CN113407996A - Distributed account book autonomous controllable privacy protection system and cluster architecture thereof - Google Patents

Distributed account book autonomous controllable privacy protection system and cluster architecture thereof Download PDF

Info

Publication number
CN113407996A
CN113407996A CN202110718813.4A CN202110718813A CN113407996A CN 113407996 A CN113407996 A CN 113407996A CN 202110718813 A CN202110718813 A CN 202110718813A CN 113407996 A CN113407996 A CN 113407996A
Authority
CN
China
Prior art keywords
private data
channel
cluster
data set
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110718813.4A
Other languages
Chinese (zh)
Inventor
兰秋军
程林海
马超群
周中定
李信儒
万丽
米先华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan University
Original Assignee
Hunan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan University filed Critical Hunan University
Priority to CN202110718813.4A priority Critical patent/CN113407996A/en
Publication of CN113407996A publication Critical patent/CN113407996A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The application discloses distributed account book is privacy protection system and cluster architecture thereof independently controllable, privacy protection system includes: the channel management module is used for providing management channel services, including channel creation and updating operations, wherein the participation of the channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting the specified conditions of the channel can join the channel; the private data set management module is used for providing private data set management service, and comprises operations of creating, updating, sharing and clearing the private data set, so that the business data of the user is autonomously controlled by the user, a data sharing object is appointed, and a data clearing mechanism is appointed; the identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generation and verifiable statement verification operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information.

Description

Distributed account book autonomous controllable privacy protection system and cluster architecture thereof
Technical Field
The application relates to the technical field of block chains, in particular to a distributed account book autonomous controllable privacy protection system and a cluster architecture thereof.
Background
In the existing block chain technology, the distributed account book technology is an emerging technology in which a plurality of computer devices participate in 'accounting' together and maintain a complete distributed database together. The block chain technology has the characteristics of decentralization, openness and transparency, each computer device can participate in database recording, data synchronization can be rapidly carried out among the computer devices, and the like, so that the distributed account book technology has wide application in many fields.
The general characteristics of the distributed account book technology are represented by information transparency, sharing, traceability and wide participation, including:
(1) and (3) transparency: the dimension of information exposure is expanded;
(2) sharing: all nodes store data, and the data storage positions are increased;
(3) traceability: the storage of data can be permanent, which prolongs the storage time and causes the information to be difficult to forget;
(4) the method is widely participated in: the distributed book is used as a distributed network, and all parties need to achieve consensus, so that the open network environment is easy to incorporate an untrusted role.
Privacy protection requires information hiding, privacy, forgetting and limited participation, such as:
(1) hiding: the privacy information can be hidden and cannot be randomly accessed by other people;
(2) privatization: refers to the fact that private information exists only at nodes that are necessarily (or authorized to) possess the information;
(3) forgetting: the owner of the private information has the right to forget the information, so that the storage (exposure) time of the private information is shortened;
(4) limited participation: meaning that the identities of all participants are verifiable and trustworthy in a network.
Therefore, certain conflict exists between the distributed account book technology and privacy protection, and the current measures of the distributed account book technology in the aspect of privacy protection mainly include:
(1) address obfuscation techniques: the transaction information of the trader is difficult to track by an attacker through confusion of the transaction address of the user, and the technology comprises a centralized mixed coin technology, a decentralized mixed coin technology and a decentralized two-party mixed coin technology.
(2) Information hiding technology: the transaction information of the user is hidden (encrypted) by using complex cryptography technologies such as zero-knowledge proof, ring signature and the like, so that an attacker cannot acquire an information source code.
However, the above prior art still has the following disadvantages:
firstly, the current technology can not cause the privacy information to be forgotten;
secondly, the current technology uses a complex cryptography technology, the calculation task is heavy, and the efficiency can be possibly affected by a short performance board;
the privacy data can not be privately controlled by the current technology;
fourthly, under the current technology, the identity information of the user can not be displayed controllably;
and fifthly, under the current technology, the exposure range cannot be controlled by the user privacy information.
Disclosure of Invention
In view of one of the above technical problems, the present application provides an autonomous controllable privacy protection system for a distributed account book.
The application is realized by the following scheme:
a distributed account book autonomous controllable privacy protection system, comprising:
the channel management module is used for providing management channel services, including channel creation and updating operations, wherein the participation of the channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting the specified conditions of the channel can join the channel;
the private data set management module is used for providing private data set management service, and comprises operations of creating, updating, sharing and clearing the private data set, so that the business data of the user is autonomously controlled by the user, a data sharing object is appointed, and a data clearing mechanism is appointed;
the identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generation and verifiable statement verification operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information.
Further, the channel management module includes:
the channel creating module is used for creating a channel according to a set strategy, and the strategy specifies which users can enter the channel;
and the channel updating module is used for updating the existing channel according to the new strategy and changing the users which can enter the existing channel.
Further, the private data set includes:
actual private data is sent to an organization which is authorized to check the data in a peer-to-peer mode through a Gossip protocol, the actual private data is stored in a private state database on a peer node of an authorized organization, and the chain code on the peer node is used for access, so that the common node cannot influence and see the actual private data;
and the Hash value of the private data is endorsed and written into an account book of each node on the channel after being sorted, and the Hash value is used as a certificate of transaction for state verification and audit.
Further, the private data set management module includes:
the private data set creating module is used for creating a new private data set according to a preset attribute set of the private data set, wherein the attribute set specifies the sharing range, the operation authority and when to clear the private data set;
the private data set updating module is used for updating data of specified data of an existing private data set needing to update data;
the private data set sharing module is used for sharing all or preset data in the private data set needing to share the data to a set user set;
and the private data set clearing module is used for automatically clearing the data of the private data set according to a preset private data set automatic clearing data strategy.
Further, the distributed ledger business process of the private data set includes:
the client constructs a transaction proposal containing private data and submits the transaction proposal to an endorsement node, the endorsement node verifies the legality of the transaction proposal according to a preset check rule, the endorsement node executes a chain code function to read or write the private data, and the private data is sent to a transient field of the proposal;
the endorsement node simulates transaction, stores private data in a transient data storage, and then distributes the private data to the authorization node through a Gossip protocol according to a preset distribution strategy of a private data set;
after the endorsement node signs the verified transaction proposal, a response result which does not contain the actual private data but contains the hash value of the private data is returned to the client;
the client submits a response result which is returned by the endorsement node and does not contain actual private data to a consensus node in the distributed ledger network as a transaction;
and the consensus nodes process the submitted transactions according to a preset consensus algorithm, pack the transactions into blocks, broadcast the blocks to all nodes in the whole network, and update the local account book after the blocks are checked by the nodes in the whole network.
Further, the privacy mechanism of the private data set includes:
the authority control mechanism is that only authorized nodes can have real private data, and at the same time only authorized nodes can access the private data, and unauthorized nodes can only store the salted hash value of the private data and are used for ensuring the hiding and private attributes of the private data under the authority control;
the hash function and random salt encryption protection mechanism is characterized in that the hash function is used for protecting the hash value of private data in a mode of adding random salt into the hash value, and the random salt is used for inserting a specific character string into any fixed position of a password so that a hashed result is not consistent with a hashed result using an original password;
the transient data mechanism stores the private data in a transient data mode, when a certain condition is reached, the private data can be cleared, the forgetting attribute of the private data is ensured, and the respecting of the forgetting right of the private data owner to the private data is reflected.
Further, the identity confusion management module comprises:
the verifiable certificate issuing module is used for creating and issuing verifiable certificates;
a verifiable statement generation module for generating a verifiable statement;
and the verifiable statement verification module is used for verifying the verification statement.
Further, the privacy protection process of the identity confusion management service comprises the following steps:
the VC issuer, the VC holder and the VP verifier register own ID through distributed or centralized identity management service;
a VC holder applies for VC from a VC issuer;
the VC issuer verifies the ID of the VC holder through the identity management service;
a VC issuer generates a VC and registers the VC to an identity management service;
the VC issuer sends the VC to the VC holder through a secure channel;
the VC holder generates a VP according to the VC and displays the VP to a VP verifier through a secure channel;
the VP verifier verifies the ID of the VC holder and the content of the VP through the identity management service and correspondingly verifies a result to the VC holder;
the VC issuer revokes the VC and submits the revocation information to the identity management service.
Another aspect of the present application further provides a cluster architecture of the privacy protection system with the distributed ledger being independently controllable, including:
the agent cluster comprises a load balancing module and a plurality of reverse agent modules deployed by the cluster,
the load balancing module is used for carrying out load balancing on service requests of users, and the reverse proxy module is used for shunting the requests after load balancing;
the system comprises a server cluster and a plurality of identity confusion server clusters, wherein the server cluster comprises a channel management server cluster, a private data set server cluster and an identity confusion server cluster which are respectively in communication connection with corresponding reverse proxy modules; the private data set server cluster comprises a plurality of servers which are deployed in a cluster and comprise private data set management modules; the identity confusion server cluster comprises a plurality of servers which are deployed in a cluster and comprise identity confusion management modules;
the message queue cluster comprises a plurality of message queues which are distributed in a cluster mode and are respectively connected with the channel management server cluster, the private data set server cluster and the identity confusion server cluster through signals, and is used for receiving specific operations of each server cluster on the database generated according to the service request and acquiring related data returned by the database service;
the storage cluster comprises a plurality of databases which are distributed by the cluster and are respectively in communication connection with various message queues of the message queue cluster, and each database comprises a persistent database and an in-memory database.
Another aspect of the present application further provides a privacy protection method based on the cluster architecture, including the steps of:
receiving a privacy protection request service sent by a user through a client;
the method comprises the following steps that a service request of a user is subjected to load balancing through a load balancing module, and then is distributed to each reverse proxy module deployed in a cluster for reverse proxy;
under the action of each reverse proxy module deployed by the cluster, service requests are distributed to each server deployed by the cluster for corresponding processing;
each server generates specific operation on the database according to the specific service request and sends the operation to each message queue of the message queue cluster;
when the specific operation on the database is the operation on the data stored for a long time, acquiring corresponding persistent database service in the storage cluster through the message queue; when the specific operation on the database is the operation on temporary or frequently-operated data, acquiring corresponding memory database service in the storage cluster through a message queue;
and when the operation of the database in the storage cluster on the data is completed, returning the response of the service request layer by layer upwards until returning to the client.
Compared with the prior art, the method has the following beneficial effects:
the application provides a distributed account book autonomous controllable privacy protection system and a cluster architecture thereof, wherein the privacy protection system comprises a channel management module and a private data set management module identity confusion management module, the channel management module is used for providing management channel service, and comprises channel creation and updating operations, wherein the participation of a channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting specified conditions of the channel can join the channel; the private data set management module is used for providing private data set management service, and comprises operations of creating, updating, sharing and clearing the private data set, so that the service data of the user is autonomously controlled by the user, a data sharing object is appointed, and a data clearing mechanism is appointed; the identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generating and verifiable statement verifying operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information. Compared with the prior art, the method and the device have the advantages that three different pluggable privacy protection technologies are provided, such as channel management service, private data set service and identity confusion service, and users can flexibly select and use the technologies according to own requirements. The method and the device realize limited participation of the network through the channel management service, forbid the non-trusted role from entering the network, and reduce the exposure range of the private information; according to the method and the device, privacy, hiding and forgetting of the private data of the user are achieved through private data set service, and the user can independently and controllably share the private data; the method and the device realize the controllable display of the user identity information through the identity confusion service; according to the method and the device, the privacy protection performance and the expansibility are improved by adopting a privacy protection architecture cluster deployment mode.
Drawings
Fig. 1 is a block diagram of a distributed ledger-autonomous controllable privacy protection system according to a preferred embodiment of the present application.
Fig. 2 is a schematic diagram of a privacy preserving architecture including a privacy preserving system.
Fig. 3 is a sub-module diagram of a channel management module according to the preferred embodiment of the present application.
Fig. 4 is a schematic diagram of a channel in a distributed ledger network according to a preferred embodiment of the present application.
Fig. 5 is a diagram of the ledger model of private data sets in the preferred embodiment of the present application.
Fig. 6 is a sub-module diagram of the private data set management module in the preferred embodiment of the present application.
Fig. 7 is a schematic diagram of a distributed ledger business process of private data sets in the preferred embodiment of the present application.
Fig. 8 is a schematic diagram of a privacy mechanism for private data sets in a preferred embodiment of the present application.
Fig. 9 is a sub-module schematic diagram of an identity confusion management module according to the preferred embodiment of the present application.
Fig. 10 is a schematic diagram illustrating a privacy protection process of an identity confusion management service according to a preferred embodiment of the present application.
Fig. 11 is a schematic diagram of a cluster architecture of a distributed ledger-autonomous controllable privacy protection system in accordance with a preferred embodiment of the present application.
Fig. 12 is a flowchart illustrating a privacy protection method based on the cluster architecture according to a preferred embodiment of the present application.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
For the sake of understanding, related art terms referred to in this application will be explained first.
Distributed account book technology: the distributed accounting book technology is an emerging technology which is formed by a plurality of computer devices participating in accounting and maintaining a complete distributed database. The block chain technology has the characteristics of decentralization, openness and transparency, each computer device can participate in database recording, data synchronization can be rapidly carried out among the computer devices, and the like, so that the distributed account book technology has wide application in many fields.
Verifiable Credentials (VC): the VC is a tamper-resistant certificate encrypted by a certificate issuer signature and has the characteristics of cryptology safety, privacy protection and machine readability. The voucher contains at least two pieces of information: one is metadata and statements representing verifiable credentials; second is the digital signature of the credential issuer.
Verifiable statement (VP): a VP is a tamper-resistant description that is generated by one or more VCs and contains a body signature that discloses the credentials.
Random salt: random salting refers to the process of "salting" by inserting a specific string at an arbitrarily fixed location in the password to make the hashed result not match the hashed result of the original password. Salts are generally divided into fixed salts and random salts. The form of the fixed salt is simple, such as adding random numbers in front and back, inserting specific digits, reversing the sequence or adding salt to the original data by various methods. However, the salt adding mode is easy to be broken by a large rainbow table, so that a random salt form exists. The random salt is generated randomly before the cipher digest, and the plain text of the salt and the digest are spliced and stored together. The random salt aims at the same code, the result after each encryption is different, but whether the abstract is matched with the plaintext password can be verified according to the salt stored in the encryption information, and relatively speaking, the random salt can ensure that the hash in the database cannot be inverted into the plaintext.
As shown in fig. 1, a preferred embodiment of the present application provides a distributed ledger autonomous controllable privacy protection system, including:
the channel management module is used for providing management channel services, including channel creation and updating operations, wherein the participation of the channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting the specified conditions of the channel can join the channel;
the private data set management module is used for providing private data set management services, including private data set creating, updating, sharing and clearing operations, so that the business data of the user is autonomously controlled by the user, a data sharing object is designated, and a data clearing mechanism is designated.
The identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generation and verifiable statement verification operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information.
As shown in fig. 2, a privacy protection architecture composed of the above system can be divided into three layers: a functional layer, a service layer and a technology layer, wherein:
the functional layer describes the functions that the privacy protection architecture can realize in the aspect of privacy protection, and the layer comprises the functions of channel participation control, data privacy control and identity privacy control, wherein:
the channel participation is controllable, namely the participation of the channel has authority control, a user cannot join a designated channel at will, and only the user meeting the designated condition of the channel can join the channel.
The controllable data privacy means that the service data of the user can be autonomously controlled by the user, a data sharing object can be specified, and a data clearing mechanism can also be specified.
The identity privacy is controllable, that is, the user can independently control the display of the identity information of the user and can complete the verification of the related authority on the premise of not displaying the original information.
The service layer describes the main services of the privacy protection architecture support function layer, including a channel management service, a private data set service and an identity obfuscation service, wherein:
the channel management service mainly provides services such as channel creation and updating.
The private data set service mainly provides services of private data set creation, updating, sharing, clearing and the like.
The identity obfuscation service mainly provides services of verifiable certificate issuance, verifiable claim generation, verifiable claim verification, and the like.
The technical layer describes technical services such as processing, storage and communication services required by the service layer, and mainly comprises technical services such as cryptography, communication protocols, data storage, a P2P network, certificate standards and the like.
The embodiment provides a distributed account book autonomous controllable privacy protection system, which comprises a channel management module and a private data set management module identity confusion management module, wherein the channel management module is used for providing management channel services, including channel creation and updating operations, and the participation of a channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting specified conditions of the channel can join the channel; the private data set management module is used for providing private data set management service, and comprises operations of creating, updating, sharing and clearing the private data set, so that the service data of the user is autonomously controlled by the user, a data sharing object is appointed, and a data clearing mechanism is appointed; the identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generating and verifiable statement verifying operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information. Compared with the prior art, the method and the device have the advantages that three different pluggable privacy protection technologies are provided, such as channel management service, private data set service and identity confusion service, and users can flexibly select and use the technologies according to own requirements. The method and the device realize limited participation of the network through the channel management service, forbid the non-trusted role from entering the network, and reduce the exposure range of the private information; according to the method and the device, privacy, hiding and forgetting of the private data of the user are achieved through private data set service, and the user can independently and controllably share the private data; the method and the device realize the controllable display of the user identity information through the identity confusion service.
Specifically, as shown in fig. 3, the channel management module includes:
the channel creating module is used for creating a channel according to a set strategy, the strategy specifies which users can enter the channel, and the creating model is as follows:
Create_Channel(strategy)→new_Channel
wherein, stream represents the policy of the channel, which specifies which users can enter the channel;
a channel updating module, configured to update an existing channel according to a new policy, and change a user that can enter the existing channel, where an update model is as follows:
Update_Channel(channel,strategy)→{success,false}
wherein, channel represents the channel needing to be updated, and strategy represents the new strategy of the channel.
Several different organizations in a distributed ledger network may form a federation. A channel is established in a plurality of different organizations under the alliance, each channel has an independent account book, and the channel account books can be shared only among the organizations belonging to a certain channel. The channel isolation mechanism can ensure that a private network is formed between member organizations of the same channel and is isolated from unrelated organizations or individuals outside the channel. As shown in fig. 4, in a distributed ledger network including two alliances (alliance 1 and alliance 2), in alliance 2, channel 1 includes organizations 3, 4 and 5, channel 2 includes organizations 5 and 6, organizations 3 and 4 do not have authority to view the channel ledger of channel 2, organization 6 does not have authority to view the channel ledger of channel 1, and organization 5 can view the channel ledger of channels 1 and 2 because organization 5 belongs to both channels 1 and 2. The embodiment realizes limited participation of a network by providing the channel management service, prohibits an untrusted role from entering the network, reduces the exposure range of the privacy information, and solves the problem that the exposure range of the privacy information of a user cannot be controlled.
Specifically, as shown in fig. 5, the private data set includes:
actual private data is sent to an organization which is authorized to check the data in a peer-to-peer mode through a Gossip protocol, the actual private data is stored in a private state database on a peer node of an authorized organization, and the chain code on the peer node is used for access, so that the common node cannot influence and see the actual private data;
and the Hash value of the private data is endorsed and written into an account book of each node on the channel after being sorted, and the Hash value is used as a certificate of transaction for state verification and audit.
Further, as shown in fig. 6, the private data set management module includes:
the private data set creating module is used for creating a new private data set according to a preset attribute set of the private data set, wherein the attribute set specifies the sharing range, the operation authority and the time for clearing the private data set, and an operation model of the private data set creating module is as follows:
Create_PraviteSet(A)→new_PraviteSet
a represents an attribute set of a private data set, and specifies the content of the private data such as sharing range, operation authority, clearing time and the like;
the private data set updating module is used for updating data of specified data of an existing private data set needing to update the data, and the operation model of the private data set updating module is as follows:
Update_PraviteSet(pravite_set,data_set)→{success,false}
the pravate _ set represents a private data set needing to update data, and the data _ set represents the data needing to be updated;
the private data set sharing module is used for sharing all or preset data in the private data set needing to share data to a set user set, and the operation model is as follows:
Update_PraviteSet(pravite_set,data_set)→{success,false}
the pravate _ set represents a private data set needing to share data, the user _ set represents a user set capable of sharing data, the data _ set represents data needing to share, and if the parameter is null, the whole private data set is shared;
the private data set clearing module is used for automatically clearing data of the private data set according to a preset private data set automatic clearing data strategy, and the operation model is as follows:
Delete_PraviteSet(pravite_set,strategy)→{success,false}
where pravate _ set represents a private data set that needs to be purged, and strategy represents a policy (defined when creating the private data set) for automatically purging data from the private data set, and if the policy is reached, the data from the private data set will be automatically purged.
Specifically, as shown in fig. 7, the distributed ledger business process of the private data set includes:
n1, the client constructs the transaction proposal containing private data and submits the proposal to the endorsement node, the endorsement node verifies the legality of the transaction proposal according to the preset check rule, the endorsement node executes the chain code function to read or write the private data, and the private data is sent to the transient field of the proposal;
n2, the endorsement node simulates the transaction, stores the private data in the transient data storage, and then distributes the private data to the authorization node through the Gossip protocol according to the preset distribution strategy of the private data set;
n3, after the endorsement node signs the verified transaction proposal, a response result of the hash value which does not contain the actual private data but contains the private data is returned to the client;
n4, submitting the response result which is returned by the endorsement node and does not contain actual private data to a consensus node in the distributed ledger network as a transaction by the client;
and N5, the consensus nodes process the submitted transactions according to a preset consensus algorithm, pack the transactions into blocks, broadcast the blocks to all nodes in the whole network, and update the local account book after the blocks are checked by the nodes in the whole network.
Specifically, as shown in fig. 8, the privacy mechanism of the private data set includes:
the authority control mechanism is that only authorized nodes can have real private data, and at the same time only authorized nodes can access the private data, and unauthorized nodes can only store the salted hash value of the private data and are used for ensuring the hiding and private attributes of the private data under the authority control;
the hash function and random salt encryption protection mechanism is characterized in that the hash function is used for protecting the hash value of private data in a mode of adding random salt into the hash value, and the random salt is used for inserting a specific character string into any fixed position of a password so that a hashed result is not consistent with a hashed result using an original password; if the private data set is relatively simple and predictable (e.g., transaction amount), unauthorized channel members may attempt to guess the content of the private data through brute force hashing of the domain space. Therefore, the private data set should be protected by a random salt manner, so that a matched hash cannot be found by brute force, and under the encryption protection of the hash function and the random salt, the private data set can be guaranteed to be verifiable while the hidden attribute is kept.
The transient data mechanism stores the private data in a transient data mode, when a certain condition is reached, the private data can be cleared, the forgetting attribute of the private data is ensured, and the respecting of the forgetting right of the private data owner to the private data is reflected.
Specifically, as shown in fig. 9, the identity confusion management module includes:
a verifiable credential issuance module to create and issue verifiable credentials:
Create(ID,A,skb)→VC
wherein ID represents the owner of the VC, A represents the identity attribute contained in the VC, skbA private key representing a credential issuer;
a verifiable assertion generating module to generate a verifiable assertion:
GenerateVP(SetVC,skc)→VP
wherein,SetVCIndicates the set of VCs, sk, required to generate a VPcA private key representing the VP owner;
a verifiable assertion verification module for verifying a verification assertion:
VerifyVP(VP,pkb,pkc)→{ture,false}。
wherein, VP represents VP, pk to be verifiedbPublic key, pk, representing the VC publishercRepresenting the VP owner's public key.
Specifically, as shown in fig. 10, the privacy protection process of the identity confusion management service includes:
1. the VC issuer, the VC holder and the VP verifier register own ID through distributed or centralized identity management service;
2. a VC holder applies for VC from a VC issuer;
3. the VC issuer verifies the ID of the VC holder through the identity management service;
4. a VC issuer generates a VC and registers the VC to an identity management service;
5. the VC issuer sends the VC to the VC holder through a secure channel;
6. the VC holder generates a VP according to the VC and displays the VP to a VP verifier through a secure channel;
7. the VP verifier verifies the ID of the VC holder and the content of the VP through the identity management service and correspondingly verifies a result to the VC holder;
8. the VC issuer revokes the VC and submits the revocation information to the identity management service.
The VC holder, when generating the VP, may choose to place all identity attributes on the VC on the VP for presentation to the claim verifier. However, in order to protect identity privacy, the VC holder, with the support of cryptographic algorithm services, can generate a VP that selectively reveals or zero-knowledge proves the identity attributes, while satisfying the requirements of the claims verifier, and protecting identity privacy information.
As shown in fig. 11, another aspect of the present application further provides a cluster architecture of the privacy protection system with distributed ledger autonomous control, including:
the agent cluster comprises a load balancing module and a plurality of reverse agent modules deployed by the cluster,
the load balancing module is used for carrying out load balancing on service requests of users, and the reverse proxy module is used for shunting the requests after load balancing;
the system comprises a server cluster and a plurality of identity confusion server clusters, wherein the server cluster comprises a channel management server cluster, a private data set server cluster and an identity confusion server cluster which are respectively in communication connection with corresponding reverse proxy modules; the private data set server cluster comprises a plurality of servers which are deployed in a cluster and comprise private data set management modules; the identity confusion server cluster comprises a plurality of servers which are deployed in a cluster and comprise identity confusion management modules;
the message queue cluster comprises a plurality of message queues which are distributed in a cluster mode and are respectively connected with the channel management server cluster, the private data set server cluster and the identity confusion server cluster through signals, and is used for receiving specific operations of each server cluster on the database generated according to the service request and acquiring related data returned by the database service;
the storage cluster comprises a plurality of databases which are distributed by the cluster and are respectively in communication connection with various message queues of the message queue cluster, and each database comprises a persistent database and an in-memory database.
Specifically, another aspect of the present application further provides a privacy protection method based on the cluster architecture, including the steps of:
s1, receiving a privacy protection request service sent by a user through a client;
s2, load balancing the service request of the user through the load balancing module, and then distributing the service request to each reverse proxy module deployed in the cluster for reverse proxy;
s3, under the action of each reverse proxy module deployed by the cluster, the service request is distributed to each server deployed by the cluster for corresponding processing;
s4, each server generates specific operation on the database according to the specific service request and sends the operation to each message queue of the message queue cluster;
s5, when the concrete operation on the database is the operation on the data stored for a long time, obtaining the corresponding persistent database service in the storage cluster through the message queue; when the specific operation on the database is the operation on temporary or frequently-operated data, acquiring corresponding memory database service in the storage cluster through a message queue;
and S6, when the operation of the database in the storage cluster on the data is completed, returning the response of the service request layer by layer upwards until returning to the client.
This embodiment is through adopting the mode of cluster architecture, has improved privacy protection's performance and expansibility, solves the problem that system efficiency is not enough.
The functionality of the method of the present embodiment, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in one or more computing device readable storage media. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. The utility model provides a distributed account book is privacy protection system independently controllable which characterized in that includes:
the channel management module is used for providing management channel services, including channel creation and updating operations, wherein the participation of the channel has authority control, so that a user cannot join a specified channel at will, and only the user meeting the specified conditions of the channel can join the channel;
the private data set management module is used for providing private data set management service, and comprises operations of creating, updating, sharing and clearing the private data set, so that the business data of the user is autonomously controlled by the user, a data sharing object is appointed, and a data clearing mechanism is appointed;
the identity confusion management module is used for providing identity confusion management service, and comprises verifiable certificate issuing, verifiable statement generation and verifiable statement verification operations, so that a user can independently control the display of own identity information and can complete the verification of related rights on the premise of not displaying original information.
2. The distributed ledger-autonomous controllable privacy protection system of claim 1, wherein the channel management module comprises:
the channel creating module is used for creating a channel according to a set strategy, and the strategy specifies which users can enter the channel;
and the channel updating module is used for updating the existing channel according to the new strategy and changing the users which can enter the existing channel.
3. The distributed ledger-autonomous controllable privacy-preserving system of claim 1, wherein the private data set comprises:
actual private data is sent to an organization which is authorized to check the data in a peer-to-peer mode through a Gossip protocol, the actual private data is stored in a private state database on a peer node of an authorized organization, and the chain code on the peer node is used for access, so that the common node cannot influence and see the actual private data;
and the Hash value of the private data is endorsed and written into an account book of each node on the channel after being sorted, and the Hash value is used as a certificate of transaction for state verification and audit.
4. The distributed ledger-autonomous controllable privacy protection system of claim 1, wherein the private data set management module comprises:
the private data set creating module is used for creating a new private data set according to a preset attribute set of the private data set, wherein the attribute set specifies the sharing range, the operation authority and when to clear the private data set;
the private data set updating module is used for updating data of specified data of an existing private data set needing to update data;
the private data set sharing module is used for sharing all or preset data in the private data set needing to share the data to a set user set;
and the private data set clearing module is used for automatically clearing the data of the private data set according to a preset private data set automatic clearing data strategy.
5. The distributed ledger-autonomous controllable privacy preserving system of claim 1, wherein the distributed ledger business process of the private data set comprises:
the client constructs a transaction proposal containing private data and submits the transaction proposal to an endorsement node, the endorsement node verifies the legality of the transaction proposal according to a preset check rule, the endorsement node executes a chain code function to read or write the private data, and the private data is sent to a transient field of the proposal;
the endorsement node simulates transaction, stores private data in a transient data storage, and then distributes the private data to the authorization node through a Gossip protocol according to a preset distribution strategy of a private data set;
after the endorsement node signs the verified transaction proposal, a response result which does not contain the actual private data but contains the hash value of the private data is returned to the client;
the client submits a response result which is returned by the endorsement node and does not contain actual private data to a consensus node in the distributed ledger network as a transaction;
and the consensus nodes process the submitted transactions according to a preset consensus algorithm, pack the transactions into blocks, broadcast the blocks to all nodes in the whole network, and update the local account book after the blocks are checked by the nodes in the whole network.
6. The distributed ledger-autonomous controllable privacy-preserving system of claim 1, wherein the privacy mechanism of the private data set comprises:
the authority control mechanism is that only authorized nodes can have real private data, and at the same time only authorized nodes can access the private data, and unauthorized nodes can only store the salted hash value of the private data and are used for ensuring the hiding and private attributes of the private data under the authority control;
the hash function and random salt encryption protection mechanism is characterized in that the hash function is used for protecting the hash value of private data in a mode of adding random salt into the hash value, and the random salt is used for inserting a specific character string into any fixed position of a password so that a hashed result is not consistent with a hashed result using an original password;
the transient data mechanism stores the private data in a transient data mode, when a certain condition is reached, the private data can be cleared, the forgetting attribute of the private data is ensured, and the respecting of the forgetting right of the private data owner to the private data is reflected.
7. The distributed ledger-autonomous controllable privacy protection system of claim 1, wherein the identity confusion management module comprises:
the verifiable certificate issuing module is used for creating and issuing verifiable certificates;
a verifiable statement generation module for generating a verifiable statement;
and the verifiable statement verification module is used for verifying the verification statement.
8. The distributed ledger-autonomous controllable privacy protection system of claim 1, wherein the privacy protection process of the identity confusion management service comprises:
the VC issuer, the VC holder and the VP verifier register own ID through distributed or centralized identity management service;
a VC holder applies for VC from a VC issuer;
the VC issuer verifies the ID of the VC holder through the identity management service;
a VC issuer generates a VC and registers the VC to an identity management service;
the VC issuer sends the VC to the VC holder through a secure channel;
the VC holder generates a VP according to the VC and displays the VP to a VP verifier through a secure channel;
the VP verifier verifies the ID of the VC holder and the content of the VP through the identity management service and correspondingly verifies a result to the VC holder;
the VC issuer revokes the VC and submits the revocation information to the identity management service.
9. A cluster architecture of the distributed ledger-autonomous controllable privacy preserving system of any of claims 1 to 8, comprising:
the agent cluster comprises a load balancing module and a plurality of reverse agent modules deployed by the cluster,
the load balancing module is used for carrying out load balancing on service requests of users, and the reverse proxy module is used for shunting the requests after load balancing;
the system comprises a server cluster and a plurality of identity confusion server clusters, wherein the server cluster comprises a channel management server cluster, a private data set server cluster and an identity confusion server cluster which are respectively in communication connection with corresponding reverse proxy modules; the private data set server cluster comprises a plurality of servers which are deployed in a cluster and comprise private data set management modules; the identity confusion server cluster comprises a plurality of servers which are deployed in a cluster and comprise identity confusion management modules;
the message queue cluster comprises a plurality of message queues which are distributed in a cluster mode and are respectively connected with the channel management server cluster, the private data set server cluster and the identity confusion server cluster through signals, and is used for receiving specific operations of each server cluster on the database generated according to the service request and acquiring related data returned by the database service;
the storage cluster comprises a plurality of databases which are distributed by the cluster and are respectively in communication connection with various message queues of the message queue cluster, and each database comprises a persistent database and an in-memory database.
10. A privacy protection method of a cluster architecture as claimed in claim 9, comprising the steps of:
receiving a privacy protection request service sent by a user through a client;
the method comprises the following steps that a service request of a user is subjected to load balancing through a load balancing module, and then is distributed to each reverse proxy module deployed in a cluster for reverse proxy;
under the action of each reverse proxy module deployed by the cluster, service requests are distributed to each server deployed by the cluster for corresponding processing;
each server generates specific operation on the database according to the specific service request and sends the operation to each message queue of the message queue cluster;
when the specific operation on the database is the operation on the data stored for a long time, acquiring corresponding persistent database service in the storage cluster through the message queue; when the specific operation on the database is the operation on temporary or frequently-operated data, acquiring corresponding memory database service in the storage cluster through a message queue;
and when the operation of the database in the storage cluster on the data is completed, returning the response of the service request layer by layer upwards until returning to the client.
CN202110718813.4A 2021-06-28 2021-06-28 Distributed account book autonomous controllable privacy protection system and cluster architecture thereof Pending CN113407996A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110718813.4A CN113407996A (en) 2021-06-28 2021-06-28 Distributed account book autonomous controllable privacy protection system and cluster architecture thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110718813.4A CN113407996A (en) 2021-06-28 2021-06-28 Distributed account book autonomous controllable privacy protection system and cluster architecture thereof

Publications (1)

Publication Number Publication Date
CN113407996A true CN113407996A (en) 2021-09-17

Family

ID=77679812

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110718813.4A Pending CN113407996A (en) 2021-06-28 2021-06-28 Distributed account book autonomous controllable privacy protection system and cluster architecture thereof

Country Status (1)

Country Link
CN (1) CN113407996A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113779637A (en) * 2021-11-10 2021-12-10 腾讯科技(深圳)有限公司 Attribute data processing method, attribute data processing device, attribute data processing equipment and attribute data processing medium
CN117390659A (en) * 2023-12-13 2024-01-12 江苏量界数据科技有限公司 Authority control method based on distributed data calculation

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109033405A (en) * 2018-08-03 2018-12-18 华为技术有限公司 Safeguard method and apparatus, server and the computer readable storage medium of block chain
CN109993546A (en) * 2019-02-18 2019-07-09 西安西电链融科技有限公司 A kind of drug traceability system and implementation method based on RFID and block chain
CN110061874A (en) * 2019-04-18 2019-07-26 李莉莉 A kind of method of alliance's block chain visualization channel management
CN111245910A (en) * 2019-12-31 2020-06-05 杭州趣链科技有限公司 Block chain light node multi-copy deployment method
CN112003920A (en) * 2020-08-18 2020-11-27 天津四立科技有限责任公司 Information sharing system
CN112291245A (en) * 2020-10-30 2021-01-29 北京华弘集成电路设计有限责任公司 Identity authorization method, identity authorization device, storage medium and equipment
CN112445623A (en) * 2020-12-14 2021-03-05 招商局金融科技有限公司 Multi-cluster management method and device, electronic equipment and storage medium
CN112564920A (en) * 2020-12-08 2021-03-26 爱信诺征信有限公司 Enterprise identity verification method, system, electronic equipment and storage medium
CN112862474A (en) * 2021-02-05 2021-05-28 湖南大学 Supply chain management method, system, equipment and storage medium based on block chain
CN112862475A (en) * 2021-02-05 2021-05-28 湖南大学 Block chain-based order financing method and system, equipment and storage medium
CN112950220A (en) * 2021-03-10 2021-06-11 湖南大学 Enterprise digital identity management system and method based on block chain

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109033405A (en) * 2018-08-03 2018-12-18 华为技术有限公司 Safeguard method and apparatus, server and the computer readable storage medium of block chain
CN109993546A (en) * 2019-02-18 2019-07-09 西安西电链融科技有限公司 A kind of drug traceability system and implementation method based on RFID and block chain
CN110061874A (en) * 2019-04-18 2019-07-26 李莉莉 A kind of method of alliance's block chain visualization channel management
CN111245910A (en) * 2019-12-31 2020-06-05 杭州趣链科技有限公司 Block chain light node multi-copy deployment method
CN112003920A (en) * 2020-08-18 2020-11-27 天津四立科技有限责任公司 Information sharing system
CN112291245A (en) * 2020-10-30 2021-01-29 北京华弘集成电路设计有限责任公司 Identity authorization method, identity authorization device, storage medium and equipment
CN112564920A (en) * 2020-12-08 2021-03-26 爱信诺征信有限公司 Enterprise identity verification method, system, electronic equipment and storage medium
CN112445623A (en) * 2020-12-14 2021-03-05 招商局金融科技有限公司 Multi-cluster management method and device, electronic equipment and storage medium
CN112862474A (en) * 2021-02-05 2021-05-28 湖南大学 Supply chain management method, system, equipment and storage medium based on block chain
CN112862475A (en) * 2021-02-05 2021-05-28 湖南大学 Block chain-based order financing method and system, equipment and storage medium
CN112950220A (en) * 2021-03-10 2021-06-11 湖南大学 Enterprise digital identity management system and method based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张奥等: "区块链隐私保护研究与实践综述", 《软件学报》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113779637A (en) * 2021-11-10 2021-12-10 腾讯科技(深圳)有限公司 Attribute data processing method, attribute data processing device, attribute data processing equipment and attribute data processing medium
CN117390659A (en) * 2023-12-13 2024-01-12 江苏量界数据科技有限公司 Authority control method based on distributed data calculation
CN117390659B (en) * 2023-12-13 2024-04-02 江苏量界数据科技有限公司 Authority control method based on distributed data calculation

Similar Documents

Publication Publication Date Title
US10979418B2 (en) Template-based distributed certificate issuance in a multi-tenant environment
Li et al. A blockchain privacy protection scheme based on ring signature
Alketbi et al. Blockchain for government services—Use cases, security benefits and challenges
CN108418680B (en) Block chain key recovery method and medium based on secure multi-party computing technology
Bonneau et al. Mixcoin: Anonymity for bitcoin with accountable mixes
Diffie et al. Privacy on the line: The politics of wiretapping and encryption
CN110060162A (en) Data grant, querying method and device based on block chain
CN110149322A (en) A kind of block chain encryption method that irreversible dynamic failure re-examination is rebuild
CN110084068A (en) Block catenary system and data processing method for block catenary system
CN107682364B (en) A kind of license chain privacy method of commerce
CN109005186A (en) A kind of method, system, equipment and the storage medium of user-isolated identity information
CN110034917A (en) A kind of alliance's chain data processing method and device based on homomorphic encryption algorithm
Windley How sovrin works
CN102170356A (en) Authentication system realizing method supporting exclusive control of digital signature key
CN109522681A (en) Digital content really weighs method, apparatus and storage medium
CN111654363A (en) Alliance chain privacy protection method based on group signature and homomorphic encryption
CN112540957B (en) File secure storage and sharing system based on mixed block chain and implementation method
CN113407996A (en) Distributed account book autonomous controllable privacy protection system and cluster architecture thereof
Ruffing et al. (Short Paper) Burning Zerocoins for Fun and for Profit-A Cryptographic Denial-of-Spending Attack on the Zerocoin Protocol
Aggarwal et al. Basics of blockchain
Smith et al. Identity system essentials
Islam et al. A low-cost cross-border payment system based on auditable cryptocurrency with consortium blockchain: Joint digital currency
CN110012024A (en) A kind of data sharing method, system, equipment and computer readable storage medium
CN103795548B (en) A kind of distributed data base system and its implementation based on group ranking algorithm
Li et al. A new revocable reputation evaluation system based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210917

RJ01 Rejection of invention patent application after publication