7. The data encryption method of claim 4, wherein the step of data-chaining writing the string cipher text into a block-chain database comprises:
and writing the character string ciphertext into a block chain database in a k-v key value pair mode.
8. A data receiving end, comprising:
the data ciphertext acquisition module is used for acquiring a data ciphertext transmitted by the block chain database;
the authentication module is used for acquiring a decryption password input by a user, acquiring a preset password from a bloom filter of the block chain database, and authenticating the decryption password and the preset password, wherein the preset password is a password pre-stored in the bloom filter before the data ciphertext is linked;
the first execution module is used for decrypting the data ciphertext by the AES algorithm when the authentication is passed, performing reverse serialization on the data ciphertext decrypted by the AES algorithm to obtain a data plaintext corresponding to the data ciphertext, and outputting the data plaintext;
and the second execution module outputs the data ciphertext when the authentication is not passed.
9. A data uploading end, comprising:
the data plaintext acquisition module is used for acquiring data plaintext, and carrying out serialization processing on the data plaintext to obtain a byte stream plaintext;
the encryption module is used for acquiring an AES key and encrypting the byte stream plaintext by combining the AES key to obtain a data ciphertext;
the coding module is used for coding the data ciphertext to obtain a character string ciphertext;
and the writing module is used for writing the character string ciphertext into a block chain database through a data uplink.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110894013.8A CN113343286B (en) | 2021-08-05 | 2021-08-05 | Data encryption and decryption method, data uploading end, data receiving end and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110894013.8A CN113343286B (en) | 2021-08-05 | 2021-08-05 | Data encryption and decryption method, data uploading end, data receiving end and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113343286A true CN113343286A (en) | 2021-09-03 |
| CN113343286B CN113343286B (en) | 2021-11-23 |
Family
ID=77480834
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110894013.8A Active CN113343286B (en) | 2021-08-05 | 2021-08-05 | Data encryption and decryption method, data uploading end, data receiving end and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113343286B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115619947A (en) * | 2022-12-19 | 2023-01-17 | 江西农业大学 | Three-dimensional modeling cooperation method and system based on block chain |
| CN116155619A (en) * | 2023-04-04 | 2023-05-23 | 江西农业大学 | Data processing method, data request terminal, data possession terminal and data processing device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5701464A (en) * | 1995-09-15 | 1997-12-23 | Intel Corporation | Parameterized bloom filters |
| CN106101093A (en) * | 2016-06-08 | 2016-11-09 | 东南大学 | Intelligent grid attribute access control method based on Bloom Filter |
| US20180241742A1 (en) * | 2012-11-07 | 2018-08-23 | Amazon Technologies, Inc. | Token based one-time password security |
| CN109831298A (en) * | 2019-01-31 | 2019-05-31 | 阿里巴巴集团控股有限公司 | The method of security update key and node, storage medium in block chain |
| CN111191286A (en) * | 2019-12-28 | 2020-05-22 | 南京理工大学 | HyperLegger Fabric block chain private data storage and access system and method thereof |
| CN111222157A (en) * | 2019-10-30 | 2020-06-02 | 支付宝(杭州)信息技术有限公司 | Method and device for inquiring block chain private data |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108615156A (en) * | 2018-05-09 | 2018-10-02 | 上海魅联信息技术有限公司 | A kind of data structure based on block chain |
| CN112131227A (en) * | 2020-09-29 | 2020-12-25 | 深圳前海微众银行股份有限公司 | Data query method and device based on alliance chain |
-
2021
- 2021-08-05 CN CN202110894013.8A patent/CN113343286B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5701464A (en) * | 1995-09-15 | 1997-12-23 | Intel Corporation | Parameterized bloom filters |
| US20180241742A1 (en) * | 2012-11-07 | 2018-08-23 | Amazon Technologies, Inc. | Token based one-time password security |
| CN106101093A (en) * | 2016-06-08 | 2016-11-09 | 东南大学 | Intelligent grid attribute access control method based on Bloom Filter |
| CN109831298A (en) * | 2019-01-31 | 2019-05-31 | 阿里巴巴集团控股有限公司 | The method of security update key and node, storage medium in block chain |
| CN111222157A (en) * | 2019-10-30 | 2020-06-02 | 支付宝(杭州)信息技术有限公司 | Method and device for inquiring block chain private data |
| CN111191286A (en) * | 2019-12-28 | 2020-05-22 | 南京理工大学 | HyperLegger Fabric block chain private data storage and access system and method thereof |
Non-Patent Citations (2)
| Title |
|---|
| FENG, T等: "Secure Data Collaborative Computing Scheme Based on Blockchain", 《SECURITY AND COMMUNICATION NETWORKS》 * |
| 马娜等: "基于Fabric的出行数据隐私保护方法", 《计算机工程与设计》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115619947A (en) * | 2022-12-19 | 2023-01-17 | 江西农业大学 | Three-dimensional modeling cooperation method and system based on block chain |
| CN115619947B (en) * | 2022-12-19 | 2023-12-26 | 江西农业大学 | Three-dimensional modeling cooperation method and system based on blockchain |
| CN116155619A (en) * | 2023-04-04 | 2023-05-23 | 江西农业大学 | Data processing method, data request terminal, data possession terminal and data processing device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113343286B (en) | 2021-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768988B (en) | Block chain access control method, block chain access control equipment and computer readable storage medium | |
| CN101309278B (en) | Method and system for storing encrypt data on customer | |
| US8379866B2 (en) | Method of distributing encoding/decoding program and symmetric key in security domain environment and data divider and data injector therefor | |
| Atiewi et al. | Scalable and secure big data IoT system based on multifactor authentication and lightweight cryptography | |
| US10650373B2 (en) | Method and apparatus for validating a transaction between a plurality of machines | |
| CN113343286B (en) | Data encryption and decryption method, data uploading end, data receiving end and system | |
| CN109981641A (en) | A kind of safe distribution subscription system and distribution subscription method based on block chain technology | |
| CN101926188B (en) | Security policy distribution to communication terminal | |
| CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
| US7131001B1 (en) | Apparatus and method for secure filed upgradability with hard wired public key | |
| CN111294203B (en) | Information transmission method | |
| CN101145911A (en) | Identity authentication method with privacy protection and password retrieval function | |
| CN114039790A (en) | Block chain-based fine-grained cloud storage security access control method | |
| CN103905400A (en) | Service authentication method, apparatus and system | |
| CN109815666A (en) | Identity identifying method, device, storage medium and electronic equipment based on FIDO agreement | |
| CA2981202C (en) | Hashed data retrieval method | |
| Han et al. | Access control mechanism for the Internet of Things based on blockchain and inner product encryption | |
| CN104506320A (en) | Method and system for identity authentication | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN117040765A (en) | Smart grid terminal authentication method and device, storage medium and computer equipment | |
| CN106656946B (en) | Dynamic authentication method and device | |
| RU2698424C1 (en) | Authorization control method | |
| CN115982746A (en) | Data sharing method based on block chain | |
| Wang et al. | Dynamic threshold changeable multi‐policy secret sharing scheme | |
| CN109272310A (en) | Two-dimensional code generation method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |